Centre for Internet and Society

September 2010 Bulletin

praskrishna — 2012-08-10T07:22:30Z

Greetings from the Centre for Internet and Society! In this bulletin we bring you updates of our research, news and media coverage and announcement of events organised in the month of September 2010.

News Updates

Conference: Internet at Liberty 2010: This conference is being held in Budapest from 20 to 22 September 2010. It is co-sponsored by Google and Central European University. Sunil Abraham and Anja Kovacs are attending the conference.
http://bit.ly/afo0WY

INDIA Fears of Privacy Loss Pursue Ambitious ID Project: Fears about loss of privacy are being voiced as India gears up to launch an ambitious scheme to biometrically identify and number each of its 1.2 billion inhabitants.
http://bit.ly/dnJDRu
Innovate / Activate: The event will be held on 24 and 25 September 2010 at New York Law School. http://bit.ly/cbICFq
Webinar: Closed for Business: A Global Panel Discusses International Copyright Laws and Their Impact on the Open Internet
http://bit.ly/a3ZFBw
The madness of software patents
India’s patent law excludes software per se, yet over a thousand patents have been granted, writes Lata Jishnu in an article published in Down to Earth.
http://bit.ly/cpHd7R
Why piracy is tough to rein in
“Video market is being treated as a poor cousin of the film industry”
http://bit.ly/aDUpiY
Transparency and MDGs: the Role of the Media and Technology
Key quotes from sixth panel
http://bit.ly/b3a0YC
Copyright bill restricts Net access
Law to curb piracy may fetter creativity
http://bit.ly/cFj3rD
科技改變社會數位原生代計畫
The Chinese language press covered the Digital Natives workshop in Taipei.
http://bit.ly/bPhEO4
科技改變社會數位原生代掀波
The Chinese press published an article on Digital Natives.
http://bit.ly/bHaQor
Information is Beautiful hacks in India with David Cameron
The Prime Minister took some of the UK's top hackers and data experts with him to India this week. David McCandless was with them.
http://bit.ly/dr3AJ2

Events

International Conference on Enabling Access to Education through ICT: ICT workshop in New Delhi from 27th to 29th October, 2010...Registrations open!
http://bit.ly/9flyEK
A Talk by Philipp Schmidt: Philip Schmidt of Peer 2 Peer University will be giving a lecture at the Centre for Internet and Society, Bangalore on 6 October, 2010.
http://bit.ly/aVyzMq

Research

On Talking Back: A Report on the Taiwan Workshop: What does it mean to Talk Back? Who do we Talk Back against? Are we alone in our attempts or a part of a larger community? How do we use digital technologies to find other peers and stake-holders? What is the language and vocabulary we use to successfully articulate our problems? How do we negotiate with structures of power to fight for our rights? These were the kind of questions that the Talking Back workshop held in the Institute of Ethnology, Academia Sinica in Taiwan from 16 to 18 August 2010 posed.
http://bit.ly/daE4dM
The Binary: City and Nature: A continuation of the last post wherein I am looking at various other representation of the city in both classical and popular medium, today I am writing my views on the analysis of certain Miniature paintings.
http://bit.ly/b5FP5D
Of the State and the Governments - The Abstract, the Concrete and the Responsive: This post examines the concepts of state and government to lay the ground for understanding responsiveness enforced through transparency discourses and the deployment of ICTs, the Internet and e-governance programmes. It also lays the context for understanding why and how ICTs. Internet and e-governance have been deployed in India for improving government-citizen interfaces, eliminating middlemen, delivering services electronically and for introducing a range of similar reforms to institute transparency and a responsive state.
http://bit.ly/cNLKcY
The Responsive State --- Introduction to the Series: This post is an introduction to a series of posts on the concept of the 'responsive state'. In this series, I try to explain the various meanings that the term responsiveness has come to acquire when it is used in relation with the discourses surrounding transparency and the deployment of ICTs and the Internet to enforce transparency and thereby create a responsive state. Understanding the notion of responsiveness requires us to revisit and analyze certain concepts and the relations that have been drawn between concepts such as state, government, politics, administration, transparency, effectiveness, government-citizen interface, ICTs and effectiveness, among others.
http://bit.ly/agBOiq
Attentional Capital in Online Gaming: The Currency of Survival
This blog post by Arun Menon discusses the concepts of production, labour and race in virtual worlds and their influence on the production of attention as a currency. An attempt is made to locate attentional capital, attentional repositories and attention currencies within gaming to examine 'attention currencies and its trade and transactions in virtual worlds. A minimal collection of attention currencies are placed as central and as a pre-requisite for survival in MMOs in much the same way that real currency become a necessity for survival. The approach is to locate attentional capital through different perspectives as well as examine a few concepts around virtual worlds.
http://bit.ly/aaGZj8
What's in a Name? Or Why Clicktivism May Not Be Ruining Left Activism in India, At Least for Now: In a recent piece in the Guardian titled “Clicktivism Is Ruining Leftist Activism”, Micah White expressed severe concern that, in drawing on tactics of advertising and marketing research, digital activism is undermining “the passionate, ideological and total critique of consumer society”. His concerns are certainly shared by some in India: White's piece has been circulating on activist email lists where people noted with concern that e-activism may be replacing “the real thing” even in this country. But is the situation in India really this dire?
http://bit.ly/9a3I0G
Sexuality, Queerness and Internet technologies in Indian context: This blog post lays out the discursive construction of sexuality and queerness as intelligible domains in the Indian context while engaging with ideas of visibility, representation, exclusion, publicness, criminality, difference, tradition, experience, and community that have come into use with the critical responses to queer identities and practices in India.
http://bit.ly/byfPye

Accessibility

Enabling Access to Education through ICT - A Conference in Delhi: The Centre for Internet and Society (CIS), Bangalore in cooperation with the Global Initiative for Inclusive ICT (G3ICT), a flagship advocacy organization of the UN Global Alliance on ICT and Development (UN-GAID), the International Telecommunications Union (ITU), UNESCO, Digital Empowerment Foundation, Society for Promotion of Alternative Computing and Employment and the Deafway Foundation is organizing an international conference, Enabling Access to Education through ICT in New Delhi from 27 to 29 October 2010. The event is sponsored by Hans Foundation. Registration for the conference has begun.
http://bit.ly/bmrkf7

Access to Knowledge

Pre-grant Opposition Filed for a Software Patent Application by Blackberry Manufacturers: A pre-grant opposition was filed against a software patent application filed in the patent office by Certicom, a wholly owned subsidiary of Research in Motion (RIM), manufacturers of Blackberry. The opposition was filed on August 31, 2010 by the Software Freedom Law Centre which has recently expanded its operations to India. This exciting development was announced by Mishi Choudhary from SFLC on the lines of the seminar on “Software Patents and the Commons” organised on 1 September 2010 in Delhi jointly by SFLC, the Centre for Internet and Society, the Society for Knowledge Commons and Red Hat. Filing more such oppositions to software patents in India was in the pipeline and this is just the beginning of a movement to take on monopolisation of knowledge and ideas through patenting software, the organisers said.
http://bit.ly/9wE1Xs
First Post-Bilski Decision - Software Patent Rejected: In the first decision post-Bilski, the Board of Patents Appeals and Interferences (BPAI) rejected a software patent claimed by Hewlett-Packard. The ruling in this case has buttressed the fact that the Bilski decision furthered the cause of narrowing the patentability of software even though the Supreme Court of the United States totally avoided mentioning software patents or the applicability of the machine or transformation test for software patents in its decision.
http://bit.ly/cnPw7E
The Bilski Case - Impact on Software Patents: The Supreme Court of the United States gave its decision in Bilski v Kappos on 28 June, 2010. In this case the petitioners’ patent application sought protection for a claimed invention that explains how commodities buyers and sellers in the energy market can protect, or hedge, against the risk of price changes. The Court in affirming the rejection by the Court of Appeals for the Federal Circuit also held that the machine- or-transformation test is not necessarily the sole test of patentability. The Court’s ruling of abstract ideas as unpatentable and its admission that patents do not necessarily promote innovation and may sometimes limit competition and stifle innovation have provided a ray of hope. In the light of the developments, the Bilski decision as far as patentability of software is concerned may not be totally insignificant, says Krithika Dutta Narayana.
http://bit.ly/bjrPGh

Openness

Free Access to Law—Is it here to Stay? An Environmental Scan Report: The following is a preliminary project report collaboratively collated by the researchers of the "Free Access to Law" research study. This report aims to highlight the trends, as well as the risks and opportunities, for the sustainability of Free Access to Law initiatives in each of the country examined.
http://bit.ly/9VVzkk
Open Access to Science and Scholarship - Why and What Should We Do?: The National Institute of Advanced Studies held the eighth NIAS-DST training programme on “Multidisciplinary Perspectives on Science, Technology and Society” from 26 July to 7 August, 2010. The theme of the project was ‘Knowledge Management’. Dr. MG Narasimhan and Dr. Sharada Srinivasan were the coordinators for the event. Professor Subbiah Arunachalam made a presentation on Open Access to Science and Scholarship.
http://bit.ly/ciohYy

Internet Governance

Moldova Online: An Interview with Victor Diaconu: In this interview for Russian Cyberspace, set up with the help of Sunil Abraham (Executive Director at the Centre for Internet and Society in Bangalore, India), computer software professional Victor Diaconu explains the nature of Internet use, state control and the development of blogging and social media platforms in Moldova. Victor works at Computaris in Chisinau. He is Moldova educated, and has travelled to several western countries (including lengthy stays to US, UK) to learn about and understand what there is to be done in Moldova. Sudha Rajagopalan interviewed Victor Diaconu.
http://bit.ly/cgIvXT
Presentation of the UID project by Ashok Dalwai – A Report: On Tuesday, 7 September 2010, Ashok Dalwai, the Deputy Director General of the Unique Identification of India (UIDAI), gave a lecture at the Indian Institute for Science in Bangalore. Representing the UID Authority, his presentation explained the vision of the project and focused on the challenges involved in demographic and biometric identification, the technology adopted, and the enrolment process. Elonnai Hickok gives a report of his presentation in this blog post.
http://bit.ly/aAy5DG
Beyond Access as Inclusion: On 13 September, the day before the fifth Internet Governance Forum opens, CIS is co-organised in Vilnius a meeting on Internet governance and human rights. One of the main aims of this meeting was to call attention to the crucial, yet in Internet governance often neglected, indivisibility of rights. In this blog post, Anja Kovacs uses this lens to illustrate how it can broaden as well reinvigorate our understanding of what remains one of the most pressing issues in Internet governance in developing countries to this day: that of access to the Internet.
http://bit.ly/cgS9py
Summary of UID Public Meeting, August 25 2010: A summary of the "No UID" public meeting that took place on Aug. 25th at the Constitution Club, New Dehli.
http://bit.ly/9epHTz
No UID Campaign in New Delhi - A Report: The Unique Identification (UID) Bill is not pro-citizen. The scheme is deeply undemocratic, expensive and fraught with unforseen consequences. A public meeting on UID was held at the Constitution Club, Rafi Marg in New Delhi on 25 August, 2010. The said Bill came under scrutiny at the meeting which was organised by civil society groups from Mumbai, Bangalore and Delhi campaigning under the banner of "No UID". The speakers brought to light many concerns, unanswered questions and problems of the UID scheme.
http://bit.ly/97HwbS
Wherever you are, whatever you do: Facebook recently launched a location-based service called Places. Privacy advocates are resenting to this new development. Sunil Abraham identifies the three prime reasons for this outcry against Facebook. The article was published in the Indian Express on 23 August, 2010.
http://bit.ly/adXVjB

Telecom

What a highway can do: Despite signs of transformational change, we need more - SOPs and quality http://bit.ly/deUbmU

For more details visit https://cis-india.org/about/newsletters/september-2010-bulletin

Separating the 'Symbiotic Twins'

Nitya V — 2019-09-18T14:10:06Z

This post tries to undo the comfortable linking that has come to exist in the ‘radical’ figure of the cyber-queer. And this is so not because of a nostalgic sense of the older ways of performing queerness, or the world of the Internet is fake or unreal in comparison to bodily experience, and ‘real’ politics lies elsewhere. This is so as it is a necessary step towards studying the relationship between technology and sexuality.

Here, I would like to deal with ‘openness’ as an idea that seems to structure discussions on the nature of both the Internet and queerness, in different ways. What does it mean to read an object/phenomenon/practice as signalling the acts of opening? What is opening placed in opposition to? The terms that come together to constitute the field of openness, so to speak, are these – transparency, publicness, privacy, safety, freedom, expression, anonymity (not so paradoxically), communication, virtuality on the one hand and opacity on the other, the closet, danger, morality, prohibition, lack of access and real life.

‘Openness’ is seen as the fundamental principle of the Internet. [1] The ramifications of this statement for Internet studies and by extension for studies on the ‘cyber queer’ or on the implications of Internet technology for alternative sexuality practices are then the concern of this post. What does this idea refer itself to in terms of how we live in the world? It refers to:

communication – the idea that with the Internet, communication has broken free of the temporal, spatial, linguistic and national restrictions imposed by earlier technologies;
space – that space is no longer defined in material terms and the binary or inside/outside and public/private, has been radically recast by the entry into our lives of ‘cyberspace’ and of space thought of in virtual terms;
body – dematerialization, disembodiment, terms that imply that on the Internet, you become an entity of the mind and of a desire that does not need the material body. The implications of this then being that the threat to the body, posed by its circulation in ‘real’ space and time, is now reduced, because that body no longer has as much at stake as the mind does, in the world of virtual technology. It also means release from a body that is encumbered by class difference and the various ‘markers’ of social relations;
decentralization – that the Internet adopts the mode of ‘weaving’, which is seen as a refusal of hierarchisation, the kind imposed by the ways in which information is made available, or production and consumption are managed, the ways in which class, race and gender restrict the ways in which individuals ‘participate’. Weaving then refers to a network system in place of a top-down system.

“The evidence of the trend towards openness is all around. Young people are sharing their lives online via Facebook, Twitter, Flickr, YouTube, Google, and whatever comes next. Though that mystifies their elders and appalls self-appointed privacy advocates, the transparent generation gains value from its openness. This is how they find each other, share, and socialize.”[2] (Jeff Jarvis, author of What would Google do?). We are henceforth titled the ‘transparent generation’, and we find the same value in the technology that defines our lives – the Internet. Why we are ‘transparent’ when compared to earlier generations? ‘Transparent’, ‘strawberry’, etc., are all terms that have come to describe the present generation of Internet users, the youth, a category born out of an idea of freedom from both moral and political constraint. In this imagination of them, they use technology in order to gain this freedom, in order to give their minds and bodies, which are straining at the leash, the required escape routes, from institutions (family, school and legal systems), from social relations (class and sexuality), and earlier forms of political identification.

The 90s was seen as the decade of openness, both in terms of new media technology and sexual practice. “With liberalisation sweeping the Indian mindset, more and more people are determined to enjoy the secret thrills sex has to offer. While high-profile executives are being seduced by escort services, the middle-class minds are being titillated by 'parties'. Those who are more discreet go for phone sex or MMS.”[3] What comes across is an idea of a new relationship to the temporal and the spatial, the cultural and the social. And sexuality seems to be central to this relationship. “A sexual revolution is sweeping through the small and big towns of India, and to stay immune to it is a big (t)ask.”[4] This article from The Week tells us how the ‘new sexual’ or the ‘newly sexual’ is described in popular discourse. So much so that the violence of the right-wing groups against women and against ‘obscene’ texts are sometimes explained through this very revolution of/in sex. It is read as a backlash, in a moment that is producing this new relationship, with the help of new media technologies such as the mobile phone, the Internet, the web camera and the ‘things’ that enable this openness. And because it is read as a backlash, the practices of the Hindu right are read as wishing to close, to reverse this process of opening out and to keep things as they used to be. Openness is not just a set of practices; it is read as a mindset, a shift from an older era of being bound within certain social structures. “Earlier only newly married women had the right, indeed were expected, to advertise their sexuality before receding into wall-flowers as respectable married women but today all that has changed….Walk into any college or even a school campus across the country and you have young men and women equating liberation and sexuality” (Patricia Uberoi). The linking of sexuality and liberation or freedom is here crucial, because what is particular to this era is the fact that ‘sexual expression’ is seen an indicator of freedom, whether this freedom is placed against moral or political orthodoxies, or on the other hand posited as Westernisation. Popular discourse reveals us as having arrived at the desire for sexual freedom (whether or not sexual freedom itself).

Queerness, a phenomenon of the 90s in the Indian context, is similarly described as an opening out. ‘Queer’ signifies a stepping out of the binary of heterosexuality/homosexuality, which will no longer encumber the body or the mind. It is a conscious move away from identities like lesbian, gay, bisexual or transgender, in fact identity in itself is rendered fragmented and cannot emerge from a monolithic location.

“There was excitement and apprehension in the early '90s as an endless diversity of images flowed into private and public spaces…. Sexual speech came under special attention as newscasts, talk shows, sitcoms and a variety of TV shows challenged conventional family values and sexual normativity including monogamy, marriage and heterosexuality” (Shohini Ghosh – “The Closet is Ajar”, in Outlook[6]). Queerness is then linked to this rapid spread, this breathless circulation, this new access. Technological change is inextricably tied to this idea of the closet being ajar. “…the rapid spread of satellite TV and new media technologies continue to transform the cultural practices of the urban middle class.” It seems to be an era in which the boundaries of the sexual norm are being forced to redraw themselves, simply by the massive onslaught of ideas, speech and images. Queer identities are then seen as riding the crest of a wave of sexual revolution that has been washing over India over the past two decades.

These two formations, the Internet and the queer (we have not yet established what kind of formations they are), have been brought together in the term ‘cyber queer’ for the purpose of sociological and other analyses. The Levi’s ad for ‘innerwear’ shows a young black man saying, “On my web profile, I am a girl”. You can be a beer-bellied man in real life and turn into a voluptuous woman in second life. The virtual life, the virtual body and the virtual sex – the Internet is often spoken of as performing two functions for someone practicing alternative sexualities:

that it lets them be ‘other’ than they are (or are forced to be in real life);

by doing this, they are allowed to express their ‘real’ sexual desire or gender in a ‘safer’ space than in real life, thereby allowing for a freeing up or an opening (however, secretively it is done). “Cruising in physical spaces of the city has always been an affair which dangles on the edge of unsafety. Arrests and blackmail by policemen loaded with section 377, or extortion for money are often reported within queer circles. The Gay Bombay website has several articles and personal narratives which function as cruising guidelines and warnings. has several articles and personal narratives which function as cruising guidelines and warnings. In this context, Internet portals like guys4men provide forums which can be used to manoeuvre cruising in a different manner, possibly much safer than in moonlit Nehru or Central Parks in Delhi or train-station loos in Bombay.” (Mario d’Penha, gay activist [7])

Again, the notion of ‘space’ as suddenly emerging from the shadowy realms of ambiguity and secrecy, to stand in for freedom, is something that one often encounters in relation to cyber-queerness. And it is not just physical space which is pulled into this discourse of the technological shift, it is desire itself - “Desire is unabashed, playful and complex here”[8]. Desire, personified thus, is then seen as something set free by and through technological innovation.

Though this notion of sudden freedom is contested by researchers and scholars within the field, the result of that contestation has often been to:

affirm, in place of a single figure of the liberated cyber queer, the multiplicity of behaviours, dangers and freedoms that are generated. This is a little like affirming, in place of a single body called the public, several bodies that are termed multiple publics, or subaltern publics. The problem with this approach is that the nature of this public, the public-ness of it, is not then fully interrogated. It is assumed that the multiplicity in itself will be contest enough;
return to the body as existing at the root of queer existence. This return then, in claiming something that has been forgotten, or disavowed (our bodily existence), finds a strange comfort in this body, settling within it as if having found a location from which to speak, about the virtual, about cyberspace. For example, though Jodi O’Brien, in her essay “Changing the Subject”[9] refutes the claim “There are no closets in cyberspace”, she finds it necessary to return to the ‘body’ and not to subjectivity in order to do so – it is as if the materiality of the body is the only concrete thing that will allow this contestation. “The ‘alternative’ experiences that are enacted in ‘alternative’ or queer spaces are based on realities of the flesh: real, embodied experiences and/or fantasies cultivated through exposure to multisensory stimuli.” The body then becomes the explanatory fulcrum, and it is only from here that any kind of relationship to what is seen as virtuality can be understood.

An ancestor to the above problem - “What precisely does the cyber add to the queer identity which it lacked previously?”[10] This question, framed as the most basic one can ask of this figure, makes the following assumptions – that ‘queer’ is a human subject that precedes ‘cyber’, a.k.a non-human technology that the latter adds to this human subject and how it performs in the world, or has transformed it after the fact.

It is remarkably easy to say that in the great saga of sexual practices, technology has been an agent of transformation. Or, more importantly, to place cyberspace and queerness on par with each other, as sharing the same nature, or functioning on the same fundamental principle – of decentering or destabilizing a previously integrated or unified subject. Nina Wakeford asks of the term cyberqueer, “…what is the purpose of creating a hybrid of the two? It is a calculated move which stresses the interdependence of the two concepts, both in the daily practices of the certain and maintenance of a cyberspace which is lesbian, gay, transgendered or queer, and in the research of these arenas.”[11] By this logic, they are interdependent because there is some inherent quality in each that makes it offer itself to the other. “Queer sex is about following the desires of the flesh into an unnamed, uncategorized, uncharted realm, and doing something that neither of you can 'code'.”[12] The value of queerness therefore, derives from this lack of naming, an escape from coding of a particular kind, the zone of ambiguous enactments of desire.[13] “While it is this open transparent character of online existence that lays the Internet vulnerable to surveillance, it is also its self-inscribing character that makes it the playground of possibilities it is at its best. Cyberspace is habitat, playground, university, boulevard and refuge” (Shuddhabrata Sengupta, ‘Net Nomad on a Rough Route: A Despatch from Cyberspace’[14]). It is a zone of enactments of desire, a playground of possibilities, undefined, unbound.

There is then a reading of technology and sexuality as feeding off each other - “The relationship between technology and sexuality is a symbiotic one. As humankind creates new inventions, people find ways of eroticizing new technology. So it is not surprising that with the advent of the information superhighway, more and more folks are discovering the sexual underground within the virtual community in cyberspace” (Daniel Tsang)[15]. The above quote assumes the following:

that humankind existed before technology;
that first a technology is born and then there is the eroticization of this technology. It is only because of these assumptions that technology (in this case the Internet) as such can be seen as fundamentally open. Latour’s critique of the first assumption is that “Without technological detours, the properly human cannot exist.”

At the point of encountering this strange euphoria, we need to pause and consider, with Latour, this very relationship between technology and sexuality. “There has been a persistent silence on matters of sexuality in critical cultural studies of technology, perhaps partially because technology was associated with the instrumental to the exclusion of the representational (Case 1995). The creation of the term ‘cyber queer’ is itself an act of resistance in the face of such suppression” (Nina Wakeford). If the relationship between the two is viewed along representational lines, then the only direction that can be taken is one which will posit the human before the technological, will posit technological as that which enables (or not) representations of this human subject. In this sense, the representational is not far from the instrumental as an explanatory framework.

In all the explanations we have seen above, at one level or another, technology has viewed as the ‘thing’[17], and morality as that which ascribes meaning in a particular way to this thing. For example, the mobile phone is seen as the thing, the technology, with concrete attributes and use value. Morality is what then prescribes how this thing is to be used or not used, or the dangers that follow from its use in the world of social relations. Latour argues against this way of positioning technology and morality, and instead calls them both modes of ‘alterity’, albeit two different modes. Alterity in his definition is being-as-another, technology and morality both then constituting a particular way of being-as-another. Technology is not what you use, it is not a means to an end, it in fact changes the end to which it is the means. It is the curve, the detour. Morality is what questions means and ends and prevents the easy categorization of objects or people as one or another.

We are used to thinking of morality as keeping things static, wanting them unchanged, preventing new ideas or practices from being absorbed into the domains of our existence. Especially when it comes to sexuality, morality is seen as that which blocks, which lives in the past, which ‘ossifies’ – “…morality consists precisely of the willingness/ability to accept and organize one's behaviour in accordance with… ‘ossified’ recipes for interaction. If gender is a primary (read: coded as ‘natural’) institution for organizing social interaction, then boundary transgressions are not only likely to arouse confusion but to elicit moral outrage from the boundary keepers.”[18] Morality here refers to boundary keeping. Latour shifts our understanding of morality in ways that allow us to read beyond the boundary keeping. According to him, morality constantly interrupts the means-to-end process by questioning the use of something/someone as a means towards an end. Morality is then a hindrance to this process, not an ossification of social relations or practices.

This argument disrupts the location of technology as that which signals an opening out of the universe, and morality as signalling a closing off. True, Latour himself reads technology as creating new functions, or as creating new ends but he does not categorise these and the technologies they derive from as ‘open’. For him, technology is opaque, unreadable. Sexuality also then cannot be read as feeding off of technology, as some kind of symbiotic twin to it. The relationship between technological shifts and sexual practices or identities has to be read alternately to this idea of freedom from the shackles of social relations and bodily constraints. Sexuality cannot also then be opposed to morality, as it has often been done.

[1] www.openinternetcoalition.org.

[2] Jarvis, Jeff. “Openness and the Internet”, http://www.businessweek.com/managing/content/may2009/ca2009058_754247.htm.

[3] Doval, Nikita. “Bold Bodies”, in The Week, September 7, 2008.

[4] Ibid.

[5] Quoted in Doval, Nikita. "Bold Bodies", in The Week, September 7, 2008, p 50.

[6] http://www.outlookindia.com/article.aspx?227507

[7] Quoted in Katyal, Akhil. “Cyber Cultures/Queer Cultures in Delhi”. See http://mail.sarai.net/pipermail/urbanstudygroup/2007-July/002827.html

[8] Katyal, Akhil “Cyber Cultures/Queer Cultures in Delhi”. See http://mail.sarai.net/pipermail/urbanstudygroup/2007-July/002827.html

[9] Women and Performance: Issue 17: Sexuality and Cyberspace.

[10] Wakeford, Nina. “Cyberqueer”, in Bell, David and Barbara Kennedy, eds. The Cybercultures Reader. Routledge: London, 2000

[11] “Cyberqueer”, in Bell, David and Barbara Kennedy, eds. The Cybercultures Reader.

[12] O’Brien, Jodi. “Changing the Subject”. In Women and Performance, Issue 17: Sexuality and Cyberspace.

[13] Here I deal with the idea of queerness at an almost commonsensical level, not at the level of the queer theory of Judith Butler or Eve Sedgwick, just as cyberspace is also dealt with at the level of what it seems to be seen as doing.

[14] Quoted in the Sarai discussion.

[15] Tsang, Daniel. “Notes on Queer ‘n’ Asian Virtual Sex”. In Bell, David and Barbara Kennedy, eds. The Cybercultures Reader. Routledge: London, 2000.

[16] Latour, Bruno. “Morality and Technology: The End of the Means”. See http://www.bruno-latour.fr/articles/article/080-en.html.

[17] I put this in quotes because latour has a very specific definition of ‘thing’ or Ding, which this is not.

[18] O’Brien, Jodi. “Changing the Subject”, in Women and Performance, Issue 17: Sexuality and Cyberspace. See http://web.archive.org/web/20040604123458/www.echonyc.com/~women/Issue17/art-browning.html

For more details visit https://cis-india.org/raw/histories-of-the-internet/blogs/queer-histories-of-the-internet/symbiotic-twins

Sense and Censorship

sunil — 2012-01-31T06:15:38Z

The Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA) bills, at the US House of Representatives and Senate, respectively, appear to enforce property rights, but are, in fact, trade bills. This article by Sunil Abraham was published in the Indian Express on 20 January 2012.

In developed countries like the US, intellectual property (IP) plays a dominant role in the economy, unlike in economies like India. Countries that have significant IP are keen to increase global and national enforcement activities, while countries with little domestic IP are keen to reduce outgoing royalties in the balance of payments and therefore, keen to expand alternatives, limitations and exceptions like copyleft licensing, compulsory/statutory licensing and fair dealing.

The loss of generic medicines, hardware based on open standards, public domain content, free and open source software, open access journal articles, etc will equally impoverish consumers in the US and in India. SOPA and PIPA, therefore, do not represent the will of the average American but rather the interests of the IP sector, which has tremendous influence in the Hill. There is one more layer of complication for policy-makers to consider as they work towards a compromise of interests in Internet governance — the tension between the old and the new. The incumbents — corporations with business models that have been rendered obsolete by technological developments — versus emerging actors who provide competing products and services, often with greater technological sophistication, higher quality, at a lower cost.

The US, in terms of policy and infrastructure, still controls the global Domain Name System (DNS) and consequently, post-SOPA/PIPA, can take unilateral trade action without worrying about national variations enabled by international law. These bills directly undermine the business models of many Indian companies — generic drug manufacturers like Ranbaxy, software service providers like Infosys, electronics manufacturers like Spice and players in many other sectors dominated by IP rights. So it is baffling that they have not added their voices to the global outcry.

SOPA and PIPA, if passed, will enable the US administration to take three-pronged action against IP infringers — seizure of domain names and DNS filtering, blocking of transactions by financial intermediaries and revocation of hosting by ISPs. While circumvention may still be possible, it will get increasingly laborious — something like the Great Firewall of China, but worse. Unfortunately, the implementation of these blunt policy instruments will require more and more public-funded surveillance and censorship.

The censorship potential of efforts like SOPA and PIPA may appeal to others, as autocratic and democratic regimes across the world have been keen to try technology-mediated social engineering — these efforts have been multiplied in the post-Arab Spring and Occupy Wall Street world. Organised religion, social conservatives and those who have been at the receiving end of free speech would all want to shut down platforms like WikiLeaks and political movements like Anonymous and the Pirate Party.

These are equally dismal times for Internet governance in India. Google, Facebook and 20-odd other intermediaries are trying to avoid jail time at the hands of a Delhi court. However, ever since the IT Act amendments were put in place three years back, digital activists have been requesting intermediaries to register their protests early and often, regarding draconian provisions in the statute and in the associated rules. Their silence is going to be very expensive for all of us. We cannot depend on the private sector alone to defend our constitutional rights. As yet unpublished research from CIS demonstrates that private intermediaries only bother with defending freedom of expression when it undermines their business interests. Working with an independent researcher, we conducted a policy sting operation — faulty take-down notices were served to seven intermediaries asking for legitimate content to be taken down. In six of those cases, the intermediaries over-complied, in one case deleting all comments on a news article instead of just those comments identified in the notice. The only take-down that was resisted was one claiming that sale of diapers was “harmful to minors” under the Indian IT Act (because they caused nappy rash). It is clear that the IT Act and its associated rules have already had a chilling effect on online participation by Indians.

Fortunately for us, during the previous parliamentary session — Jayant Chaudhary, Lok Sabha MP from the Rashtriya Lok Dal, asked for the revision of rules concerning intermediaries, cyber-cafes and reasonable security practices. The next Parliament session is the last opportunity for the House to reject these rules and intervene for a free Internet.

The writer is executive director of the Bangalore-based Centre for Internet and Society

Read the original published in the Indian Express

For more details visit https://cis-india.org/internet-governance/sense-and-censorship

Seminar on Software Patent and the Commons

praskrishna — 2011-10-23T14:22:15Z

A pre-grant opposition has been filed against a software patent application filed in the patent office by Certicom, a wholly owned subsidiary of Research in Motion (RIM), manufacturers of Blackberry. The opposition was filed on August 31, 2010 by the Software Freedom Law Centre which has recently expanded its operations to India. This exciting development was announced by Mishi Choudhary from SFLC on the lines of the seminar on “Software Patents and the Commons” organised on 1 September 2010 in Delhi jointly by SFLC, the Centre for Internet and Society, the Society for Knowledge Commons and Red Hat. Filing more such oppositions to software patents in India was in the pipeline and this is just the beginning of a movement to take on monopolisation of knowledge and ideas through patenting software, the organisers said.

Software patent opposition is still in its nascent stage in India while several oppositions have been filed against software patents in the US and the EU. The harmful effects of software patents are little known to the Indian public, especially from the context of its danger to development in small and medium size enterprises, as pointed out by Pranesh Prakash from the Centre for Internet and Society who spoke about why software patents are bad for innovation and development in society and also in the software industry, in particular.

In the same context, Venkatesh Hariharan from Red Hat as also Mr. T.C. James, Director of the National Intellectual Property Organisation spoke about the growing importance of free and open source software in education, governmental agencies and as a key agent in information technology policy making in India. “Out of 500 super computers in the world, 446 are running on Linux”, he said, talking about how open source software makes computing highly accessible and affordable while allowing for improvements to be made to the software by any user and releasing it back to benefit the whole community. Dr. Anshu Bhardwaj involved in the Open Source Drug Discovery project undertaken by CSIR, spoke at length about the project as a live demonstration of the power of open source software in impacting drug access and development and health care reform across communities at highly economical rates.

Prof. Eben Moglen, Executive Director of Software Freedom Law Centre in New York who was the keynote speaker at the conference spoke about the growth of the free software and open source movement based on the principle of equating knowledge with commons – that is, a good to be commonly shared by all members of the public – resulting in access to and sharing of knowledge and distribution of information in society for greater innovation, creation of new ideas, communication and development. Dr. Abhijit Sen, member of the Planning Commission was the other keynote speaker who stressed on the role of the government and the policy making bodies to ensure that knowledge and education is accessible and shared without restrictions in such a way that it is not misused by the members of the society.

Other notable speakers in the event included Prabir Purkayastha from the Society for Knowledge Commons, Pradyut Bora, Chief Convenor of BJP's information and technology cell, Jaijit Bhattacharjee from Hewlett Packard and Sudhir Krishnaswamy, Professor, National University of Juridical Sciences. The event also witnessed the participants discuss the various strategies to be used from the perspective of legal analysis as well as policy reform, for opposing software patents filed or granted in India. Indian patent law clearly declares computer programmes per se or software patents to be unpatentable. Prabir Purkayastha pointed out that the most important and major scientific discoveries in history have not been patented and that this has, in no way prevented new ideas from being created and has in fact fostered such innovation. In spite of such a clear legal restriction on grant of software patents, around 1000 software patents have been filed in the patent offices in India in the last year. This trend is extremely disturbing since it poses a serious threat to access to knowledge and distribution of information in society in addition to stifling innovation and development in the software industry.

The seminar was attended by people from diverse backgrounds including the IT industry, civil society organisations, and groups working in pharma patent advocacy, media persons and government officials.

Videos

For more details visit https://cis-india.org/a2k/blogs/softtware-patents-and-the-commons

Seminar on Rethinking Copyright and Licensing for Digital Publishing Today (Delhi, January 23)

sinha — 2017-01-21T14:51:56Z

Against the backdrop of a growing global and domestic digital publishing industry on one hand and the recent judgment by the Delhi High Court that upheld the education exception to reproduction of academic and literary works, Pro Helvetia - Swiss Arts Council, Goethe-Institut Max Mueller Bhavan New Delhi, and the Centre for Internet and Society (CIS) are organising a seminar to discuss and reflect on the relevance and functions of copyright and licensing within the transforming market practices and legal structures of the publishing industry today.

Poster: Download (PNG)

The two speakers at the seminar will be Dr. Philipp Theisohn, Professor of Modern German Literary Studies, Zurich University, and Ms. Kerstin Schuster, Droemer Knaur publishing group. The session will be chaired by Mr. Zakir Thomas, Additional Director General (Risk Assessment), Directorate of Income Tax, Government of India.

Dr. Theisohn will address the question of whether the digital age requires a new approach to copyright thinking, and Ms. Schuster will discuss the dynamics of the international market for licenses in the contemporary publishing world.

Please join us at the CIS Delhi office on Monday, January 23, at 11:00 for the seminar. The seminar will include the presentations by the speakers followed by an open moderated discussion.

Further, it is our great pleasure to inform you that in a recent judgement on the Super Cassettes v. MySpace case, the Delhi High has strengthened the safe harbor immunity enjoyed by internet intermediaries in India. As CIS was one of the intervenors in the case, and has been duly acknowledged in the judgment, we would like to invite you for an informal discussion about the case over lunch. This will take place after the seminar.

A brief analysis of the judgement can be found here.

Please RSVP by sending an email to Nisha Kumar at nisha@cis-india.org.

Address: The Centre for Internet and Society, first floor, B 1/8, Hauz Khas, near G block market, after Crunch, New Delhi, 110016.

Location on Google Map: http://j.mp/cis-delhi.

Philipp Theisohn

Philipp Theisohn, who was born in 1974, studied Modern German Literature, Medieval Studies and Philosophy in Tübingen and Zürich. He gained his doctorate in Jerusalem and Tübingen and, since 2013, has been Professor of Modern German Literary Studies at Zurich University. He has produced numerous publications on German and European literary history from the 13th to the 21st century, in particular on “literary future knowledge“, the perception of literary property, and Jewish Cultural Poetics.

The focal points of his work and research are the literature of Switzerland, literary property/plagiarism as a literary historical phenomenon, science fiction and futurology, realism, Franz Kafka and Early Modern Poetics of Knowledge.

Theisohn is intensely involved in the transmission of literature far beyond the academic environment. He is a member of the jury for the “Swiss Book Prize“ of the Publishers‘ Association, an expert for inter-disciplinary and literary projects for the Swiss Arts Council Pro Helvetia; he curates literary exhibitions, is active in a broad range of journalistic work, among other things for the Neue Zürcher Zeitung, and is in charge of the blog and website of the “Schweizer Buchjahr” which contributes significantly to contemporary literary discourse.

Among his most important book publications are: "Die Zukunft der Dichtung. Geschichte des literarischen Orakels 1450-2050" (“The Future of Poetry. The History of the Literary Oracle 1450-2050”); “Plagiat. Eine unoriginelle Literaturgeschichte”( “Plagiarism. An Unoriginal Literary History”) and “Literarisches Eigentum. Zur Ethik geistiger Arbeit im digitalen Zeitalter” (“Literary Property. On the Ethics of Intellectual Work in the Digital Age”).

Kerstin Schuster

Having obtained a university degree in Romance Studies and Political Science, Kerstin Schuster worked in the bookselling trade. Since 1993 she is trading licenses for the international market. She has worked till 2001 for the literary agency Dr. Ray-Güde Martin, from 2001 until 2013 for the publishing house S. Fischer Verlag in Frankfurt, and since 2014 for the Droemer Knaur publishing group.

For many years now, Kerstin Schuster is also facilitating seminars on how to successfully offer and sell licenses in the international market.

Zakir Thomas

Mr. Thomas is an expert in the field of intellectual property. He has served as a former Registrar of Copyright for the Government of India, and as a project director of the Open Source Drug Discovery Initiative under the Council of Scientific & Industrial Research (a premier R&D org). His expertise spans across copyright, open source innovation, neglected diseases and innovation ecosystem in science and technology in India.

For more details visit https://cis-india.org/a2k/events/seminar-on-rethinking-copyright-and-licensing-for-digital-publishing-today-delhi-jan-23-2017

Seminar on Open Access in Research Area: A Strategic Approach

sumandro — 2015-12-22T05:37:44Z

The Energy and Resources Institute (TERI), Delhi, is organising a seminar on open access in research on Tuesday, December 22, 2015. The seminar will focus on: 1) wider access to scientific publications and research data, 2) access to scientific information, and 3) challenges and opportunities of research data. The Centre for Internet and Society is supporting the event as a Knowledge Partner.

Background

Open Access has become central importance to advancing the interests of researchers, scholars, students, business, and the public as well as librarians. Increasingly, research institutions require researchers to publish articles that report research findings openly accessible in open domain.

Open Access pursues to yield scholarly publishing to spread knowledge and allow that knowledge to be built upon. Price barriers should not stop researchers from getting access to research data. Open Access, and the open availability and search ability of scholarly research that it entails, will have a significant positive impact on everything from education to the research practice in various fields.

To explore why Open Access is so important to a number of groups, TERI Library along with The Centre for Internet & Society (CIS) as Knowledge Partner is organizing a half day seminar on Open Access in Research Areas: a Strategic Approach on December 22, 2015 at TERI Seminar Hall, IHC, Lodhi Road, New Delhi.

The Seminar will focus on:

wider access to scientific publications and research data
access to scientific information, and
challenges and opportunities of research data.

Schedule

No registration is required to attend the seminar. Seats are limited, and will be provided on first-come-first-served basis.

13:45 - 14:00		Registration and Networking
14:00 - 14:10		Welcome Address - Mr. Prabir Sengupta, Distinguished Fellow and Director, Knowledge Management Division, TERI
14:10 - 14:20		Special Address - Sumandro Chattapadhyay, Research Director, The Centre for Internet and Society
14:20 - 14:35		Keynote Address - Dr. K.R. Murali Mohan, Advisor, Big Data Initiatives Division, Department of Science and Technology
14:35 - 14:50		Inaugural Address - Dr. Chandrima Shaha, Director, National Institute of Immunology, New Delhi
14:50 - 15:00		Setting the Theme and Vote of Thanks - Dr. P.K. Bhattacharya, Fellow and Area Convenor, Knowledge Management Division, TERI
15:00 - 15:30		Tea and Refreshments
15:30 - 17:15		Plenary Session Chair: Dr. Ramesh Sharma, Director, CEMCA Puneet Kishor, Researcher and Independent Consultant - "Science, Data, and Creative Commons" Dr. Beth Sandore Namachchivaya, Associate Dean of Libraries and Professor University of Illinois - "Developing Services, Infrastructure, and Best Practices to Conserve and Provide Access to Research Data: Challenges and Opportunities" Dr. Usha Mujoo Munshi, Librarian, Indian institute of Public Administration

For more details visit https://cis-india.org/openness/teri-seminar-on-open-access-in-research

Seminar on Open Access for Scientific Information

praskrishna — 2011-06-09T12:41:22Z

Open-access provides free online access to quality scholarly material that can be defined as “open domain,” meaning publicly supported research information, and “open access,” so that it is copyrighted to be freely available scholarly material. Open-access publishing enables researchers in developing countries to establish priority for their research, which they could use later to defend their intellectual property. It removes excess barriers in terms of both price and permission, enhances national research capacity, and improves visibility for developing-country research. Open access thus enables a global platform for this research and collaboration and reciprocates the information flow from South to North among all countries.

In India, there is a large opportunity for open-access publishing. There are many non-commercial research and development institutions, both academic and research laboratories. For example, there are approximately 300 universities that offer both graduate and research programs. There are also many R&D laboratories operating within government science agencies, which cover domains like industrial research, defense research, agricultural research, medicine, ecology, environment, information technology, space, energy, and ocean development.

Many of these institutions, and also several professional societies, publish science journals. Tools like the Open Journal Systems could help many of these journals to come online in an open-access environment. Open Access is relevant to India because most research is funded from public money, institutional framework and information infrastructure, trained manpower and financial resources are adequately available. It widens distribution of information and knowledge and lowers the cost of reaching a fairly wide audience while maximising return on public money. The OA movement is being supported by research funding agencies, academic institutions, researchers and scientists, teachers, students, and members of the general public.

Open access publishing can foster the exchange of research results amongst scientists from different disciplines, thus facilitating interdisciplinary research, whilst providing access to research results to researchers world-wide, including from developing countries, as well as to an interested general public.

Access to and sharing of information, including scientific information, goes through dramatic changes because of rapidly emerging new communication and information technologies (ICTs) and the societal transformations that they generate. But what are the long-term strategies to efficiently harness the open access potential for developing new approaches to knowledge acquisition and sharing? What needs to be done to effectively integrate these strategies into forward looking and sustainable policy making? How can we harness the potential of open access to develop knowledge societies that are people-centred, inclusive and development oriented? What are the global environmental trends that will influence open access in the next few years? What are the main needs of the open access stakeholders in India and South Asia ? Which are the publishing models for open-access journals and what does it imply to finance and sustain open access journals in developing countries; how to overcome language and other barriers ?

These issues are of strategic relevance to UNESCO as they address key challenges linked to building knowledge societies, one of the overarching objectives of the Medium Term Strategy 2008-2013.

UNESCO, jointly with the Centre for Internet Society is well placed to mobilize interested stakeholders to develop efficient implementation strategies in the area of acquision and sharing of scientific information and to integrate them into forward looking and sustainable policies.

UNESCO believes that open access is an enriching part of the scholarly communication process that can and should co-exist with other forms of communication and publication, such as society-based publishing and conferencing activities. Open access publications are also more easily included and searchable in search engines and indexing databases.

In order to initiate a sub-regional dialogue on democratizing access to scientific and health-related information, on the economics of scientific publishing and the implications of the various open-access models and the copyright and intellectual property issues, UNESCO convenes a one day seminar on 16 March 2011 in New Delhi. The concept of « open access » and the inter-relationships between academic institutions, researchers, scientists and publishers will be examined, as well as the challenges and barriers which OA is currently facing in this part of the world.

Overall objectives

Strengthen awareness of UNESCO’s stakeholders on the potential of open access in scientific knowledge sharing that are dramatically accelerated by ICTs;
Provide analysis for anticipating foreseeable trends end emerging challenges in order to enable Indian and South Asian stakeholders to develop strategies and policies to take them up;
Develop a partnership and collaboration among interested stakeholdesr in order to improve access to and sharing of scientific information and research through open access

Expected results

The discussion of the Open Access Seminar is expected to achieve the following results:

UNESCO’s stakeholders enabled to understand trends and emerging challenges related to the impact of open access on scientific information acquisition and sharing;
Possible developments prospected in the area of scientific information sharing in the coming 5 years;
Specific technology generated trends, and their consequences for development in scientific information and research sharing
Highlight the collaborative and collective efforts and actions behind the Open Access movement
Discussions of best practices of Open Access Initiatives

Who should attend:

Science editors
Policy makers
Information professionals
Researchers
Open Access movement activists
Academics and all those interested in electronic publishing.

Terms of Reference:

1) Initiatives within the open access movement (with focus on what all of this means for developing countries):

discussion on the pros and cons of open access
different models used and paths to achieving open access to the health literature
research reports and open access
democratizing access to scientific and health-related information
economics of scientific publishing and implications of the various open-access models
copyright and intellectual property

2) Open Access and the journals from developing countries

what does it means to bring journals online
publishing models for open-access journals
financing and sustaining open access journals in developing countries
costs associated with open access in developing countries
language barriers and translation
training information specialists and users on searching and accessing health literature

This event is co-organised by UNESCO and the Centre for Internet and Society, Bangalore

Download the agenda here

For more details visit https://cis-india.org/events/open-access

Seminar on Exceptions and Limitations in Copyright

sachia — 2011-08-17T08:50:52Z

This is a report on a seminar organised by the Department of Higher Education, Ministry of Human Resource Development, and Government of India on 14 and 15 May 2009, in Kochi, Kerala, to look at exceptions and limitations in copyright. Programme Manager Nirmita Narsimhan, of the Centre for Internet and Society, attended the seminar.

CIS Programme Manager Nirmita Narsimhan attended a seminar on exceptions and limitations in copyright, organised by the Department of Higher Education, Ministry of Human Resource Development, and Government of India on 14 and 15 May 2009, in Kochi, Kerala. The seminar was intended to bring up key issues affecting access to knowledge, which are to be taken up by the Standing Committee on Copyright and Related Rights (SCCR) at the World Intellectual Property Organisation (WIPO) later this month. Resource persons identified for different topics were eminent scholars, academicians and practitioners across India. The seminar covered eight topics. On each topic, a paper was presented by a resource person with commentary by an expert in the field, after which there was an open discussion.

The first day featured, amongst others, a paper presented by Lawrence Liang, Distinguished Fellow, CIS. He spoke at length on the exceptions and limitations for education.

The second day featured a paper by Mr. Madhukar Sinha, former Registrar of Copyright. Mr. Sinha presented on the topic 'Use of works by visually impaired and other miscellaneous exceptions of use of works under Indian Copyright Act: Section 52(1) (q), (r), (s), (t), (u), (v), and (x), (y), (z)'. His paper went into great length on definitions of visual disability and tried to evolve an economic model to support conversion of books into accessible formats for the visually challenged. The paper drew parallels with existing laws and best practices in different countries, made a detailed analysis of exceptions for the blind in the light of the Berne three-step test and the TRIPS agreement, and concluded by recommending that the Copyright Act should be amended to include exceptions and limitations which would permit conversion of books into formats in certain special cases. Mr. Sinha also recommended that India should look at solutions which go beyond the limits of the Copyright Act to solve such problems.

The response to this was prepared by Mr. Rahul Cherian of Indo Juris Law offices. The response paper drew attention to the fact that half of the total blind population of the world is in India and that amounts to a population of more than a crore. In the light of the economic and logistic considerations of our country, the Copyright Act should

Expressly include a limitation to permit conversion of books into accessible formats for visually challenged persons;
Permit conversion by stakeholder organizations as well as interested family members and friends of beneficiaries;
Adopt a functional definition of disability and not a medical one as is currently the case in the Persons with Disabilities Act 1995, and extend the benefit of the exception to all persons, who by reason of any disability are unable to access the work in its original format;and
Not restrict conversion only to those formats which are exclusively for the use of blind persons. Visually challenged persons should be able to make use of available mainstream formats like PDFs or Word as well.

The paper also dealt extensively with the Treaty for Improved access for the Blind, Visually Impaired and Other Reading Disabled, which was proposed by the World Blind Union in WIPO last year and is coming up again for discussion later this month.

Please click here to see the complete text of the paper.

The seminar was extremely productive because there was a strong recommendation and support for the inclusion of a limitation for conversion into accessible formats for persons with disabilities in the Indian Copyright Act. All the members present came to a consensus that the Indian Government should take a supportive stand towards the Treaty for the Blind proposed by the WBU at the SCCR this month. A representative of a leading publishing house committed himself to working towards providing books to certain organizations for the blind, if they could assure him that those books would be circulated only to blind persons and not to others.

For more details visit https://cis-india.org/accessibility/blog/seminar-on-exceptions-and-limitations-in-copyright

Selection of Programme Officer — Pilot Projects, CIS-A2K

nitika — 2013-10-30T06:07:24Z

The Centre for Internet & Society (CIS) opened applications for the post of Programme Officer, Pilot Projects for its Access to Knowledge (A2K) Programme on 17th April 2013. The vacancy and call for applications was shared on all Indian language mailing lists, city mailing lists as well as Village Pumps.

Last date of submitting applications was 30th April which was later extended for another week. By the first week of May we had received 35 applications.

First level of shortlisting
Applicants were given an assignment where they had to write at least one new article on their respective language Wikipedia projects (though we encouraged them to write more than one article if they liked). Asking them to write new articles on Wikipedia was a way to assess their seriousness and level of commitment towards this job. Applicants who failed to submit their written assignment were outright rejected in this level. Amongst the ones that did complete the assignment were assessed on the basis of their relevant work experience and skills that matched requirements of the job profile. CIS-A2K assessed these applicants on different parameters such as:

Exposure to digital domain
Exposure in community driven projects
Exposure of working with schools of performing arts or cultural departments
Prior experience of working in multi-cultural environment
Prior experience in program design and management
Exposure to Wikimedia projects and community
Technical work experience

In this level, 9 applicants were rejected due to failure of completing the assignment and 1 applicant pulled out. Out of the remaining 25 applicants, CIS-A2K shortlisted 15.

Second level of shortlisting
Vishnu and Nitika conducted one hour Skype interviews with each of the shortlisted candidates. CIS-A2K tried to assess candidates on their:

Understanding and passion for Wikimedia movement and projects

Level of understanding of the job profile

Level of understanding of open source, open access, open standards.

Clarity of thinking and communication skills

Ability to work with teams and communities

Experience / understanding of community mobilisation & outreach

Skills in project management

Comfort with working in unstructured environments

Ability to learn new things and approach unfamiliar situations

Personal passions and interests

On the basis of Skype conversations, CIS-A2K shortlisted 6 candidates out of 15 for the next level.

Third level of shortlisting
At this stage one more applicant pulled out and remaining 5 were called for personal interviews to our Bangalore office. All participants were requested to come prepared to present on the topic of 'Performing Arts and Wikipedia' for 10 mins. Each interview lasted for approximately an hour. Towards the closure of the day all participants were requested to gather where each one of them showcased their presentations. This further led to an interesting group discussion.

CIS-A2K had requested Wikimedia India to select someone from the Chapter who could be involved in the selection process and we're glad that Sowmyan Tirumurti, Executive Manager of Wikimedia Chapter could join us for a little while on the day of personal interviews.

Final Selection
Based on all the parameters and levels of interviews, CIS-A2K decided to extend the offer to Syed Muzammiluddin for the position of Programme Officer - Pilot Projects. Muzammil's experience, skills and interest matched our requirements the best and we look forward to a long and successful relationship with him.

For more details visit https://cis-india.org/openness/blog-old/selection-of-programme-officer-pilot-projects-a2k

Security: Privacy, Transparency and Technology

sunil — 2015-09-15T10:53:52Z

The Centre for Internet and Society (CIS) has been involved in privacy and data protection research for the last five years. It has participated as a member of the Justice A.P. Shah Committee, which has influenced the draft Privacy Bill being authored by the Department of Personnel and Training. It has organised 11 multistakeholder roundtables across India over the last two years to discuss a shadow Privacy Bill drafted by CIS with the participation of privacy commissioners and data protection authorities from Europe and Canada.

The article was co-authored by Sunil Abraham, Elonnai Hickok and Tarun Krishnakumar. It was published by Observer Research Foundation, Digital Debates 2015: CyFy Journal Volume 2.

Our centre’s work on privacy was considered incomplete by some stakeholders because of a lack of focus in the area of cyber security and therefore we have initiated research on it from this year onwards. In this article, we have undertaken a preliminary examination of the theoretical relationships between the national security imperative and privacy, transparency and technology.

Security and Privacy

Daniel J. Solove has identified the tension between security and privacy as a false dichotomy: "Security and privacy often clash, but there need not be a zero-sum tradeoff." [1] Further unpacking this false dichotomy, Bruce Schneier says, "There is no security without privacy. And liberty requires both security and privacy." [2] Effectively, it could be said that privacy is a precondition for security, just as security is a precondition for privacy. A secure information system cannot be designed without guaranteeing the privacy of its authentication factors, and it is not possible to guarantee privacy of authentication factors without having confidence in the security of the system. Often policymakers talk about a balance between the privacy and security imperatives—in other words a zero-sum game. Balancing these imperatives is a foolhardy approach, as it simultaneously undermines both imperatives. Balancing privacy and security should instead be framed as an optimisation problem. Indeed, during a time when oversight mechanisms have failed even in so-called democratic states, the regulatory power of technology [3] should be seen as an increasingly key ingredient to the solution of that optimisation problem.

Data retention is required in most jurisdictions for law enforcement, intelligence and military purposes. Here are three examples of how security and privacy can be optimised when it comes to Internet Service Provider (ISP) or telecom operator logs:

Data Retention: We propose that the office of the Privacy Commissioner generate a cryptographic key pair for each internet user and give one key to the ISP / telecom operator. This key would be used to encrypt logs, thereby preventing unauthorised access. Once there is executive or judicial authorisation, the Privacy Commissioner could hand over the second key to the authorised agency. There could even be an emergency procedure and the keys could be automatically collected by concerned agencies from the Privacy Commissioner. This will need to be accompanied by a policy that criminalises the possession of unencrypted logs by ISP and telecom operators.
Privacy-Protective Surveillance: Ann Cavoukian and Khaled El Emam [4] have proposed combining intelligent agents, homomorphic encryption and probabilistic graphical models to provide “a positive-sum, ‘win–win’ alternative to current counter-terrorism surveillance systems.” They propose limiting collection of data to “significant” transactions or events that could be associated with terrorist-related activities, limiting analysis to wholly encrypted data, which then does not just result in “discovering more patterns and relationships without an understanding of their context” but rather “intelligent information—information selectively gathered and placed into an appropriate context to produce actual knowledge.” Since fully homomorphic encryption may be unfeasible in real-world systems, they have proposed use of partially homomorphic encryption. But experts such as Prof. John Mallery from MIT are also working on solutions based on fully homomorphic encryption.
Fishing Expedition Design: Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal have proposed a standard [5] that could be adopted by authorised agencies, telecom operators and ISPs. Instead of giving authorised agencies complete access to logs, they propose a format for database queries, which could be sent to the telecom operator or ISP by authorised agencies. The telecom operator or ISP would then process the query, and anonymise/obfuscate the result-set in an automated fashion based on applicable privacypolicies/regulation. Authorised agencies would then hone in on a subset of the result-set that they would like with personal identifiers intact; this smaller result set would then be shared with the authorised agencies.

An optimisation approach to resolving the false dichotomy between privacy and security will not allow for a total surveillance regime as pursued by the US administration. Total surveillance brings with it the ‘honey pot’ problem: If all the meta-data and payload data of citizens is being harvested and stored, then the data store will become a single point of failure and will become another target for attack. The next Snowden may not have honourable intentions and might decamp with this ‘honey pot’ itself, which would have disastrous consequences.

If total surveillance will completely undermine the national security imperative, what then should be the optimal level of surveillance in a population? The answer depends upon the existing security situation. If this is represented on a graph with security on the y-axis and the proportion of the population under surveillance on the x-axis, the benefits of surveillance could be represented by an inverted hockey-stick curve. To begin with, there would already be some degree of security. As a small subset of the population is brought under surveillance, security would increase till an optimum level is reached, after which, enhancing the number of people under surveillance would not result in any security pay-off. Instead, unnecessary surveillance would diminish security as it would introduce all sorts of new vulnerabilities. Depending on the existing security situation, the head of the hockey-stick curve might be bigger or smaller. To use a gastronomic analogy, optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.

In India the designers of surveillance projects have fortunately rejected the total surveillance paradigm. For example, the objective of the National Intelligence Grid (NATGRID) is to streamline and automate targeted surveillance; it is introducing technological safeguards that will allow express combinations of result-sets from 22 databases to be made available to 12 authorised agencies. This is not to say that the design of the NATGRID cannot be improved.

Security and Transparency

There are two views on security and transparency: One, security via obscurity as advocated by vendors of proprietary software, and two, security via transparency as advocated by free/open source software (FOSS) advocates and entrepreneurs. Over the last two decades, public and industry opinion has swung towards security via transparency. This is based on the Linus rule that “given enough eyeballs, all bugs are shallow.” But does this mean that transparency is a necessary and sufficient condition? Unfortunately not, and therefore it is not necessarily true that FOSS and open standards will be more secure than proprietary software and proprietary standards.

Optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.

The recent detection of the Heartbleed [6] security bug in Open SSL, [7] causing situations where more data can be read than should be allowed, and Snowden’s revelations about the compromise of some open cryptographic standards (which depend on elliptic curves), developed by the US National Institute of Standards and Technology, are stark examples. [8]

At the same time, however, open standards and FOSS are crucial to maintaining the balance of power in information societies, as civil society and the general public are able to resist the powers of authoritarian governments and rogue corporations using cryptographic technology. These technologies allow for anonymous speech, pseudonymous speech, private communication, online anonymity and circumvention of surveillance and censorship. For the media, these technologies enable anonymity of sources and the protection of whistle-blowers—all phenomena that are critical to the functioning of a robust and open democratic society. But these very same technologies are also required by states and by the private sector for a variety of purposes—national security, e-commerce, e-banking, protection of all forms of intellectual property, and services that depend on confidentiality, such as legal or medical services.

In order words, all governments, with the exception of the US government, have common cause with civil society, media and the general public when it comes to increasing the security of open standards and FOSS. Unfortunately, this can be quite an expensive task because the re-securing of open cryptographic standards depends on mathematicians. Of late, mathematical research outputs that can be militarised are no longer available in the public domain because the biggest employers of mathematicians worldwide today are the US military and intelligence agencies. If other governments invest a few billion dollars through mechanisms like Knowledge Ecology International’s proposed World Trade Organization agreement on the supply of knowledge as a public good, we would be able to internationalise participation in standard-setting organisations and provide market incentives for greater scrutiny of cryptographic standards and patching of vulnerabilities of FOSS. This would go a long way in addressing the trust deficit that exists on the internet today.

Security and Technology

A techno-utopian understanding of security assumes that more technology, more recent technology and more complex technology will necessarily lead to better security outcomes.

This is because the security discourse is dominated by vendors with sales targets who do not present a balanced or accurate picture of the technologies that they are selling. This has resulted in state agencies and the general public having an exaggerated understanding of the capabilities of surveillance technologies that is more aligned with Hollywood movies than everyday reality.

More Technology

Increasing the number of x-ray machines or full-body scanners at airports by a factor of ten or hundred will make the airport less secure unless human oversight is similarly increased. Even with increased human oversight, all that has been accomplished is an increase in the potential locations that can be compromised. The process of hardening a server usually involves stopping non-essential services and removing non-essential software. This reduces the software that should be subject to audit, continuously monitored for vulnerabilities and patched as soon as possible. Audits, ongoing monitoring and patching all cost time and money and therefore, for governments with limited budgets, any additional unnecessary technology should be seen as a drain on the security budget. Like with the airport example, even when it comes to a single server on the internet, it is clear that, from a security perspective, more technology without a proper functionality and security justification is counter-productive. To reiterate, throwing increasingly more technology at a problem does not make things more secure; rather, it results in a proliferation of vulnerabilities.

Latest Technology

Reports that a number of state security agencies are contemplating returning to typewriters for sensitive communications in the wake of Snowden’s revelations makes it clear that some older technologies are harder to compromise in comparison to modern technology. [9] Between iris- and fingerprint-based biometric authentication, logically, it would be easier for a criminal to harvest images of irises or authentication factors in bulk fashion using a high resolution camera fitted with a zoom lens in a public location, in comparison to mass lifting of fingerprints.

Complex Technology

Fifteen years ago, Bruce Schneier said, "The worst enemy of security is complexity. This has been true since the beginning of computers, and it’s likely to be true for the foreseeable future." [10] This is because complexity increases fragility; every feature is also a potential source of vulnerabilities and failures. The simpler Indian electronic machines used until the 2014 elections are far more secure than the Diebold voting machines used in the 2004 US presidential elections. Similarly when it comes to authentication, a pin number is harder to beat without user-conscious cooperation in comparison to iris- or fingerprint-based biometric authentication.

In the following section of the paper we have identified five threat scenarios [11] relevant to India and identified solutions based on our theoretical framing above.

Threat Scenarios and Possible Solutions

Hacking the NIC Certifying Authority
One of the critical functions served by the National Informatics Centre (NIC) is as a Certifying Authority (CA). [12] In this capacity, the NIC issues digital certificates that authenticate web services and allow for the secure exchange of information online. [13] Operating systems and browsers maintain lists of trusted CA root certificates as a means of easily verifying authentic certificates. India’s Controller of Certifying Authority’s certificates issued are included in the Microsoft Root list and recognised by the majority of programmes running on Windows, including Internet Explorer and Chrome. [14] In 2014, the NIC CA’s infrastructure was compromised, and digital certificates were issued in NIC’s name without its knowledge. [15] Reports indicate that NIC did not "have an appropriate monitoring and tracking system in place to detect such intrusions immediately." [16] The implication is that websites could masquerade as another domain using the fake certificates. Personal data of users can be intercepted or accessed by third parties by the masquerading website. The breach also rendered web servers and websites of government bodies vulnerable to attack, and end users were no longer sure that data on these websites was accurate and had not been tampered with. [17] The NIC CA was forced to revoke all 250,000 SSL Server Certificates issued until that date [18] and is no longer issuing digital certificates for the time being. [19]Public key pinning is a means through which websites can specify which certifying authorities have issued certificates for that site. Public key pinning can prevent man-in-the-middle attacks due to fake digital certificates. [20] Certificate Transparency allows anyone to check whether a certificate has been properly issued, seeing as certifying authorities must publicly publish information about the digital certificates that they have issued. Though this approach does not prevent fake digital certificates from being issued, it can allow for quick detection of misuse. [21]

‘Logic Bomb’ against Airports
Passenger operations in New Delhi’s Indira Gandhi International Airport depend on a centralised operating system known as the Common User Passenger Processing System (CUPPS). The system integrates numerous critical functions such as the arrival and departure times of flights, and manages the reservation system and check-in schedules. [22] In 2011, a logic bomb attack was remotely launched against the system to introduce malicious code into the CUPPS software. The attack disabled the CUPPS operating system, forcing a number of check-in counters to shut down completely, while others reverted to manual check-in, resulting in over 50 delayed flights. Investigations revealed that the attack was launched by three disgruntled employees who had assisted in the installation of the CUPPS system at the New Delhi Airport. [23] Although in this case the impact of the attack was limited to flight delay, experts speculate that the attack was meant to take down the entire system. The disruption and damage resulting from the shutdown of an entire airport would be extensive.

Adoption of open hardware and FOSS is one strategy to avoid and mitigate the risk of such vulnerabilities. The use of devices that embrace the concept of open hardware and software specifications must be encouraged, as this helps the FOSS community to be vigilant in detecting and reporting design deviations and investigate into probable vulnerabilities.

Attack on Critical Infrastructure
The Nuclear Power Corporation of India encounters and prevents numerous cyber attacks every day. [24] The best known example of a successful nuclear plant hack is the Stuxnet worm that thwarted the operation of an Iranian nuclear enrichment complex and set back the country’s nuclear programme. [25]

The worm had the ability to spread over the network and would activate when a specific configuration of systems was encountered [26] and connected to one or more Siemens programmable logic controllers. [27] The worm was suspected to have been initially introduced through an infected USB drive into one of the controller computers by an insider, thus crossing the air gap. [28] The worm used information that it gathered to take control of normal industrial processes (to discreetly speed up centrifuges, in the present case), leaving the operators of the plant unaware that they were being attacked. This incident demonstrates how an attack vector introduced into the general internet can be used to target specific system configurations. When the target of a successful attack is a sector as critical and secured as a nuclear complex, the implications for a country’s security and infrastructure are potentially grave.

Security audits and other transparency measures to identify vulnerabilities are critical in sensitive sectors. Incentive schemes such as prizes, contracts and grants may be evolved for the private sector and academia to identify vulnerabilities in the infrastructure of critical resources to enable/promote security auditing of infrastructure.

Micro Level: Chip Attacks
Semiconductor devices are ubiquitous in electronic devices. The US, Japan, Taiwan, Singapore, Korea and China are the primary countries hosting manufacturing hubs of these devices. India currently does not produce semiconductors, and depends on imported chips. This dependence on foreign semiconductor technology can result in the import and use of compromised or fraudulent chips by critical sectors in India. For example, hardware Trojans, which may be used to access personal information and content on a device, may be inserted into the chip. Such breaches/transgressions can render equipment in critical sectors vulnerable to attack and threaten national security. [29]

Indigenous production of critical technologies and the development of manpower and infrastructure to support these activities are needed. The Government of India has taken a number of steps towards this. For example, in 2013, the Government of India approved the building of two Semiconductor Wafer Fabrication (FAB) manufacturing facilities [30] and as of January 2014, India was seeking to establish its first semiconductor characterisation lab in Bangalore. [31]

Macro Level: Telecom and Network Switches

The possibility of foreign equipment containing vulnerabilities and backdoors that are built into its software and hardware gives rise to concerns that India’s telecom and network infrastructure is vulnerable to being hacked and accessed by foreign governments (or non-state actors) through the use of spyware and malware that exploit such vulnerabilities. In 2013, some firms, including ZTE and Huawei, were barred by the Indian government from participating in a bid to supply technology for the development of its National Optic Network project due to security concerns. [32] Similar concerns have resulted in the Indian government holding back the conferment of ‘domestic manufacturer’ status on both these firms. [33]

Following reports that Chinese firms were responsible for transnational cyber attacks designed to steal confidential data from overseas targets, there have been moves to establish laboratories to test imported telecom equipment in India. [34] Despite these steps, in a February 2014 incident the state-owned telecommunication company Bharat Sanchar Nigam Ltd’s network was hacked, allegedly by Huawei. [35]

Security practitioners and policymakers need to avoid the zero-sum framing prevalent in popular discourse regarding security VIS-A-VIS privacy, transparency and technology.

A successful hack of the telecom infrastructure could result in massive disruption in internet and telecommunications services. Large-scale surveillance and espionage by foreign actors would also become possible, placing, among others, both governmental secrets and individuals personal information at risk.

While India cannot afford to impose a general ban on the import of foreign telecommunications equipment, a number of steps can be taken to address the risk of inbuilt security vulnerabilities. Common International Criteria for security audits could be evolved by states to ensure compliance of products with international norms and practices. While India has already established common criteria evaluation centres, [36] the government monopoly over the testing function has resulted in only three products being tested so far. A Code Escrow Regime could be set up where manufacturers would be asked to deposit source code with the Government of India for security audits and verification. The source code could be compared with the shipped software to detect inbuilt vulnerabilities.

Conclusion

Cyber security cannot be enhanced without a proper understanding of the relationship between security and other national imperatives such as privacy, transparency and technology. This paper has provided an initial sketch of those relationships, but sustained theoretical and empirical research is required in India so that security practitioners and policymakers avoid the zero-sum framing prevalent in popular discourse and take on the hard task of solving the optimisation problem by shifting policy, market and technological levers simultaneously. These solutions must then be applied in multiple contexts or scenarios to determine how they should be customised to provide maximum security bang for the buck.

[1]. Daniel J. Solove, Chapter 1 in Nothing to Hide: The False Tradeoff between Privacy and Security (Yale University Press: 2011), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1827982.

[2]. Bruce Schneier, “What our Top Spy doesn’t get: Security and Privacy aren’t Opposites,” Wired, January 24, 2008, http://archive.wired.com/politics/security commentary/security matters/2008/01/securitymatters_0124 and Bruce Schneier, “Security vs. Privacy,” Schneier on Security, January 29, 2008, https://www.schneier.com/blog/archives/2008/01/security_vs_pri.html.

[3]. There are four sources of power in internet governance: Market power exerted by private sector organisations; regulatory power exerted by states; technical power exerted by anyone who has access to certain categories of technology, such as cryptography; and finally, the power of public pressure sporadically mobilised by civil society. A technically sound encryption standard, if employed by an ordinary citizen, cannot be compromised using the power of the market or the regulatory power of states or public pressure by civil society. In that sense, technology can be used to regulate state and market behaviour.

[4]. Ann Cavoukian and Khaled El Emam, “Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism,” Information & Privacy Commisioner, September 2013, Ontario, Canada, http://www.privacybydesign.ca/content/uploads/2013/12/pps.pdf.

[5]. Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal, “Information Integration and Analysis: A Semantic Approach to Privacy”(presented at the third IEEE International Conference on Information Privacy, Security, Risk and Trust, Boston, USA, October 2011), ebiquity.umbc.edu/_file_directory_/papers/578.pdf.

[6]. Bruce Byfield, “Does Heartbleed disprove ‘Open Source is Safer’?,” Datamation, April 14, 2014, http://www.datamation.com/open-source/does-heartbleed-disprove-open-source-is-safer-1.html.

[7]. “Cybersecurity Program should be more transparent, protect privacy,” Centre for Democracy and Technology Insights, March 20, 2009, https://cdt.org/insight/cybersecurity-program-should-be-more-transparent-protect-privacy/#1.

[8]. “Cracked Credibility,” The Economist, September 14, 2013, http://www.economist.com/news/international/21586296-be-safe-internet-needs-reliable-encryption-standards-software-and.

[9]. Miriam Elder, “Russian guard service reverts to typewriters after NSA leaks,” The Guardian, July 11, 2013, www.theguardian.com/world/2013/jul/11/russia-reverts-paper-nsa-leaks and Philip Oltermann, “Germany ‘may revert to typewriters’ to counter hi-tech espionage,” The Guardian, July 15, 2014, www.theguardian.com/world/2014/jul/15/germany-typewriters-espionage-nsa-spying-surveillance.

[10]. Bruce Schneier, “A Plea for Simplicity,” Schneier on Security, November 19, 1999, https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html.

[11]. With inputs from Pranesh Prakash of the Centre for Internet and Society and Sharathchandra Ramakrishnan of Srishti School of Art, Technology and Design.

[12]. “Frequently Asked Questions,” Controller of Certifying Authorities, Department of Electronics and Information Technology, Government of India, http://cca.gov.in/cca/index.php?q=faq-page#n41.

[13]. National Informatics Centre Homepage, Government of India, http://www.nic.in/node/41.

[14]. Adam Langley, “Maintaining Digital Certificate Security,” Google Security Blog, July 8, 2014, http://googleonlinesecurity.blogspot.in/2014/07/maintaining-digital-certificate-security.html.

[15]. This is similar to the kind of attack carried out against DigiNotar, a Dutch certificate authority. See: http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1246&context=jss.

[16]. R. Ramachandran, “Digital Disaster,” Frontline, August 22, 2014, http://www.frontline.in/the-nation/digital-disaster/article6275366.ece.

[17]. Ibid.

[18]. “NIC’s digital certification unit hacked,” Deccan Herald, July 16, 2014, http://www.deccanherald.com/content/420148/archives.php.

[19]. National Informatics Centre Certifying Authority Homepage, Government of India, http://nicca.nic.in//.

[20]. Mozilla Wiki, “Public Key Pinning,” https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning.

[21]. “Certificate Transparency - The quick detection of fraudulent digital certificates,” Ascertia, August 11, 2014, http://www.ascertiaIndira.com/blogs/pki/2014/08/11/certificate-transparency-the-quick-detection-of-fraudulent-digital-certificates.

[22]. “Indira Gandhi International Airport (DEL/VIDP) Terminal 3, India,” Airport Technology.com, http://www.airport-technology.com/projects/indira-gandhi-international-airport-terminal -3/.

[23]. “How techies used logic bomb to cripple Delhi Airport,” Rediff, November 21, 2011, http://www.rediff.com/news/report/how-techies-used-logic-bomb-to-cripple-delhi-airport/20111121 htm.

[24]. Manu Kaushik and Pierre Mario Fitter, “Beware of the bugs,” Business Today, February 17, 2013, http://businesstoday.intoday.in/story/india-cyber-security-at-risk/1/191786.html.

[25]. “Stuxnet ‘hit’ Iran nuclear plants,” BBC, November 22, 2010, http://www.bbc.com/news/technology-11809827.

[26]. In this case, systems using Microsoft Windows and running Siemens Step7 software were targeted.

[27]. Jonathan Fildes, “Stuxnet worm ‘targeted high-value Iranian assets’,” BBC, September 23, 2010, http://www.bbc.com/news/technology-11388018.

[28]. Farhad Manjoo, “Don’t Stick it in: The dangers of USB drives,” Slate, October 5, 2010, http://www.slate.com/articles/technology/technology/2010/10/dont_stick_it_in.html.

[29]. Ibid.

[30]. “IBM invests in new $5bn chip fab in India, so is chip sale off?,” ElectronicsWeekly, February 14, 2014, http://www.electronicsweekly.com/news/business/ibm-invests-new-5bn-chip-fab-india-chip-sale-2014-02/.

[31]. NT Balanarayan, “Cabinet Approves Creation of Two Semiconductor Fabrication Units,” Medianama, February 17, 2014, http://articles.economictimes.indiatimes.com/2014-02-04/news/47004737_1_indian-electronics-special-incentive-package-scheme-semiconductor-association.

[32]. Jamie Yap, “India bars foreign vendors from national broadband initiative,” ZD Net, January 21, 2013, http://www.zdnet.com/in/india-bars-foreign-vendors-from-national-broadband-initiative-7000010055/.

[33]. Kevin Kwang, “India holds back domestic-maker status for Huawei, ZTE,” ZD Net, February 6, 2013, http://www.zdnet.com/in/india-holds-back-domestic-maker-status-for-huawei-zte-70 00010887/. Also see “Huawei, ZTE await domestic-maker tag,” The Hindu, February 5, 2013, http://www.thehindu.com/business/companies/huawei-zte-await-domesticmaker-tag/article4382888.ece.

[34]. Ellyne Phneah, “Huawei, ZTE under probe by Indian government,” ZD Net, May 10, 2013, http://www.zdnet.com/in/huawei-zte-under-probe-by-indian-government-7000015185/.

[35]. Devidutta Tripathy, “India investigates report of Huawei hacking state carrier network,” Reuters, February 6, 2014, http://www.reuters.com/article/2014/02/06/us-india-huawei-hacking-idUSBREA150QK20140206.

[36]. “Products Certified,” Common Criteria Portal of India, http://www.commoncriteria-india.gov.in/Pages/ProductsCertified.aspx.

For more details visit https://cis-india.org/internet-governance/blog/security-privacy-transparency-and-technology

Security, Governments, and Data: Technology and Policy

elonnai — 2014-12-24T08:06:59Z

The Centre for Internet & Society and the Observer Research Foundation invite you to a one day conference on January 8, 2015 in New Delhi.

About the Conference

The conference will focus on the technologies, policies, and practices around cyber security and surveillance. The conference will reach out to a number of key stakeholders including civil society, industry, government, and academia and explore the present scenario in India to reflect on ways forward.

Conference Context

Ensuring the security of the India’s cyber space is a complex, challenging, and ever changing responsibility that the government is tasked with. Doing so effectively requires a number of factors to come together in a harmonized strategy including: laws & policies, technical capabilities, markets, and a skilled workforce. It also requires collaboration on multiple levels including with foreign governments, domestic and foreign industry, and law enforcement. The first of these is particularly important given the ability of attackers to penetrate across borders and the global nature of data. Any strategy developed by India must be proactive and reactive – evolving defences to prevent a potential threat and applying tactics to respond to a real time threat. To do so, the government of India must legally have the powers to take action and must have the technical capability to do so. Yet, many of these powers and technical capabilities require a degree of intrusion into the lives of citizens and residents of India through means such as surveillance. Thus, such measures must be considered in light of principles of proportionality and necessity, and legal safeguards are needed to protect against the violation of privacy. Furthermore, a principle of optimization must be considered i.e, how much surveillance achieves the most amount of security and how can this security be achieved with the optimal mix of technology, policy and enforcement.

Panel Descriptions

Challenges & Present Scenario

Protecting and enhancing the cyber security of India is a complex and dynamic responsibility. The challenge of securing cyber space is magnified by the demarcated nature of the internet, the multiplicity of vulnerabilities that can be exploited at the national level, the magnitude of infrastructure damage possible from a cyber attack, and the complexity of application of a jurisdiction’s law to a space that is technologically borderless. A comprehensive ‘cyber security’ ecosystem is required to address such challenges – one that involves technology, skills, and capabilities – including surveillance capabilities. The Government of India has taken numerous steps to address and resolve such challenges. In July 2013, the National Cyber Security Policy was published for the purpose of creating an enabling framework for the protection of India’s cyber security. In February 2014, the 52^nd Standing Committee on Information Technology issued a report assessing the implementation of this policy – in which they found that a number of areas needed strengthening. The Government of India has also proposed the establishment of a number of centres focused on cyber security – such as the National Cyber Coordination Center and the National Critical Information Infrastructure Protection Centre. CERT-IN, under the Department of Electronics and Information Technology is presently the body responsible for overseeing and enforcing cyber security in India, while other bodies such as the Resource Centre for Cyber Forensic and TERM cells under the Department of Telecommunications play critical roles in overseeing and undertaking capabilities related to cyber security.

Law & Policy

India has five statutes regulating the collection and use of data for surveillance purposes. These laws define circumstances on which the government is justified in accessing and collecting real time and stored data as well as procedural safeguards they must adhere to when doing so. The Department of Telecommunications has also issued the Unified Access License which, among other things, mandates service providers to provide technical support to enable such collection. The Indian judicial system has also provided a number of Rulings that set standards for the access, collection, and use of data as well as defining limitations and safeguards that must be respected in doing so. The draft Privacy Bill 2011, released by the Department of Personnel and Training, also contained provisions addressing surveillance in the context of interception and the use of electronic video recording devices. In the Report of the Group of Experts on Privacy, the AP Shah Committee found that the legal regime for surveillance in India was not harmonized and lacked safeguards. Furthermore, in the era where the direct collection of large volumes of data is easily possible, there is a growing need to re-visit questions about the legitimate and proportionate collection and use (particularly as evidence) of such data. Questions are also arising about the applicability of standards and safeguards to the state. At a global level, catalyzed by the leaks by Edward Snowden, there has been a strong push for governments to review and structure their surveillance regimes to ensure that they are in line with international human rights standards.

Architecture & Technology

India is in the process of architecting a number of initiatives that seek to enable the collection and sharing of intelligence such as the CMS, NATGRID, and NETRA. At a regional level, the Ministry of Home Affairs is in the process of implementing ‘Mega Policing Cities’ which include the instalment of CCTV’s and centralized access to crime related information. Globally, law enforcement and governments are beginning to take advantage of the possibilities created by ‘Big Data’ and ‘open source’ policing. The architecture and technology behind any surveillance and cyber security initiative are key to its success. Intelligently and appropriately designed projects and technology can also minimize the possibility of intrusions into the private lives of citizens. Strong access controls, decentralized architecture, and targeted access are all principles that can be incorporated into the architecture and technology behind a project or initiative. At the same time, the technology or process around a project can serve as the ‘weakest link’ – as it is vulnerable to attacks and tampering. Such possibilities raise concerns about the use of foreign technology and dependencies on foreign governments and companies.

International and Domestic Markets

Globally, the security market is growing – with companies offering a range of services and products that facilitate surveillance and can be used towards enhancing cyber security. In India, the security market is also growing with studies predicting that it will reach $1.06 billion by 2015. Recognizing the potential threat posed by imported security and telecom equipment, India also develops its own technologies through the Centre for Development of Telematics –attached to the Department of Telecommunications, and the Centre for Development of Advanced Computing – attached to the Department of Electronics and Information Technology. At times India has also imposed bans on the import of technologies believed to be compromised. Towards this end, the Government of India has a number of bodies responsible for licensing, auditing, and certifying the use of security and telecommunication equipment. Though India has recognized the security vulnerabilities posed by these technologies, as of yet it has not formally recognized the human rights violations that are made possible. Indeed, though India has submitted a request to be a signing member of the Wassenaar agreement, they have yet to be accepted.

Agenda

11.00	Registration & Tea
11.30	Key Note Speech
12.00	Challenges & Present Scenario
13.00	Law & Policy
14.00	Lunch
15.00	Architecture & Technology
16.00	International & Domestic Markets
17.00	Tea
17.30	Conclusion & Closing Remarks

For more details visit https://cis-india.org/internet-governance/events/security-governments-data-technology-policy

Security Standards for the Financial Technology Sector in India

karan — 2019-11-15T12:56:04Z

For more details visit https://cis-india.org/internet-governance/resources/security-standards-for-the-financial-technology-sector-in-india

Security experts say need to secure Aadhaar ecosystem, warn about third party leaks

Admin — 2018-03-26T22:37:30Z

The public reckoning of data leaks in India’s national ID database, Aadhaar is still on hold while reports of data leakage through third-parties keep coming.

The article by Nilesh Christopher was published in Economic Times on March 26, 2018. Sunil Abraham was quoted.

While the Unique Identification Authority of India (UIDAI) has maintained that its database is secure and there are no breaches of Aadhaar data from its system, security researchers warn that leaks are happening in third-party sites and it is important for the agency to ensure that its ecosystem adopts measures to keep data safe.

“Securing an entire ecosystem is more important than secure individual databases,” said security researcher Srinivas Kodali. Over the weekend, technology publication ZDnet citing an Indian security researcher said that it identified Aadhaar data leaks on a system run by a state-owned utility company Indane that allowed anyone to access sensitive information like a name, Aadhar number, bank details. The leak was plugged soon after the report appeared.

UIDAI came out with a strong statement denying the breach. “There is no truth in the story as there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure,” the government agency said.

There have been no reports of any breach in the core database so far. However, it is the third-parties that have acted as weak links.

“The simple parallel that can be drawn is, though Facebook’s core database of users information was secure, the data leak happened through third-party developers and organisation like Cambridge Analytica that have allegedly misused it,” Kodali said.

In case of Aadhar too, the allegations of breaches have not been on ‘Aadhaar database’ but rather at insecure government websites and third-parties with API access to the database. “In this aspect, the issue in Facebook and Aadhaar is similar. In both the cases there was no breach of database, but it was third parties that acted as the weakest link. In both cases, it was a legitimate means of access through API that was open for abuse,” said Sunil Abraham, executive director, Center for Internet and Society.

UIDAI could take a leaf from Indian Space Research Organisation while handling data breach reports. The state-run space agency put out a note appreciating security researches for their efforts. An email ID to report flaws is more important than summoning people regarding data breaches.

“The fear of criminal prosecution hanging over the heads of ethical hackers would not help us develop a robust and strong security architecture,” said Karan Saini, a Delhi-based security researcher who first highlighted the Aadhaar leak at Indane.

“UIDAI is working on a policy to enable security experts to report issues in a legal and safe manner,” tweeted Ajay Bhushan Pandey, chief executive of India's Unique Identification Authority (UIDAI), the government department that administers the Aadhaar database. Seven months after the tweet, Pandey’s promise of a bug-reporting mechanism has still has not fructified.

For more details visit https://cis-india.org/internet-governance/news/economic-times-march-26-2018-nilesh-christopher-security-experts-say-need-to-secure-aadhaar-ecosystem-warn-about-third-party-leaks

Sectoral Privacy Research

vanya — 2016-01-03T09:46:20Z

The Centre for Internet and Society, India has been researching privacy in India since the year 2010, with special focus on the following issues.

Research on the issue of privacy in different sectors in India.
Monitoring projects, practices, and policies around those sectors.
Raising public awareness around the issue of privacy, in light of varied projects, industries, sectors and instances.

The Right to Privacy has evolved in India since many decades, where the question of it being a Fundamental Right has been debated many times in courts of Law. With the advent of information technology and digitisation of the services, the issue of Privacy holds more relevance in sectors like Banking, Healthcare, Telecommunications, ITC, etc., The Right to Privacy is also addressed in light of the Sexual minorities, Whistle-blowers, Government services, etc.

Sectors -

1. Consumer Privacy and other sectors -

Consumer privacy laws and regulations seek to protect any individual from loss of privacy due to failures or limitations of corporate customer privacy measures. The following articles deal with the current consumer privacy laws in place in India and around the world. Also, privacy concerns have been considered along with other sectors like Copyright law, data protection, etc.

§ Consumer Privacy - How to Enforce an Effective Protective Regime? http://bit.ly/1a99P2z

§ Privacy and Information Technology Act: Do we have the Safeguards for Electronic Privacy? http://bit.ly/10VJp1P

Limits to Privacy http://bit.ly/19mPG6I

§ Copyright Enforcement and Privacy in India http://bit.ly/18fi9fM

Privacy in India: Country Report http://bit.ly/14pnNwl

§ Transparency and Privacy http://bit.ly/1a9dMnC

§ The Report of the Group of Experts on Privacy (Contributed by CIS) http://bit.ly/VqzKtr

§ The (In) Visible Subject: Power, Privacy and Social Networking http://bit.ly/15koqol

§ Privacy and the Indian Copyright Act, 1857 as Amended in 2010 http://bit.ly/1euwX0r

§ Should Ratan Tata be afforded the Right to Privacy? http://bit.ly/LRlXin

§ Comments on Information Technology (Guidelines for Cyber Café) Rules, 2011 http://bit.ly/15kojJn

§ Broadcasting Standards Authority Censures TV9 over Privacy Violations! http://bit.ly/16L4izl

§ Is Data Protection Enough? http://bit.ly/1bvaWx2

§ Privacy, speech at stake in cyberspace http://cis-india.org/news/privacy-speech-at-stake-in-cyberspace-1

§ Q&A to the Report of the Group of Experts on Privacy http://bit.ly/TPhzQQ

§ Privacy worries cloud Facebook's WhatsApp Deal http://cis-india.org/internet-governance/blog/economic-times-march-14-2014-sunil-abraham-privacy-worries-cloud-facebook-whatsapp-deal

§ GNI Assessment Finds ICT Companies Protect User Privacy and Freedom of Expression http://bit.ly/1mjbpmL

§ A Stolen Perspective http://bit.ly/1bWHyzv

§ Is Data Protection enough? http://cis-india.org/internet-governance/blog/privacy/is-data-protection-enough

§ I don't want my fingerprints taken http://bit.ly/aYdMia

§ Keeping it Private http://bit.ly/15wjTVc

§ Personal Data, Public Profile http://bit.ly/15vlFk4

§ Why your Facebook Stalker is Not the Real Problem http://bit.ly/1bI2MSc

§ The Private Eye http://bit.ly/173ypSI

§ How Facebook is Blatantly Abusing our Trust http://bit.ly/OBXGXk

§ Open Secrets http://bit.ly/1b5uvK0

§ Big Brother is Watching You http://bit.ly/1cGpg0K

2. Banking/Finance -

Privacy in the banking and finance industry is crucial as the records and funds of one person must not be accessible by another without the due authorisation. The following articles deal with the current system in place that governs privacy in the financial and banking industry.

§ Privacy and Banking: Do Indian Banking Standards Provide Enough Privacy Protection? http://bit.ly/18fhsTM

§ Finance and Privacy http://bit.ly/15aUPh6

§ Making the Powerful Accountable http://bit.ly/1nvzSpC

3. Telecommunications -

The telecommunications industry is the backbone of current technology with respect to ICTs. The telecommunications industry has its own rules and regulations. These rules are the focal point of the following articles including criticism and acclaim.

§ Privacy and Telecommunications: Do We Have the Safeguards? http://bit.ly/10VJp1P

§ Privacy and Media Law http://bit.ly/18fgDfF

§ IP Addresses and Expeditious Disclosure of Identity in India http://bit.ly/16dBy4N

§ Telecommunications and Internet Privacy Read more: http://bit.ly/16dEcaF

§ Encryption Standards and Practices http://bit.ly/KT9BTy

§ Encryption Standards and Practices http://cis-india.org/internet-governance/blog/privacy/privacy_encryption

§ Security: Privacy, Transparency and Technology http://cis-india.org/internet-governance/blog/security-privacy-transparency-and-technolog y

4. Sexual Minorities -

While the internet is a global forum of self-expression and acceptance for most of us, it does not hold true for sexual minorities. The internet is a place of secrecy for those that do not conform to the typical identities set by society and therefore their privacy is more important to them than most. When they reveal themselves or are revealed by others, they typically face a lot of group hatred from the rest of the people and therefore value their privacy. The following article looks into their situation.

· Privacy and Sexual Minorities http://bit.ly/19mQUyZ

5. Health -

The privacy between a doctor and a patient is seen as incredibly important and so should the privacy of a person in any situation where they reveal more than they would to others in the sense of CT scans and other diagnoses. The following articles look into the present scenario of privacy in places like a hospital or diagnosis center.

§ Health and Privacy http://bit.ly/16L1AJX

§ Privacy Concerns in Whole Body Imaging: A Few Questions http://bit.ly/1jmvH1z

6. e-Governance -

The main focus of governments in ICTs is their gain for governance. There have many a multiplicity of laws and legislation passed by various countries including India in an effort to govern the universal space that is the internet. Surveillance is a major part of that governance and control. The articles listed below deal with the issues of ethics and drawbacks in the current legal scenario involving ICTs.

§ E-Governance and Privacy http://bit.ly/18fiReX

§ Privacy and Governmental Databases http://bit.ly/18fmSy8

§ Killing Internet Softly with its Rules http://bit.ly/1b5I7Z2

§ Cyber Crime & Privacy http://bit.ly/17VTluv

§ Understanding the Right to Information http://bit.ly/1hojKr7

§ Privacy Perspectives on the 2012-2013 Goa Beach Shack Policy http://bit.ly/ThAovQ

§ Identifying Aspects of Privacy in Islamic Law http://cis-india.org/internet-governance/blog/identifying-aspects-of-privacy-in-islamic-law

§ What Does Facebook's Transparency Report Tell Us About the Indian Government's Record on Free Expression & Privacy? http://cis-india.org/internet-governance/blog/what-does-facebook-transparency-report-tell -us-about-indian-government-record-on-free-expression-and-privacy

§ Search and Seizure and the Right to Privacy in the Digital Age: A Comparison of US and India http://cis-india.org/internet-governance/blog/search-and-seizure-and-right-to-privacy-in-digital-age

§ Internet Privacy in India http://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-i ndia

§ Internet-driven Developments - Structural Changes and Tipping Points http://bit.ly/10s8HVH

§ Data Retention in India http://bit.ly/XR791u

§ 2012: Privacy Highlights in India http://bit.ly/1kWe3n7

§ Big Dog is Watching You! The Sci-fi Future of Animal and Insect Drones http://bit.ly/1kWee1W

Privacy Law in India: A Muddled Field - I http://cis-india.org/internet-governance/blog/the-hoot-bhairav-acharya-april-15-2014-priv acy-law-in-india-a-muddled-field-1
The Four Parts of Privacy in India http://cis-india.org/internet-governance/blog/economic-and-political-weekly-bhairav-acharya-may-30-2015-four-parts-of-privacy-in-india
Right to Privacy in Peril http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril
Microsoft Releases its First Report on Data Requests by Law Enforcement Agencies around the World http://bit.ly/1kWjylM
The Criminal Law Amendment Bill 2013 - Penalising 'Peeping Toms' and Other Privacy Issues http://bit.ly/1dO46o5
Privacy vs. Transparency: An Attempt at Resolving the Dichotomy http://cis-india.org/openness/blog-old/privacy-v-transparency
Open Letter to "Not" Recognize India as Data Secure Nation till Enactment of Privacy Legislation http://bit.ly/1sJME9j
Open Letter to Prevent the Installation of RFID tags in Vehicles http://bit.ly/1hxidzU
The National Privacy Roundtable Meetings http://bit.ly/158ayNW
Transparency Reports - A Glance on What Google and Facebook Tell about Government Data Requests http://bit.ly/19NYTal
CIS and International Coalition Calls upon Governments to Protect Privacy http://bit.ly/18oOTDk
An Analysis of the Cases Filed under Section 46 of the Information Technology Act, 2000 for Adjudication in the State of Maharashtra http://bit.ly/16dKyoo
Open Letter to Members of the European Parliament of the Civil Liberties, Justice and Home Affairs Committee http://bit.ly/17eZntz
CIS Supports the UN Resolution on "The Right to Privacy in the Digital age" http://bit.ly/1c2A89q
Brochures from Expos on Smart Cards, e-Security, RFID & Biometrics in India http://bit.ly/1f714fN
Electoral Databases - Privacy and Security Concerns http://bit.ly/Mb4ktM
Net Neutrality and Privacy http://bit.ly/1khi1GQ
Intermediary Liability Resources http://bit.ly/1hRT8OD
Feedback to the NIA Bill http://bit.ly/1ePhUeg
India's Identity Crisis http://bit.ly/1lTRuuz
Facebook, Privacy, and India http://bit.ly/a2HzhT
Private censorship and the Right to Hear http://cis-india.org/internet-governance/blog/the-hoot-july-17-2014-chinmayi-arun-private-censorship-and-the-right-to-hear
Your Privacy is Public Property (Rules issued by a control-obsessed government have armed officials with widespread powers to pry into your private life. http://cis-india.org/news/privacy-public-property
The India Privacy Monitor Map http://bit.ly/19A5mCZ
Privacy and Security can Co-Exist http://bit.ly/193fPXi
A Street View of the Private and The Public (http://bit.ly/15VKmdf
Sense and Censorship http://bit.ly/14KFwyo
Government access to private sector data http://bit.ly/18rjd1X
India: Privacy in Peril http://bit.ly/1g5QbZj
Big Democracy, Big Surveillance: India's Surveillance State http://bit.ly/1nkg8Ho
Who Governs the Internet? Implications for Freedom and National Security http://bit.ly/1hnnJ2a

7. Whistle-blowers -

Whistle-blowers are always in a difficult situation when they must reveal the misdeeds of their corporations and governments due to the blowback that is possible if their identity is revealed to the public. As in the case of Edward Snowden and many others, a whistle-blowers identity is to be kept the most private to avoid the consequences of revealing the information that they did. This is the main focus of the article below.

§ The Privacy Rights of Whistle-blowers http://bit.ly/18GWmM3

8. Cloud and Open Source -

Cloud computing and open source software have grown rapidly over the past few decades. Cloud computing is when an individual or company uses offsite hardware on a pay by usage basis provided and owned by someone else. The advantages are low costs and easy access along with decreased initial costs. Open source software on the other hand is software where despite the existence of proprietary elements and innovation, the software is available to the public at no charge. These software are based of open standards and have the obvious advantage of being compatible with many different set ups and are free. The following article highlights these computing solutions.

§ Privacy, Free/Open Source, and the Cloud http://bit.ly/1cTmGoI

9. e-Commerce -

One of the fastest growing applications of the internet is e-Commerce. This includes many facets of commerce such as online trading, the stock exchange etc. in these cases, just as in the financial and banking industries, privacy is very important to protect ones investments and capital. The following article's main focal point is the world of e-Commerce and its current privacy scenario.

§ Consumer Privacy in e-Commerce http://bit.ly/1dCtgTs

For more details visit https://cis-india.org/internet-governance/blog/sectoral-privacy-research

Second Response to Draft National Policy on Open Standards for e-Governance

pranesh — 2009-07-07T16:49:37Z

Another draft (labelled "version 2", dated May 26, 2009) of the draft national policy on open standards for e-governance was made available to Fosscomm, while many software companies were speaking out against NASSCOM's position on the policy. CIS drafted a second response addressing both the allegations against NASSCOM as well as the few shortcomings we perceive in the draft policy.

To
Shri Shankar Aggrawal
Joint Secretary (e-Governance)
Department of Information Technology
Ministry of Communications and Information Technology

Tuesday, July 7, 2009

Dear Sir,

Sub: Comments on Draft National Policy on Open Standards for e-Governance (version 2)

I am writing on behalf of the Centre for Internet and Society, which is a Bangalore-based civil society organization involved both in research and policy advocacy. Public accountability and digital pluralism are two of our core concerns, and it is for this that we are writing to you today. As a natural corollary of our mission, we aim at representing the concerns of citizens and consumers. You would recall that we had submitted comments to the call for comments you had put out for the draft National Policy on Open Standards for e-Governance last year (archived at <http://cis-india.org/advocacy/os/iosp/the-response/>).

We have recently received what appears to be a newer draft (version 2) of the National Policy on Open Standards for e-Governance, dated May 26, 2009. We are yet again very pleased to note the progressive nature of this document and wish to congratulate the government on its decision to promote the interests of the citizens of India over the narrow partisan interests of a few companies which wish to promote proprietary standards.

It has brought to our notice by some in the software industry that the National Association of Software and Services Companies (NASSCOM) has argued for the dilution of the definition of open standards by including standards licensed under “reasonable and non-discriminatory” terms to be considered “open”, and has also called for multiple standards in the same domain to be considered valid as a rule under the policy. We believe both these demands go against the interest of consumers of standards — which in this case is the Indian government — and are thus against the interest of citizens as well, since the Indian government handles data on behalf of its citizens.

Even “reasonable and non-discriminatory” terms of licensing of standards are in fact discriminatory as they prevent the development of free/libre/open source software based on those standards. And while having multiple implementations of a standard is beneficial as it increases consumer (i.e., governmental) choice, having multiple incompatible standards is detrimental to the government's interest as the policy itself recognizes in paragraph 4.2, and the very purpose (as enumerated in paragraphs 1, 3, and 4) of having standards is defeated. Even if the multiple standards are bi-directionally interoperable, additional costs are incurred in having concurrent multiple standards.

Thus, one hopes that the the threshold of “national interest” mentioned in paragraph 6.4.1 is set to a high level. Lastly, the views put forth by NASSCOM seem not to be truly legitimate as it has been the complaint of some that NASSCOM did not hold an open consultation with its own members before formulating its views. There are software giants, including IBM, Sun, and Red Hat, that have openly criticized the NASSCOMM position on open standards. More importantly, NASSCOM's position does not concur with what we believe is in the best interest of small and medium software enterprises, which constitute the bulk of the Indian software industry. We pray that you shall keep this in mind while considering NASSCOM's views.

We believe that apart from the technical reasons to favour open standards, there are many public interest reasons as well. We believe that the adoption of open standards is a step towards the promotion of equitable access to knowledge to all the people of our country. We further believe that public accountability will be served greatly by adoption of an open standards policy by the Central and State governments. While even developed countries (such as those of the EU) are mandating open standards in all governmental departments, processes, and interactions, it is developing countries that stand to gain most from open standards. Proprietary standards place a larger burden on developing economies than developed as developing economies have a greater need to participate in the global network by using standards, but do have lesser capabilities than developed economies in terms of paying for royalties.

On the document itself, while there are many reasons to hail it, we believe there are still a few shortcomings which we wish to bring to your notice.

Issue 1: Possibility of following letter of policy while violating its spirit

Explanation
Sometimes private companies can interfere with the standardisation process by exerting undue influence on the members of the standard setting body. That such undue influence have been sought to be applied even in India recently shows that this is not mere conjecture or idle speculation. Given this background, the document should note this as a problem and note that remedial measures could be undertaken in the event such undue influence comes to light.

Resolution
Introduce language, such as that used in the EU EIF, stating:
“Practices distorting the definition and evolution of open standards must be addressed immediately to protect the integrity of the standardisation process.”

Issue 2: Patenting and licensing of government-developed standards

Explanation
Paragraph 6.3 of the draft policy allows the government to opt for the development of a new standard by a Government of India-identified agency in case no standard is found to meet the government's functional requirements. However, it is not clear under what terms this standard will be available.

Resolution
Introduce a paragraph 6.3.1 stating:
“Any standard developed by or on behalf of the government shall be patent-free and the specifications of such a standard will be published online and will be available to all for no cost. Along with the standard, the government shall also provide, or shall cause to be provided, a free/libre/open source reference implementation of that standard.”

Issue 3: No framework provided for review or phasing out interim standards

Explanation
Paragraph 6.2 permits the government to adopt a non-open “interim” standard (one which does not fulfil all the mandatory requirements of open standards as laid out in 5.1) if no open standard exists in the specific domain for which the standard is required. This however does not have a clause necessitating the phasing out of such an interim standard.

Resolution
A review mechanism should be provided for periodic evaluation of all standards selected by the government, especially those designated as interim standards. A new paragraph 7.1.1 could be added:
“All standards selected through the processes outlined in this policy shall undergo an annual review by the Apex Body on e-Governance Standards, and all those designated as interim standards shall be reviewed biannually.”

Issue 4: Problematic definition in the glossary

Explanation
In Appendix A, the definition of “patents” (A.12) states: “The additional qualification 'utility patents' is used in countries such as the United States to distinguish them from other types of patents but should not be confused with utility models granted by other countries. Examples of particular species of patents for inventions include biological patents, business method patents, chemical patents and software patents.” Many of these references are U.S.-specific and are not valid forms of patents in India (e.g. biological patents, business method patents, and software patents).

Resolution
Delete the last two sentences in A.12

We once again wish to compliment the government on developing such a strong policy on open standards, and hope that our suggestions are incorporated into the text of the final version. We further hope that the policy will be notified at the earliest, as there has already been considerable opportunity for the public and industry to comment on the draft versions of the policy.

Yours sincerely,

Pranesh Prakash
Programme Manager
Centre for Internet and Society

For more details visit https://cis-india.org/openness/publications/standards/second-response