Centre for Internet and Society

Mobile Apps Are Excluding Millions Of Indians Who Want To Use Them

nirmita — 2016-09-24T16:01:45Z

If someone were to ask you how many apps you use in a day, you might need to stop and count. You use apps to book cabs, to order groceries, make payments online, buy diapers, connect with friends... the list goes on. In fact apps, are becoming so intrinsic to daily life that without one handy you may have to think twice about how to complete a transaction.

The article was published in the Huffington Post on September 22, 2016.

Apps are uncomplicated, easy to use, at your finger tips and quick. So logically, everyone who has a smartphone should be using them, right? Unfortunately, that is not the case. Much as they would like to, millions of persons living with disabilities are unable to use apps to fulfil their daily living needs. This is because most apps are not accessible to users with a visual disability.

With about 30% of the blind population of the world living in India, it's imperative for service providers to give more thought to universal design and accessibility standards.

In order for an app to be accessible for a blind user, it should be readable by a screen reader -- software which reads out whatever appears on the screen. For it to function effectively, elements on web pages and applications should be properly labelled, otherwise the software will be unable to decipher what it is, not having any cognitive abilities like human beings. It will merely read out the element out as "button" or "graphic".

Here I will look at five very popular apps relating to food, groceries, transportation and mobile bill payment and banking to see how accessible they are for people with disabilities. These apps were tested using Talk Back, an open source Android screen reader.

1. Swiggy

The first app we looked at was Swiggy, which is used to order food from nearby restaurants. Here, the first screen, which shows the discounts/offers available, uses a graphics banner without alternative text, which cannot be deciphered by a screen reader. Another issue is inaccessible navigation. For instance, though we can select a food category like "soup", choosing a particular type of soup is not possible as the focus simply stays on the main category. This means a screen reader cannot read the rest of the information, making it impossible for a visually challenged person to order food.

2. Big Basket

Then we tried Big Basket to order some groceries. One of the issues we found included unlabelled banners; also, the continuous scrolling of the banner, which makes the screen reader try to constantly read the next unlabelled graphic, renders the app practically unusable. When we navigated to the list of products available, only their names were readable and the focus could not be shifted to information like price and quantity. This means the user can add items to the basket, but has no way of knowing the price or deciding the quantity, which obviously makes the app a no-go.

3. Ola

The taxi-hailing app Ola is fairly accessible, with some scope for improvement. The button to pinpoint the location is not labelled, and while trying to select a cab category the focus moves away automatically if there is no action in a few seconds. Hence, a person with vision impairments may need some assistance to use the app.

4. MyAirTel

This app for Airtel customers was found to have limited usability, with several accessibility issues. Many buttons, including Settings and Information are not labelled and hence are not readable by screen readers. The offers and discounts banner is also not labelled and keeps on moving, sending the screen reader into a loop saying "graphic". However, viewing unbilled/billed amounts and paying bills is easy, as those screens are well labelled and use minimal graphic controls.

5. ICICI - Pockets

This digital wallet app from ICICI bank was tested using an ICICI bank internet banking login and unfortunately found to be completely inaccessible for a person using a screen reader. There is no screen reader support and consequently no auditory feedback when using slides or touching the screen. One can tap and access the menus/options but they are not focusable and are not announced by the screen reader.

Over the past few years we have seen how corporates have embraced technological innovations and helped better the lives of common Indians. However, a more inclusive approach will help people with disabilities to enjoy the best technology has to offer, and lead a more independent life. It would be pertinent to mention at this point that the inaccessibility of apps is not a phenomenon which is particular to the ones reviewed above, but a common feature across stakeholder groups, including private and government agencies. With about 30% of the blind population of the world living in India, it's imperative for service providers engaging consumers through information and communication technologies to give more thought to universal design and accessibility standards. It would truly make a difference in the lives of many Indians.

For more details visit https://cis-india.org/accessibility/blog/huffington-post-september-22-2016-nirmita-narasimhan-mobile-apps-are-excluding-millions-of-indians-who-want-to-use-them

An Overview of Accessibility Work (2008 - 2016)

nirmita — 2016-09-24T16:09:53Z

India has an estimated 70 million disabled persons who are unable to read printed materials due to some form of physical, sensory, cognitive or other disability. The disabled need accessible content, devices and interfaces facilitated via copyright law and accessibility policies. CIS campaigns for change in this area.

The progress made over the years can be accessed below:

Publications

E-Accessibility Policy Handbook for Persons with Disabilities (Nirmita Narasimhan, G3ict and ITU; November 23, 2010): The handbook was compiled and edited by Nirmita Narasimhan. Nirmita also contributed to the original toolkit.
Universal Service for Persons with Disabilities (CIS, G3ict and Hans Foundation; December 27, 2011). Nirmita Narasimhan was a co-author.
Web Accessibility Policy Making (CIS, G3ict and Hans Foundation; February 28, 2012). Nirmita Narasimhan was a contributor.
Making Mobile Phones and Services Accessible for Persons with Disabilities (ITU and G3ict; August 2012). Nirmita Narasimhan was a co-author.
Accessibility of Government Websites in India: A Report (CIS and Hans Foundation; September 26, 2012). Nirmita Narasimhan was a co-author.
Opening New Avenues for Empowerment (UNESCO; February 2013). Nirmita Narasimhan was the project coordinator from Asia Pacific.
Inclusive Financial Services for Seniors and Persons with Disabilities: Global Trends in Accessibility Requirements (G3ict and CIS; February 2015). Nirmita Narasimhan was a co-author.
National Compendium of Laws, Policies and Programmes for Persons with Disabilities (CIS and Office of the Chief Commissioner for Persons with Disabilities, Department of Disability Affairs, Ministry of Social Justice and Empowerment, Govt. of India; January 3, 2016). Nirmita Narasimhan was one of the contributors.

Reports

NIVH Annual Report 2011-12 (NIVH; 2012)
Inclusive Disaster and Emergency Management for Persons with Disabilities (Nirmita Narasimhan and Deepti Samant Raja; September 17, 2013). The report was submitted to the National Disaster Management Authority of India for their action.
Banking and Accessibility in India: A Report (Nirmita Narasimhan; August 12, 2013)
Accessibility of Political Parties Websites in India (Nirmita Narasimhan; March 24, 2014).
Enabling Elections (Nirmita Narasimhan and Centre for Law and Policy Research; March 2014).

Policy Submissions and Feedback

CIS worked with the Department of Electronics and Information Technology and civil society and industry partners such as the National Centre for Promotion of Employment for Disabled People (NCPEDP), Microsoft Corporation, National informatics Centre (NIC), etc., to formulate and implement a National Electronic Accessibility Policy to ensure that all Indian information and communication technologies and electronic infrastructure (including the Internet) and research which is publically funded, is accessible to persons with disabilities. Nirmita Narasimhan was part of the policy drafting committee.
Accessibility in the New Telecom Policy 2011: CIS made a submission to the Department of Telecommunications, Ministry of Communications & Information Technology, Government of India on December 9, 2011. CIS was one of the 27 organisations that sent a joint letter requesting that accessibility for persons with disabilities be included specifically within the goals and objectives of the policy.
Pilot Project Scheme - Access to ICTs and ICT Enabled Services for Persons with Disabilities in Rural India: CIS worked with USOF of India to design a scheme to launch projects for persons with disabilities. CIS prepared a background paper for the USOF, compiled a comprehensive global report which was later published in cooperation with G3ict and helped to convene a stakeholders meeting in September 2011 to launch the scheme and invite project applications.
Comments to the Rights of Persons with Disabilities Bill, 2014 (Nirmita Narasimhan and Anandhi Viswanathan; October 30, 2014). The comments were submitted to the Parliamentary Standing Committee in October 2014.
CIS joined hands with Daisy Forum of India member Arushi in Bhopal to submit a request for a notification mandating that all communication by the Government of Madhya Pradesh should be accessible to persons with disabilities. The state government issued a notification in Hindi requesting all departments to comply with WCAG 2.0 and use Unicode font. Nirmita Narasimhan drafted this submission.
Accessible ICT Procurement: CIS along with 20 other organisations petitioned the Ministry of Social Justice & Empowerment, Ministry of Finance and the Ministry of Information Technology, Govt. of India to bring in accessibility considerations within the draft Procurement Bill.
Comments to the GIGW (Nirmita Narasimhan; April 30, 2015): CIS submitted its comments to the National Informatics Centre for making Indian government websites conform to the notified standards of the Guidelines for Indian Government Websites.
Recommendations on Accessible ICT Procurement (Pranesh Prakash; May 9, 2016). CIS along with 20 other organisations petitioned the Ministry of Social Justice & Empowerment, Ministry of Finance and the Ministry of Information Technology to bring in accessibility considerations within the draft Procurement Bill.

WIPO

CIS is accredited as an observer at WIPO and regularly participates in the meetings of the Standing Committee for Copyright and Related Rights (SCCR) held in Geneva. CIS is actively involved in matters being discussed there such as the TVI. As part of its work, CIS provides comments at the SCCR and advises the Indian government on these matters through policy briefs, research and interactive discussions and meetings. CIS has given several statements on Treaty for the Visually Impaired and prepared an analysis of the consensus document on an international instrument on limitations and exceptions for persons with disabilities with the Third World Network which was widely circulated amongst the negotiators at the SCCR. CIS’ statements at the SCCR in June 2013, July 2012, December 2011, June 2011, and November 2010 are available on the CIS website.

CIS took part in the WIPO Diplomatic Conference to Conclude a Treaty to Facilitate Access to Published Works by Visually Impaired Persons and Persons with Print Disabilities in Marrakesh, Morocco, June 17 to 28, 2013. The conference concluded with the adoption of the Marrakesh Treaty to Facilitate Access to Published Works for Persons who are Blind, Visually Impaired, or otherwise Print Disabled. CIS's Closing Statement at Marrakesh on the Treaty for the Blind can be seen here.

At the national level CIS has been campaigning for right to read, attending meetings with ministries such as the Ministry of Human Resource Development, Department of Electronics and Information Technology, and the Ministry of Social Justice and Empowerment, and giving feedback on the Copyright Amendment Bills. Earlier this year, CIS gave a detailed analysis of the Copyright (Amendment) Bill 2012 examining the positive changes and the negative ones.

Events

National Workshop on Web Accessibility (Organized by CIS and Society for Promotion of Alternative Computing and Employment; September 25-26, 2009).
National Conference on ICTs for Differently Abled / Under privileged Communities in Education, Employment & Entrepreneurship — NCIDEEE 2009 (Loyola College, Chennai, December 1 – 3, 2009): The event was co-organised by Dr. A. Albert Muthumalai S. J, Principal, Loyola College, & Prof. J. Jerald Inico, Faculty In-charge, Resource Centre for the Differently Abled (RCDA), Loyola College, in association with NASSCOM, Computer Society of India and CIS.
CIS organized Right to Read campaigns in the 4 metro cities of Chennai Kolkata, Delhi and Mumbai. The campaign has gathered thousands of supporters and has succeeded in bringing the problems of the print disabled to the notice of policy makers and the general public.
EdICT 2010 (New Delhi, October 27 to 30, 2010): CIS in collaboration with G3ict, UNESCO, ITU, WIPO, The Deafway Foundation, DEF and SPACE and with the support from Hans Foundation and the Department of Information Technology, Ministry of Information and Communication Technology organised this event. Twenty-nine experts made presentations on a variety of topics, ranging from discussing challenges and solutions in educational institutions, to technology development and policy formulation and implementation. A total of 77 participants attended this event.
Websites Accessibility Evaluation Methodologies at Twentieth International World Wide Web Conference (Hyderabad, March 30 – 31, 2011): CIS co-organised this with G3ict and W3C. The panel discussed web accessibility evaluation methodologies and their challenges and technical survey methodologies alternatives. The panel was moderated by Nirmita Narasimhan and featured four speakers — Shadi Abou Zahra, Neeta Verma, Srinivasu Chakravartula and Glenda Sims.
ITU Tutorial on Audiovisual Media Accessibility (India International Centre, New Delhi, March 14 – 15, 2012): In cooperation with the ITU-APT Foundation of India, CIS hosted a two-day Tutorial on Audio Visual Media Accessibility from March 14 to 15, 2012 at the India International Centre, New Delhi, India.
Girls in ICT Day (Organized by CIS and Mithra Jyothi; Bangalore; April 25, 2013).

Internet Governance Forum
CIS has been organising workshops and participating regularly at IGF events since 2008 on topics like accessibility, access to knowledge, openness, internet governance, freedom of expression, etc. Details given below: IGF 2008, Hyderabad, India: CIS joined the Dynamic Coalition on Open Standards and also contributed to the authoring of the Agreement on Procurement in Support of Interoperability and Open Standards. CIS is now a part of the DCOS secretariat. IGF 2009, Sharm El Sheikh, Egypt: Nirmita Narasimhan presented on Accessibility Policy Making: An International Perspective at the Global Internet Access for Persons with Disabilities workshop organised by ITU and EBU on November 16. CIS also co-organised the workshop on ‘Content Regulation, Surveillance and Sexuality Rights – Privacy, Agency and Security’, together with the Association for Progressive Communications, Women’s Networking Support Programme and the Alternative Law Forum. IGF2010, Vilnius, Lithuania: At the UNESCO Open Forum, Anja Kovacs presented the research study ‘Exploring ICT-enabled Education Initiatives for Persons with Disabilities in the Asia-Pacific Region’. The study was undertaken by CIS in cooperation with G3ICT and UNESCO. Besides this, CIS co-organised these workshops: Freedom of Expression or Access to Knowledge: Are We Taking the Necessary Steps towards an Open and inclusive Internet? with the Center for Technology and Society, Brazil, ‘Sexual Rights, Openness and Regulatory Systems’, with the Association for Progressive Communications and the Alternative Law Forum, Open Standards: Ensuring Accessibility and Inclusiveness with the World Wide Web Consortium and the workshop on Data in the Cloud: Where Do Open Standards Fit In? IGF 2011, Nairobi, Kenya: Use of Digital Technologies for Civic Engagement and Political Change: Lessons Learned and Way Forward and Open Spectrum for Development in the Context of the Digital Migration. These workshops were organized by CIS.

Awards

Nirmita Narasimhan was awarded the National Award for Empowerment of Persons with Disabilities from the Government of India on December 3, 2010 on the occasion of the World Disability Day. The award was presented by Smt. Pratibha Patil, President of India under the Role Model category. The award function took place at Vigyan Bhavan in New Delhi and was telecast live on Doordarshan.
Nirmita Narasimhan received the NIVH Excellence Award from Justice AS Anand (retd), former chairman of the National Human Rights Commission, on International Day of Persons with Disabilities at the National Institute for the Visually Handicapped in Dehradun on December 3, 2011. The Tribune covered the award ceremony.
Girls in ICT Day 2013 (organized by ITU-APT Foundation of India with support from CMAI - Association of India Communication and Infrastructure, FICCI Auditorium, Tansen Marg, New Delhi, May 7, 2013). Dr. Nirmita Narasimhan got a felicitation for her contribution and achievements in the field of Information and Communication Technology. The honour was conferred during the celebration of this event.
Nirmita Narasimhan won the NCPEDP-Mphasis Universal Design Award in the "Persons with Disabilities" category. The awards aim to raise awareness about accessibility.

Articles and Interviews

Technology for Accessibility in Higher Education: Nirmita Narasimhan wrote an article in Enabling Access for Persons with Disabilities to Higher Education and Workplace - Role of ICT and Assistive Technologies. The IIMB Journal was brought out on the occasion of the conference ‘never-the-less’.
The Business Case for Web Accessibility: NASSCOM Foundation published "Understanding Web Accessibility — A Guide to create Accessible Work Environments". In this handbook on web accessibility, Nirmita Narasimhan authored a chapter titled “The Business Case for Web Accessibility”.
Barriers to Access in a Connected World: Hans Foundation published its Annual Review of 2011. Nirmita Narasimhan wrote an article in it. She wrote that accessibility is an imperative to achieve a truly inclusive and participatory society and every individual, corporation, organization and government has a crucial role to play in nurturing it.
Girls in ICT Portal (November 28, 2011): ITU interviewed Nirmita and published her profile on their website.
An India Where the Disabled have a Choice (Dataquest, August 5, 2016). Nirmita Narasimhan spoke to Dr. Archana Verma about the problems faced by the disabled while using technology.
We Tested 18 Government Apps, and Most are not Fully Accessible to the Disabled (Nirmita Narasimhan; Factor Daily, August 31, 2016).
Mobile Apps Are Excluding Millions Of Indians Who Want To Use Them (Nirmita Narasimhan; Huffington Post; September 22, 2016).

Media Coverage

Nirmita Narasimhan gave inputs to the following media coverage:

DFI and Cambridge University Press join hands for getting print access to the “print impaired” (The Bookseller; November 27, 2009).
WIPO Proposals Would Open Cross-Border Access To Materials For Print Disabled (IP Watch; May 28, 2010).
Disability groups in India welcome progress on treaty for blind persons (The Times of India; December 20, 2012).
Indian Users’ Perspective On WIPO Negotiations On Treaty For Visually Impaired (IP Watch; February 16, 2013).
How tech brings self-reliance to students with disabilities (The Times of India; May 29, 2016).
How India’s top firms fare in employing women and persons with disabilities (Livemit; August 9, 2016).
Using technology to address issues (The Hindu; August 14, 2016).
India has a long road ahead in becoming a disabled-friendly country (Your Story; August 31, 2016).

NVDA and eSpeak

Hans Foundation is funding CIS to do a project on developing a text-to-speech software in 15 Indian languages over a period of two-and-a-half years. Following are the monthly programmatic reports indicating the progress made in the project:

Monthly Reports

2014

		March	April	May	June	July	August	September	October	November	December

2015

January	February	March	April	May	June	July	August	September	October	November	December

2016

January	February	March	April	May	June	July	August

Training Programmes

Following are the reports of the training programmes that were conducted across several locations in India:

15 days Training in Basic Computing with use of NVDA and eSpeak in Hindi (April 10; 2015).
15 days Training in Basic Computing with use of NVDA and eSpeak in Gujarati (April 16, 2015).

15 days Training in Basic Computing with use of NVDA and eSpeak in Oriya (April 30, 2015).
eSpeak Tamil Computing with NVDA (May 4 – 8, 2015).
Training in Basic Computing with use of NVDA and eSpeak in Assamese (May 9 – 10, 2015).
Training in the Use of eSpeak for Indian Languages during TOT (May 11 – 20, 2015).
Tamil Language (May 25 – 29, 2015).
Training on the Use of eSpeak Hindi on Windows and Android Platforms (May 28, 2015).
Report on 30 Days Summer Course on Basic Computer Competencies and Language Proficiency (May 1 – 30, 2015).
Tamil Computing with NVDA Training Workshop (Organized by NVDA team: Anne Jane Ask with Higher Secondary School for the Visually Impaired, Palayamkottai, Tirunelveli; June 3 – 7, 2015).
Report on eSpeak Tamil Computing with NVDA Training Workshop in Tirunelveli (Organized by NVDA team; Anne Jane Askwith Higher Secondary School for the Visually Impaired, Palayamkottai, Tirunelveli; June 3 - 7, 2015).
Training in eSpeak Marathi (Organized by NVDA team; National Association for the Blind; Nashik; June 22 - 23, 2015).
Training in eSpeak Marathi (Organized by NVDA team; SIES College, Sion, Mumbai; June 28, 2015).
Training in eSpeak Marathi (Organized by CIS; Atmadepam Society; August 22 – 23, 2015).
Training in eSpeak Hindi (Organized by NVDA team; Jeevan Jyoti School for the Blind; Varanasi; August 26 - 28, 2015).
eSpeak Training in Hindi Language (Organized by CIS and National Association for the Blind; Kullu; September 3 – 4, 2015).
Training in use of eSpeak Bengali with NVDA (Organized by CIS; Turnstone Matruchaya, Siligudi, West Bengal; September 7 – 9, 2015).
5 day TOT for Training in Use of eSpeak Kannada with NVDA (Organized by CIS, Mithra Jyoti, Enable India and NFB, Bangalore; September 21 – 25, 2015; Bangalore).
Training in the use of eSpeak Hindi with NVDA (Organized by CIS and Lakshay for the Differently Abled; September 29 – 30, 2015; Ranchi). The event was conducted online by Dr. Homiyar with local support from Mritunjay Kumar and Zainab.
Report on eSpeak with NVDA Screen Reader and Assistive Technology for Visually Challenged (Organized by National Association for the Blind, New Delhi, Centre for Differently Abled Persons, Bharathidasan University, Tiruchirappalli, and CIS; January 21, 2016; Tiruchirappalli).
Report on NVDA with E-Speak and BookShare Online Library (Organized by Karna Vidya Technology Centre, Computer and Internet Society, and CIS; February 27, 2016; Chennai).

For more details visit https://cis-india.org/accessibility/resources/cis-accessibility-work-overview

Is India Prepared for a Cyber Attack? Suckfly And Other Past Responses Say No

praskrishna — 2016-09-22T00:57:02Z

From mandatory disclosures to improving CERT-IN’s functioning and transparency, there is much to be done in the event of future cyber attacks.

The article by Sushil Kambampati was published in the Wire on September 21, 2016. Pranesh Prakash was quoted.

In early September, details about India’s top secret Scorpene submarine program were published online. This presumed data breach brought the issue of cyber security into the headlines.

However, earlier this year, news of potentially catastrophic breaches of Indian networks barely made a blip. On May 17, the cyber-security firm Symantec stated in a blog post that it had traced breaches of several Indian organisations to a cyber-espionage group called Suckfly. The targeted systems belonged to the central government, a large financial institution, a vendor to the largest stock exchange and an e-commerce company. The espionage activity began in April 2014 and continued through 2015, Symantec said. Based on the targets that were penetrated, Symantec speculated that the espionage was targeted at the economic infrastructure of India. Such allegations should be ringing alarm bells inside the government and amongst private businesses across the country. And yet, from the official public response, one would think nothing was amiss.

A week later, another cyber-security firm, Kaspersky Lab, announced that it too had tracked at least one cyberespionage group, called Danti, that had penetrated Indian government systems through India’s diplomatic entities.

Breaches of corporate and government networks are nothing new. Usually, these breaches come to light if the perpetrators reveal the attack, the target of the attack discloses the breach, or because the leaked data shows up on the Internet. The Suckfly and Danti breaches are unusual because they were reported by a third party while the targets (in this case, Indian organisations and the government) themselves have remained silent. The breaches reported by Symantec and Kaspersky of Indian organisations received tepid coverage in India. A few news organisations published the same wire story that basically rewrote information in the original posts, but there was very little follow-up as there was not much follow-up investigation to determine the targets or an analysis to gauge how much damage the leaks could cause.

Part of the reason there was no fallout may have to do with the reluctance of the parties involved to provide information. Symantec, in response to multiple requests for more details, kept referring to the original blog post. The government made no statement either confirming or denying the report. Several banks, e-commerce companies and government agencies were asked whether they were aware of Suckfly, whether they had been breached by the organisation and whether Symantec had contacted them. Only Yatra, Axis Bank and Flipkart responded, denying that they had been penetrated by Suckfly. The National Stock Exchange also said it had not been penetrated, although the questions asked were about whether any of the stock exchange’s vendors had been penetrated and if they had been, whether the NSE knew about such a breach.

This collective lack of response across the board indicates a mindset that shows unpreparedness for the cyber threats that are very real, existent and ongoing. Compare the Suckfly reaction to the threat of a terrorist infiltration. In that scenario, the government goes on high alert, resources are mobilised and the public is warned. The government then tries to identify the threat and stop it from doing any harm. Citizens demand that in the future the government take proactive steps to catch infiltrators and prevent any future threats.

Weak government response

One method that Suckfly uses to gain access, according to Symantec, is by signing its malware with stolen digital certificates. This is the same method that was used to infect and sabotage the Iranian nuclear centrifuges with the Stuxnet virus, so the potential for harm of these breaches cannot be understated. Several security experts confirmed the plausibility of such doomsday scenarios as two-factor authentication being turned off for credit card transactions, unauthorised money transfers, leakage of credit card details, stolen password hashes or personal information, massive numbers of fake e-commerce orders and the manipulation of the stock exchange.

All the targets taken together, the potential for economic damage that the Suckfly breach poses is immense. If another country or malevolent group wanted to wreak havoc in India, it could trigger banking panic by emptying accounts or a stock-market collapse by dumping stocks at fractional values.

Even more disturbing, though, is that if a foreign entity has access to government networks, it has the potential to collect passwords to critical systems using key-loggers and password scanners. From there the entity could steal national security data, disrupt control systems of electrical grids or nuclear facilities and gain access to everything the government knows about its citizens, including personal details, financial information and identity information. On an only slightly less dangerous level, the central bank’s funds could be stolen, like the recent attempt to heist $800 million from the central bank of Bangladesh.

A report on risks facing India, published in August by KPMG and the Confederation of Indian Industry said: “While traditionally cyber attacks were largely used for causing financial and reputational loss, today they have  a potential of posing a threat to human life. While the perpetrators behind these attacks traditionally were a few challenge loving ‘hackers’ with unbridled curiosity, we see an increasing number of state sponsored cyber terrorists and organised criminals behind the attacks today.”

In light of such serious threats, the government needs to take more action to mitigate the threat and reassure the public that it is on top of the situation. Reports of encounters between the armed forces and alleged terrorists are frequently relayed to the press. Similarly, the National Informatics Centre (NIC) or its parent organisation, the Department of Electronics and Information Technology, needs to make a public statement when breaches of government systems or of private organisations at this scale come to light. The investigative agencies need to open an enquiry into the matter.

In the Suckfly case, it took a right-to-information query from this author to get a response from the NIC. In the response, the NIC stated that it was unaware of any breach of its systems by Suckfly, that it did not use Symantec’s services and that Symantec had not notified NIC of any breach. Of course, the response also raises many more questions, which could be asked if the government took an attitude of openness and disclosure.

The government also needs to step up its efforts of identifying and neutralising the threat. The Indian government’s Computer Emergency Response Team (CERT-IN) is responsible, according to its website, for “responding to computer security incidents as and when they occur” and also collecting information on and issuing “guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.” Yet, as of September 12, its website does not mention the Backdoor.Nidoran exploit which Suckfly allegedly used to gain access during at least one of its attacks. The CVE-2015-2545 vulnerability that Danti used, according to Kaspersky, is also unlisted. Any organisation or person relying on CERT-IN to get notifications of vulnerabilities would be in the dark and exposed to a breach.

CERT-IN is a perfect example of where the government could really do so much more, starting with some very basic things. For example, by design, contact e-mail addresses listed on the site cannot be clicked on or copied, and so have to be retyped. Such a measure would barely stop even a novice hacker. E-mail messages sent to one of the contact email address bounce back. While it laudably posts its e-mail encryption hash on its contact page, one of the identifiers does not match what is registered in the public KeyStores (usually that would be a sign of a hack). Most glaringly, anyone searching for information on a vulnerability on the site will have to click in and out of every document because the site does not have a search function. Collectively, these flaws give the impression that while the government has thought about cyber-security, it is not putting enough resources and effort into making that a credible initiative.

The government’s regulatory agencies also need to get into the fray. For example, one of the organisations that Suckfly allegedly breached is a large financial institution. It makes sense, therefore that the Reserve Bank of India (RBI), which oversees all financial institutions, should make it mandatory that a bank notify the RBI whenever there is a security breach. The RBI did just that in a notification issued on June 2, 2016, after the Suckfly breach. However, the notification does not address the need to inform the public. The RBI itself also needs to be more forthcoming. In the Suckfly instance the RBI has not made any statements about whether financial institutions under its supervision are secure. It took an RTI query to get a statement from the RBI, and there it responded that it had no information on the matter.

The Securities and Exchange Board of India (SEBI), which oversees the country’s stock exchanges, initially did not respond directly as to whether it knew of the breach at any IT firm that supplies an Indian stock exchange. However, SEBI reacted to an RTI query by asking all the stock exchanges under its mantle to verify with each of their IT vendors whether there had been any breach. They all denied it. If any of them are being untruthful, they have made a false statement to SEBI. However, if taken at their word, the public can take comfort in the fact that the stock market was not compromised by this attack.

SEBI also issued a cyber-security policy framework for its stock exchanges in July 2015, around the time when Suckfly may have been actively attacking systems. Where the RBI asks financial institutions to report breaches within six hours of detection, SEBI requires the reports to be quarterly. Given how fast information travels and how many transactions can be done in mere minutes, that seems like too much time for SEBI to take any effective action. SEBI’s policy also does not address the need to inform the public.

What is needed is a coordinated, comprehensive and unified policy that applies to stock exchanges, financial institutions, government organisations and private companies. It doesn’t matter from where the data is being stolen, what matters is how quickly the organisation learns of it and lets people know so that they too can take any action they need to.

Right or wrong?

The across-the-board denials of any breach raise the question whether Symantec was mistaken. Skeptics could even wonder whether the company exaggerated the situation to increase sales of its products and services. For its part, Symantec refuses to provide any further information about the breach beyond what is in its initial post; crucial information in this regard would include more forensic details, which could identify whether the breach actually took place. Symantec also would not confirm whether it had notified the targets of the attacks, though the government says it has not been alerted by Symantec.

On the other hand, according to Sastry Tumuluri, a former Chief Information Security Officer for the state of Haryana, Symantec probably did correctly identify the breaches. Symantec collects vast amounts of information at every point where it has a presence, such as on individual computers, at internet interconnection points and web hosts globally. All that data can give a fairly accurate and reliable indication of systems being penetrated. Depending on their capabilities and level of sophistication, the target organisations could also truthfully say that they have not detected a breach.

If Symantec’s is correct in conjecturing that the Suckfly breach targeted India’s economic sector, its lack of further action is disturbing. India is one of the world’s ten largest economies and instability here would have ripple effects globally. Then there is the potential of catastrophic cyberterrorism. It is in everyone’s interest that Symantec reach out to the government and to let the public know which organisations may be compromised.

According to Pranesh Prakash, Policy Director at the Centre for Internet and Society and Bruce Schneier, a globally recognised security expert, the lack of knowledge regarding which organisations were targeted reduces people’s trust in the Internet across the board. In an email response, Schneier wrote, “Symantec has an obligation to disclose the identities of those attacked. By leaving this information out, Symantec is harming us all. We all have to make decisions on the Internet all the time about who to trust and who to rely on. The more information we have, the better we can make those decisions.”

Looking at it in the other direction, it is not apparent whether the government has asked Symantec and Kaspersky for more information and a disclosure of who the targets were. After all, if government systems were breached, it is a matter of national security. If the government has indeed reached out and received more information, it has an obligation to let the public know.

What other governments and private companies are belatedly learning is that it is better to proactively disclose the breaches before the information gets out through other parties. When US retailer Target came under attack, its data breach was first revealed by security reporter Michael Krebs. Target was criticised for not coming forth itself and faced several lawsuits. In the US, most states and jurisdictions have laws that require companies to disclose data breaches, although transparency advocates point out that there is great variation on how long companies can wait to disclose and what events trigger a mandatory disclosure. In Europe, telecoms and Internet Service Providers must report a breach within 24 hours and other organisations have 72 hours.

India has no mandatory disclosure law in the case of data breaches at government or private organisations, Prakash said. It is something that CIS supports and had proposed since 2011, he added.

According to Schneier, a mandatory disclosure law would also be valuable if confidentiality agreements would otherwise prevent a security firm such as Symantec from disclosing names of targets.

Finally, private companies need to understand that they are not doing themselves any favours by remaining silent on the matter. Even if Suckfly or its clients do not use the information they may have gained, the lack of disclosure by the targets will weaken trust in online commerce and financial transactions, says Prakash. For example, looking at e-commerce, while it is true that e-commerce has grown rapidly in India, a study in 2014 by YourStory and Kalaari Capital found that lack of trust and doubt about online security were hurdles for 80% of people who had never made an online purchase.

When an organisation lets the public know that it has been breached, users of the service or site can evaluate what action they need to take. For example if a person uses the same password across multiple sites, they would know they needed to change the password at the other sites. Depending on the breach they would also be able to alert credit card companies as well as friends and family.

As the KPMG report states, cyber attacks are only going to become more common. Despite multiple warnings, the response on the part of the Indian government and private organisations has been quite underwhelming. The government needs to proactively monitor and respond to attacks. Lawmakers need to pass laws establishing privacy policies and mandatory disclosures. Companies will also need to invest in better security practices as well as gain public trust by reacting to breaches promptly and letting the public know what they are doing to recover from them.

For more details visit https://cis-india.org/internet-governance/news/the-week-sushil-kambampati-september-21-2016-india-is-unprepared-for-future-cyber-attacks

Another 5 Years: What Have We Learned about the Wikipedia Gender Gap and What Has Been Done? (Part 3.)

ting — 2016-09-22T07:54:47Z

Five years after Wikimedia Foundation’s 2011 editor survey was conducted and revealed the gender gap issue, scholars, practitioners, and communities around the globe have come a long way to address the gender imbalance of the online encyclopedia. This blog post series (of three parts) serve as a summary of movements and discoveries in Wikipedia gender gap narrowing on both local (India) and global scales.

This is the third (last) part of the blog series, please see Part 1 and Part 2.

Responding to the Wikipedia gender gap problem, former WMF Executive Director Sue Gardner set a target in 2011 to raise the female editor percentage to 25% by 2015. In an interview in August 2014, Jimmy Wales declared that “we’ve completely failed,” Gardner also noted that the solutions should come from local Wikipedian communities rather than from the Foundation on a macro scale.

Although the target was not met, initiatives and reforms taken places globally and locally in the past five years are not fruitless. And as mentioned in Part 2, we should not define this movement as merely pursuing a goal towards certain percentage or number. As for now dialogue has been created to include the issue into more strategic plans; collectives are established to cumulate and share resources across communities. There has been abundance of learning (and definitely much more to learn) in the issue.

What has been done?

Be it ongoing or spontaneous, international or local, there have been many interventions trying to address the gender gap in Wikipedia.

Intervention events

In July 2015, WikiProject Women in Red (WiR) was launched to “turn "redlinks (non-existing pages) into blue ones (existing pages).” The project encourages editors worldwide to create (or expand) female-related pages (biographies, women’s work, contribution, issues, etc.) that fit the notability criteria of Wikipedia. WiR also picks monthly and annual topics to feature. Currently in September, 2016, edit-a-thons on Women in nursing and women labour activists are happening online. And “Women scientists” edit-a-thon is a year-long featured topic for 2016. Although WiR is still primarily an English-WP project, some communities have expanded and localized it to local initiatives.

Coincidentally, in 2013, Indian Wikipedian communities have carried out one of the biggest and most well-known gender gap intervention – Lilavatis’ Daughters. “Lilavati’s Daughters” is a book of essay collections featuring nearly one hundred women scientists in Indian since the Victorian Era. The 2013 edit-a-thon was hence to create Wikipedia pages for these biographies in different Indian languages. Collaborating with institutions and colleges, the event was greeted with high popularity and success. Similar events were also carried out afterwards, including Indian Women in Science Edit-a-thon which has been held annually since 2014; the last event was held in July, 2016 at the Indian Institute of Science, Bangalore.

Another significant initiative across the globe and in Indian communities is the annual Wikiwomen’s history month in March along with the celebration of International Women’s Day on March 8^th. The initiative started in 2012, edit-a-thons, photo-thons (updating photos onto Wikimedia Commons), and meetups have been held to raise the awareness of the gender gap online, create female-related content available on Wikipedia, and to strengthen the bonding between local Wikiwomen.

Recently, Wikimedia Foundation collaborated with the United Nations to launch the one-day Her Story project Edit-a-thon on August 12^th, 2016 to celebrate International Youth Day globally. Cities in India like Chennai and Delhi also held local edit-a-thons on the day of in response to the event. With the opportunity to work alongside the UN, it is a good sign that the Wikipedia gender gap issue is drawing global attention, not just in the Wikipedian community level, but also in global institution level.

Collaborative

The Wikiwomen’s Collaborative is a global platform for female Wikipedians to share projects, insights, and support. The Collaborative also encourages participants to write blog post on the Wikiwomen’s Blog to spread more words about the gender gap issue and initiatives. A Gender Gap Task Force (GGTF) was founded in 2013 aiming to challenge the patriarchal culture of knowledge and Wikipedia. GGTF tries to fix the encyclopedia’s imbalance power structure by initiating discussion and examination on its policies and editor interaction. It has also been a place to cumulate research studies and resources on the gender gap topic. A (global) gender gap mailing list is also created to spread the news and words with more communities.

Improvement in the Interface

Aside from events and collectives organized by respective communities, the Wikipedia platform itself has also been under constant transition in the last few years, trying to create a friendlier place for women and newcomers.

Since June 2012, the new prototype Visual Editor has become available in more and more language versions of Wikimedia projects – including most Indian languages. Visual Editor enables editor to contribute without learning the Wiki markups, as it creates the “write-as-how-you-will-see-it” feature requiring only basic typing skills. Nevertheless, Visual Editor does have several limitations comparing to the traditional edit source option, including slower speed, unavailable in talk and discussion namespaces, limited template editing options, and so on. While a research in 2013 on Visual Editor’s use in English Wikipedia showed low effectiveness of the new feature in attracting and encouraging new editors, more research should also be done in the non-English (especially Global South) context. Online tutorial resources about editing are also becoming available in Indian communities.

Traditional Wiki markup editing screenshot

Visual Editor screenshot

On the other hand, mobile apps of Wikipedia has been improved in its editing function. Although the apps are still in constant development to make the function smoother and easier for mobile users, it is a great breakthrough for those who do not have personal computers to contribute in small ways (or even in great ways – some have created pages and denied the statement that mobile editing is impractical).

What’s more to be learned?

There is no denying that our Indian language communities have been putting efforts to highlight and address the gender gap issue on Wikipedia. The Wikiconference India 2016 in August also had a panel responding to this topic where panelists from both outreach and research threads proposed localized perspective and strategies to fix the problem.

However, there are still much more to be learned. First of all, we need a more organized feedback loop (a cycle of planning-executing-evaluating-sharing learning) for local interventions to learn from our success and mistakes. Secondly, the issue has to become more “public” in a sense that we are not just promoting within our own circles. Awareness-building through media coverage and institutional collaboration can bring in greater public opinions and volunteers to help the online encyclopedia become a more inclusive place. The third point is a change of mindset: women's feeling and experience should be put forward into the central of our initiatives and interventions.

“We made it clear that we were focusing on the (female) participants and their experience, the content they created online are of course important too, but that’s just the by-product.” -Wikiconference Indian 2016 Gender Gap panel presenter

In other words, as we are engaging more and more women, the focus should not be numbers but the humans. At the same time, we should always encourage women to stand out and speak out. As mentioned in the previous part, gender discrimination cases have not yet been reported in our communities, but we also have to ensure if it does happen both the female editors and the community should have a certain level of awareness (what constitutes harassment/discrimination/sexism; when and how to call out) and a report and support mechanism to the problem.

The road to a real equalized knowledge system is not easy. As many have noticed and pointed out “This is not just a Wikipedia problem!” Indeed, similar gender imbalance exists in our academies, IT industries, free and open-source software (FOSS) workplace, to name a few. Nonetheless, with the flexibility and the strong bond that Indian Wikipedian communities possess, we can be one of the pioneers in positive changes. After all, the knowledge created and action taken today will shape what our tomorrow can be like.

For more details visit https://cis-india.org/a2k/blogs/another-5-years-what-have-we-learned-about-the-wikipedia-gender-gap-and-what-has-been-done-part-3

Software Freedom Day: The Importance of Free and Open Source Software

subha — 2016-09-18T03:46:29Z

Software Freedom Day (SFD) on September 17 celebrates the liberty that free and open software and the philosophy of freedom brings into people’s lives. When SFD was started in 2004, only 12 teams from different places joined. It grew to a whooping 1000 by 2010 across the world. Explaining the aim of the celebration, SFD’s official website says,

The article was published by DNA on September 17, 2016.

Our goal in this celebration is to educate the worldwide public about the benefits of using high quality FOSS in education, in government, at home, and in business — in short, everywhere! The non-profit organisation Software Freedom International coordinates SFD at a global level, providing support, giveaways and a point of collaboration, but volunteer teams around the world organise the local SFD events to impact their own communities.

What are FOSS, Free Software, Open Source, and FLOSS?

Free and open source software (FOSS or F/OSS), and Free/Libre and Open-Source Software (FLOSS) are umbrella terms that are used to include both Free software and open source software. Adopted by noted software freedom advocate Richard Stallman in 1983, the free software has many names — libre software, freedom-respecting software and software libre are some of them. As defined by the Free Software Foundation, one of the early advocates of software freedom, free software allows users not just to use the software with complete freedom, but to study, modify, and distribute the software and any adapted versions, in both commercial and noncommercial form. The distribution of the software for commercial and noncommercial form however depends on the particular license the software is released under. The Creative Commons licenses have recommendations for a wide array of free licenses that one can choose for software-related documentations and any creative work they create. Similarly, there are several different open licenses for software and many other works that are related to software development. “Open Source” was coined as an alternative to free software in 1998 by educational-advocacy organisation Open Source Initiative. Open source software is generally created collaboratively, made available with its source code, and it provides the user rights to study, change, and distribute the software to anyone and for any purpose.

Supported by several global organisations like Google, Canonical, Free Software Foundation, Joomla, Creative Commons and Linux Journal, Software Freedom Day draws its inspiration from the philosophy that was grown by people like Richard Stallman who argues that free software is all about the freedom and not necessarily free of cost, but it provides the liberty to users from [proprietary software developers’] unjust power. SFD encourages everyone to gather in their own cities, educate people around them about free software, promote on social media (with the hashtag #SFD2016 this year), even hacking with free software, organising hackathons, running free software installation camps, and even going creative with flying a drone running free software!

From South Asia, there are 13 celebratory events in India, 8 in Nepal, 1 in Bangladesh and 4 in Sri Lanka.

South Asian countries have seen adoption of both free software and open source software, in both individual and organisational level and by the government. The Free Software Movement of India was founded in Bengaluru, India in 2010 to act as a national coalition of several regional chapters working for promoting and growing the free software movement in India. The Indian government has launched an open data portal at data.gov.in portal, initiated a new policy to adopt open source software, and asked vendors to include open source software applications while making requests for proposals. Similarly, several free and open source communities and organisations like Mozilla India, Wikimedia India, Centre for Internet and Society, Open Knowledge India in India, Mozilla Bangladesh, Wikimedia Bangladesh, Bangladesh Open Source Network, Open Knowledge Bangladesh in Bangladesh, Mozilla Nepal, Wikimedians of Nepal and Open Knowledge Nepal in Nepal, Wikimedia Community User Group Pakistan in Pakistan, Lanka Software Foundation in Sri Lanka, that are operating from the subcontinent also promote free and open source software.

We promote open source and open Web technologies in the country. We are open to associate/work with existing open source or other community-run, public benefit organisations.

“Internet By The People, Internet For The People” (from Mozilla India wiki)

Mohammad Jahangir Alam, a lecturer from Southern University Bangladesh argues in a research paper that the use of open source software can help the government save enormous amount of money spent in purchasing proprietary software.

A large amount of money of the government can be saved if it uses open source software in different IT sectors of government offices and others sectors, because government is providing computers to all educational institutes from school to university level and they are using proprietary software. For this reason government is to expend a large amount of many for buying proprietary software to run the computers. Another one is government paying significant amount of money to the different vendors for buying different types of software to implement e-Governance project. So, the government can use open source software for implanting projects to minimize cost of the projects.

For more details visit https://cis-india.org/openness/dna-september-17-2016-subhashish-panigrahi-software-freedom-day-importance-of-free-and-open-source-software

ସଫ୍ଟଓଏର ସ୍ୱାଧୀନତା ଦିବସ: ଆମ ହାତେ ଆମ କୋଡ଼ ଲେଖିବା

subha — 2016-09-18T03:33:00Z

Software Freedom Day (SFD), which celebrates the use of free and open software, was celebrated in many cities today. The piece sheds light on the philosophy of software freedom, and how free and open source software is making a significant social change. I have also shared how anyone can contribute to the FOSS movement in different ways and celebrate SFD.

The blog post was mirrored in Your Story, Odisha Story and Aajira Odisha on September 17, 2016. The originally published piece can be accessed here.

ଫ୍ରି ଓ ଓପନ ସୋର୍ସ ସଫ୍ଟଓଏର ପଛରେ ଥିବା ସାମାଜିକ ଆବଶ୍ୟକତା ଓ ପ୍ରତିଟି ବ୍ୟବହାରୀଙ୍କୁ ସଫ୍ଟଓଏର ବ୍ୟବହାର, ବଦଳ ଓ ବାଣ୍ଟିବାର ସୁଯୋଗ ଦେବା ଉଦ୍ଦେଶ୍ୟରେ ପାଳିତ ସଫ୍ଟଓଏର ସ୍ୱାଧୀନତା ଦିବସ ।

ସଫ୍ଟଓଏର ଶବ୍ଦଟି ବୋଧେ ଆଉ କାହାରି ପାଇଁ ଅଜଣା ଅଶୁଣା ନୁହେଁ । ଆପଣଙ୍କ ମୋବାଇଲ ଫୋନରୁ କମ୍ପୁଟରଯାଏ ଓ ଏବେ ଏକ ସ୍ଥାନରେ ନ ଥାଇ ସେଠାରେ ଥିବା ଭଳି ଅନୁଭବିବା ପାଇଁ ବ୍ୟବହୃତ ଭର୍ଚୁଆଲ ରିଆଲିଟି ଓ ଅଗମେଣ୍ଟେଡ଼ ରିଆଲିଟି ହେଡ଼ସେଟରେ ହାର୍ଡ଼ଓଏର ବା ଯାନ୍ତ୍ରିକ ଉପକରଣକୁ ସଠିକ ଭାବେ ପରିଚଳାନା କରିବା ହେଉଛି ସଫ୍ଟଓଏରର କାମ । ଆଉ ସଫ୍ଟଓଏରରେ ଟିକେ ଗୋଳମାଳ ହେଲେ କେବେ କମ୍ପୁଟରର ସ୍କ୍ରିନ ନେଳି ପଡ଼ିଯାଏ ତ ପୁଣି କେବେ କେବେ ମୋବାଇଲରେ ଠିକଣା ଜାଗାରେ ଯେତେ ଦବେଇଲେ ବି କାମକରେନା । ତେବେ ଉଣାଅଧିକ ସାଧାରଣ ଲୋକେ ସଫ୍ଟଓଏରରେ ସ୍ୱାଧୀନତା ଆଉ ତାଙ୍କ ଜୀବନ ପାଇଁ ତା’ର ଭୂମିକା ବାବଦରେ କେବେ ଶୁଣିନଥିବେ । ଆଉ ଏଇଟି ସତରେ ଏକ ଅନାଲୋଚିତ ବିଷୟ । ତେବେ ଏ ବିଷୟକୁ ବୁଝିବା ଆଗରୁ ଆମ ଚଳନ୍ତି ସମାଜର କିଛି ଉଦାହରଣ ଆଡ଼େ ଆସନ୍ତୁ ଆଖିପକେଇବା । ଦିନ ଥିଲା ଆପଣ ରେଡ଼ିଓରୁ ଆକାଶବାଣୀ ଲଗେଇ ଗୀତ, ଖବର, ନାଟକ ଆଦି ଶୁଣୁଥିଲେ । ହେଲେ କେବେ ଆକାଶବାଣୀ ଆପଣଙ୍କ ପାହୁଲାଟିଏ ମାଗିଥିଲା କି ନାଁ ଆପଣ ଭଲ ଭଲ ପ୍ରୋଗ୍ରାମ ଆସୁଛି ବୋଲି ଖୁସିରେ କେବେ କିଛି ଦେଇଥିଲେ? କିନ୍ତୁ ଆପଣଙ୍କ ଅଜାଣତରେ ଆପଣ ସତରେ କିଛି ଦେଇଛନ୍ତି । ତା’ ହେଉଛି ଟିକସ । ଆପଣ ଛୋଟରୁ ବଡ଼ ଯାଏ ଯାହା କିଣୁଛନ୍ତି ପ୍ରାୟ ସବୁ ଜିନିଷରେ ଟିକସ ଦିଅନ୍ତି ଆଉ ଚାକିରି କି ଅନ୍ୟ ଉପାୟରେ ପଇସା ଅରଜୁଥିଲେ ବର୍ଷ ଶେଷକୁ ଇନକମ ଟିକସ ବି ଦିଅନ୍ତି । ଏସବୁ ସରକାରଙ୍କ କାମରେ ଲାଗେ । ତେଣୁ ଆକାଶବାଣୀର ରେଡ଼ିଓ ପ୍ରୋଗ୍ରାମ ହେଉ କି ମୋଦିଙ୍କ ବିଦେଶ ବୁଲା ହେଉ ସବୁ ଆପଣଙ୍କ ପଇସାରେ ହିଁ ହେଉଛି । ସରକାରୀ ଓ ବେସରକାରୀ ଉଭୟ ସ୍ଥାନରେ ଏଇ ଏକା ଜିନିଷ । ତେବେ ସଫ୍ଟଓଏର କ୍ଷେତ୍ରରେ ବି ଏଇ ଏକା ଅବସ୍ଥା । ସାଧାରଣରେ ଜଣାଶୁଣା ମାଇକ୍ରୋସଫ୍ଟର ଉଇଣ୍ଡୋଜ ଅପରେଟିଂ ସିଷ୍ଟମ ପାଇଁ କେତେ ପଇସା ନିଜ ଅଜାଣତରେ ଦେଉଛନ୍ତି ତାହା ନୂଆ ଲାପଟପ କିଣିଲାବେଳକୁ କେବେ ଗଣିନଥିବେ । କିନ୍ତୁ ସେଇଟି ଜମାରୁ ମାଗଣା ଆସିନଥାଏ । ସଫ୍ଟଓଏରଟିଏ ଏକ ବା ଅନେକ ଉଚ୍ଚସ୍ତରର ନିର୍ଦ୍ଦିଷ୍ଟ କାମ କରୁଥିବା ବେଳେ ଏକ କମ୍ପୁଟର କି ମୋବାଇଲର ସାମଗ୍ରୀକ ହାର୍ଡ଼ଓଏର ବା ଯନ୍ତ୍ରପାତି ଓ ସଫ୍ଟଓଏର ସବୁକୁ ପରିଚାଳନା ପାଇଁ ଅପରେଟିଂ ସିଷ୍ଟମ ବ୍ୟବହାର କରାଯାଏ । ବିଭିନ୍ନ ଅପରେଟିଂ ସିଷ୍ଟମ ଓ ସଫ୍ଟଓଏର ଭିନ୍ନଭିନ୍ନ ଉପାୟରେ ତିଆରି ହୁଏ । କେବେ ଏସବୁ ମାଇକ୍ରୋସଫ୍ଟ କି ଆପଲ ଭଳି ବଡ଼ ବଡ଼ କମ୍ପାନି ତିଆରି କରି ବିକନ୍ତି ତ କେବେ କେବେ ବ୍ୟକ୍ତିବିଶେଷ ବା ଛୋଟ ବଡ଼ ସଂଗଠନ ମଧ୍ୟ ବିକନ୍ତି । କିନ୍ତୁ ଏସବୁ ବାଦେ ଆଉ ଏକ ଧରଣର ସଫ୍ଟଓଏର ଗଢ଼ାଳି ବ୍ୟକ୍ତିବିଶେଷ-ସଂଗଠନ-କମ୍ପାନି ମଧ୍ୟ ଅଛନ୍ତି । ସେମାନେ ସଫ୍ଟଓଏର ତିଆରି କରି ଖାଲି ବଜାରରେ ଛାଡ଼ନ୍ତି ନାହିଁ ବରଂ ସେ ସଫ୍ଟଓଏରର ସୋର୍ସ କୋଡ଼ ମଧ୍ୟ ଛାଡ଼ନ୍ତି । ଅର୍ଥାତ ଗଣିତ କଷି ଫଳାଫଳ ସଙ୍ଗେ କିପରି କଷିଲେ ସୋପାନ ତଳକୁ ସୋପାନ ଲେଖି ବୁଝାଇଦିଅନ୍ତି । ଫଳରେ ଆଉ କେହି ସେହି ସଫ୍ଟଓଏରରେ କିଛି ବଦଳ କରିବାକୁ ଚାହିଁଲେ କିମ୍ବା ପୁରୁଣା ସଫ୍ଟଓଏରରେ କିଛି ନୂଆ ଯୋଡ଼ି ଉନ୍ନତ କରିବାକୁ ଚାହିଁଲେ ତାଙ୍କୁ ସେଥିରେ କେହି ବାଧା ଦେବେନାହିଁ । କିନ୍ତୁ ନୂଆ ଫଳାଫଳ ବା ସଫ୍ଟଓଏରଟି ବଜାରରେ ଛାଡ଼ିଲା ବେଳେ ତାଙ୍କୁ ମୂଳ ଗଢ଼ାଳିଙ୍କୁ ଉପଯୁକ୍ତ ଶ୍ରେୟ ଦେବାକୁ ପଡ଼ିବ । ଧରନ୍ତୁ ଆପଣ ଚନ୍ଦକାରୁ କଲରାପତରିଆ ବାଘର ଖୋଳ ଆଣି ତାକୁ ଧଳା ରଙ୍ଗ ମାରି ଧଳା ବାଘ କଲେ । ଆପଣଙ୍କୁ ସେ ଧଳା ବାଘକୁ ଶିମିଳିପାଳରେ ଛାଡ଼ିଲା ବେଳେ ଚନ୍ଦକାରୁ ମୂଳ କଲରାପତରିଆ ବାଘ ଆଣିଥିଲେ ବୋଲି ଉଲ୍ଲେଖ କରିବାକୁ ପଡ଼ିବ । ମଜା କଥା ହେଉଛି ଏଭଳି ନିଆରା ଧାରା ଆମ ସମାଜରେ ଜମାରୁ ନୂଆ ନୁହେଁ । ଅକ୍ଷୟ ମହାନ୍ତି ସାଲବେଗଙ୍କ ଲିଖିତ ପୁରୁଣା ଗୀତକୁ ଆଉଥରେ ବୋଲିବା ପରେ ସେ ହଜିଲା ଗୀତସବୁ ଲୋକତୁଣ୍ଡରେ ଆହୁରି ଜଣାଶୁଣା ହେଲା । ହେଲେ ଅକ୍ଷୟ ମହାନ୍ତି ଗୀତର ଗାୟକ ଓ ସଙ୍ଗୀତ ନିର୍ଦ୍ଦେଶକ ଭାବେ ନାଁ ନେଲା ବେଳେ ସାଲବେଗଙ୍କ ରଚନାରୁ ବୋଲି ଲେଖିବାରେ ଉଣା କରିନାହାନ୍ତି ।

ଏହି ଧାରା ଆମ ସମାଜରେ ସବୁକାଳେ ସବୁସ୍ଥଳେ ରହିଛି । ହେଲେ ଆଧୁନିକ ସମାଜରେ ଅନେକ ଲାଭଖୋର କମ୍ପାନି ନିଜ ଲାଭ ଲାଗି ଏ ସାମାଜିକ ଚଳଣିଟିକୁ ପାଶୋରି ପକାଇଛନ୍ତି । ମାଇକ୍ରୋସଫ୍ଟରୁ ଆରମ୍ଭ କରି ଆକୃତି, ଅପ୍ରାନ୍ତ ଯାଏ ପ୍ରାୟ ଅଧିକାଂଶ ସାଧାରଣରେ ବ୍ୟବହାର ହେଉଥିବା ସଫ୍ଟଓଏର ହେଉଛି ପ୍ରୋପ୍ରାଇଟରି ବା ପୂରା ନିବୁଜ । ମାନେ ଆପଣ କେବଳ କିଣି ବ୍ୟବହାର କରିପାରିବେ କିନ୍ତୁ ବାଣ୍ଟିପାରିବେ ନାହିଁ କି କୌଣସି ବଦଳ କରିପାରିବେ ନାହିଁ । କଲେ ଆପଣଙ୍କ ବିରୋଧରେ କୋର୍ଟରେ ଉକ୍ତ କମ୍ପାନିମାନେ କେସ କରି ତଳିତଳାନ୍ତ ମଧ୍ୟ କରିପାରିବେ । ଏ କପିରାଇଟର ଫାନ୍ଦ ଏଡ଼େ କୁଟିଳ ଯେ ସଫ୍ଟଓଏର ତିଆରି କରିଥିବା କମ୍ପାନିମାନେ ସବୁକାଳେ ତାଙ୍କର ମନୋମୁଖୀ ପତିଆରା ରଖିପାରିବେ । ଏଣୁ ଥୋକେ ଭାବିଲେ ବଡ଼ ବଡ଼ ଧନୀ କମ୍ପାନିମାନଙ୍କର ଏ ଗୁମାନ ସେମିତି ଥାଉ । ଆମେ ଚାଲ ବିକଳ୍ପ ଓ ଉଚ୍ଚମାନର କିଛି ସଫ୍ଟଓଏର ତିଆରିବା । ଲୋକ ସ୍ୱାଧୀନ । ଯାହାକୁ ଯାହା ରସିବ ତାକୁ ସେ କିଆଫୁଲ ପରି ବାସୁ । ଆଉ ଏ ଥିଲା ଏକ ସାମାଜିକ ଆବଶ୍ୟକତା । ବିକଳ୍ପ ବାଟଟି ହେଲା ସଫ୍ଟଓଏରର ସ୍ୱାଧୀନତା । ଏଥିରେ କୌଣସି ସଫ୍ଟଓଏର ଗଢ଼ିଥିବା ମୂଳ ଗଢ଼ାଳି ଓ ତା’ ପରେ ସେଥିରେ ଯୋଗଦାନ କରିଥିବା ସଭିଙ୍କୁ ସମାନ ଭାବେ ସମ୍ମାନ ଦେଇ ଯୋଗଦାନକାରୀ ଭାବେ ସେମାନଙ୍କ ନାମ ଉଲ୍ଲେଖ କରାଯାଇଥାଏ । ଖାଲି ନାଁ ନୁହେଁ ଅନେକ ସମୟରେ ଖୋଲା ସଫ୍ଟଓଏର ସଙ୍ଗେ ଜଡ଼ିତ ବ୍ୟକ୍ତିବିଶେଷ ଓ ସଂଗଠନସବୁ ଏମିତି ଆଖିଖୋସିଲା ଭଳି କାମ କରନ୍ତି ଯେ କିଣା ଆଉ ବୁଜା ସଫ୍ଟଓଏର କିଣିବାରୁ କି ବ୍ୟବହାର କରିବାରୁ ମନ ମରିଯିବ । ତିନି ବର୍ଷ ତଳେ Firefox ବ୍ରାଉଜର ତିଆରିରେ ଭାଗନେଇଥିବା Mozillaର ସ୍ୱେଚ୍ଛାସେବୀ ଯୋଗଦାନକାରୀମାନଙ୍କୁ ସମ୍ମାନ ଜଣାଇ ଆମେରିକାର ସାନ ଫ୍ରାନସିସ୍କୋ ସହରରେ ଏକ ବିଶାଳ ସ୍ମାରକୀ ଗଢ଼ି ସେଥିରେ ସମସ୍ତଙ୍କ ନାମ ଲେଖାଯାଇଥିଲା । ଭାବନ୍ତୁ ଏ ପ୍ରକଳ୍ପରେ ସାମାନ୍ୟତମ ଯୋଗଦାନ କରିଥିବା ଲୋକଟିର ନାଁ ବି ଇତିହାସରେ ଲେଖାହୋଇ ରହିଗଲା । ୨୦୦୧ ମସିହାରେ ଇଂରାଜୀ ଓ ତା’ ପରେ ଓଡ଼ିଆ ସମେତ ବାକି ବିଶ୍ୱଭାଷାରେ ଇଣ୍ଟରନେଟରେ ତିଆରି ଖୋଲା ଜ୍ଞାନକୋଷ ଉଇକିପିଡ଼ିଆର ଇତିହାସ ବି ଏମିତି । ଏହି ଉଇକିପିଡ଼ିଆ ୱେବସାଇଟଗୁଡ଼ିକ ମିଡ଼ିଆଉଇକି ନାମକ ଖୋଲା ସଫ୍ଟଓଏରରେ ତିଆରି । ଆଉ ସେଇ ଏକା ସଫ୍ଟଓଏରକୁ ନିଜ ଆବଶ୍ୟକତା ଅନୁସାରେ ବଦଳାଇ ଉଇକିଲିକ୍ସ ଓ ଉଇକିଟ୍ରାଭେଲ ଭଳି ଅଲଗା ଅଲଗା ୱେବସାଇଟ ଆଜି ଚାଳିତ ।

ତେବେ ଅନେକେ ଭାବୁଥିବେ ଯେ ଏ ଫ୍ରି ସଫ୍ଟଓଏର କଣ ସବୁବେଳେ ମାଗଣା? ସଫ୍ଟଓଏର ସ୍ୱାଧୀନତା କ୍ଷେତ୍ରରେ ଗତ କେଇ ଦଶନ୍ଧି ଧରି କାମ କରି ଏ ଆନ୍ଦୋଳନକୁ ବହୁ ଆଗକୁ ନେଇଥିବା ରିଚାର୍ଡ଼ ଷ୍ଟଲମ୍ୟାନ ଖୁବ ସହଜ ଓ ସରଳ ଢଙ୍ଗରେ ଏ ବିଷୟଟି ବୁଝାଇଦିଅନ୍ତି ।

ଫ୍ରି ସଫ୍ଟଓଏର ମାଗଣାରେ ବଣ୍ଟାଯାଇପାରେ ବା କିଛି ଦରରେ ବିକାଯାଇପାରେ । କିନ୍ତୁ ଏଥିରେ ଥିବା “ଫ୍ରି” ମାଗଣା ନୁହେଁ ବରଂ ଖୋଲା ଜ୍ଞାନ ଭଳି “ଫ୍ରିଡ଼ମ” ବା ସ୍ୱାଧୀନତାକୁ ସୂଚାଏ ।

ତେଣୁ କୌଣସି ସଫ୍ଟଓଏର ବ୍ୟବହାର କରିବା ଆଗରୁ ତା’ର କପିରାଇଟ ବାବଦରେ ସେଥିରେ ଥିବା ନିୟମାବଳୀ ପଢ଼ିଲେ ବୁଝାପଡ଼ିବ ଯେ ତାହା ଏକ ପ୍ରୋପ୍ରାଇଟରି କି ଫ୍ରି ସଫ୍ଟଓଏର । ସ୍ୱାଧୀନତା ମଣିଷର ଜନ୍ମଗତ ଅଧିକାର । ଆଉ ଜ୍ଞାନ ବାଣ୍ଟିବା ଲାଗି । ବାନ୍ଧି ରଖିବା ଲାଗି ନୁହେଁ । କାରଣ କେହି ଜ୍ଞାନ ତିଆରି ନାହିଁ ବରଂ ସଭିଏଁ ଜ୍ଞାନର ନାନାଦି ଭଣ୍ଡାରକୁ ବ୍ୟବହାର କରିବା ପାଇଁ ବାଟ ତିଆରି କରିଥାନ୍ତି । ତେଣୁ ସେ ବାଟରେ ବାଡ଼ କିଆଁ? ନିକଟରେ ସମାଜର ଏହି ପୁରାତନ ଧାରାକୁ ବାହୁଡ଼ି ଯିବା ପାଇଁ ଅନେକ ବ୍ୟକ୍ତିବିଶେଷ, ସଂଗଠନ ଓ ବଡ଼ ବଡ଼ କମ୍ପାନି ଧୀରେ ଧୀରେ ସେମାନେ ତିଆରୁଥିବା ସଫ୍ଟଓଏରର ସୋର୍ସ କୋଡ଼ ଖୋଲାରେ ଦେଲେଣି । ଫଳରେ ସାଧାରଣ ବ୍ୟବହାରକାରୀ ଓ ସଫ୍ଟଓଏର ଗଢ଼ାଳିଙ୍କ ହାତରେ ସ୍ୱାଧୀନ ଭାବେ ସେମାନେ ବ୍ୟବହାର କରୁଥିବା ସଫ୍ଟଓଏରକୁ ନିଜ ଆବଶ୍ୟକ ଅନୁସାରେ ବ୍ୟବହାର କରିପାରିବେ । ଆଉ ସମାଜର ମୌଳିକ ଆବଶ୍ୟକତା ବିଭିନ୍ନତାର ବହୁରଙ୍ଗ ଏଥିରେ ସମୁଜ୍ଜଳେ ଫୁଟିଉଠିବ ।

ଆମ ସମାଜର ଏହି ବାଣ୍ଟିବାର ଧାରାକୁ ନୂଆ ଟେକନୋଲୋଜି ଯୁଗରେ ଉଜ୍ଜୀବିତ କରିବା ଲକ୍ଷରେ ଜଗତ ସାରା ୨୦୦୪ ମସିହାରୁ ସେପ୍ଟେମ୍ବର ମାସର ତୃତୀୟ ସପ୍ତାହରେ “ସଫ୍ଟଓଏର ଫ୍ରିଡ଼ମ ଡେ” ବା “ସଫ୍ଟଓଏର ସ୍ୱାଧୀନତା ଦିବସ” ପାଳିତ ହୋଇଆସୁଛି । ଏଥିରେ କୌଣସି ନିର୍ଦ୍ଦିଷ୍ଟ ସଫ୍ଟଓଏର ନୁହେଁ ବରଂ ଖୋଲା ସଫ୍ଟଓଏର ପଛରେ ଥିବା ଦାର୍ଶନିକ ଓ ସାମାଜିକ ଦୃଷ୍ଟିକୋଣଟି ସଭିଙ୍କୁ ବୁଝାଇବା ହେଉଛି ମୂଳ ଲକ୍ଷ । ଆଉ ଯେଯାଏ ବଡ଼ କମ୍ପାନି ସାଧାରଣ ଲୋକଙ୍କୁ ସମ୍ପୂର୍ଣ୍ଣ ତଥ୍ୟ ନ ଜଣାଇ କପିରାଇଟ ବଳରେ ବାନ୍ଧି ରଖିଥିବେ ସେଯାଏ ବ୍ୟବହାରୀ ବାପୁଡ଼ା ବା ଜାଣିବ କେମିତି ଏ ଭିତର ଗୁମର? ନିଜ ହାତରେ ନିଜ ଶାସନର ଡୋର ଧରିବା ଯେମିତି ସ୍ୱାଧୀନତା ନିଜ ବ୍ୟବହାରରେ ଲାଗୁଥିବା ସଫ୍ଟଓଏରର ସ୍ୱାଧୀନତା ବି ଏକାଭଳି ପ୍ରତିଟି ବ୍ୟବହାରକାରୀର ଅଧିକାର । ତେଣୁ ଏ ସ୍ୱାଧୀନତା ଦିବସକୁ ସଭିଏଁ ନିଆରା ଢଙ୍ଗରେ ପାଳନ୍ତି । ଆଫ୍ରିକାରେ କିଛି ବର୍ଷ ଆଗରୁ ଫ୍ରି ସଫ୍ଟଓଏର ଚାଳିତ ଏକ ଡ୍ରୋନ ବା ଚାଳକବିହୀନ ପବନଯାନଟିଏ ଛାଡ଼ିଥିଲେ । ଅନେକ ସ୍ଥାନରେ ଲୋକେ ଏକାଠି ହୋଇ ଏ ବାବଦରେ ସଫ୍ଟଓଏର ସ୍ୱାଧୀନତା ବାବଦରେ ଆଲୋଚନା କରନ୍ତି । ଆଉ ପୁଣି କେଉଁଠି ସାଧାରଣ ଲୋକଙ୍କୁ ତାଙ୍କ କମ୍ପୁଟରରେ ଫ୍ରି ସଫ୍ଟଓଏର ଇନଷ୍ଟଲ କରିବା ପାଇଁ କ୍ୟାମ୍ପ କରନ୍ତି । ଫଳରେ ଲୋକେ ନିଜ କମ୍ପୁଟରରେ ମାଇକ୍ରୋସଫ୍ଟର ବିକଳ୍ପ ଓ ଉବଣ୍ଟୁ ଭଳି ଖୋଲା ଲିନକ୍ସ ଅପରେଟିଂ ସିଷ୍ଟମ କିମ୍ବା Mozilla Firefox ଭଳି ବ୍ରାଉଜର ଇନଷ୍ଟଲ କରିପାରିବେ । ସଫ୍ଟଓଏର ସ୍ୱାଧୀନତା ଦିବସର ଚିହ୍ନ ସ୍ୱରୂପର ଲେଖକର ଏ ଲେଖାଟି ମଧ୍ୟ ଏକ ଖୋଲା ଲାଇସେନ୍ସରେ ଆଉ ଶ୍ରେୟ ଦେଇ କେହି ଚାହିଁଲେ ତାହାକୁ ପ୍ରକାଶ କରିପାରିବେ ।

For more details visit https://cis-india.org/openness/software-freedom-day

ଆମ ହାତେ ଆମ କୋଡ୍ ଲେଖିବା

subha — 2016-09-17T16:04:12Z

I authored a column on writing our code in our own hands for the editorial of Odia-language daily the "Samaja". The piece is about the philosophy of software freedom and how free and open source software is making a significant difference in our lives. I have also shared a little bit about how anyone can celebrate the Software Freedom Day today by contributing to and sharing about to FOSS.

For more details visit https://cis-india.org/a2k/blogs/samaja-september-17-2016-subhashish-panigrahi-let-us-write-our-code-in-our-own-hands

It's September, and That Means It's Time for Software Freedom Day

subha — 2016-09-17T15:42:46Z

Software Freedom Day (SFD), which celebrates the use of free and open software, is just around the corner on September 17. When the day first started in 2004, only 12 teams from different places joined, but it has since grown to include hundreds registered events around the world, depending on the year.

The article was published by Global Voices on September 17, 2016.

Supported by several global organizations like Google, Canonical, Free Software Foundation, Joomla, Creative Commons and Linux Journal, Software Freedom Day draws its inspiration from the philosophy promoted by people like Richard Stallman who argue that free software is all about the freedom and not necessarily free of cost but provides the liberty to users from proprietary software developers’ power and influence. SFD encourages everyone to gather in their own cities (here's a map of places where SFD is organized this year), educate people around them about free software, and promote the cause on social media (with the hashtag #SFD2016 this year). There's also hackathons (hacking free software to modify the code and create what one wants to have in it), running free software installation camps, and even going creative with flying a drone running free software.	What are FOSS, free software, open source, and FLOSS? Free and open source software (FOSS or F/OSS), and free/libre and open-source software (FLOSS) are umbrella terms that are used to include both free software and open source software. Adopted by noted software freedom advocate Richard Stallman in 1983, free software has many names — libre software, freedom-respecting software and software libre are some of them. As defined by the Free Software Foundation, one of the early advocates of software freedom, free software allows users not just to use the software with complete freedom, but to study, modify, and distribute the software and any adapted versions, in both commercial and noncommercial form. The distribution of the software for commercial and noncommercial form, however, depends on the particular license the software is released under. “Open source” was coined as an alternative to free software in 1998 by educational-advocacy organization Open Source Initiative. Open source software is generally created collaboratively, made available with its source code, and it provides the user rights to study, change, and distribute the software to anyone and for any purpose.

From South Asia, there are 13 celebratory events in India, eight in Nepal, one in Bangladesh and four in Sri Lanka.

South Asian countries have seen adoption of both free software and open source software by individuals, organizations and the government. The Free Software Movement of India was founded in Bengaluru, India, in 2010 to act as a national coalition of several regional chapters working to promote and grow the free software movement in India.

The Indian government has launched an open data portal at data.gov.in portal for sharing large datasets like the census data under free licenses. The government's new policy emphasizes on adopting open source software. Moreover government's Ministry of Communication and Information Technology asked vendors to include open source software applications while making requests for proposals.

Similarly, there are several free and open source communities and organizations operating from the subcontinent, like Mozilla India, Wikimedia India, the Centre for Internet and Society, Open Knowledge India, Mozilla Bangladesh, Wikimedia Bangladesh, Bangladesh Open Source Network, Open Knowledge Bangladesh, Mozilla Nepal, Wikimedians of Nepal, Open Knowledge Nepal, Wikimedia Community User Group Pakistan, and the Lanka Software Foundation in Sri Lanka.

Mohammad Jahangir Alam, a lecturer from Southern University Bangladesh, argues in a research paper that the use of open source software can help the government save a enormous amount of money that are spent in purchasing proprietary software:

A Large amount of money of government can be saved if the government uses open source software in different IT sectors of government offices and others sectors, Because government is providing computer to all educational institute from school to university level and they are using proprietary software. For this reason government is to expend a large amount of many for buying proprietary software to run the computers. Another one is government paying significant amount of money to the different vendors for buying different types of software to implement e-Governance project. So, the Government can use open source software for implanting projects to minimize cost of the projects.

For more details visit https://cis-india.org/openness/global-voices-september-17-2016-subhashish-panigrahi-it-is-september-and-that-means-it-is-time-for-software-freedom-day

Methodology: Statements of Working (Form 27) of Indian Mobile Device Patents

rohini — 2017-09-10T15:19:51Z

In India, if a patent is not locally worked within three years of its issuance, any person may request a compulsory license, and if the patent is not adequately worked within two years of the grant of such a compulsory license, it may be revoked. In order to provide the public with information about patent working, India requires every patentee to file an annual statement on “Form 27” describing the working of each of its issued Indian patents. We conducted the first comprehensive and systematic study of all Forms 27 filed with respect to mobile devices. We tried to empirically establish the extent to which patentees and licensees comply with the statutory requirement to declare information about the working of their patents. Research assistance was provided by interns Anna Liz Thomas and Nayana Dasgupta.

The research paper on patent landscape, Patents and Mobile Devices in India: An Empirical Survey, [PDF] was published in the Vanderbilt Journal of Transnational Law (2017).

The research paper on "Patent Working Requirements and Complex Products: An Empirical Assessment of India's Form 27 Practice and Compliance" has been published here (July 2017).

The dataset of all the Form 27 studied for this paper has been published here.

Research Questions

How many annual Form 27 submissions have been made to the Indian Patent Office for 4,419 granted patents identified in the landscape of mobile device patents in India?
How many patents have no corresponding Form 27 filed yet?
How many Form 27 submissions from those found are defective?
Is there an identifiable pattern in the defects and discrepancies?
Is there any discernible trend in filing of Form 27 over time and with respect to patent owners?

The objective of this paper is to quantitatively determine the extent to which patentees and licensees comply with the statutory requirement to declare information about the working of their patents according to Section 146(2) of the Patents Act, 1970 read with Rule 131 of the Patent Rules, 2003.

Section 146(2): Without prejudice to the provisions of sub-section (1), every patentee and every licensee (whether exclusive or otherwise) shall furnish in such manner and form and at such intervals (not being less than six months) as may be prescribed statements as to the extent to which the patented invention has been worked on a commercial scale in India.

Rule 131: Form and manner in which statements required under section 146(2) to be furnished

The statements shall be furnished by every patentee and every licensee under sub-section (2) of section 146 in Form 27 which shall be duly verified by the patentee or the licensee or his authorised agent.
The statements referred to in sub-rule (1) shall be furnished in respect of every calendar year within three months of the end of each year.
The Controller may publish the information received by him under sub-section (1) or sub-section (2) of section 146.

Object

The research object is Form 27 submissions made annually to the Indian Patent Office for the 4,419 granted patents.

4,052 of these patents were identified in the landscape (“the patent landscape”) developed by the Centre for Internet and Society as a part of ongoing research on patents pertaining to sub-USD-100 mobile devices sold in India. The dataset of the patent landscape can be accessed here. Another 367 patents pertaining to mobile technology identified during the landscaping exercise but excluded from it, were added to the initial set of 4,052 patents.

A blank copy of Form 27 is available here. The pro forma is defined as per Schedule II of Patent Rules, 2003.

Research Methods

[Corresponding research questions

How many annual Form 27 submissions have been made to the Indian Patent Office for 4,419 granted patents identified in the landscape of mobile device patents in India?
How many patents have no corresponding Form 27 filed yet?
How many Form 27 submissions from those found are defective?]

Outsourcing the searching of the submitted copies of Form 27 to a contractor

Owing to the repetitive nature of the process for collecting the forms, as well the large scale of the project, the task of searching was outsourced to a contractor. Price quotations were invited from five data entry operators and two firms of patent attorneys. On the basis of the quotation, deliverable time, scope and nature of the results delivered, and quality assurance, the contract was awarded to one firm. The firm offered the best price for a commensurate deliverable time and assured quality of results.

Form 27 retrieval online

Form 27 were searched from IPAIRS (Indian Patent Information Retrieval System) and InPASS (Indian Patent Advanced Search System) public databases of the Indian Patent Office.

InPASS has two features: Application Status and E-Register. We checked both features, in case forms not found through one could be located through the other. We indeed found that, sometimes, the forms not available on E-register could be found through the Application Status table, and vice versa.

Case 1: Accessing form 27 using Application Status tab on INPASS

A search portal is located at ipindiaservices.gov.in/publicsearch.

Enter the patent number in the “Patent Number” search field without the kind codes (IN) and click on “Search”. E.g., for patent number IN263932B, enter ‘263932’ in the “Patent Number” field.
Once the queried patent is displayed, select the “Application Status” tab to access the list of documents that were filed for the requested patent.

In the Application Status tab, scroll down to the bottom to view “Application Status table”. Click on the “View Documents” button to access the list of the documents filed for the queried patent. A pop-up window opens with the results.

In the window, a list of hyperlinks to various documents is displayed. Sometimes Form 27/ working statement is explicitly named so. At other times, it may have a different title. Once you click on the form 27 link, a PDF file opens in a new tab. There may be more than one Form 27 in the list of documents as Form 27 is an annual submission.

Case 2: No record of Form 27 found (Application status tab)

If the form is not present on InPASS, that is, if it has not been uploaded to the website, or if it has not been submitted to the Indian Patent Office (IPO), then it will not be displayed in the list of documents described in Case 1, step 5. Such instances have been logged as “No record found”.

Case 3: Accessing form 27 using E-Register tab on INPASS

At http://ipindiaservices.gov.in/publicsearch, a patent search portal is displayed. Enter the patent number by following the same steps as described in Case 1 until the queried patent is displayed. Select the “E-register” tab to access the e-register data corresponding to the queried patent.

In the “E-register” tab, scroll to the bottom to view the “Information u/s 146” table. The “Information u/s 146” table includes a list of Form 27 filed for the queried patent. As visible in the screenshot below, on clicking the “261762_2015” hyperlink, Form 27 for the queried patent opens. There could be multiple form 27s corresponding to different years.

Case 4: No record of Form 27 found (E-register)

If the form is not present in the E-register, that is, if it has not been uploaded to the website or if it has not been submitted to the IPO, then the E-Register tab displays “Eregister Not Available”.

Case 5: Searching on IPAIRS

Both InPASS and IPAIRS fetch forms from the same URL. However, we observed that one search engine sometimes displays the forms when the other doesn’t. The IPAIRS search engine was used when Form 27 was not found on InPASS.

IPAIRS patent search homepage: http://ipindiaonline.gov.in/patentsearch/search/index.aspx On the home page, in the Application Status tab, enter the full patent application number and CAPTCHA.
A window containing information pertaining to the patent application opens. At the bottom of the window, there is a “View Documents” button.

On clicking on “View Documents”, a new window with list of hyperlinked documents opens as described in Case 1, Step 5.

The URL for the new window displayed via “View Documents” on IPAIRS is the same as the URL displayed via “View Documents” in the “Application Status” tab on InPASS. For example, for patent number 263932, the URL for this window is the same on IPAIRS and InPASS: http://ipindiaonline.gov.in/patentsearch/GrantedSearch/viewdoc.aspx?id=Bx6eZ7YQLgsl3yH1LqKHjg==&loc=wDBSZCsAt7zoiVrqcFJsRw==

Form 27 retrieval via Right To Information (RTI) requests

CIS filed two requests under the RTI Act, 2005 with the Office of the Controller General of Patents, Designs, and Trade Marks in Mumbai.

CIS' RTI application to the Indian Patent Office in Mumbai, March 2016 [PDF]. The IPO's reply, April 2016 [PDF].

(View text: https://cis-india.org/a2k/blogs/rti-request-to-indian-patents-office-for-form-27-statement-of-working-of-patents-march-2016)

CIS' RTI application to the IPO in Mumbai, June 2015 [PDF]. The IPO's reply, June 2015 [PDF].

(View text: https://cis-india.org/a2k/blogs/rti-request-to-indian-patents-office-for-form-27-statement-of-working-of-patents-2015)

InPASS and IPAIRS yielded Form 27 for 1,999 patents out of 4,419. For Form 27 pertaining to 61 of the remaining patents, CIS made a request in March 2016 under the Right to Information Act (2005) to the office of the Indian Patent Office located in Mumbai.

How the 61 patents were chosen
37 of the 50 companies in the patent landscape owned granted patents. We took one patent from each of the 37 companies. [See Annexure 4 (PDF)of Methodology: Patent landscaping in the Indian mobile device market] The remaining were patents litigated in India, as well as patents transferred from one of the companies in the landscape to another.

IPO’s reply to the March 2016 RTI application
The IPO replied in April 2016 that it could provide CIS with forms for eleven of the requested patents. As for the rest of the forms, the IPO stated, “As thousand [sic] of Form-27 are filed in this office, it is very difficult to segregate Form-27 for the patent numbers enlisted in your RTI application as it needs diversion of huge official/ staff manpower and it will affect day to day [sic] work of this office.”

Repeating the Form 27 search online

A few days after CIS received the reply from the IPO, Form 27 pertaining to patents in the landscape started appearing on InPASS and IPAIRS E-register portal. CIS’ contractor repeated the search for forms for all 4,419 patents as some forms filed in 2016 and 2015 were found. Forms for additional 1,003 patents were found, taking the number of patents with at least one corresponding form to 3,002.

Of the 1,417 patents for which forms were not found, 481 are either expired or there is no log corresponding to them in the E-Register.

Schema for the results

Information from the Form 27 was logged into a spreadsheet with the following heads:
Serial Number -- Assignee -- Patent Number -- Status -- Application Date -- Grant Date -- Title -- Application Number -- Form 27 presence -- Multiple Forms -- Number of years -- Year -- If Worked -- Working/ Non-working Status -- Working/ Non-working Information -- Licensing Status -- Licensing Information -- Comments.

Detailed legend and process of logging the results

Assignee: Name of the company that owns the patent. Annexure 4 [PDF] lists 50 companies studied for the patent landscape. 37 of those companies owned patents in India. Thus, the assignee could be one of 37 companies among the 50 in Annexure 4. Where two assignees are mentioned, the patent was transferred from the second assignee to the first on account of sale of the patent, company merger, etc. For example, "Huawei|NEC" indicates that a patent that belonged to NEC was transferred to Huawei.

Form 27 presence: Whether or not Form 27 was found. Entries in this column are either “Yes” or “No”. If case Form 27 was not found, the subsequent columns are unpopulated.

Multiple Forms: If more than one Form 27 was found, the number of years for which it was found. In some cases, more than one form was found for the same patent for the same year. We have considered these instances as a single form for the same year and noted the defect in the “Comments” column.

Year: The year for which the form was filed. This information was found in #2 of the pro forma of Form 27. In the case of patents with Form 27 filed for more than one year, the entries for different years have been logged into consecutive rows.

If Worked: This information was found in 3(i) of the pro forma. Depending on whether the text of Form 27 states that the patent was “worked” or “not worked”, results have been logged as either “Yes” or “No”. In instances where it is not explicitly stated whether the patent has been worked or not, or where 3(i) is blank, the results are logged as “Not disclosed” with a description of the defect in the “Comments” column.

Working/ Non-working status: Corresponds to 3(i)a in the case of patents stated as “worked” and to 3(i)b in the case of those stated as “not worked”. The results have been marked as:

Description is generic (future use)
Description is generic (present use)
Description is specific
No description

Description is generic (future use): No specific information been provided as required by 3(i)a or 3(i)b. The description indicates that in the future the patentee might “work” or license the patent or do both. E.g: “May be worked in the future depending on the market demand and when technology is mature.”

“We are still assessing the commercial and technological aspects of working of this patent in India and negotiating marketing and distribution of patented product with related parties.”

“Technical developments [sic] are still continuing” or “Negotiations and technical developments [sic] are still continuing”.

Description is generic (present use): No specific information been provided as required by 3(i)a or 3(i)b. The description indicates that the patentee may be “working” the patent. E.g:, “DUE TO THE NATURE OF THE INVENTION, IT IS NOT POSSIBLE TO DETERMINE ACCURATELY WHETHER THE PATENTED INVENTION HAS BEEN WORKED IN INDIA OR NOT. Improvements in the invention are continuing to be made. The Patentee is actively looking for licensees and customers to commercialise the invention in the Indian environment.”

“... This patent is among a large number of patents in the patentee’s complex portfolio which may cover the products services and embedded technologies provided by the patentee or its licensee(s) in India. This patent might worked [sic] in India in some of the patentee(s) existing or future products, services and embedded technologies. Given the extremely Iarge number of patents that may apply to any given product or service of the patentee, it is very difficult to Identify and accurately update which of those patents would apply to the numerous products, services and embedded technologies.”

Description is specific: Specific information has been provided as required in 3(i)a or 3(i)b.

E.g, “Quantum of the patented product-303520 and value of the patented product in INR-2790524299”.

No description: 3(i)a and 3(i)b are blank.

Working/non-working information: Contains the full text of the descriptions mentioned in “Working/non-working status” column. These have been reproduced verbatim from Form 27 filings.

Licensing status: States whether or not the patent has been licensed as per 3(ii) of the pro forma for Form 27. Results are logged as “Yes” (licensed), “No” (no-licensed), “Cross-licensed” and “Not disclosed”.

“Not disclosed” indicates that the response to 3(ii) is either blank or there is an explicit statement that licensing information would not be disclosed on Form 27. E.g: “As all the licenses are confidential in nature, the details pertaining to the same are not being disclosed herein and may be provided to the Patent Office as and when the same is specifically directed by the Patent Office under sealed cover so that such details are not laid open in public domain.”

Licensing information: Contains the full text of the response reproduced verbatim from 3(ii). (Blank fields when there is no text in 3(ii))

For patents marked as licensed, this column contains the names and addresses of licensees and/ or sub-licensees.

For patents marked as not-licensed, this column is either blank or contains statements such as, “Information Not readily available; efforts will be made to collect and submit further information, if asked for.”, “None”, “No licensees”.

For patents marked as “cross-licensed”, the patentee states that it has a cross-licensing agreement with its licensees. E.g: “There is a cross license agreement between <company name> and at least one licensee, giving mutual rights to produce despite monopoly afforded by patents that are hold by any of the companies. There is no information available on whether the technology of said patent is included products sold by such licensee. As all the licenses are confidential in nature, the details pertaining to the same shall be provided under specific directions from the Patent Office.”

Comments: Contains information about defects and notable observations from the Form 27 submissions.

Validation of results

Validation of the results was done via deduplication first and then random sampling of 10% of the results.

Analysis of results

[Corresponding research questions:
4. Is there an identifiable pattern in the defects and discrepancies?
5. Is there any discernible trend in filing of Form 27 over time and with respect to patent owners?]

The results logged into the spreadsheet were analysed to find a pattern in the defects in the submissions. Visualisations will be created, if necessary.

Prior Art

Extraordinary writ petition in the matter of a public interest litigation, filed in the High Court of Delhi, Shamnad Basheer vs Union of India and others, C.M. No. 5590 of 2015 http://spicyip.com/wp-content/uploads/2015/05/FORM-27-WP-1R-copy.pdf

The petitioner(s) “sought to investigate the commercial working of certain patented inventions in India, particularly in relation to three key areas”. One of these areas include telecommunications technology. Para 53 to 58 of the writ elucidate on the petitioners’ observations and findings on “High technology patents and trolls”, while para 59 and 60 refer to the linkage between patents and products. Annexure P-8 of this petition contains copies of Form 27 filed by Ericsson in India. Annexure P-11 contains a “summary of findings of Form 27 investigations conducted by the petitioner”. Annexure P-4 (II. Telecommunications Sector) contains a list of 58 patents pertaining to the telecommunications domain in India. 21 of these are coincide with the patent landscape mentioned in “Research Object”.
Basheer had published a report in 2011 based on the findings of his RTI investigation of Form 27 pertaining to pharmaceutical patents in India. The report titled “RTI Applications and “Working” of Foreign Drugs in India?” is available at: http://www.spicyip.com/docs/Workingpatents.doc The report sheds light on lack of filing, incomplete filing and violation of patent working norms by pharmaceutical companies. He states having encountered difficulties during the RTI process: The RTI process was a very arduous one, with the patent office refusing information or claiming missing files in some cases. We had to resort to the appellate procedure in almost all cases. And in one case concerning the drugs Tarceva and Sutent, both the CPIO (Delhi office) and the appellate authority refused to provide information. We had to then take the matter up directly with Controller General PH Kurian who immediately ordered that the information be provided. Upon his instructions, the information was provided within 24 hours. However, we received this information only on the 4^th of April 2011, more than 6 months since we began the RTI process! (Source: Drug Firms and Patent "Working": Extent of Compliance with Form 27 http://spicyip.com/2011/04/drug-firms-and-patent-working-extent-of.html

Limitations

If Form 27 is not found on InPASS or INPAIRS, it is not possible to determine if the form has not been submitted to the IPO or it has been submitted but the IPO has not uploaded it. There is no publicly available database or log where such information is available.
Technical issues with the IPAIRS website hampered the speed of searching for and downloading Form 27. At the time of trial run in May 2015, the website was not available for nearly a week. Technical issues also lead to conflicting search results on IPAIRS and INPASS at times. For example, the form may be available via one search engine but not via another, even though they are fetched the files from the same database. Runtime errors occur due to browser caching.

Edited, September 10, 2017: To add -- URLs of the research paper on Form 27 published in July 2017, and of the dataset containing raw data, which was published and licensed CC-BY-SA 4.0.

For more details visit https://cis-india.org/a2k/blogs/methodology-statements-of-working-form-27-of-indian-mobile-device-patents

Where is the Regional Comprehensive Economic Partnership Headed?

sinha — 2016-09-17T14:15:05Z

The Regional Comprehensive Economic Partnership (RCEP) – the Asian answer to the Trans-Pacific Partnership (TPP) is still being furiously scripted.

The blog post was originally published in Spicy IP on September 7, 2016. It can be read here.

The US-led TPP and China-led RCEP were always touted as rivals racing to set global trade standards before the conclusion of the other. Well, TPP gunned ahead and is currently in the ratification phase, where as RCEP is yet to be concluded and talks may very well enter 2017. The latest round of RCEP talks ended last month and paints a worrisome picture for the global south, given that it will bring 3.5 billion people and 12% of world trade into its fold.

Free Trade Agreements (FTAs) do not enable zero-sum free trade. In fact, each country leaves with disproportionate gains and losses in their kitty, after the conclusion of the agreement. And the worst casualties are environment, public health, labour rights, SMEs and local markets. Since there is plenty of give and take occurring in a context of fluid foreign policy relations, it becomes imperative to locate the ‘barter’. Last month, Balaji wrote an excellent comparative analysis(I & II) of the RCEP IPR text, and this post complements that. I present a regional overview of negotiations and the impact on course of the agreement, as gathered from press coverage of the meetings and the leaks; and to provide a more wholesome picture of the barters, I discuss other relevant chapters at the end of this post. Further, as the negotiations are conducted in secrecy, different organisations and individuals have ‘leaked’ draft texts. KEI and bilaterals.org are two such organizations that regularly collate and release latest RCEP texts. I rely on RCEP’s IP Chapter(October 15, 2015 version) and Terms of Reference by the Working Group on Electronic Commerce(August 2015 version). Analysing the Telecommunications Services chapter is outside the scope of the post, and I link it here for the interest of our readers.

Impact on E-commerce

What is currently available are the terms for reference establishing the Working Group’s mandate on drafting a chapter on e-commerce. The document acknowledges the need for inclusion of a provision for special and differential treatment, and additional flexibilities to the least developed ASEAN countries. It draws a list of relevant elements for possible inclusion in the RCEP. I reproduce the list here (emphasis supplied is mine):

I. General Provisions

Cooperation
Electronic Supply of Services

II. Trade Faciliation

Paperless Trading
Electronic Signature and Digital Certification

III. Creating a Conducive Environment for Electronic Commerce

Online Consumer Protection
Online Personal Data Protection
Unsolicited Commercial E-mail
Domestic Regulatory Frameworks
Custom Duties
Non-Discriminatory Treatment of Digital Products

IV. Promoting Cross Border Electronic Commerce

Prohibition on Requirements Concerning the Location of Computing Facilities
Prohibition on Requirements Concerning Disclosure of Source Code
Cross- Border Transfer of Information by Electronic Means

While there is no clarity on customs duties, there is a mention of non-discriminatory treatment of digital products. While India has no law on non-discriminatory treatment of digital products, this may conflict with the Indian government’s policy on adoption of open source software for government use.

More alarmingly, the first prohibition restrains governments from mandating data localisation. The Trans-Pacific Partnership (TPP) and Trade in Services Agreement (TISA) also bar governments from making rules on data localisation, i.e. requiring physical situation of servers and storage in their countries’ territories. This is a worrisome provision because it may effectuate surreptitious surveillance. The prohibition on disclosure of source code is also troublesome and is aimed to stop examination and review of code in computing devices. This would effectively ban security researchers from finding security vulnerabilities in devices, and the if the provision is drafted like its counterpart in the TPP, there will also be prohibitions on checks by regulating authorities.

Re ‘Cross- Border Transfer of Information by Electronic Means’, the provision will be most likely drafted to favour big data and advertising companies’ operations enabling unrestricted transfer of personal data(like the TPP). If that is the case, then it will be in conflict with Rule 7 of the Information Technology (Reasonable security practices and sensitive personal data or information) Rules 2011, which permits cross-border flow of personal information only in situations where the recipient of the information complies with Indian data protection standards as a bare minimum.

Impact on farmer's seeds

RCEP is bound to hit farmers the worst: not only are countries reducing tariffs for increased import of agricultural products, there also exists an obligation to join the International Union for Protection of New Varieties of Plants (UPOV system), which would mandate members to introduce a new IPR: the breeders’ right over new plant varieties. Japan and Korea want RCEP members to join UPOV 1991, and Japan has proposed criminal penalties for the infringement of breeders’ rights.

While India has applied to become a member to the UPOV Convention, in 2001 it passed the Protection of Plant Varieties and Farmers’ Rights Act, and thereby built a sui generis system of protection (ambitiously trying to balance breeders’ rights and farmers’ rights). It will be naive to expect a similar attempt in balanced lawmaking by other countries. Furthermore, “…India’s current legislation is less stringent than UPOV 1991. It allows farmers to continue with their seed practices, except they cannot sell packaged seeds of protected varieties. The space for both small farmers and public breeders to freely work with seeds will be lost of RCEP goes the way of what Korea and Japan are proposing.” Using FTAs to reduce farmers’ freedom has been well documented, and you may read more on that here.

The text also desires all RCEP members to codify traditional knowledge and make it available to various patent offices. This push is widely regarded as problematic, as it is feared that documenting and digitization of existing knowledge may propel companies to use that information for commercial gains, to the detriment of the indigenous people and farming communities. On the other hand, it would be feasible to share such data in a confidential manner with patent offices, as India has done under the TKDL.

Massive reduction in tariffs

Tariffs emerged as an enormous sticking point in the August round, and there was pressure on India to eliminate tariffs completely. India proposed a differential tariff reduction plan, but countries kept pushing for a single-tier plan – particularly Japan. Finally, in what is seen as a big loss, India offered tariff cuts as high as 80% goods trade for all RCEP partners, except China. With China, India said that it was only comfortable with a 65% tariff cut initially, given the skewed trade deficit between China and India. It is worth noting that for India, RCEP will become the first FTA to forge trade partnerships with China, Australia,and New Zealand.

As a result of the heavy concession in tariffs, the Kerala Agriculture Minister has moved a cabinet note, and written a letter to the Centre expressing serious concerns on lowering of tariffs for agricultural products. He also requested to include Kerala in the RCEP pre-negotiation talks.

Staving off ISDS

Provisions on investor-to-state dispute settlement (ISDS) are being pushed by Japan and South Korea. Countries are not convinced about agreeing to this, especially India. In fact, India is in the process of rolling back on bilateral investment treaties, and has already moved for BIT termination with 57 countries. We’ve already seen ISDS being (mis)used by private entities against governments – there have been enough challenges to countries’ IPR laws and policies as well.

Mobilised Movements against the RCEP

Individuals and organizations are advocating for scrapping the RCEP, given the impact that it is expected to have on people’s rights and freedoms. A ‘People’s Strategy Meeting’ last month conducted large-scale sessions to inform civil society organizations, NGOs, trade unions, farmers groups and other peoples’ movements in the Asia-pacific region. Many have also been persistently calling out for a meeting with negotiators of their respective countries and for a public hearing on the RCEP. The Asia Pacific Research Network has released a policy brief on the RCEP, and you may read that here.

The road ahead

Looking at the larger picture, it is evident now that neo-FTAs’ focus on trade has descended into attacks on sovereign states’ economic and social policies.

With respect to the RCEP IPR text, India is trying to eliminate TRIPS plus provisions from the text. And after heavy concessions on the tariff front, it will be bargaining for liberalisation in services in the next rounds. India’s aim is to clinch a deal allowing for free-er movement of its workers and professionals. Further, the negotiations are going to proceed quickly now. Members are becoming desperate to lock down the text, and therefore, this year we will see more rounds than the usual scheduled ones. The urgency is driven largely by Japan and Korea – both of which wish to ratify the TPP soon and would like the RCEP to work in tandem.

In another worrisome development, Phillipines, Thailand and Indonesia have met with US trade officials on what they need to do to join the TPP, once it is implemented. These countries are considering making serious changes to their labour, environmental, IP, and other standards. Yesterday, US Prez. Obama arrived in Vietnam for the Asean summit, trying hard to sell the TPP. Japan and Korea are already TPP members, and if ASEAN countries come under TPP’s fold as well, we may see an upping of standards at the RCEP.

India will have to deploy serious negotiating chops at the upcoming rounds if it is remotely hopeful of steering the RCEP standards away from the TPP.

Author’s note: Added the sentence “On the other hand, it would be feasible to share such data in a confidential manner with patent offices, as India has done under the TKDL.”

For more details visit https://cis-india.org/a2k/blogs/spicy-ip-september-7-2016-anubha-sinha-where-is-the-regional-comprehensive-economic-partnership-headed

Quarter Life Crisis: The World Wide Web turns 25 this year

nishant — 2016-09-16T13:25:38Z

With the unexplained ban on websites, the state seems to have stopped caring for the digital rights of its citizens.

The article was published in the Indian Express on September 3, 2016.

The World Wide Web turned 25 this year. A quarter of a century ago, the first website went live, and since then, the world as we know it has changed. The internet is probably the fastest way a new technology has become old. There are generations who have never known the world without it being connected. And yet, it is safe to say that if put into a corner, most of us might have a tough time trying to exactly describe what the World Wide Web is, and how it operates. Like many massification technologies, the internet has quickly evolved from being the playground for geeks to tinker with and build digital networks, into a blackbox that we access through our seductively designed interfaces.

At a technological level, the internet was a standardisation protocol that allowed for distributed databases on remote computers to interact with each other using digital connections. At the heart of the internet was the impulse to share, and to share safely, new information that would lead to collaborative knowledge production and stronger network communities. The World Wide Web saw this potential of sharing information quickly as one of the most promising aspects of human futures. Sir Tim Berners-Lee, in his first vision of the WWW, had proposed that the capacity to share information, without loss of quality, would create new societies of equality and equity. In this vision, the website was a way of sharing information, expression, political desire, personal longing and social ideas, thus creating connected societies that would be able to consolidate the sum total of all human experience.

That historical moment of the technological architecture and the ideological articulation of the internet and the WWW are critical because as the internet has become increasingly privatised, with intermediaries, Internet Service Providers, and content producers claiming more and more of the digital turf, we have seen continued attack on the principles of sharing. We have, in the last few years, seen draconian crackdowns on people sharing their political views on social media, arresting young people for their political dissent online. We have witnessed the emergence of paywalls that close down content, criminalising students trying to access new knowledge towards their education. We have seen the policing of online creative spaces, monitoring users who engage in cultural production, forcing them into repressive intellectual property regimes that they do not necessarily want.

Most of these attacks on sharing have been fuelled by private companies who see the economic benefits of creating media monopolies out of the internet. These attacks have been particularly vicious because they also recognise the potentials of digital connectivity to completely disrupt the extraordinary powers of crowds who can co-create the biggest encyclopaedia in the word and undermine the corporatisation of cultural objects. And yet, in the interest of profits, there has been persistent lobbying from the private owners of the public goods of the internet, to crack down on sharing and access through legal punishment.

Like many developing countries, India has been resisting the enforcing of Intellectual Property Rights promoted by private lobbyists. In doing so, it recognises that emerging geographies need more open, universal and affordable access to information and that the true potential of digitisation lies in the capacity of the web to enable unfettered access to knowledge and cultural artefacts. Despite pressure from global lobbies, the Indian state has continued to emphasise that access for public good overrides the interest of private right holders, and has favoured the digital user’s right to access material which they might not always have the economic rights for. Some scholars say that this is where the state emphasises that the moral rights of access to information supersede the legal rights that close the possibilities of access.

Or at least, the Indian state recognised the need of its still-being-connected population to have free access till recently. With the new law that enforces a block on torrent and file sharing sites, warnings of punitive action, and an unexplained ban on websites that most users have been using for knowledge and cultural products, the state seems to have buckled under private lobbying and also stopped caring for the rights of its citizens. There will always be a split vote when it comes to figuring out the pros and cons of piracy, and it is important to recognise the right of the cultural and knowledge producer to protect their economic interests. The debates have been interesting because it was difficult to take sides and required a balancing act of negotiation between different parties.

However, with this new intervention, the Indian government seems to have taken sides, and made up its mind, that for the future of Digital India, it is going to favour the corporation, the company, the private profit making entity over the individual, the collective, and the public that sought to access information through the fundamental principle of the digital web — sharing.

For more details visit https://cis-india.org/raw/indian-express-september-3-2016-nishant-shah-quarter-life-crisis-the-world-wide-web-turns-25-this-year

CIS - Telangana State Open Data Policy v.1 - Submission

sumandro — 2016-09-01T05:45:54Z

For more details visit https://cis-india.org/openness/files/cis-telangana-state-open-data-policy-v-1-submission

Submitted Comments on the Telangana State Open Data Policy 2016

sumandro — 2016-09-01T05:49:51Z

Last month, the Information Technology, Electronics & Communications Department of the Government of Telangana released the first public draft of the Telangana State Open Data Policy 2016, and sought comments from various stakeholders in the state and outside. The draft policy not only aims to facilitate and provide a framework for proactive disclosure of data created by the state government agencies, but also identify the need for integrating such a mandate within the information systems operated by these agencies as well. CIS is grateful to be invited to submit its detailed comments on the same. The submission was drafted by Anubha Sinha and Sumandro Chattapadhyay.

Download the submitted document: PDF.

1. Preliminary

1.1. This submission presents comments and recommendations by the Centre for Internet and Society (“CIS”) [1] on the proposed draft of the Telangana Open Data Policy 2016 (“the draft policy”). This submission is based on Version 1 of the draft policy shared by the Information Technology, Electronics & Communications Department, Government of Telangana (“the ITE&C Department”).

1.2. CIS commends the ITE&C Department for its generous efforts at seeking inputs from various stakeholders to draft an open data policy for the state of Telangana. CIS is thankful for this opportunity to provide a clause-by-clause submission.

2. The Centre for Internet and Society

2.1. The Centre for Internet and Society, CIS, is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa.

2.2. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved. The comments in this submission aim to further the principle of citizens’ right to information, instituting openness-by-default in governmental activities, and to realise the various kinds of public goods that can emerge from greater availability of open (government) data. The submission is limited to those clauses that most directly have an impact on these principles.

3. Comments and Recommendations

This section presents comments and recommendations directed at the draft policy as a whole, and in certain places, directed at specific clauses of the draft policy.

3.1. Defining the Scope of the Policy in the Preamble

3.1.1. CIS observes and appreciates that the ITE&C Department has identified the open data policy as a catalyst for, and as dependent upon, a larger transformation of the information systems implemented in the state, to specifically ensure that these information systems.

3.1.2. CIS commends the endeavour of the draft policy to share data in open and machine-readable standards. To further this, it will be useful for the preamble to explicitly mandate proactive disclosure in both human-readable and machine-readable formats, using open standards, and under open license(s).

3.1.3. CIS recommends that the draft policy state the scope of the policy at the outset, i.e. in the Preamble section of the document. This will provide greater clarity to the stakeholders who are trying to ascertain applicability of the draft policy to their data.

3.1.4. CIS commends the crucial mandate of creating data inventory within every state government ministry / department. We further recommend that the draft policy also expressly states the need to make these inventories publicly accessible.

3.1.5. CIS commends the draft policy’s aim to build a process to engage with data users for better outcomes. We suggest that the draft policy also enumerates the “outcomes” of such engagement, in order to provide more clarity. We recommend that these “outcomes” include greater public supply of open government data in an effective, well-documented, timely, and responsible manner.

3.1.6. Further, CIS suggests that the draft policy define “information centric and customer centric data” to provide more clarity to the document, as well as its scope and objectives.

3.2. Provide Legal and Policy References

3.2.1. Strengthening transparency, predictability, and legal certainty of rules benefits all stakeholders. Thus, as far as possible, terms in the draft policy should use pre-existing legal definitions. In case of ambiguities arising after the implementation of the policy, consistency in definitions will also lead to greater interpretive certainty. It must be noted that good quality public policies which promote legal certainty, lead to better implementation.

3.2.2. CIS observes that the draft policy re-defines various terms in Section 4 that have already been defined in National Data Sharing and Accessibility Policy (“NDSAP”) 2012 [2], the Right to Information 2005 (“RTI Act”) [3], and IT (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 [4]. We strongly recommend that the draft policy uses the pre-existing definitions in these acts, rules, and policies.

3.2.3. Further, CIS observes that while certain sections accurately reflect definitions and parts from other acts, rules and policies, such sections are not referenced back to the latter. These sections include, but are not limited to: Sections 3, 7, 8, 4 (definitions of Data set, Data Archive, Negative list, Sensitive Personal data). We strongly recommend that accurate legal references be added to the draft policy after careful study of the language used.

3.3. Need for More Focused Objective Statement

3.3.1. While the draft policy has a very comprehensive statement of its objectives, including "all issues related to data in terms of the available scope of sharing and accessing spatial and non-spatial data under broad frameworks of standards and interoperability," it may consider offering a more focused statement of its key objective, which is to provide a policy framework for proactive disclosure of government data by the various agencies of the Government of Telangana.

3.3.2. Further, the objective statement must clearly state that the policy enables publication of data created by the agencies of the Government of Telangana, and/or by private agencies working in partnership with public agencies, using public funds as open data (that is, using open standards, and under open license). The present version of the objective statement mentions "sharing" and "accessing" the data concerned under "broad frameworks of standards and interoperability" but does not make it clear if such shared data will be available in open standards, under open licenses, and for royalty-free adaptation and redistribution by the users concerned.

3.4. Suggestions related to the Definitions

3.4.1. The term “Data” has not been defined in accordance with NDSAP 2012. We suggest that the definition provided in NDSAP is followed so as to ensure legal compatibility.

3.4.2. The term “Sensitive Personal Data” seems to have been defined on the basis of the definition provided in the IT (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011. Please add direct reference so as to make this clear. We further suggest that the term “Personal Information”, also defined in the same IT Rules, is also included and referred to in the draft policy, so that not only Sensitive Personal Data is barred from disclosure under this policy, but also Personal Information (that is "any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person") [5].

3.4.3. The term “Negative List” is defined in a manner that allows the state government ministries and agencies to identify which data are to be considered as non-shareable without any reference to an existing policy framework that list acceptable grounds for such identification. The term must be defined more restrictively, as this definition can allow an agency to avoid disclosure of data that may not be legally justifiable as non-shareable or sensitive. Thus, we recommend a more limited definition which may draw upon the RTI Act 2005, and specifically consider the factors mentioned in Sections 8 and 9 of the Act as the (only) set of acceptable reasons for non-disclosure of government data.

3.4.4. The terms “Shareable Data” and “Sensitive Data” are used in several places in the draft policy but are not defined in Section 4. Both these terms are defined in NDSAP 2012. We suggest that both these terms be listed in Section 4, in accordance with the respective definitions provided in NDSAP 2012.

3.4.5. The terms “Data Archive”, “Data Acquisition”, “Raw Data”, “Standards-Compliant Applications”, and “Unique Data” are defined in Section 4, but none of these terms appear elsewhere in the draft policy. We suggest that these terms are either better integrated into the document, or may not be defined at all.

3.5. Rename Section 6 to Focus on Implementation of the Policy

3.5.1. Though the Section 6 is named as “Shareable Data”, it instead categorically lists down how the policy is to be implemented. This is a very welcome step, but the Section title should reflect this purpose of the Section.

3.5.2. The decision proposed in the draft policy to make it mandatory for "each funding organization" to "highlight data sharing policy as preamble in its RFPs as well as Project proposal formats" is much appreciated and commendable. For a clearer and wider applicability of this measure, we recommend that this responsibility should apply to all state government agencies, including agencies where the state government enjoys significant stake, and all public-private partnerships entered into by the state government agencies, and not only to "funding organizations" (a term that has also not been defined in the draft policy).

3.5.3. While the Section details out various measures and steps of implementation of the policy, it does not clarify which agency and/or committee would have the authority and responsibility to coordinate, monitor, facilitate, and ensure these measures and steps. Not only governmental representatives but also non-governmental representatives may be considered for such a committee.

3.6. Host All Open Government Data in the State Portal

3.6.1. We observe that the Section 6 indicates that , the designated domain for the open government data portal for the state of Telangana, will only store metadata related to the proactive disclosed data sets but not the data sets themselves. This is further clarified in Section 10. We strongly urge the ITE&C Department to reconsider this decision to not to store the actual open data sets in the state open government data portal itself but in the departmental portals. A central archive of the open data assets, hosted by the state open government data portal, will allow for more effective and streamlined management of the open data assets concerned, including their systematic backing-up, better security and integrity, permanent and unique disclosure, and rule-driven updation. This would also reduce the burden upon all the government agencies, especially those that do not have a substantial IT team, to run independent department-specific open data portals.

3.7. Reconsider the Section on Data Classification

3.7.1. While it is clear that the Section 7 on Data Classification follows the classification of various data sets created, managed, and/or hosted by government agencies offered in the NDSAP 2012, it is not very clear what role this classification plays in functioning and implementation of the draft policy. While Open Access and Registered Access data may both be considered as open government data that is to be proactively disclosed by the state government agencies via the state open government data portal, the Restricted Access data overlaps with the kinds of data already included in the Negative List defined in the draft policy (and elsewhere, like the RTI Act 2005). Further, the final sentence in this Section ensures that all data users provide appropriate attribution of the source(s) of the data set concerned, which (though is an important statement) should not be part of this Section on Data Classification. We suggest reconsideration of inclusion of this Section.

3.8. Reconsider the Section on Technology for Sharing and Access

3.8.1. While it is clear that the Section 8 on Technology for Sharing and Access is adapted from the Section 9 of the NDSAP 2012, the text in this Section seems to be not fully compatible with other statements in this draft policy. For example, the Section states that "[t]his integrated repository will hold data of current and historical nature and this repository over a period of time will also encompass data generated by various State Government departments." However, the draft policy states in Section 10 that "data.telangana.gov.in will only have the metadata and data itself will be accessed from the portals of the departments."

3.8.2. We strongly urge the ITE&C Department to revise this Section through close discussion with the NDSAP Project Management Unit, National Informatics Centre, which is the technical team responsible for developing and managing the portal, since the present version of this Section lists the original feature set of the portal as envisioned in 2012 but does not reflect the most recent feature set that has been already implemented in the portal concerned.

3.9. Current Legal Framework (Section 9) should List to Relevant Acts, Rules, Policies, and Guidelines

3.9.1. CIS observes that the draft policy attempts to lay out the applicable legal framework in Section 2 and 9 of the draft policy, and submits that the legal framework is incomplete and recommends that the draft policy lists all the following relevant acts, rules, policies and guidelines:

National Data Sharing and Accessibility Policy, 2012
Right to Information Act, 2005
Information Technology Act, 2002
Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

3.9.2. CIS submits that apart from the policies mentioned above, the implementation of the draft policy is intricately linked to concepts of "open standards," "open source software," "open API," and "right to information." These concepts are governed by specific acts and policies, and are applicable to government owned data, as follows:

Adoption of Open Standards: CIS observes that the draft policy draws on the importance of building information systems for interoperability and greater information accessibility. Interoperability is achieved by appropriate implementation of open standards. Thus, CIS submits that the Policy on Open Standards for e-Governance [6] which establishes the guidelines for usage of open standards to ensure seamless interoperability, and the Implementation Guidelines of the National Data Sharing and Accessibility Policy, 2012 [7] should be mentioned in the draft policy.
Adoption of Open Source Software: The Policy on Adoption of Open Source Software for Government of India states that the "Government of India shall endeavour to adopt Open Source Software in all e-Governance systems implemented by various Government organizations, as a preferred option in comparison to Closed Source Software [8]." As the draft policy proposed to guide the development of information systems to share open data is being developed and implemented both by the Government of Telangana and by other agencies (academic, commercial, and otherwise), it must include an explicit reference and embracing of this mandate for adoption of Open Source Software, for reasons of reducing expenses, avoiding vendor lock-ins, re-usability of software components, enabling public accountability, and greater security of software systems.
Implementation of Open APIs: CIS observes that the draft policy refers to Standard compliant applications in Section 4. CIS suggests that final version of the policy refer to and operationalise the Policy on Open Application Programming Interfaces (APIs) for Government of India [9]. This will ensure that the openly available data is available to the public, as well as to all the government agencies, in a structured digital format that is easy to consume and use on one hand, and is available for various forms of value addition and innovation on the other. Refer to Official Secrets Act, 1923: The Official Secrets Act penalises a person if he/she "obtains, collects, records or publishes or communicates to other person any secret official code or password, or any sketch, plan, model, article or note or other document or information which is calculated to be or might be or is intended to be, directly or indirectly, useful to an enemy for which relates to a matter the disclosure of which is likely to affect the sovereignty and integrity of India, the security of the State or friendly relations with foreign States [10]." CIS submits that this Act should be referred to in this context of ensuring non-publication of the aforementioned data.

3.10. Mandate a Participatory Process for Developing the Implementation Guidelines

3.10.1. We highly appreciate and welcome the fact that the draft policy emphasises rapid operationalisation of the policy by mandating that the ITE&C Department will prepare a detailed implementation guideline within 6 months of the notification of this policy, and all state government departments will publish at least 5 high value datasets within the next three months. Just as an addition to this mandate, we would like to propose that it can be suggested that the ITE&C Department undertakes a participatory process, with contributions from both government agencies and non-government actors, to develop this implementation guideline document. We believe that opening up government data in an effective and sustainable manner, for most government agencies, involves a systematic change in how the agency undertakes day-to-day data management practices. Hence, to develop productive and practical implementation guidelines, the ITE&C Department needs to gather insights from the other state government agencies regarding their existing data (and metadata) management practices [11]. Further, participation of the non-government actors in this process is crucial to ensure that the implementation guidelines appropriately identify the high value data sets, that is data sets that should be published on a priority basis.

3.11. Defer the Decision about Roles of Data Owners, Generators, and Controllers

3.11.1. As the draft policy does not specifically define the terms “Data Owners”, “Data Generators”, and “Data Controllers”, and the Section 11 only briefly describes some of the roles of these types of actors, we suggest removal of this discussion and the decision regarding the specific roles and functions of the Data Owners / Generators / Controllers from the draft policy itself. It will be perhaps more appropriate and effective to define these terms, as well as their roles and functions, in the implementation guidelines to be prepared by the ITE&C Department after the notification of the open data policy, since these terms relate directly to the final designing of the implementation process.

3.12. CIS is grateful to the ITE&C Department for this opportunity to provide comments, and would be honoured to provide further assistance on the matter.

Endnotes

[1] See: http://cis-india.org/.

[2] See: http://data.gov.in/sites/default/files/NDSAP.pdf.

[3] See: http://rti.gov.in/webactrti.htm.

[4] See: http://meity.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf.

[5] See Section 2 (1) (i) of IT (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011.

[6] See: https://egovstandards.gov.in/sites/default/files/Published%20Documents/Policy_on_Open_Standards_for_e-Governance.pdf.

[7] See: https://data.gov.in/sites/default/files/NDSAP_Implementation_Guidelines_2.2.pdf.

[8] See: http://deity.gov.in/sites/upload_files/dit/files/policy_on_adoption_of_oss.pdf.

[9] See: http://deity.gov.in/sites/upload_files/dit/files/Open_APIs_19May2015.pdf.

[10] See: http://www.archive.india.gov.in/allimpfrms/allacts/3314.pdf, Sections 2 (2) and 3 (1) (c).

[11] A similar process was undertaken by the IT Department of the Government of Sikkim when developing the implementation guideline document. The ITE&C Department may consider discussing the matter with the said department to exchange relevant learnings.

For more details visit https://cis-india.org/openness/comments-on-the-telangana-state-open-data-policy-2016

Report on Understanding Aadhaar and its New Challenges

Japreet Grewal, Vanya Rakesh, Sumandro Chattapadhyay, and Elonnai Hickock — 2019-03-16T04:42:52Z

The Trans-disciplinary Research Cluster on Sustainability Studies at Jawaharlal Nehru University collaborated with the Centre for Internet and Society, and other individuals and organisations to organise a two day workshop on “Understanding Aadhaar and its New Challenges” at the Centre for Studies in Science Policy, JNU on May 26 and 27, 2016. The objective of the workshop was to bring together experts from various fields, who have been rigorously following the developments in the Unique Identification (UID) Project and align their perspectives and develop a shared understanding of the status of the UID Project and its impact. Through this exercise, it was also sought to develop a plan of action to address the welfare exclusion issues that have arisen due to implementation of the UID Project.

Report: Download (PDF)

This Report is a compilation of the observations made by participants at the workshop relating to myriad issues under the UID Project and various strategies that could be pursued to address these issues. In this Report we have classified the observations and discussions into following themes:

1. Brief Background of the UID Project

2. Legal Status of the UIDAI Project

Procedural issues with passage of the Act
Status of related litigation

3. National Identity Projects in Other Jurisdictions

Pakistan
United Kingdom
Estonia
France
Argentina

4. Technologies of Identification and Authentication

Use of Biometric Information for Identification and Authentication
Architectures of Identification
Security Infrastructure of CIDR

5. Aadhaar for Welfare?

Social Welfare: Modes of Access and Exclusion
Financial Inclusion and Direct Benefits Transfer

6. Surveillance and UIDAI

7. Strategies for Future Action

Annexure A Workshop Agenda

Annexure B Workshop Participants

1. Brief Background of the UID Project

In the year 2009, the UIDAI was established and the UID project was conceived by the Planning Commission under the UPA government to provide unique identification for each resident in India and to be used for delivery of welfare government services in an efficient and transparent manner, along with using it as a tool to monitor government schemes. The objective of the scheme has been to issue a unique identification number by the Unique Identification Authority of India, which can be authenticated and verified online. It was conceptualized and implemented as a platform to facilitate identification and avoid fake identity issues and delivery of government benefits based on the demographic and biometric data available with the Authority.

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the “Act”) was passed as a money bill on March 16, 2016 and was notified in the gazette March 25, 2016 upon receiving the assent of the President. However, the enforceability date has not been mentioned due to which the bill has not come into force.

The Act provides that the Aadhaar number can be used to validate a person’s identity, but it cannot be used as a proof of citizenship. Also, the government can make it mandatory for a person to authenticate her/his identity using Aadhaar number before receiving any government subsidy, benefit, or service. At the time of enrolment, the enrolling agency is required to provide notice to the individual regarding how the information will be used, the type of entities the information will be shared with and their right to access their information. Consent of an individual would be obtained for using his/her identity information during enrolment as well as authentication, and would be informed of the nature of information that may be shared. The Act clearly lays that the identity information of a resident shall not be sued for any purpose other than specified at the time of authentication and disclosure of information can be made only pursuant to an order of a court not inferior to that of a District Judge and/or disclosure made in the interest of national security.

2. Legal Status of the UIDAI Project

In this section, we have summarised the discussions on the procedural issues with the passage of the Act. The participants had criticised the passage of the Act as a money bill in the Parliament. The participants also assessed the litigation pending in the Supreme Court of India that would be affected by this law. These discussions took place in the session titled, ‘Current Status of Aadhaar’ and have been summarised below.

Procedural Issues with Passage of the Act

The participants contested the introduction of the Act in the form of a money bill. The rationale behind this was explained at the session and is briefly explained here. Article 110 (1) of the Constitution of India defines a money bill as one containing provisions only regarding the matters enumerated or any matters incidental to the following: a) imposition, regulation and abolition of any tax, b) borrowing or other financial obligations of the Government of India, c) custody, withdrawal from or payment into the Consolidated Fund of India (CFI) or Contingent Fund of India, d) appropriation of money out of CFI, e) expenditure charged on the CFI or f) receipt or custody or audit of money into CFI or public account of India. The Act makes references to benefits, subsidies and services which are funded by the Consolidated Fund of India (CFI), however the main objectives of the Act is to create a right to obtain a unique identification number and provide for a statutory mechanism to regulate this process. The Act only establishes an identification mechanism which facilitates distribution of benefits and subsidies funded by the CFI and this identification mechanism (Aadhaar number) does not give it the character of a money bill. Further, money bills can be introduced only in the Lok Sabha, and the Rajya Sabha cannot make amendments to such bills passed by the Lok Sabha. The Rajya Sabha can suggest amendments, but it is the Lok Sabha’s choice to accept or reject them. This leaves the Rajya Sabha with no effective role to play in the passage of the bill.

The participants also briefly examined the writ petition that has been filed by former Union minister Jairam Ramesh challenging the constitutionality and legality of the treatment of this Act as a money bill which has raised the question of judiciary’s power to review the decisions of the speaker. Article 122 of the Constitution of India provides that this power of judicial review can be exercised to look into procedural irregularities. The question remains whether the Supreme Court will rule that it can determine the constitutionality of the decision made by the speaker relating to the manner in which the Act was introduced in the Lok Sabha. A few participants mentioned that similar circumstances had arisen in the case of Mohd. Saeed Siddiqui v. State of U.P. [1].

where the Supreme Court refused to interfere with the decision of the Uttar Pradesh legislative assembly speaker certifying an amendment bill to increase the tenure of the Lokayukta as a money bill, despite the fact that the bill amended the Uttar Pradesh Lokayukta and Up-Lokayuktas Act, 1975, which was passed as an ordinary bill by both houses. The Court in this case held that the decision of the speaker was final and that the proceedings of the legislature being important legislative privilege could not be inquired into by courts. The Court added, “the question whether a bill is a money bill or not can be raised only in the state legislative assembly by a member thereof when the bill is pending in the state legislature and before it becomes an Act.”

However, it is necessary to carve a distinction between Rajya Sabha and State Legislature. Unlike the State Legislature, constitution of Rajya Sabha is not optional therefore significance of the two bodies in the parliamentary process cannot be considered the same. Participants also made another significant observation about a similar bill on the UID project (National Identification Authority of India (NIDAI) Bill) that was introduced before by the UPA government in 2010 and was deemed unacceptable by the standing committee on finance, headed by Yashwant Sinha. This bill was subsequently withdrawn.

Status of Related Litigation

A panellist in this session briefly summarised all the litigation that was related to or would be affected by the Act. The panellist also highlighted several Supreme Court orders in the case of KS Puttuswamy v. Union of India [2] which limited the use of Aadhaar. We have reproduced the presentation below.

KS Puttuswamy v. Union of India - This petition was filed in 2012 with primary concern about providing Aadhaar numbers to illegal immigrants in India. It was contended that this could not be done without a law establishing the UIDAI and amendment to the Citizenship laws. The petitioner raised concerns about privacy and fallibility of biometrics.
Sudhir Vombatkere & Bezwada Wilson [3] - This petition was filed in 2013 on grounds of infringement of right to privacy guaranteed under Article 21 of the Constitution of India and the security threat on account of data convergence.
Aruna Roy & Nikhil Dey [4] - This petition was filed in 2013 on the grounds of large scale exclusion of people from access to basic welfare services caused by UID. After their petition, no. of intervention applications were filed. These were the following:
Col. Mathew Thomas [5] - This petition was filed on the grounds of threat to national security posed by the UID project particularly in relation to arrangements for data sharing with foreign companies (with links to foreign intelligence agencies).
Nagrik Chetna Manch [6] - This petition was filed in 2013 and led by Dr. Anupam Saraph on the grounds that the UID project was detrimental to financial service regulation and financial inclusion.
S. Raju [7] - This petition was filed on the grounds that the UID project had implications on the federal structure of the State and was detrimental to financial inclusion.
Beghar Foundation - This petition was filed in 2013 in the Delhi High Court on the grounds invasion of privacy and exclusion specifically in relation to the homeless. It subsequently joined the petition filed by Aruna Roy and Nikhil Dey as an intervener.
Vickram Crishna – This petition was originally filed in the Bombay High Court in 2013 on the grounds of surveillance and invasion of privacy. It was later transferred to the Supreme Court.
Somasekhar – This petition was filed on the grounds of procedural unreasonableness of the UID project and also exclusion & privacy. The petitioner later intervened in the petition filed by Aruna Roy and Nikhil Dey in 2013.
Rajeev Chandrashekhar– This petition was filed on the ground of lack of legal sanction for the UID project. He later intervened in the petition filed by Aruna Roy and Nikhil Dey in 2013. His position has changed now.
Further, a petition was filed by Mr. Jairam Ramesh initially challenging the passage of the Act as a money bill but subsequently, it has been amended to include issues of violation of right to privacy and exclusion of the poor and has advocated for five amendments that were suggested to the Aadhaar Bill by the Rajya Sabha.

Relevant Orders of the Supreme Court

There are six orders of the Supreme Court which are noteworthy.

Order of Sept. 23, 2013 - The Supreme court directed that: 1) no person shall suffer for not having an aadhaar number despite the fact that a circular by an authority makes it mandatory; 2) it should be checked if a person applying for aadhaar number voluntarily is entitled to it under the law; and 3) precaution should be taken that it is not be issued to illegal immigrants.
Order of 26th November, 2013 – Applications were filed by UIDAI, Ministry of Petroleum & Natural Gas, Govt of India, Indian Oil Corporation, BPCL and HPCL for modifying the September 23rd order and sought permission from the Supreme Court to make aadhaar number mandatory. The Supreme Court held that the order of September 23rd would continue to be effective.
Order of 24th March, 2014 – This order was passed by the Supreme Court in a special leave petition filed in the case of UIDAI v CBI [8] wherein UIDAI was asked to UIDAI to share biometric information of all residents of a particular place in Goa to facilitate a criminal investigation involving charges of rape and sexual assault. The Supreme Court restrained UIDAI from transferring any biometric information of an individual without to any other agency without his consent in writing. The Supreme Court also directed all the authorities to modify their forms/circulars/likes so as to not make aadhaar number mandatory.
Order of 16th March, 2015 - The SC took notice of widespread violations of the order passed on September 23rd, 2013 and directed the Centre and the states to adhere to these orders to not make aadhaar compulsory.
Orders of August 11, 2015 – In the first order, the Central Government was directed to publicise the fact that aadhaar was voluntary. The Supreme Court further held that provision of benefits due to a citizen of India would not be made conditional upon obtaining an aadhaar number and restricted the use of aadhaar to the PDS Scheme and in particular for the purpose of distribution of foodgrains, etc. and cooking fuel, such as kerosene and the LPG Distribution Scheme. The Supreme Court also held that information of an individual that was collected in order to issue an aadhaar number would not be used for any purpose except when directed by the Court for criminal investigations. Separately, the status of fundamental right to privacy was contested and accordingly the Supreme Court directed that the issue be taken up before the Chief Justice of India.
Orders of October 16, 2015 – The Union of India, the states of Gujarat, Maharashtra, Himachal Pradesh and Rajasthan, and authorities including SEBI, TRAI, CBDT, IRDA , RBI applied for a hearing before the Constitution Bench for modification of the order passed by the Supreme Court on August 11 and allow use of aadhaar number schemes like The Mahatma Gandhi National Rural Employment Guarantee Scheme MGNREGS), National Social Assistance Programme (Old Age Pensions, Widow Pensions, Disability Pensions) Prime Minister's Jan Dhan Yojana (PMJDY) and Employees' Providend Fund Organisation (EPFO). The Bench allowed the use of aadhaar number for these schemes but stressed upon the need to keep aadhaar scheme voluntary until the matter was finally decided.

Status of these orders
The participants discussed the possible impact of the law on the operation of these orders. A participant pointed out that matters in the Supreme Court had not become infructuous because fundamental issues that were being heard in the Supreme Court had not been resolved by the passage of the Act. Several participants believed that the aforementioned orders were effective because the law had not come into force. Therefore, aadhaar number could only be used for purposes specified by the Supreme Court and it could not be made mandatory. Participants also highlighted that when the Act was implemented, it would not nullify the orders of the Supreme Court unless Union of India asked the Supreme Court for it specifically and the Supreme Court sanctioned that.

3. National Identity Projects in Other Jurisdictions

A panellist had provided a brief overview of similar programs on identification that have been launched in other jurisdictions including Pakistan, United Kingdom, France, Estonia and Argentina in the recent past in the session titled ‘Aadhaar - International Dimensions’. This presentation mainly sought to assess the incentives that drove the governments in these jurisdictions to formulate these projects, mandatory nature of their adoption and their popularity. The Report has reproduced the presentation here.

Pakistan

The Second Amendment to the Constitution of Pakistan in 2000 established the National Database and Regulation Authority in the country, which regulates government databases and statistically manages the sensitive registration database of the citizens of Pakistan. It is also responsible for issuing national identity cards to the citizens of Pakistan. Although the card is not legally compulsory for a Pakistani citizen, it is mandatory for:

Voting
Obtaining a passport
Purchasing vehicles and land
Obtaining a driver licence
Purchasing a plane or train ticket
Obtaining a mobile phone SIM card
Obtaining electricity, gas, and water
Securing admission to college and other post-graduate institutes
Conducting major financial transactions

Therefore, it is pretty much necessary for basic civic life in the country. In 2012, NADRA introduced the Smart National Identity Card, an electronic identity card, which implements 36 security features. The following information can be found on the card and subsequently the central database: Legal Name, Gender (male, female, or transgender), Father's name (Husband's name for married females), Identification Mark, Date of Birth, National Identity Card Number, Family Tree ID Number, Current Address, Permanent Address, Date of Issue, Date of Expiry, Signature, Photo, and Fingerprint (Thumbprint). NADRA also records the applicant's religion, but this is not noted on the card itself. (This system has not been removed yet and is still operational in Pakistan.)

United Kingdom

The Identity Cards Act was introduced in the wake of the terrorist attacks on 11th September, 2001, amidst rising concerns about identity theft and the misuse of public services. The card was to be used to obtain social security services, but the ability to properly identify a person to their true identity was central to the proposal, with wider implications for prevention of crime and terrorism. The cards were linked to a central database (the National Identity Register), which would store information about all of the holders of the cards. The concerns raised by human rights lawyers, activists, security professionals and IT experts, as well as politicians were not to do with the cards as much as with the NIR. The Act specified 50 categories of information that the NIR could hold, including up to 10 fingerprints, digitised facial scan and iris scan, current and past UK and overseas places of residence of all residents of the UK throughout their lives. The central database was purported to be a prime target for cyber attacks, and was also said to be a violation of the right to privacy of UK citizens. The Act was passed by the Labour Government in 2006, and repealed by the Conservative-Liberal Democrat Coalition Government as part of their measures to “reverse the substantial erosion of civil liberties under the Labour Government and roll back state intrusion.”

Estonia

The Estonian i-card is a smart card issued to Estonian citizens by the Police and Border Guard Board. All Estonian citizens and permanent residents are legally obliged to possess this card from the age of 15. The card stores data such as the user's full name, gender, national identification number, and cryptographic keys and public key certificates. The cryptographic signature in the card is legally equivalent to a manual signature, since 15 December 2000. The following are a few examples of what the card is used for:

As a national ID card for legal travel within the EU for Estonian citizens
As the national health insurance card
As proof of identification when logging into bank accounts from a home computer
For digital signatures
For i-voting
For accessing government databases to check one’s medical records, file taxes, etc.
For picking up e-Prescriptions
(This system is also operational in the country and has not been removed)

France

The biometric ID card was to include a compulsory chip containing personal information, such as fingerprints, a photograph, home address, height, and eye colour. A second, optional chip was to be implemented for online authentication and electronic signatures, to be used for e-government services and e-commerce. The law was passed with the purpose of combating “identity fraud”. It was referred to the Constitutional Council by more than 200 members of the French Parliament, who challenged the compatibility of the bill with the citizens’ fundamental rights, including the right to privacy and the presumption of innocence. The Council struck down the law, citing the issue of proportionality. “Regarding the nature of the recorded data, the range of the treatment, the technical characteristics and conditions of the consultation, the provisions of article 5 touch the right to privacy in a way that cannot be considered as proportional to the meant purpose”.

Argentina

Documento Nacional de Identidad or DNI (which means National Identity Document) is the main identity document for Argentine citizens, as well as temporary or permanent resident aliens. It is issued at a person's birth, and updated at 8 and 14 years of age simultaneously in one format: a card (DNI tarjeta); it's valid if identification is required, and is required for voting. The front side of the card states the name, sex, nationality, specimen issue, date of birth, date of issue, date of expiry, and transaction number along with the DNI number and portrait and signature of the card's bearer. The back side of the card shows the address of the card's bearer along with their right thumb fingerprint. The front side of the DNI also shows a barcode while the back shows machine-readable information. The DNI is a valid travel document for entering Argentina, Bolivia, Brazil, Chile, Colombia, Ecuador, Paraguay, Peru, Uruguay, and Venezuela. (System still operational in the country)

4. Technologies of Identification and Authentication

The panel in the session titled ‘Aadhaar: Science, Technology, and Security’ explained the technical aspects of use of biometrics and privacy concerns, technology architecture for identification and inadequacy of infrastructure for information security. In this section, we have summarised the presentation and the ensuing discussions on these issues.

Use of Biometric Information for Identification and Authentication

The panelists explained with examples that identification and authentication were different things. Identity provides an answer to the question “who are you?” while authentication is a challenge-response process that provides a proof of the claim of identity. Common examples of identity are User ID (Login ID), cryptographic public keys and ATM or Smart cards while common authenticators are passwords (including OTPs), PINs and cryptographic private keys. Identity is public information but an authenticator must be private and known only to the user. Authentication must necessarily be a conscious process and active participation by the user is a must. It should also always be possible to revoke an authenticator. After providing this understanding of the two processes the panellist then explained if biometric information could be used for identification or authentication under the UID Project. Biometric information is clearly public information and it is questionable if it can be revoked. Therefore it should never be used for authentication, but only for identity verification. There is a possibility of authentication by fingerprints under the UID Project, without conscious participation of the user. One could trace the fingerprints of an individual from any place the individual has been in contact with. Therefore, authentication must certainly be done by other means. The panellist pointed out that there were five kinds of authentication under the UID Project, out of which two-factor authentication and one time password were considered suitable but use of biometric information and demographic information was extremely threatening and must be withdrawn.

Architectures of Identification

The panelists explained the architecture of the UID Project that has been designed for identification purposes, highlighted its limitations and suggested alternatives. His explanations are reproduced below.

Under the UID Project, there is a centralised means of identification i.e. the aadhaar number and biometric information stored in one place, Central Identification Data Repository (CIDR). It is better to have multiple means of identification than one (as contemplated under the UID Project) for preservation of our civil liberties. The question is what the available alternatives are. Web of trust is a way for operationalizing distributed identification but the challenge is how one brings people from all social levels to participate in it. There is a need for registrars who will sign keys and public databases for this purpose.

The aadhaar number functions as a common index and facilitates correlation of data across Government databases. While this is tremendously attractive it raises several privacy concerns as more and more information relating to an individual is available to others and is likely to be abused.

The aadhaar number is available in human readable form. This raises the risk of identification without consent and unauthorised profiling. It cannot be revoked. Potential for damage in case of identity theft increases manifold.

Under the UID Project, for the purpose of information security, Authentication User Agencies (“AUA”) are required to use local identifiers instead of aadhaar numbers but they are also required to map these local identifiers to the aadhaar numbers. Aadhaar numbers are not cryptographically secured; in fact they are publicly available. Hence this exercise for securing information is useless. An alternative would be to issue different identifiers for different domains and cryptographically embed a “master identifier” (in this case, equivalent of aadhaar number) into each local identifier.

All field devices (for example POS machines) should be registered and must communicate directly with UIDAI. In fact, UIDAI must verify the authenticity (tamper proof) of the field device during run time and a UIDAI approved authenticity certificate must be issued for field devices. This certificate must be made available to users on demand. Further, the security and privacy frameworks within which AUAs work must be appropriately defined by legal and technical means.

Security Infrastructure of CIDR

The panelists also enumerated the security features of the UID Project and highlighted the flaws in these features. These have been summarised below.

The security and privacy infrastructure of UIDAI has the following main features:

2048 bit PKI encryption of biometric data in transit
End-to-end encryption from enrolment/POS to CIDR
HMAC based tamper detection of PID blocks
Registration and authentication of AUAs
Within CIDR only a SHA 1 Hash of Aadhaar number is stored
Audit trails are stored SHA 1 encrypted. Tamper detection?
Only hashes of passwords and PINs are stored. (biometric data stored in original form though!)
Authentication requests have unique session keys and HMAC
Resident data stored using 100 way sharding (vertical partitioning). First two digits of Aadhaar number as shard keys
All enrolment and update requests link to partitioned databases using Ref IDs (coded indices)
All accesses through a hardware security module
All analytics carried out on anonymised data

The panellists pointed out the concerns about information security on account of design flaws, lack of procedural safeguards, openness of the system and too much trust imposed on multiple players. All symmetric and private keys and hashes are stored somewhere within UIDAI. This indicates that trust is implicitly assumed which is a glaring design flaw. There is no well-defined approval procedure for data inspection, whether it is for the purpose of investigation or for data analytics. There is a likelihood of system hacks, insider leaks, and tampering of authentication records and audit trails. The ensuing discussions highlighted that the UIDAI had admitted to these security risks. The enrolment agencies and the enrolment devices cannot be trusted. AUAs cannot be trusted with biometric and demographic data; neither can they be trusted with sensitive user data of private nature. There is a need for an independent third party auditor for distributed key management, auditing and approving UIDAI programs, including those for data inspection and analytics, whitebox cryptographic compilation of critical parts of the UIDAI programs, issue of cryptographic keys to UIDAI programs for functional encryption, challenge-response for run-time authentication and certification of UIDAI programs. The panellist recommended that there was a need to to put a suitable legal framework to execute this.

The participants also discussed that information infrastructure must not be made of proprietary software (possibility for backdoors for US) and there must be a third party audit with a non-negotiable clause for public audit.

5. Aadhaar for Welfare?

The Report has summarised the discussions that took place in the sessions on ‘Direct Benefits Transfers’ and ‘Aadhaar: Broad Issues - II’ where the panellists critically analysed the claims of benefits and inclusion of Aadhaar made by the government in light of the ground realities in states where Aadhaar has been adopted for social welfare schemes.

Social Welfare: Modes of Access and Exclusion

Under the Act, a person may be required to authenticate or give proof of the aadhaar number in order to receive subsidy from the government (Section 7). A person is required to punch their fingerprints on POS machines in order to receive their entitlement under the social welfare schemes such as LPG and PDS. It was pointed out in the discussions that various states including Rajasthan and Delhi had witnessed fingerprint errors while doling out benefits at ration shops under the PDS scheme. People have failed to receive their entitled benefits because of these fingerprint errors thus resulting in exclusion of beneficiaries [9]. A panellist pointed out that in Rajasthan, dysfunctional biometrics had led to further corruption in ration shops. Ration shop owners often lied to the beneficiaries about functioning of the biometric machines (POS Machines) and kept the ration for sale in the market therefore making a lot of money at the expense of uninformed beneficiaries and depriving them of their entitlements.

Another participant organisation also pointed out similar circumstances in the ration shops in Patparganj and New Delhi constituencies. Here, the dealers had maintained the records of beneficiaries who had been categorized as follows: beneficiaries whose biometrics did not match, beneficiaries whose biometrics matched and entitlements were provided, beneficiaries who never visited the ration shop. It had been observed that there were no entries in the category of beneficiaries whose biometrics did not match however, the beneficiaries had a different story to tell. They complained that their biometrics did not match despite trying several times and there was no mechanism for a manual override. Consequently, they had not been able to receive any entitlements for months. The discussions also pointed out that the food authorities had placed complete reliance on authenticity of the POS machines and claim that this system would weed out families who were not entitled to the benefits. The MIS was also running technical glitches as a result there was a problem with registering information about these transactions hence, no records had been created with the State authority about these problems. A participant also discussed the plight of 30,000 widows in Delhi, who were entitled to pension and used to collect their entitlement from post offices, faced exclusion due to transition problems under the Jan Dhan Yojana (after the Jandhan was launched the money was transferred to their bank accounts in order to resolve the problem of misappropriation of money at the hands of post office officials). These widows were asked to open bank accounts to receive their entitlements and those who did not open these accounts and did not inform the post office were considered bogus.

In the discussions, the participants also noted that this unreliability of fingerprints as a means of authentication of an individual’s identity was highlighted at the meeting of Empowered Group of Ministers in 2011 by J Dsouza, a biometrics scientist. He used his wife’s fingerprints to demonstrate that fingerprints may change overtime and in such an event, one would not be able to use the POS machine anymore as the machine would continue to identify the impressions collected initially.

The participants who had been working in the field had contributed to the discussions by busting the myth that the UID Project helped to identify who was poor and resolve the problem of exclusion due to leakages in the social welfare programs. These discussions have been summarised below.

It is important to understand that the UID Project is merely an identification and authentication system. It only helps in verifying if an individual is entitled to benefits under a social security scheme. It does not ensure plugging of leakages and reducing corruption in social security schemes as has been claimed by the Government. The reduction in leakage of PDS, for instance, should be attributed to digitization and not UID. The Government claims, that it has saved INR 15000 crore in provision of LPG on identification of 3.34 crore inactive accounts on account of the UID Project. This is untrue because the accounts were weeded by using mechanisms completely unrelated to the UID Project. Consequently, the savings on account of UID are only of INR 120 crore and not 15000 crore.
The UID Project has resulted in exclusion of people either because they do not have an aadhaar number, or they have a wrong identification, or there are errors of classification or wilful misclassification. About 99.7% people who were given aadhaar numbers already had an identification document. In fact, during enrolment a person is required to produce one of 14 identification documents listed under the law in order to get an aadhaar number which makes it very difficult for a person with no identity to become entitled to a social welfare scheme.

A participant condemned the Government’s claim that the UID Project had helped in removing fake, bogus and duplicate cards and said that these terms could not be used synonymously and the authorities had no clarity about the difference between the meanings of these terms. The UID Project had only helped in removal of duplicate cards but had not helped in combating the use of fake and bogus cards.

Financial Inclusion and Direct Benefits Transfer

The participants also engaged in the discussions about the impact of the UID project on financial inclusion in India in the sessions titled ‘Aadhaar: Broad Issues - I & II’. We have summarised these discussions below.

The UID Project seeks to directly transfer money to a bank account in order to combat corruption. The discussions highlighted that this was nothing but introducing a neo liberal thrust in social policy and that it was not feasible for various reasons. First, 95% of rural India did not have functioning banks and banks are quite far away. Second, in order to combat this dearth of banks the idea of business correspondents, who handled banking transactions and helped in opening of bank accounts, had been introduced which had created various problems. The Reserve Bank of India reported that there was dearth of business correspondents as there was very little incentive to become one; their salary is merely INR 4000. Third, there were concerns about how an aadhaar number was considered a valid document for Know Your Customer (KYC) checks. There was a requirement for scrutiny and auditing of documents submitted during the time of enrolment which, in the present scheme of things, could not be verified. Fourth, there were no restrictions on number of bank accounts that could be opened with a single aadhaar number which gave rise to a possibility of opening multiple and shell accounts on a single aadhaar number. Therefore, records only showed transactions when money was transferred from an aadhaar number to another aadhaar number as opposed to an account-to-account transfer. The discussion relied on NPCI data which shows which bank an aadhaar number is associated with but does not show if a transaction by an aadhaar number is overwritten by another bank account belonging to the same aadhaar number.

6. Surveillance and UIDAI

The participants had discussed the possibility of an alternative purpose for enrolling Aadhaar in the session titled ‘Privacy, Surveillance, and Ethical Dimensions of Aadhaar’. The discussion traced the history of this project to gain insight on this issue. We have summarised below the key take aways from this discussion.

There are claims that the main objective of launching the UID Project is not to facilitate implementation of social security schemes but to collect personal (financial and non-financial) information of the citizens and residents of the country to build a data monopoly. For this purpose, PDS was chosen as a suitable social security scheme as it has the largest coverage. Several participants suggested that numerous reports authored by FICCI, KPMG and ASSOCHAM contained proposals for establishing a national identity authority which threw some light on the commercial intentions behind information collection under the UID Project.

It was also pointed out that there was documented proof that information collected under the UID Project might have been shared with foreign companies. There are suggestions about links established between proponents of the UID Project and companies backed by CIA or the French Government which run security projects and deal in data sharing in several jurisdictions.

7. Strategies for Future Action

The participants laid down a list of measures that must be taken to take the discussions forward. We have enumerated these recommendations below.

Prepare and compile an anthology of articles as an output of this workshop.
Prepare position papers on specific issues related to the UID Project
Prepare pamphlets/brochures on issues with the UID Project for public consumption
Prepare counter-advertisements for Aadhaar
Publish existing empirical evidence on the flaws in Aadhaar.
Set up an online portal dedicated to providing updates on the UID Project and allows discussions on specific issues related to Aadhaar.
Use Social Media to reach out to the public. Regularly track and comment on social media pages of relevant departments of the government.
Create groups dedicated to research and advocacy of specific aspects of the UID Project.
Create a Coordination Committee preferably based in Delhi which would be responsible for regularly holding meetings and for preparing a coordinated plan of action. Employ permanent to staff to run the Committee.
Organise an advocacy campaign against use of Aadhaar in collaboration with other organisations and build public domain acceptance.
The campaign must specifically focus on the unfettered scope of UID and expanse, misrepresentation of the success of Aadhaar by highlighting real savings, technological flaws, status of pilot programs and increasing corruption on account of the UID Project
Prepare a statement of public concern regarding the UID Project and collect signatures from eminent persons including academics, technical experts, civil society groups and members of parliament.
Organise events and discussions on issues relating to Aadhaar and invite members og government departments to speak and discuss the issues.
Write to Members of Parliament and Members of Legislative Assemblies raising questions on their or their parties’ support for Aadhaar and silence on the problems created by the UID Project.
Organise public hearings in states like Rajasthan to observe and document ground realities of the UID Project and share these outcomes with the state government and media.
Plan a national social audit and public hearing on the working of UID Project in the country.
File Contempt Petitions in the Supreme Court and High Courts against mandatory use of Aadhaar number for services not allowed by the Supreme Court.
Reach out to and engage with various foreign citizens and organisations that have been fighting on similar issues. The organisations and individuals who could be approached would include EPIC, Electronic Frontier foundation, David Moss, UK, Roger Clarke, Australia, Prof. Ian Angel, Snowden, Assange and Chomsky.
Work towards increasing awareness about the UID Project and gaining support from the student and research community, student organisations, trade unions, and other associations and networks in the unorganised sector.

Annexure A – Workshop Agenda

May 26, 2016

9:00-9:30	Registration
9:30-10:00	Prof. Dinesh Abrol - Welcome Self-introduction and expectations of participants Dr. Usha Ramanathan - Overview of the Workshop
10:00-11:00	Session 1: Current Status of Aadhaar Dr. Usha Ramanathan, Legal Researcher, New Delhi - What the 2016 Law Says, and How it Came into Being S. Prasanna, Advocate, New Delhi - Status and Force of Supreme Court Orders on Aadhaar Discussion
11:00-11:30	Tea Break
11:30-13:30	Session 2: Direct Benefits Transfers Prof. Reetika Khera, Indian Institute of Technology, Delhi - Welfare Needs Aadhaar like a Fish Needs a Bicycle Prof. R. Ramakumar, Tata Institute of Social Sciences, Mumbai - Aadhaar and the Social Sector: A critical analysis of the claims of benefits and inclusion Ashok Rao, Delhi Science Forum - Cash Transfers Study Discussion
13:30-14:30	Lunch
14:30-16:00	Session 3: Aadhaar: Science, Technology, and Security Prof. Subashis Banerjee, Dept of Computer Science & Engineering, IIT, Delhi - Privacy and Security Issues Related to the Aadhaar Act Pukhraj Singh, Former National Cyber Security Manager, Aadhaar, New Delhi - Aadhaar: Security and Surveillance Dimensions Discussion
16:00-16:30	Tea Break
16:30-17:30	Session 4: Aadhaar - International Dimensions Joshita Pai, Center for Communication Governance, National Law University, Delhi - Biometrics and Mandatory IDs in Other Parts of the World Dr. Gopal Krishna, Citizens Forum for Civil Liberties - International Dimensions of Aadhaar Discussion
17:30-18:00	High Tea

May 27, 2016

9:30-11:00	Session 5: Privacy, Surveillance and Ethical Dimensions of Aadhaar Prabir Purkayastha, Free Software Movement of India, New Delhi - Surveillance Capitalism and the Commodification of Personal Data Arjun Jayakumar, SFLC - Surveillance Projects Amalgamated Col Mathew Thomas, Bengaluru - The Deceit of Aadhaar Discussion
11:00-11:30	Tea Break
11:30-13:00	Session 6: Aadhaar - Broad Issues I Prof. G Nagarjuna, Homi Bhabha Center for Science Education, Tata Institute of Fundamental Research, Mumbai - How to prevent linked data in the context of Aadhaar Dr. Anupam Saraph, Pune - Aadhaar and Moneylaundering Discussion
13:00-14:00	Lunch
14:00-15:30	Session 7: Aadhaar - Broad Issues II Prof. MS Sriram, Visiting Faculty, Indian Institute of Management, Bangalore - Financial lnclusion Nikhil Dey, MKSS, Rajasthan - Field witness: Technology on the Ground Prof. Himanshu, Centre for Economic Studies & Planning, JNU - UID Process and Financial Inclusion Discussion
15:30-16:00	Session 8: Conclusion
16:00-18:00	Informal Meetings

Annexure B – Workshop Participants

Anjali Bhardwaj, Satark Nagrik Sangathan

Dr. Anupam Saraph

Arjun Jayakumar, Software Freedom Law Centre

Ashok Rao, Delhi Science Forum

Prof. Chinmayi Arun, National Law University, Delhi

Prof. Dinesh Abrol, Jawaharlal Nehru University

Prof. G Nagarjuna, Homi Bhabha Center for Science Education, Tata Institute of Fundamental Research, Mumbai

Dr. Gopal Krishna, Citizens Forum for Civil Liberties

Prof. Himanshu, Jawaharlal Nehru University

Japreet Grewal, the Centre for Internet and Society

Joshita Pai, National Law University, Delhi

Malini Chakravarty, Centre for Budget and Governance Accountability

Col. Mathew Thomas

Prof. MS Sriram, Indian Institute of Management, Bangalore

Nikhil Dey, Mazdoor Kisan Shakti Sangathan

Prabir Purkayastha, Knowledge Commons and Free Software Movement of India

Pukhraj Singh, Bhujang

Rajiv Mishra, Jawaharlal Nehru University

Prof. R Ramakumar, Tata Institute of Social Sciences, Mumbai

Dr. Reetika Khera, Indian Institute of Technology, Delhi

Dr. Ritajyoti Bandyopadhyay, Indian Institute of Science Education and Research, Mohali

S. Prasanna, Advocate

Sanjay Kumar, Science Journalist

Sharath, Software Freedom Law Centre

Shivangi Narayan, Jawaharlal Nehru University

Prof. Subhashis Banerjee, Indian Institute of Technology, Delhi

Sumandro Chattapadhyay, the Centre for Internet and Society

Dr. Usha Ramanathan, Legal Researcher

Note: This list is only indicative, and not exhaustive.

[1] Civil Appeal No. 4853 of 2014

[2] WP(C) 494/2012

[3] . WP(C) 829/2013

[4] WP(C) 833/2013

[5] WP (C) 37/2015; (Earlier intervened in the Aruna Roy petition in 2013)

[6] WP (C) 932/2015

[7] Transferred from Madras HC 2013.

[8] SLP (Crl) 2524/2014 filed against the order of the Goa Bench of the Bombay HC in CRLWP 10/2014 wherein the High Court had directed UIDAI to share biometric information held by them of all residents of a particular place in Goa to help with a criminal investigation in a case involving charges of rape and sexual assault.

[9] See :http://scroll.in/article/806243/rajasthan-presses-on-with-aadhaar-after-fingerprint-readers-fail-well-buy-iris-scanners

For more details visit https://cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges

3 Copyright Tips for Students and Educators

subha — 2016-10-07T00:42:06Z

Copyright is a really complicated topic, and when it comes to online use of creative works, accidentally crossing the line between fair use and a copyright violation is easy. How do you know what is copyrighted? Recently Frederico Morando (Creative Commons, Italy) and I presented a training session on understanding copyright policies at Wikimania 2016, which was originally proposed by Wikipedian User:Jim Carter. We covered topics such as fundamentals of copyright, exclusive rights, Berne convention, copyleft, Creative Commons licenses, Public Domain, fair use, and copyfraud.

The blog post was published by Opensource.com on August 16, 2016. This got mentioned in Wikipedia's newsletter "The Signpost". This was mirrored by Wiki Edu on October 5, 2016. The post republished can be read here.

In this article, I'll look at three copyright tips to keep in mind when you're thinking about using content—even for academic purposes— you find online.

1. Most of what you find on the Internet is copyrighted.

Except content that clearly indicates the work is released under a free license, or that the copyright has lapsed and the work is in the Public Domain, you can assume content is not freely/liberally licensed. A few popular free and open licenses include GNU General Public License (GPL), BSD licenses, Apache License, Mozilla Public License, and SIL Open Font License. If a work mentions the license, usually the license is explained or links to terms for using the work. Spending a little time to find out what license the work is under beats spending time and money on a copyright infringement case later.

2. Fair use can be your friend, but not always.

Fair use means you might be permitted to make limited use of a copyrighted work without prior permission from the copyright holder. The fair use policy varies from country to country. As explained in the Stanford University Libraries site, commentary/quotes and criticism, and parody are cases that often fall under fair use.

Wikipedia article images related to recent music albums, movies, and even people who are deceased are used under fair use policy. Click on a recent movie poster appearing in a Wikipedia article and check the copyright section for an example explanation of why the use on Wikipedia qualifies as fair use.

^{Example Wikipedia explanation for fair use of an image.}

Fair use also gives some freedom to scholars to use copyrighted work for academic research. To be in a safe side if you are not sure your use falls under "fair use," reach out to the copyright holder and get formal permission before using their work.

3. search.creativecommons.org helps streamline Creative Commons content searches.

Where do you go to search for images, illustrations, and other content with Creative Commons licensing? Most images turned up using a search engine are copyrighted and not licensed liberally, for example. A better way to search is using search.creativecommons.org.

You can choose Creative Commons-licensed content from several sites, such as Flickr, Google Images, Wikimedia Commons, and Europeana. You can also specify whether you want to use the content for commercial purposes, or to modify, adapt, and build upon work.

^{Image credit likeaduck. CC BY 2.0}

Note that you still will need to check which Creative Commons license the content uses. As explained in an article by Richard Fontana:

The Creative Commons suite includes licenses that implement various policies. Some, like CC BY and CC BY-SA, are normatively consistent with corresponding permissive and copyleft families of free software licenses. Others, however, particularly its “NC” (no commercial use) and “ND” (no derivative works) licenses, are in conflict with basic principles of free software and free culture. I am not alone in lamenting the application of the Creative Commons umbrella brand to cover licenses with such disparate qualities. One consequence has been a general confusing dilution of the meaning of “openness” in the context of cultural works. A more specific problem is the evidence of confusion on the part of content authors interested in applying Creative Commons licenses to their works, and resulting confusion by those interested in making use of such works. Too often a work is labeled as being licensed under “a Creative Commons license”, without specifying accurately, or specifying at all, which free or nonfree policy the author sought to apply.

If you still cannot find content—images, for example—with free licenses, but you find copyrighted content that fits your academic need, you can reach out to the content creator or copyright holder for permission. Often copyright holders allow usage of their work for non-commercial purposes, such as academic research and publication.

Do you have other sources you recommend for finding Creative Commons or Public Domain content? Let us know about your favorite resources in the comments.

For more details visit https://cis-india.org/a2k/blogs/3-copyright-tips-for-students-and-educators