Centre for Internet and Society

Report: Global Intellectual Property Convention 2015

rohini — 2015-06-21T13:36:18Z

The Global Intellectual Property Convention was held in January 2015 in Mumbai. Interns Anna Liz Thomas and Nayana Dasgupta assisted with the making of this report.

Conference Schedule [PDF]

National IPR Policy Recommendations [PDF]

Harshvardhan Lale, Price Waterhouse Coopers (PWC)

Digital piracy in India

Special 301 Report:

India is second among 10 countries on the Priority Watch List of the United States Trade Representatives (USTR), according to the Special 301 Report published in May 2014. Once every two years, the US, through its trade representatives releases the Special 301 Report, which deals with piracy across the globe, especially in the places where US business interests lie. Though the police conduct at least 25 raids every week across India, it has made no difference to the rate of piracy in the country. When a couple of software publishers entered India, they were very confident that none of their products, in any shape and form, could be pirated in India. I took one of the heads of Compliance to the [pirated goods] market where we got a product worth Rs. 5 crores for Rs. 100.

The Special 301 Report also suggests that none of the previous governments or government bodies in India have taken any initiative whatsoever to ensure that even the products used in the government offices are not pirated. According to US government agencies (2013), there were serious difficulties in attaining constructive engagement on IPR issues with the UPA government.

Video piracy:

India is rated as one of the countries with the highest incidence of video piracy by MPDA, well above Bulgaria, Costa Rica, Greece, and Peru. We [supporters of stricter IP] are now trying to get the digital rights management provision in the [Indian] Copyright Law [redacted], but that is still in the future.

Broadcast piracy:

A few Indian television channels are facing this problem because of demand [to view their content] from Indians living abroad.

Online piracy:

The Internet has been an enabler for the movie and music industry. Many cinema and music publishers have their own channels, say, on YouTube. Although content cannot be directly downloaded from YouTube, "YouTube grabber" software enables piracy.

Surreptitious recording of public performances on mobile phones and recording of cinema screenings using camcorders are other instances of piracy. These recordings are later circulated on the Internet.

Software piracy:

Recently, one automobile manufacturer had to recall a set of its vehicles from the Indian market. Investigations revealed that one of the automobile components, which was procured from a supplier, was created using pirated software. There is a fair chance that a pirated product won't provide all the functionalities that you might otherwise get, or that some APIs (Application Programming Interface) may be missing, which may lead to erroneous or inaccurate design.

Counterfeiting, online piracy, end user piracy, client overuse, and hard disk loadings [sideloading] amount to most of the software piracy in India. One of the software companies for whom we [PWC] are doing an audit - it happens to be one of the leading information technology companies in India - we identified a gap of 20 million [US] dollars for one software publisher in their India operations. Whether this was deliberate or not can be debated, but it is a serious problem.

A survey on software piracy conducted across the globe by Business Software Alliance indicates that India has improved from bring ranked tenth to twelveth. Estimated use of unlicensed software stands at 43% globally; India is at 60% [as per the latest figures]. In 2010, India was at 64%, in 2011 at 63%. There is a recent case of a patent getting rejected because the organisation that had applied for it had used unlicensed software for designing the product. Another serious impact with regard to RnD and patents is on privacy. [Pirated software could contain] malware with the potential of stealing information].

Some of the major problems are that organisations are not aware of the implications of using pirated software and media, leading to potential non-compliances. [Owing to] lack of knowledge of licensing, the different software licenses, software publishers not using a standard format of licensing, the end consumer does not understand what licensing is. In the license terms, there is a "Right to Audit", which gives every software publisher the right to evaluate your organisation at any time.

Corporates are trying to align themselves with consultants like us [PWC] to support the industry in curbing piracy. The Make in India program has a dedicated section on intellectual property (IP). There is a special focus on intellectual property rights (IPR) for the manufacturing sector, which is directly affected by digitalisation. We hope that with the new government, some change will happen in the software piracy space.

Omesh Puri, Senior Associate, LexOrbis

Effective Copyright Enforcement in the Digital Era: Relevance of John Doe Orders

Copyright enforcement challenges in the digital world:

Rapid growth in digital technology presents enormous opportunities for copyright owners as it expands their customer base, reduces distribution costs, and makes territorial boundaries almost a nullity. The disadvantage is that, unless regulated properly, it exposes copyrighted work to threat of blatant infringement spread across different media including the Internet. The main problem before copyright owners is ever-growing online piracy. The Internet grants anonymity to copyright infringers. There can be a number of occasions where copyright owners are not able to ascertain the infringer's identity even after spending considerable time or money. In such cases, a John Doe order comes as an effective enforcement tool.

The name John Doe is used to identify unknown and nameless infringers or defendants who have allegedly committed some wrong, but whose identity is unknown to the plaintiff. To avoid delay and injustice, the court names the defendant John Doe, until such time as the defendant is identified. The orders passed by courts in such cases are known as John Doe orders, and is an internationally accepted practice to enforce IPR, especially with respect to copyright and trademark. This is prevalent in various jurisdictions including the US, Canada, Australia and New Zealand. This order has also been formalised in the statutory provision of these countries. It is an ex-parte interim injunction with the added benefit that the plaintiff is given the liberty to add to the array of parties who would be identified after the filing of the suit. These orders are an exception to the general rule which requires the defendant to be identified prior to the filing of the suit. The ex-parte interim injunction then applies even against the later defendants. It is also against the defendants whose identities are unknown during the filing of the suit. The orders enjoin unknown defendants from engaging in any infringing activity.

Why are John Doe orders so popular?

These orders allow for immediate action in case any instance of infringement comes to light. As the copyright owners only need to serve a copy of the order to the erring parties instead of filing of a new suit. By filing a single action, and after obtaining a single John Doe order, the plaintiff would be able to cover all alleged and even potential infringements and violators, which would ultimately save a lot of time and costs. The plaintiff would not be required to file separate court actions before different courts in India. Once they obtain this order, it will block all unknown defendants and infringers. It is also able to reduce online piracy by mandating that internet service providers block access to infringing websites.

Some of the important John Does copyright injunctions passed in India:

The first John Doe order was passed in the famous case of Ten Sports entitled Taj Television v. Rajan Mandal. The plaintiff, Taj Television, a Dubai-based company, owned and operated an exclusive sports channel by the name Ten Sports. They had acquired the exclusive rights to broadcast the 2002 FIFA World Cup. They entered into agreements with various cable operators for transmission of the channel. However, many unlicensed cable operators started displaying Ten Sports without any permission or authorisation from Taj Television, which then instituted a suit against named and unnamed cable operators. In 2002, the Delhi High Court passed a pathbreaking order which stopped the unauthorised broadcast of FIFA World Cup matches.

The Indian Court has specifically held that such orders may be enforced against persons whose identities are unknown at the time of instituting the suit.

Whose identities fall within the scope of action?

So long as the litigating finger is directed at an unknown person, the inability to identify him by name is a mere misnomer. The principle of litigating finger was affirmed in this case. After this there have been a series of John Doe orders. However it is only in recent times that the Indian Judiciary has started granting these orders on a regular basis, especially for blocking websites. In another case in 2014, Star India Pvt. Ltd. vs. Haneeth Ujwal, the plaintiff was one of the leading broadcasters in India. They had acquired the exclusive broadcasting rights, which includes television, mobile, Internet or on-demand rights with respect to the 2014 India vs. England Test Series. Star India filed the suit against websites, many of which were unidentifiable in nature or the owners could not be located. They were showing these cricket matches live without the permission of Star India. The websites' viewers could either view the ad-supported free version or the video-on-demand or pay-per-view subscription-enabled version. The availability of this content is supported by advertisements found on these websites.

How could the exclusive rights of the plaintiff be protected, and what can be the appropriate remedy?

Should the websites be blocked completely or only the specific URL providing access to the infringing content? The court held that both known and unknown defendants were liable for infringement as there was no remedy available to the plaintiff other than blocking the entire website. Blocking URLs was considered to be insufficient remedy by the court because, in its opinion, the website owners could easily change the specified URL by merely one character to circumvent the John Doe order passed by the Court.

Challenges:

While it has become routine to seek John Doe copyright injunctions before every big movie release or any major sporting event, many claim that they have largely remained unsuccessful in checking and controlling small street pirates. Lack of police cooperation may also render these orders unenforceable. There is another dispute going on whether these orders should be limited to entire websites or specific URLs. The Delhi HC has previously granted orders to extend the inclusion of these orders on the entire website. However, there is another opinion by Madras HC which said that these orders would be limited to specific URLs. In the absence of specific judicial guidelines, there is no clarity on the scope of these orders or under what circumstances these may be granted. There is a risk of misuse and improper implementation of these orders.

James Martin, Director, Fieldfisher

Online Infringement In the European Union

(Recent Court Rulings in the European Union Regarding Online Copyright Infringement and Database Rights)

The Svensson case:

The Court of Justice of the European Union (CJEU) ruled that the owner of a website may use hyperlinks to redirect Internet users to protected works available on other websites without the authorisation of the copyright holder of the linked website, provided that the linked website is freely available, that is, it can be accessed by anyone on the Internet.

The Retriever Sverige website operated to provide clickable links to articles published by other websites on the internet. The claimants were journalists who wrote articles for the Goteborgs-Posten website, and those articles were being linked by the Retriever Sverige website. The claimants argued that the Retriever Sverige hyperlink constituted an infringement of the claimant's copyright by making a communication to the public without the author's permission and they alleged that this was contrary to Article 3 of the Information Society Services Directive, commonly known as the InfoSoc Directive, which is the European Directive that harmonises copyrights across the 28 member states of the EU within the Information Society. The case made its way to the Swedish Court of Appeal which stayed the proceedings pending references to four questions to the CJEU.

1. If anyone other than the holder of copyright in a certain work supplies a clickable link to the work on his website, does that constitute communication to the public within the meaning of Article 3(1) of the InfoSoc Directive?

2. Is the assessment under Q1 affected if the work which the link refers is on a website on the Internet, which can be accessed by anyone without restrictions or if access is restricted in some way?

3. When making the assessment under Q1, should any distinction be drawn between a case where the work, after the user has clicked on the link, is shown on another website and one where the work, after the user has clicked on the link, is shown in such a way as to give the impression that the content is appearing on the same website, in other words, framing the content.

4. Is is possible for a [an EU] Member State to give wider protection to the author's exclusive rights by enabling communication to the public to cover a greater range of acts than provided for in Art. 3(1) of the Info Soc Directive?

In answer to the first question, the Court of Justice determined that "communication to the public " requires both a "communication" and a "public". The hyperlinks were determined to be making available, and therefore, they were an act of communication. However, there is a sting in the tail, because the Court of Justice held that the public must be a new public, and the communication must be directed to a new public. A public that wasn't taken into account by the copyright holders when they first authorised their initial communication to the public. In the second stanza for Svensson, the public targeted by the journalists' original articles consisted of all potential visitors to the Goteborgs-Posten website, which was unrestricted. Therefore they could be freely used and read by any Internet user. Consequently the links provided by the Retriever Sverige website were not to a new public and there was no need to obtain the author's consent.

In response to the second question, the situation would be different if the link allowed users to bypass restrictions designed to limit access to the public such as a paywall as can be found on The Times London websites, the Wall Street Journal websites and many others. Such users were not taken into account by the original copyright holders when the initial communication was authorised. So those people would constitute a new public.

Regarding the third question, the framing, the Court of Justice unusually held that it was irrelevant. The Internet user who clicks on a hyperlink is given the impression that the link is appearing on the site that contains the link, in other words, framing somebody else's content that is already freely available on the internet on your own website is absolutely fine, and there are obviously issues that arise out of that concerning advertising revenue streams that some people have on their websites where they are effectively making money by putting content freely on the internet by having advertising revenue surrounding their content. But of course if somebody can freely embed that content on their website, those adverts aren't necessarily seen. But as far as the European Court of Justice is concerned in the context of copyright, this is perfectly acceptable, and this applies across all 28 EU Member States.

In answering the fourth question, the CJEU held that member states do not have the right to give wider protection to copyright holders by widening the concept of "communication to the public" from that which is given in the InfoSoc Directive, as this would otherwise give rise to legislative differences between member states contrary to the purposes of the directive.

Bestwater ruling:

The Bestwater case reconfirmed the liberal approach that the Court of Justice takes towards embedding copyright material on a third party website. The judgement has been stayed pending the outcome of the decision handed down in the Svensonn case. And the CJEU has ruled that unless an original publisher uses technical access restrictions, then embedded content does not reach a new public. The effect of this judgement, combined with the Svensonn judgement is likely to lead to more restrictive publishing practices within the EU. Copyright holders will seek to avoid free riders taking advantage of the loophole that the court seems to have legitimised. So to provide background,

The Bestwater case was referred to the Court of Justice by the German Federal Court of Justice. It deals with a promotional video about water pollution that was produced by Bestwater International, a company that makes water filters. The film was originally published by Bestwater on its own company website and later uploaded to YouTube, allegedly without the permission or knowledge of Bestwater. The defendants were competitors of Bestwater, and they embedded the video on their websites, with the frames pointing to the YouTube copy. Now Bestwater objected to this use and sought an injunction against the two representatives of the rival company from the German Court. Bestwater's position was that the video was protected by copyright and that the exclusive rights to use the film belonged to Bestwater. So the German court referred the case to the CJEU asking whether the embedding of content of a third-party website on one's own website constitutes a communication to the public within the meaning of Article 3(1) of the InfoSoc Directive.

After the Svensonn decision, the Court of Justice felt that it had already put an end to the debate regarding content on the Internet and it reverted to the German Court suggesting that the latter should withdraw its submission. In other words, saying that they did not want give an answer, saying that they had already answered it. The German Court insisted on a decision, one of the main reasons apparently being that in the Bestwater case, the YouTube video which the defendants were linking to and embedding on their website was itself a copyright violation. Nevertheless, in delivering its decision the CJEU followed the same rationale as in Svensonn and held that embedding content from another website does not amount to communication to the public if the uploader did not restrict access to the content and communicated it to the entire web community. There was no new public accessing the Bestwater video when it was embedded on the defendant's website, because when the video was uploaded on YouTube, whether lawfully or unlawfully, it was intended to be accessed by all who have access to the Internet. So this ruling somewhat cast doubt on the technical and economic understanding of modern media publication because the CJEU's position seems to be that the Internet is a medium rather than a mere technology. In other words, by analogy, a website does not compare to a particular magazine, newspaper, or a particular TV channel, but print media, TV in general, i.e, the relevant audience being all those who have access to magazines and newspapers rather than access to a particular newspaper, and all those who have access to TVs rather than a specific channel. So from a purely economic perspective these decisions raise concerns as they open up numerous possibilities to take advantage of copyright holders and content of other parties on the Internet. Based on these decisions, it's now possible to use written content, images or other videos that are hosted on another website for one's own website simply by embedding them. Apart from using somebody else's Internet bandwidth (which wasn't addressed by the CJEU at all), the CJEU in these copyright cases haven't taken account that the embedded content is actually taken out of its original context, and the advertisements displayed on the original website alongside the uploaded content may not appear on the embedded website, and the embedder may therefore spoil an important source of revenue for the copyright owner and use third-party copyright content for its own economic benefit. The most obvious response to these decisions will be that copyright owners will need to protect their content by implementing paywalls or other restrictive measures from the outset.

Another decision that the ECJ handed down involved the low-cost European Airline, RyanAir. This has been a long running dispute with various third parties, but one third party in particular, which accessed content on the RyanAir website to enable the sale of RyanAir flights and details about RyanAir time tables and schedules available on that third-party website, and interestingly, one thing that the Court of Justice raised in that decision is that it may be possible for owners of content to bind third parties in contract, but obviously you need to ensure that you are binding that third party in contract by accessing the website so that even if you cannot sue them for copyright infringement, you may be able to sue them for breach of contract for accessing your content and placing it on their website.

Database rights (AutoTrack v. GasPedaal)

The Court of Justice ruled in 2014 that the use of a meta-search engine can, in certain circumstances, constitute re-utilisation of the contents of the database in the meaning of Article 7(2)(b) of the Database Directive.

Database rights is an unusual concept, very newly come into the EU, and they provide protection above and beyond copyright protection. You don't necessarily need to have original content in a database, it's really protecting the investment an individual makes in actually producing the database, and that investment can be assessed on a qualitative or quantitative basis.

The Database Directive introduced the bespoke new form of legal protection. It is commonly referred to as the sui generis right . Article 7(1) in particular provides a "right for the maker of a database which shows that there has been qualitatively and/ or quantitatively a substantial investment in either obtaining, verification or presentation of the content to prevent extraction and/or re-utilisation of the whole or of a substantial part, evaluated quantitatively and/or qualitatively, of the contents of that database". Now for this purpose, Article 7(2)(b) provides that "re-utilisation means any form of making available to the public of all or a substantial part of the contents of a database by the distribution of copies, by renting, by online, or other forms of transmission". Article 7(5) provides that "the repeated and systematic extraction and/or re-utilisation of insubstantial parts of the contents of the database implying acts which conflict with a normal exploitation of that database or which unreasonably prejudice the legitimate interests of the maker of the database shall not be permitted."

The recitals to the Directive also back this up. So recital 42 of the Directive provides for "The right to prevent extraction and/or re-utilization related to acts by the user which go beyond his legitimate rights and thereby harm the investment". "The right to prohibit extraction and or re-utilization of all or a substantial part of the contents of a database relates not only to the manufacture of a parasitical competing product but also to any user who, through his acts, causes significant qualitative or quantitative detriment to the investment".

Turning to the facts of this case, Wegener operated a website called AutoTrack which carried car sale advertisements updated daily of to a 190,000 to 200,000 second hand cars of which around 40,000 were to be found on the AutoTrack website. Now Innoweb operated an online car advertisement website called GasPedaal. Rather than having its own database, it used a dedicated meta-search engine which then searched third party websites including AutoTrack's, using those websites to obtain results. So when a user typed in search terms on the GasPedaal website, the site's search engine would translate the relevant command into a language that could be understood by the AutoTrack web search engine. The AutoTrack search engine would then find any relevant advertisements and make them available on the GasPedaal search engine, which would then sort and collate those results from other dedicated search engines on other websites as well. The GasPedaal search engine would then note where more than one site produced the same advertisement and then made a single search result of those, presenting the user with links to the multiple sources. For each search performed, the GasPedaal search engine only returned results representing a small number of the advertisements on the AutoTrack site, but that is because it was only returning results that matched the relevant search terms given by the Internet user. Now Wegener successfully sued Innoweb for infringement of its database right. Innoweb appealed and the Hague Court of Appeal stayed the proceedings pending reference to the CJEU for a ruling on nine questions. The Court of Justice did not consider it necessary to consider all the nine questions. It ruled that it would be an infringement to the database right to use the meta-search engine in circumstances such as that involved in such proceedings. Under Article 7(1), an operator who makes available on the internet a dedicated meta-search engine such as GasPedaal re-utilises the whole or substantial part of the contents of a protected database, when that database's meta-search engine:

1) provides the end user with a search form which essentially offers the same range of functionality as the search form on the original database site.

2) where it translates queries from end users into the search engine for the database site in real time so that all the information on that database is searched through.

3) where it presents the results to the end user using a format of the website grouping duplications together into a single block item in an order that reflects the criteria comparable to those used by the search engine of the database site concerned for presenting results.

A dedicated meta-search engine is different from a general search engine based on an algorithm (like Google), primarily because a meta-search engine does not have its own data itself. It makes use of search engines of third party websites by transferring the queries from its users to the other search engines having first translated them into the relevant format required. It therefore offers the public a service where it searches the entire contents of the third-party databases or part of them in real time.

So Article 7(2)(b) has been broadly drafted to include "any other form of making available". The EUCJ attributed a broad meaning to the concept of reutilisation in its case law focusing on the objective of the database right which is to stimulate investment in data storage and processing systems. So in light of this objective, the re-utilisation has been construed as referring to any unauthorised act of making available to the public the results of the database maker's investment. Accordingly, in this case, it included any distribution to the public of the contents of the database regardless of the nature and form of the process used. When a website operator makes a dedicated meta-search engine available on the Internet, it does more than just point out the third-party databases that exist that a user can go to and consult. It gives the end user the means of searching all that data in most third-party databases without even visiting those third party databases' websites and akin to the Svensson and Bestwater case, this might mean that advertisers might stop advertising on the original third-party's site and might start placing advertisements on the meta-search engine's site. Now in this case we are looking at database rights, the EUCJ considered this dedicated meta-search engine to be close to a parasitical competing product. But it made a reference to the fact that this wording exists in Recital 42 of the Preamble of the Database Directive. The legislation is different, so this is why it has reached a different result, but still, it leads to a conflicting approach. So the Court of Justice held that the meta-search engine sites are close to being parasitical competing products and they've gone on to explain the fact that they resemble databases even though they themselves do not contain databases. And therefore in this case, and in similar cases, operators of such search engines would be making available to contents of third party websites within the meaning of Article 7(2)(b).

What are the effects of this judgement?

By bypassing the homepage and most other pages of the site that actually contain the database, meta-search engines can divert hits, and potentially advertising revenues. Operators of websites that scrape data from third parties and enable those third party sites to be searched, and by doing so thereby risks diverting advertising revenue may therefore need to review their technical business model in light of this judgement.

Chaitanya Prasad, Controller General of Patents, Designs & Trade Marks, India

In India, patents, trademarks, designs, and geographical indications are administered by the Controller General of Patents, Designs and Trademarks. We have offices in New Delhi, Mumbai, Chennai, Kolkata and Ahmedabad. We have a Geographical Indications Registry located in Chennai as well as an Institute of Intellectual Property Management in Nagpur.

There are other IPR laws administered by different ministries. The Ministry of Human Resource Development looks after the Copyright laws. The Department of Information Technology looks after the Semiconductors, Integrated Circuits, and Layouts and Designs Act.

The number of patents in force in India in 2013 was 41,103 out of which 82 per cent were owned by non-resident Indians. The average age of patents in force in India is around 11.6 years, incidentally the second- highest in the world. The reason could be that India is a large market and companies want to exploit these patents and keep them in force.

National IP Trends

The filing of patents in India has gone up from around 35,000 to around 43,000 from 2007 to 2014, and the resident filing has gone up from 17% to 25%. In the year 2011-12, 11,000 patent applications were examined while in 2013-14, the number was 18,000. On a comparative basis, in India one patent examiner examined 140 patent applications in 2014 against 50 and 70 in the US and EU respectively. Therefore, it is the lack of human resources that is creating a backlog in the processing of patents in India vis-a-vis other countries.

Initiatives of the Indian Patent Office aimed at creating easy access to patents offices, and at Improving Its Quality and Services:

Comprehensive e-filing has been introduced where every document and form can be filed online, with regard to patent and trademarks. A payment gateway was launched in 2014, wherein Internet banking facilities of more than 70 banks can be used in addition to debit cards and credit cards for filing any patent or trademark. There is complete electronic processing in the patent and trademark office. Every paper that comes in is scanned, digitised and uploaded. Every paper that is issued from or received by the office is made available on the website.

An entry in the national phase can be done by filing Form 1 and the last page of the specification as we are directly streaming specifications from the WIPO patents scope. Incentives are being given for online filing. There is a 10% cost differential between online and offline filing since February 2014. One month after the incentive was introduced, online filing went up from 30% to 75%.

A new category has been introduced for Medium and Small Enterprises (MSMEs) in patents and designs. MSMEs get 50% discount for filing.

Quality management teams have been hired and skill development of personnel has been undertaken. Measures to introduce more transparency have been sought and efforts have been made to disseminate information with regard to IPRs. Real-time status of IP applications is available within tier file wrappers and e-registers.

The Indian Patent Office does weekly publication of online journals. We have a free public search facility. We have started instant email communications to applicants in trademarks specifically for filing purposes. We have started QR-coded communications for smartphones.

We have introduced a number of dynamic utilities where one can avail of information in real-time. Using the "stock and flow utility" one can find the stock of applications as well as the flow of applications from one process to another. From this, one can drill down to the office, the field, and the application itself and go to the file in the file wrapper and see the entire office thrown open to the world. One of the utilities counts and publicly displays the number of lapsed and expired patents in real-time. Because the patents have either lapsed or expired, these can be searched through fields of technology through any patent application that was not renewed or has expired. These applications are available on the website with the specification and search facility on a real-time basis. A number of other dynamic utilities for examinations, show-cause hearings, publications, registrations, et cetera have been made available online in real-time. We have started working as an international searching authority and have started giving high quality reports. These are currently available to all Indians.

We are shortly going to provide a searchable patent database. We are also bringing in an integrated search engine and are augmenting our human resources. The new government has approved 1,033 new posts in the patent and trademark offices, and with the training and skill of the increased human resources, we will stand on par with the best in the world with regard to the examination and disposal of both patent and trademark applications. We are completely overhauling our hardware and processing software. We will soon introduce new guidelines - one on computer-related inventions and another on search and examination generally.

Dr. Stefan V. Steinbrener, Consultant, Bardehle Pagenberg

Patentability of Computer-Implemented Inventions at the EPO

"Computer-implemented invention" (CII) is defined in the guidelines of the European Patents Office as an expression intended to cover claims which involve computers, computer networks, or other programmable apparatus, whereby prima facie one or more of the features of the claimed invention are realised by means of a programme or programs. Such a claim directed at computer-implemented inventions may take the form of a method of implementing said apparatus, apparatus set up to execute the method, or following the computer programme itself or as well as the physical media carrying the programme, computer programme product claims such as data carrier, storage medium, computer readable medium, or signal.

One can assume that an important part of all applications will fall under this definition. In 2010, the EPO granted 60,000 patents out of which 20,000 were covered by the said definition.

The core regulation is Article 52 of the EPC: European patents shall be granted for inventions in all fields of technology provided that they involve an inventive step and are susceptible for industrial application. Further, there is a list of non-inventions which include discoveries, scientific theories, mathematical methods, schemes, rules and methods for performing mental acts, playing games, doing business, programmes for computers, and presentations for information. This will include or exclude patentability only to the extent to which the European patent application or patent related to such subject matter or activity.

The nature and language of such a regulation mandate the identification of a criterion delimiting excluded items from non-excluded ones. On the one hand, we have no definition of statutory subject matter apart from stipulation that inventions arise from all fields of technology. On the other hand we have a definition of a non-exhaustive list of exceptions, which are not patentable or have non-patentable subject matter. This regulation is, however, contrasting with respect to US regulations. In paragraph 101 in the US, the definitions of statutory subject matter can be found and the non-patentable subject matter is determined through findings of the Supreme Court, abstract ideas, laws of nature and natural phenomena.

Thus from a legal aspect, there are two hurdles for patent eligibility. The first is the patent eligibility of the subject matter. If this is in the affirmative, then the next hurdle is whether the elements of a patent are satisfied, namely, novelty, innovativeness, and industrial applicability.

According to European standards, an invention may not be innovative but may be patent eligible so long as the subject matter is patentable. The judicial issues that are to be addressed are the development of a coherent method of identifying the patentability of a subject matter and subsequently dealing with the grey areas in technicality by sifting through individual cases in order to arrive at certain guidelines for approaching individual cases of patent eligibility.

The finding of the case law upon the first issue is that an invention is such if the claimed subject matter has some technical matter. A subject matter is said to have technical character if it relates to a technical device, product or relates to technical means. "Technical means" has been liberally construed such that in a particular matter a method of storing information using paper and a pencil is patent eligible subject matter because the method employs technical means such as paper and pencil. However, the same would not be patented as the implementation of the same is trivial. The answer to the same question of patentability would be no if it is among the excluded subject matter or is similar to another invention. The barrier to patent eligibility will not disappear but the threshold is much lower. It is only when a subject matter is completely devoid of technical means can it be not called can invention. Barriers also come into play when the idea is abstract or even if there is a possibility of the use of technical means to some extent but claims for the same are not made.

Are computer-implemented innovations patent eligible under the EPC?

The answer would be yes, if explicitly tied to technical means.

When determining whether the invention has the required qualities of a patent, the answer would be in the affirmative if those of the technical features that contribute to the technical character are noble, inventive and industrially applicable. Thus only features of a technical character are taken into consideration while the others making no such contribution are ignored. For example, there have been a lot of patent applications for business methods from the United States, after the State's Street Bank Decision. These applications may have about forty pages of description of the business innovation with a disclaimer note at the end stating that the implementation of the same can be achieved through basic hardware that are already in use. Such applications lack an inventive step and can therefore cannot be patented. Thus, the basic test of patent eligibility with regard to the definition of an invention is the determination of whether there is a technical solution to a technical problem.

Some of the excluded subject matter may contribute towards technical character. Mathematical methods, for example, in the case of cryptography, wherein a mathematical algorithm may assist in the implementation of the same; then such a mathematical method may be patentable.

Further, "technical" should be understood to mean technological. But generally, it is difficult to define the term "technical", even through case laws. The meaning of the same in the core area is however undisputed while the semantics which lack definition are only at the fringes which may be identified in individual cases. We thus work with a dynamic concept of technology.

Ravi Bhola, Partner, KnS Partners

Patent Valuation and its Interplay with FRAND Terms

There are two broad methodologies for the valuation of patents. One is quantitative valuation by taking into consideration the income, the cost, and the market. However, the more relevant method is the qualitative analysis wherein one can look into the scope of the claims, geographical coverage, et cetera. Patent valuation is sometimes speculative. However, in an observation made by a court in the Federal Circuit, a judge directed a re-trial stating that in the study by the patentee, which was an SEP holder, the damages were predicted on speculation and unrealistic assertions. Thus one can ponder about whether there is a requirement to take into consideration a greater number of tools, software, or parameters for the valuation of intellectual property.

In order to strike a balance with society, SEP holders are obligated to licence their patents on FRAND terms to interested parties. The observed trend is that because SEPs are more important, they are valued higher than regular patents. Therefore, the question arises: Are SEPs are over- valued? For this purpose, reference must be made to four ongoing cases concerning SEPs.

Ericsson v. Micromax:

While the adjudication had commenced, it was observed that Ericsson has prior license agreements on FRAND terms of its 8 SEPs (under litigation in this case) with players in the West and other parts of the world. The court thus called forth these agreements for perusal.

Therefore, the first contentious concern is the manner or methodology adopted by the courts to arrive at the unrealistic rates of royalties. However, it is evident in this case that the court, by referring to prior agreements with the same set of SEPs, are trying to bring down the rates of royalty to more realistic values, even at the interim stage.

A similar situation has been observed in the case between Ericsson and Xiaomi, which is pending in the Delhi High Court. Here the court arrived at the amount of Rs. 100 as an interim arrangement, till the adjudication of the matter has been completed. It was again speculated here as to whether the amount was inflated.

The trend observed in the patent litigation at the Delhi High Court where most of such matters are adjudicated, is that unlike the pharmaceuticals sphere, there is a greater tendency in the telecommunication patent litigation to grant a temporary injunction, modify or even vacate the same while determining royalties payable, even at this stage.

How has the West handled these matters with regard to SEP valuation?

Motorola sued Microsoft in the US over the infringement of some of its SEPs. The former sought 2.25% royalty, but the court set a lower rate, such that the royalty amount fell from 4 million USD to about 1.8 million USD. The question which arises is with regard to the manner of determination of such royalties and whether sufficient parameters are in existence [to determine royalties].

Another example is of a European case wherein Apple was found to be infringing SEPS owned by Motorola Mobility. Apple's claim before the European Commission was that as an interested and willing licensee, it had made efforts to obtain a license for the said patents under FRAND terms which Motorola Mobility deterred vehemently. The European Commission upon investigation found that Motorola was exploiting its dominant position in the market and it intentionally sought to oust Apple from the usage of technology protected by means of the SEPs. Damages were accordingly awarded in this case.

Therefore, there is uniformity in the notion that there is an obligation on SEP holders to license their patents to interested licensees on FRAND terms.

What constitutes reasonableness?

The presumption with subjective issues such as these is that the courts will define the same through case laws. While FRAND terms have been dealt with by the courts and even the European Commission, it is pertinent to note whether there have been any anti-trust or competition matters pertaining to the ongoing litigation in telecommunication patent infringement. The Competition law comes into picture while determining the checks and balances to ensure that the SEP holder acts in a reasonable manner.

In Micromax v. Ericsson and Intex v. Ericsson placed before the Competition Commission of India (CCI), Micromax and Ericsson claimed that they had approached Ericsson as licensees but the immense royalty rates put forth by Ericsson deterred them. The CCI after investigation affirmed the claims of Micromax and Intex, with the finding that Ericsson has indeed abused its dominant position. However, the Delhi High Court has directed the CCI to abstain from passing the final order as long as the case is sub-judice.

Daniel R. Bereskin , Q.C. Founding Partner, Bereskin & Parr LLP

Patents as Catalysts to Economic Growth

The more I studied WIPO data and other sources, the more I came to the conclusion that patent numbers, whether in terms of filing or grants are a pretty poor indicator of the level of innovation in a country. Many commentators have taken the view that the patent system throughout the world is in crisis and there are many reasons for this. Far too many patents are granted for very trivial innovative steps, if they are even innovative at all. They are tiny sideways steps, even backwards steps.

When I started in 1965, in order to get a patent, you had to have an invention that was new, "unobvious" and useful. Now we see many thousands of patents granted annually for inventions that are of very dubious merit. Not only does this not encourage economic growth, it tends to retard economic growth. Think of small and medium-sized enterprises, for example. When they are confronted with many thousands of patents that are far too expensive for them to properly evaluate, covering very trivial or insignificant steps.

It is really up to the government to a large extent to encourage innovation and they do that in many countries in different ways such as through research and development tax incentives. The trouble is that if a government spends money in encouraging research and development, it tends to be invisible to the ordinary member of the public whereas building roads and doing other things that are much more concrete in nature are easier and better from the short-term political view. At the same time, if a country is to grow economically, and to prosper in the future, it is absolutely crucial that governments make an investment. I think a rough rule of thumb is for governments to devote up to about 2% of their GDP to encouraging R&D, and that money is significant, but it has to be spent wisely.

Now India has come up for criticism by the US Chamber of Commerce for not adequately protecting IP rights. The International Trade Commission is conducting a survey right now of US firms to understand how the policies of India discriminate against US exports and investment. Canada is also on the watch-list, although it is the US's greatest trading partner and is in close proximity to the US. I find these comments to be very ironic because the US has a history of discriminating against foreigners when it comes to protecting its own citizens. In fact Prof. Jane Ginsburg who is a prominent teacher and writer called the US in the 19th century a pirate nation, and the reason why she said that is because the US refused to grant copyright to works of foreign authors and that did not change till 1891. The reason for that was that Americans liked to read British authors in preference to the works of American authors. So the solution was to not give copyrights to British authors. When they finally, grudgingly, granted copyright protection, it was on the condition that the books of foreign authors had to be manufactured in the United States. This manufacturing clause was not repealed until fairly recently and that was done only because by then the US realized that the US had become a big exporter of books by authors. So we have to take with a grain of salt the comments we get about IP policies in every country. It is very important to take a realistic view of what is really going on.

China has grown steadily in the past eight years to the point where the growth is now over nine trillion dollars. The growth in filing patents in China is incredible. It is going up exponentially and shows no signs of abating. In 2012, WIPO showed that Chinese nationals were responsible for almost 150,000 granted Chinese patents and the number of issued patents to foreigners was roughly 75,000. The problem with China is that there is no way of knowing what the mix is between patents of invention and utility models. Given the enormous disparity between the number of applications filed by the Chinese people in China compared with those filed by them abroad, most of the inventions that are utility models, or patents that are of very dubious economic value. My feeling is that these huge numbers are due to government policy in dictating to Chinese companies that they have to file a lot of patent applications, because it is easy for a government to say, "Look at how impressive our filing statistics are". You have to dig deeper to try to find out what the value is of the innovations that are represented by these patents. My feeling is that since such a small number, roughly 4% of all applications filed by the Chinese in China were filed abroad, that is an indication that the vast majority of these huge Chinese filings are not of any great economic importance.

India's GDP is over 1.3 trillion dollars. Economists predict that in 15 years, the Indian economy is expected to rival that of the US. Of course, India has a population of over 1.3 billion. The US has, maybe, a quarter of that. So you cannot exactly compare them.

Patent applications in Indiai show a somewhat disturbing trend. Although there is some growth in the patent filings by resident applicants, non-residents' filings swamp [outnumber] those of the residents. The number of applications filed abroad by companies and individuals of Indian origin is less than 10,000, which is a very small number given the size of the Indian economy.

There has been a very sharp decline in the past four years in the number of patents that are actually granted to individuals or companies where the inventors are of Indian origin. In 2014, less than 600 patents were granted to Indian nationals [WIPO statistics]. The number of patents granted to foreign applications is likewise declining and it is surprising. It could mean that the Indian Patent Office is getting tougher on "unobviousness". Nevertheless, the numbers are still pretty low.

Korea is a real success story. Their GDP is not yet at the level of India or China, but it is at 1.3 trillion dollars, which is not insignificant. But take a look at their patent application filings. Korean inventors were responsible for almost 150,000 filings in 2012. Koreans filed more than 50,000 applications abroad in the same year. These grants are substantial compared with [erstwhile] figures for India and China.

The US GDP is close to 17 trillion dollars and the economy seems to be continuing to grow. Right now the US economy is about 27% of the worldwide GDP. It is reasonable to conclude that the US has a very strong and vested interest in trying to ensure that IP rights are protected outside of the US because their continued growth depends on the protection of their homegrown IP.

Questions-Answers

How do you compare and contrast recent litigation in pharma versus litigation in the high-tech space, especially Ericsson and Vringo?

Pravin Anand (Managing Partner, Anand & Anand): In the Francis Xavier case in New Delhi, a division bench of the Delhi High Court said that an ex-parte injunction must not be granted in patent cases. The law, however, changed subsequently. The first evidence is of a DCJI clearance required when an application was moved by a pharma company and the news reached the patent owner by means of a right-to-information (RTI) request and private investigation. The patent owner then approached the court in order to prevent to the marketing of the product. Thus, before the launch of the product, the patent holder obtained a status quo. The rules of the division bench did not apply because balance of convenience was observed in maintaining the status quo. But that order essentially acted as an ex-parte injunction in a patent matter. This was phase one. Phase two saw the grant of injunction as the number of status quo order had exceeded twenty five in litigation against well known companies such as Pfeizer and Bristol Meyers. These orders were converted to injunctions by the judges.

The third phase was brought on by the Ericsson, Vringo, and other electronics companies, which albeit through lesser litigations, were able to create quite a stir. Ex-parte injunctions were granted in these cases. However, the judges felt the need to arrive at interim arrangements in lieu of the injunctions. Earlier, pending trial, these arrangements involved the payment of money and royalty by the defendants through their sales, directly to the plaintiff.

Therefore, the present stance is that both status quo orders and temporary injunctions are in use in pharma litigation before the launch of the product. Subsequently, the grant of such orders is rare. The impediment after launch is that the price difference between the plaintiff's and the defendant's product are evident to the question. Prior to the launch, only the plaintiff's product exists in the market. Hence, the grant of such orders is said to be in favour of balance of convenience. The mobile phone patent litigation cases, however, are witnessing the grant of interim orders, rather, arrangements.

Why is it that the Courts cannot wait another day to hear both the parties before granting the ad interim injunction?

Abhay Pandey, Partner, LexOrbis: The main issue that is going to come up in electronic product litigation is the pleading which contains the product mapping. In the Ericsson cases, there is an indirect reference made to the infringements, i.e., the devices are following the standards and not the readings to the claims. Therefore, the issue of injunctions will arrive only once the product is broken down into the claims.

D.P. Vaidya (Lakshmikumaran Sreedharan)

Computer Related Inventions and Indian Patent Law

Section 2 of the Indian Patent Act defines “invention” as any new process or new product which has or which involves an inventive step and is capable of industrial applications. “Inventive step” as well as “capable of industrial application” are defined in the Act. Section 3 defines what are not inventions. With respect to computer related inventions (CRIs), section 3(k) is worded differently than the provision for CRIs in the European Patent Convention (EPC). In Indian law, mathematical methods, algorithms, and business methods are not considered “inventions”, irrespective of whether they are “as such”. Computer programs are qualified with the phrase “per se” instead. The only common thing between EPC and Indian patent law is that “computer programs per se” or “computer programs as such” are not inventions. So programs that do not quality “per se” or “as such” could be patentable.

What are CRIs?

CRIs can be classified as: CRIs related to general purpose computers and CRIs implemented by specific computers (and not special purpose computers). General purpose computers are inventions that work towards different types of solutions. The solutions could be purely mathematical calculations or technical problems.

The term “business method” is not precisely defined in law as much as the abstract idea is. Generally speaking, any commercial transaction will qualify as a “business method” going by my observations from various decisions in the US, UK, and Europe.

Example technical problem: What is the point of presence (PoP) for designing network topology or network architecture?

Based on rules and various parameters defined for the topology or architecture, a schematic is drawn up. It shows the locations where the PoPs should be placed to minimise the cost of operations and the investment. This is also an application that can be implemented over a general purpose computer.

Would it fall under the definition of an “algorithm”? The definition of “algorithm” in the guidelines is very broad. Whether or not it is implemented on a [general purpose] computer, it will be treated as a “computer” because there is no qualifier as “per se” or “as such”. If it is an algorithm, it is not patentable.

Then, what is not an “algorithm”? It could be argued that all methods will fall under the definition of “algorithm”. The IEEE definition of a “solution to a problem” is that it is a finite set of well-defined rules in a finite number of steps. For example, a complete specification for a sequence of arithmetic operations for evaluating the value of sin “x” for a given precision. When the aim is mainly to determine a certain value or function for optimisation or for arithmetic calculations, the method or process can be treated as an “algorithm”. From a legal point of view, methods are patentable, but paradoxically, algorithms are not considered inventions.

Then next level of general-purpose computer-implemented inventions (CII) are those that make changes in the operating systems [instead of sitting on top of the operating system]. By making changes in the operating system, the CII is changing the character of the computer. It is improving the computer, and therefore it is patentable. Also, a general purpose computer operating a machine or a technical process is patentable.

Embedded Computer-Implemented Inventions:

Wherever there is embedded software, the patent controllers generally do not have any issues related to patentability. They may have issues related to inventive step.

For more details visit https://cis-india.org/a2k/blogs/report-global-intellectual-property-convention-2015

Report: Digitally Open: Innovation and Open Access Forum, 23 Oct 2010, Doha, Qatar

praskrishna — 2011-04-02T07:43:25Z

A summary of the event "Digitally Open: Innovation and Open Access Forum" held in Doha.

Although I arrived in early morning of Saturday, 23 October 2010, I managed to attend Digitally Open: Innovation and Open Access Forum, held at Sharq Village, Doha Qatar. Here is below a summary of the event.

The welcoming speech was given by Dr. Hessa Al Jaber, secretary General of the Supreme Council of Information and Communication Technology, ictQATAR. Al Jaber spoke about the importance of open digital environments for the region, and outlined specific initiatives that ictQATAR is leading to embrace it (establishment of incubation center, drafting policies that encourage open source in government and arabizing content). She noted that "The Arab world has a strong and important voice that must be heard. Embracing a digitally open world will put us at the forefront of innovation and help propel us towards being a knowledge based economy." The full speech of Dr. Al Jaber is available here.

Michelle Baker, Chairperson of Mozilla Foundation provided her insights of openness. She described elegantly openness as “a state of mind” and is about spreading innovation. To Baker, if you want to be effective on the internet, you need to have “scale”. Openness is important for “scale”. Creative Commons is a framework of how to work with a copyright system and share ideas. Mozilla intends to build a layer of the internet designed for individuals to make civil and social value. According to Baker, there are many degrees of “openness” and it up to the users contributing to open projects and the companies to choose between the various levels. She argues that openness does not mean “free” and believe that in certain areas this might hold some truth, but the matter is far from being settled.

Joi Ito, CEO, Creative Commons gave an interesting presentation entitled “Innovation and Digital Content Rights”. He described from his own experience while working for Japanese IT companies how innovation was perceived pre the internet era and afterward. He also compared between the traditional style of IT innovation (governments, large companies, experts) and the new style of innovation with the arrival of the internet (users contributing to open source and open content projects). To joi, the internet is made of various layers and stacks. Creative Commons is the next stack. It basically lowers the costs and creates an explosion in knowledge and innovation. He gave examples of organizations that are using Creative Commons including Wikipedia, Aljazeera, and Governments in New Zealand and Australia.

Chris Dibona, Open Source Programs Manager, Google, spoke about open source. He outlined the motivations behind releasing code by developers. He described how Google practices open source projects such as “Chromium”. One audience member asked Dibona about Google’s attention in the region in relation to open source. He replied that Google needs to learn more about the region and the culture of the Middle East. His full presentation is available here.

Professor Michael Nelson, a visiting professor of Internet Studies, Georgetown University spoke about “open clouds”. He emphasised that we are living in new world where small countries can make big impact in technology world. Estonia is the most “wired” country in Europe. Skype changed the way we do business. Qatar can provide the seed for the magic cloud. This can be achieved by having the right policies in the right time.

The second panel entitled “Openness in Science and Technology” was moderated by John Wilbanks, Vice President for Science, Creative Commons. He gave introductory remarks to the use of CC in science. His full presentation is available here.

Shaikah Al- Jaber, Director of Marketing, Innovation and Alliance, Qtel International gave a presentation entitled “Open Innovation for Telecom Companies in the Middle East”. She mainly spoke about innovation in the telecommunication sector and how it can be achieved. Her full presentation is available here.

Hesham Al Komy, Head of Sales and Marketing, Middle East and Africa, Redhat, gave a presentation entitled “From Linux to Beyond”. He went through the history and development of “open source”. Redhat was the first cooperation to take “open source” into the commercial arena. It was founded in 1983 and it currently employs 3500 employees with offices in 29 countries. He also discussed other issues related to open source community and open source adoption. His full presentation is available here.

Habib Hadid, the founder of Yalla Startup and Yamili.com did not give a presentation, but instead spoke spontaneously about business and how innovation and openness can help it. He recommended at the end to consider “innovation as a human right”.

Lucio Rispo, a strategic research director for the Qatar Science and Technology Park, spoke about the internet technological revolution and how it is changing the world. He described several initiatives that were taken in Doha, Qatar including IQRA to spread technology and innovation. His full presentation is available here.

The third panel was about “Openness in Government” that was moderated by Professor Michael Nelson. Sunil Abraham, executive Director for the Centre for Internet and Society in Bangalore, India provided interesting remarks about the internet and openness from the perspective of developing countries especially India. He also mentioned the importance of putting government funded research under open transparent and open models.

Paul Keller, Senior Project Lead of Technology and the Public Domain, Knowledgeland, Netherlands, discussed the ways to promote openness in the public sector through the use of Creative Commons licensing model. To view his presentation click here. Marwan Marouf Mahmod, Executive Director of ICT Industry Development, ictQATAR spoke about his experience and the initiatives that they have taken in ictQatar.

The final panel was entitled “Culture, Creativity and Openness”. There were 3 speakers in this panel. Eric Steuer, Creative Commons Director and the moderator of the session gave an introduction to CC. He described how CC is being used in Education, music, museums, design, films and journalism. His full presentation is available here.

Addulrahman Al Qataba is a web and application developer from Qatar. He presented his philosophy on “open life”. He developed several projects that serve the open source community in mobile applications. The full presentation is available here.

Arend Kuster, Managing Director of Bloomsbury Qatar Foundation (BQF) outlined the initiative that Bloomsbury Publishing is taking in Qatar to spread knowledge through printed books and journals published in Arabic and English.

Roger Mandle, spoke about museums and his experience as a director of the Qatar Museum Authority.

CC Arab World Second Meeting
Sunday, 24 October 2010
Sharq Village
12:30 p.m – 9:00 p.m.

The CC Arab world was attended by lawyers from Lebanon, Jordan, Egypt and also users and enthusiasts supporting CC from across the region. The meeting was divided into two sessions. The first was for all attendees and the second was divided into two groups one for users and another for lawyers.

The first session started with a welcoming note by Joi Ito, who stressed the importance of reaching consensus decisions on important matters related to CC in the Arab world. He noted the difficulties associated with organising such an event and the efforts that CC has invested to bring all people together. Donna thanked the organizers and the supporters of the event particularly ictQATAR. She also set out the agenda for the meeting. Diane spoke about the Affiliate Enhancement Program and Michelle gave details on drafting road maps for each jurisdictions. Speakers from Jordan, Egypt, Lebanon, Syria and the UAE presented their road maps to CC.

After discussion and questioning, Diane gave an introduction to CC naming policy in other jurisdictions including Spanish speaking countries. The discussion of CC naming policy started with Rami Olwan writing in Arabic suggested terms for English CC licences. There were two views in relation to the translation of the English terms to Arabic. The first view came from lawyers who want to use legal words that might not sound appealing to Arabic users of the licences. The second view came from users who want to use words that might not be legal and enforceable in courts. After discussion that lasted three hours, a decision was reached on each term. It was agreed to either to use المشاع الإبداعي (creative Commons) or use the English version alone. Attribution: نسب المصنَف; ShareAlike: الترخيص بالمثل, NoDerivatives: منع الاشتقاق; NonCommercial: غير تجاري.

I attended the second meeting of the session for lawyers. Diane and Joi were present at this session. Diane spoke then allowed each of the jurisdiction leads to speak. Hala Essalmawi from CC Egypt spoke about the A2K project in the library of Alexandria, Egypt and how it was important to start the project there.

I spoke also about the importance for CC in governments and education. Pierre El Khoury and Mohammed AL Darwish spoke about their upcoming events that will feature Lawrence Lessig as a speaker to the Lebanese Bar Association. Mohammad from CC Lebanon also spoke about his involvement in the Consumers International and the reports that he produced for A2K in Lebanon.

Omar Al Taweel presented his views to CC of how CC should proceed in Jordan. Several questions were asked by the lawyers and Diane gave answers. The meeting ended as some of the attendees had to leave for the airport.

See the original here

For more details visit https://cis-india.org/news/report-digitally-open-innovation-and-open-access-forum-23-oct-2010-doha-qatar

Report on Understanding Aadhaar and its New Challenges

Japreet Grewal, Vanya Rakesh, Sumandro Chattapadhyay, and Elonnai Hickock — 2019-03-16T04:42:52Z

The Trans-disciplinary Research Cluster on Sustainability Studies at Jawaharlal Nehru University collaborated with the Centre for Internet and Society, and other individuals and organisations to organise a two day workshop on “Understanding Aadhaar and its New Challenges” at the Centre for Studies in Science Policy, JNU on May 26 and 27, 2016. The objective of the workshop was to bring together experts from various fields, who have been rigorously following the developments in the Unique Identification (UID) Project and align their perspectives and develop a shared understanding of the status of the UID Project and its impact. Through this exercise, it was also sought to develop a plan of action to address the welfare exclusion issues that have arisen due to implementation of the UID Project.

Report: Download (PDF)

This Report is a compilation of the observations made by participants at the workshop relating to myriad issues under the UID Project and various strategies that could be pursued to address these issues. In this Report we have classified the observations and discussions into following themes:

1. Brief Background of the UID Project

2. Legal Status of the UIDAI Project

Procedural issues with passage of the Act
Status of related litigation

3. National Identity Projects in Other Jurisdictions

Pakistan
United Kingdom
Estonia
France
Argentina

4. Technologies of Identification and Authentication

Use of Biometric Information for Identification and Authentication
Architectures of Identification
Security Infrastructure of CIDR

5. Aadhaar for Welfare?

Social Welfare: Modes of Access and Exclusion
Financial Inclusion and Direct Benefits Transfer

6. Surveillance and UIDAI

7. Strategies for Future Action

Annexure A Workshop Agenda

Annexure B Workshop Participants

1. Brief Background of the UID Project

In the year 2009, the UIDAI was established and the UID project was conceived by the Planning Commission under the UPA government to provide unique identification for each resident in India and to be used for delivery of welfare government services in an efficient and transparent manner, along with using it as a tool to monitor government schemes. The objective of the scheme has been to issue a unique identification number by the Unique Identification Authority of India, which can be authenticated and verified online. It was conceptualized and implemented as a platform to facilitate identification and avoid fake identity issues and delivery of government benefits based on the demographic and biometric data available with the Authority.

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the “Act”) was passed as a money bill on March 16, 2016 and was notified in the gazette March 25, 2016 upon receiving the assent of the President. However, the enforceability date has not been mentioned due to which the bill has not come into force.

The Act provides that the Aadhaar number can be used to validate a person’s identity, but it cannot be used as a proof of citizenship. Also, the government can make it mandatory for a person to authenticate her/his identity using Aadhaar number before receiving any government subsidy, benefit, or service. At the time of enrolment, the enrolling agency is required to provide notice to the individual regarding how the information will be used, the type of entities the information will be shared with and their right to access their information. Consent of an individual would be obtained for using his/her identity information during enrolment as well as authentication, and would be informed of the nature of information that may be shared. The Act clearly lays that the identity information of a resident shall not be sued for any purpose other than specified at the time of authentication and disclosure of information can be made only pursuant to an order of a court not inferior to that of a District Judge and/or disclosure made in the interest of national security.

2. Legal Status of the UIDAI Project

In this section, we have summarised the discussions on the procedural issues with the passage of the Act. The participants had criticised the passage of the Act as a money bill in the Parliament. The participants also assessed the litigation pending in the Supreme Court of India that would be affected by this law. These discussions took place in the session titled, ‘Current Status of Aadhaar’ and have been summarised below.

Procedural Issues with Passage of the Act

The participants contested the introduction of the Act in the form of a money bill. The rationale behind this was explained at the session and is briefly explained here. Article 110 (1) of the Constitution of India defines a money bill as one containing provisions only regarding the matters enumerated or any matters incidental to the following: a) imposition, regulation and abolition of any tax, b) borrowing or other financial obligations of the Government of India, c) custody, withdrawal from or payment into the Consolidated Fund of India (CFI) or Contingent Fund of India, d) appropriation of money out of CFI, e) expenditure charged on the CFI or f) receipt or custody or audit of money into CFI or public account of India. The Act makes references to benefits, subsidies and services which are funded by the Consolidated Fund of India (CFI), however the main objectives of the Act is to create a right to obtain a unique identification number and provide for a statutory mechanism to regulate this process. The Act only establishes an identification mechanism which facilitates distribution of benefits and subsidies funded by the CFI and this identification mechanism (Aadhaar number) does not give it the character of a money bill. Further, money bills can be introduced only in the Lok Sabha, and the Rajya Sabha cannot make amendments to such bills passed by the Lok Sabha. The Rajya Sabha can suggest amendments, but it is the Lok Sabha’s choice to accept or reject them. This leaves the Rajya Sabha with no effective role to play in the passage of the bill.

The participants also briefly examined the writ petition that has been filed by former Union minister Jairam Ramesh challenging the constitutionality and legality of the treatment of this Act as a money bill which has raised the question of judiciary’s power to review the decisions of the speaker. Article 122 of the Constitution of India provides that this power of judicial review can be exercised to look into procedural irregularities. The question remains whether the Supreme Court will rule that it can determine the constitutionality of the decision made by the speaker relating to the manner in which the Act was introduced in the Lok Sabha. A few participants mentioned that similar circumstances had arisen in the case of Mohd. Saeed Siddiqui v. State of U.P. [1].

where the Supreme Court refused to interfere with the decision of the Uttar Pradesh legislative assembly speaker certifying an amendment bill to increase the tenure of the Lokayukta as a money bill, despite the fact that the bill amended the Uttar Pradesh Lokayukta and Up-Lokayuktas Act, 1975, which was passed as an ordinary bill by both houses. The Court in this case held that the decision of the speaker was final and that the proceedings of the legislature being important legislative privilege could not be inquired into by courts. The Court added, “the question whether a bill is a money bill or not can be raised only in the state legislative assembly by a member thereof when the bill is pending in the state legislature and before it becomes an Act.”

However, it is necessary to carve a distinction between Rajya Sabha and State Legislature. Unlike the State Legislature, constitution of Rajya Sabha is not optional therefore significance of the two bodies in the parliamentary process cannot be considered the same. Participants also made another significant observation about a similar bill on the UID project (National Identification Authority of India (NIDAI) Bill) that was introduced before by the UPA government in 2010 and was deemed unacceptable by the standing committee on finance, headed by Yashwant Sinha. This bill was subsequently withdrawn.

Status of Related Litigation

A panellist in this session briefly summarised all the litigation that was related to or would be affected by the Act. The panellist also highlighted several Supreme Court orders in the case of KS Puttuswamy v. Union of India [2] which limited the use of Aadhaar. We have reproduced the presentation below.

KS Puttuswamy v. Union of India - This petition was filed in 2012 with primary concern about providing Aadhaar numbers to illegal immigrants in India. It was contended that this could not be done without a law establishing the UIDAI and amendment to the Citizenship laws. The petitioner raised concerns about privacy and fallibility of biometrics.
Sudhir Vombatkere & Bezwada Wilson [3] - This petition was filed in 2013 on grounds of infringement of right to privacy guaranteed under Article 21 of the Constitution of India and the security threat on account of data convergence.
Aruna Roy & Nikhil Dey [4] - This petition was filed in 2013 on the grounds of large scale exclusion of people from access to basic welfare services caused by UID. After their petition, no. of intervention applications were filed. These were the following:
Col. Mathew Thomas [5] - This petition was filed on the grounds of threat to national security posed by the UID project particularly in relation to arrangements for data sharing with foreign companies (with links to foreign intelligence agencies).
Nagrik Chetna Manch [6] - This petition was filed in 2013 and led by Dr. Anupam Saraph on the grounds that the UID project was detrimental to financial service regulation and financial inclusion.
S. Raju [7] - This petition was filed on the grounds that the UID project had implications on the federal structure of the State and was detrimental to financial inclusion.
Beghar Foundation - This petition was filed in 2013 in the Delhi High Court on the grounds invasion of privacy and exclusion specifically in relation to the homeless. It subsequently joined the petition filed by Aruna Roy and Nikhil Dey as an intervener.
Vickram Crishna – This petition was originally filed in the Bombay High Court in 2013 on the grounds of surveillance and invasion of privacy. It was later transferred to the Supreme Court.
Somasekhar – This petition was filed on the grounds of procedural unreasonableness of the UID project and also exclusion & privacy. The petitioner later intervened in the petition filed by Aruna Roy and Nikhil Dey in 2013.
Rajeev Chandrashekhar– This petition was filed on the ground of lack of legal sanction for the UID project. He later intervened in the petition filed by Aruna Roy and Nikhil Dey in 2013. His position has changed now.
Further, a petition was filed by Mr. Jairam Ramesh initially challenging the passage of the Act as a money bill but subsequently, it has been amended to include issues of violation of right to privacy and exclusion of the poor and has advocated for five amendments that were suggested to the Aadhaar Bill by the Rajya Sabha.

Relevant Orders of the Supreme Court

There are six orders of the Supreme Court which are noteworthy.

Order of Sept. 23, 2013 - The Supreme court directed that: 1) no person shall suffer for not having an aadhaar number despite the fact that a circular by an authority makes it mandatory; 2) it should be checked if a person applying for aadhaar number voluntarily is entitled to it under the law; and 3) precaution should be taken that it is not be issued to illegal immigrants.
Order of 26th November, 2013 – Applications were filed by UIDAI, Ministry of Petroleum & Natural Gas, Govt of India, Indian Oil Corporation, BPCL and HPCL for modifying the September 23rd order and sought permission from the Supreme Court to make aadhaar number mandatory. The Supreme Court held that the order of September 23rd would continue to be effective.
Order of 24th March, 2014 – This order was passed by the Supreme Court in a special leave petition filed in the case of UIDAI v CBI [8] wherein UIDAI was asked to UIDAI to share biometric information of all residents of a particular place in Goa to facilitate a criminal investigation involving charges of rape and sexual assault. The Supreme Court restrained UIDAI from transferring any biometric information of an individual without to any other agency without his consent in writing. The Supreme Court also directed all the authorities to modify their forms/circulars/likes so as to not make aadhaar number mandatory.
Order of 16th March, 2015 - The SC took notice of widespread violations of the order passed on September 23rd, 2013 and directed the Centre and the states to adhere to these orders to not make aadhaar compulsory.
Orders of August 11, 2015 – In the first order, the Central Government was directed to publicise the fact that aadhaar was voluntary. The Supreme Court further held that provision of benefits due to a citizen of India would not be made conditional upon obtaining an aadhaar number and restricted the use of aadhaar to the PDS Scheme and in particular for the purpose of distribution of foodgrains, etc. and cooking fuel, such as kerosene and the LPG Distribution Scheme. The Supreme Court also held that information of an individual that was collected in order to issue an aadhaar number would not be used for any purpose except when directed by the Court for criminal investigations. Separately, the status of fundamental right to privacy was contested and accordingly the Supreme Court directed that the issue be taken up before the Chief Justice of India.
Orders of October 16, 2015 – The Union of India, the states of Gujarat, Maharashtra, Himachal Pradesh and Rajasthan, and authorities including SEBI, TRAI, CBDT, IRDA , RBI applied for a hearing before the Constitution Bench for modification of the order passed by the Supreme Court on August 11 and allow use of aadhaar number schemes like The Mahatma Gandhi National Rural Employment Guarantee Scheme MGNREGS), National Social Assistance Programme (Old Age Pensions, Widow Pensions, Disability Pensions) Prime Minister's Jan Dhan Yojana (PMJDY) and Employees' Providend Fund Organisation (EPFO). The Bench allowed the use of aadhaar number for these schemes but stressed upon the need to keep aadhaar scheme voluntary until the matter was finally decided.

Status of these orders
The participants discussed the possible impact of the law on the operation of these orders. A participant pointed out that matters in the Supreme Court had not become infructuous because fundamental issues that were being heard in the Supreme Court had not been resolved by the passage of the Act. Several participants believed that the aforementioned orders were effective because the law had not come into force. Therefore, aadhaar number could only be used for purposes specified by the Supreme Court and it could not be made mandatory. Participants also highlighted that when the Act was implemented, it would not nullify the orders of the Supreme Court unless Union of India asked the Supreme Court for it specifically and the Supreme Court sanctioned that.

3. National Identity Projects in Other Jurisdictions

A panellist had provided a brief overview of similar programs on identification that have been launched in other jurisdictions including Pakistan, United Kingdom, France, Estonia and Argentina in the recent past in the session titled ‘Aadhaar - International Dimensions’. This presentation mainly sought to assess the incentives that drove the governments in these jurisdictions to formulate these projects, mandatory nature of their adoption and their popularity. The Report has reproduced the presentation here.

Pakistan

The Second Amendment to the Constitution of Pakistan in 2000 established the National Database and Regulation Authority in the country, which regulates government databases and statistically manages the sensitive registration database of the citizens of Pakistan. It is also responsible for issuing national identity cards to the citizens of Pakistan. Although the card is not legally compulsory for a Pakistani citizen, it is mandatory for:

Voting
Obtaining a passport
Purchasing vehicles and land
Obtaining a driver licence
Purchasing a plane or train ticket
Obtaining a mobile phone SIM card
Obtaining electricity, gas, and water
Securing admission to college and other post-graduate institutes
Conducting major financial transactions

Therefore, it is pretty much necessary for basic civic life in the country. In 2012, NADRA introduced the Smart National Identity Card, an electronic identity card, which implements 36 security features. The following information can be found on the card and subsequently the central database: Legal Name, Gender (male, female, or transgender), Father's name (Husband's name for married females), Identification Mark, Date of Birth, National Identity Card Number, Family Tree ID Number, Current Address, Permanent Address, Date of Issue, Date of Expiry, Signature, Photo, and Fingerprint (Thumbprint). NADRA also records the applicant's religion, but this is not noted on the card itself. (This system has not been removed yet and is still operational in Pakistan.)

United Kingdom

The Identity Cards Act was introduced in the wake of the terrorist attacks on 11th September, 2001, amidst rising concerns about identity theft and the misuse of public services. The card was to be used to obtain social security services, but the ability to properly identify a person to their true identity was central to the proposal, with wider implications for prevention of crime and terrorism. The cards were linked to a central database (the National Identity Register), which would store information about all of the holders of the cards. The concerns raised by human rights lawyers, activists, security professionals and IT experts, as well as politicians were not to do with the cards as much as with the NIR. The Act specified 50 categories of information that the NIR could hold, including up to 10 fingerprints, digitised facial scan and iris scan, current and past UK and overseas places of residence of all residents of the UK throughout their lives. The central database was purported to be a prime target for cyber attacks, and was also said to be a violation of the right to privacy of UK citizens. The Act was passed by the Labour Government in 2006, and repealed by the Conservative-Liberal Democrat Coalition Government as part of their measures to “reverse the substantial erosion of civil liberties under the Labour Government and roll back state intrusion.”

Estonia

The Estonian i-card is a smart card issued to Estonian citizens by the Police and Border Guard Board. All Estonian citizens and permanent residents are legally obliged to possess this card from the age of 15. The card stores data such as the user's full name, gender, national identification number, and cryptographic keys and public key certificates. The cryptographic signature in the card is legally equivalent to a manual signature, since 15 December 2000. The following are a few examples of what the card is used for:

As a national ID card for legal travel within the EU for Estonian citizens
As the national health insurance card
As proof of identification when logging into bank accounts from a home computer
For digital signatures
For i-voting
For accessing government databases to check one’s medical records, file taxes, etc.
For picking up e-Prescriptions
(This system is also operational in the country and has not been removed)

France

The biometric ID card was to include a compulsory chip containing personal information, such as fingerprints, a photograph, home address, height, and eye colour. A second, optional chip was to be implemented for online authentication and electronic signatures, to be used for e-government services and e-commerce. The law was passed with the purpose of combating “identity fraud”. It was referred to the Constitutional Council by more than 200 members of the French Parliament, who challenged the compatibility of the bill with the citizens’ fundamental rights, including the right to privacy and the presumption of innocence. The Council struck down the law, citing the issue of proportionality. “Regarding the nature of the recorded data, the range of the treatment, the technical characteristics and conditions of the consultation, the provisions of article 5 touch the right to privacy in a way that cannot be considered as proportional to the meant purpose”.

Argentina

Documento Nacional de Identidad or DNI (which means National Identity Document) is the main identity document for Argentine citizens, as well as temporary or permanent resident aliens. It is issued at a person's birth, and updated at 8 and 14 years of age simultaneously in one format: a card (DNI tarjeta); it's valid if identification is required, and is required for voting. The front side of the card states the name, sex, nationality, specimen issue, date of birth, date of issue, date of expiry, and transaction number along with the DNI number and portrait and signature of the card's bearer. The back side of the card shows the address of the card's bearer along with their right thumb fingerprint. The front side of the DNI also shows a barcode while the back shows machine-readable information. The DNI is a valid travel document for entering Argentina, Bolivia, Brazil, Chile, Colombia, Ecuador, Paraguay, Peru, Uruguay, and Venezuela. (System still operational in the country)

4. Technologies of Identification and Authentication

The panel in the session titled ‘Aadhaar: Science, Technology, and Security’ explained the technical aspects of use of biometrics and privacy concerns, technology architecture for identification and inadequacy of infrastructure for information security. In this section, we have summarised the presentation and the ensuing discussions on these issues.

Use of Biometric Information for Identification and Authentication

The panelists explained with examples that identification and authentication were different things. Identity provides an answer to the question “who are you?” while authentication is a challenge-response process that provides a proof of the claim of identity. Common examples of identity are User ID (Login ID), cryptographic public keys and ATM or Smart cards while common authenticators are passwords (including OTPs), PINs and cryptographic private keys. Identity is public information but an authenticator must be private and known only to the user. Authentication must necessarily be a conscious process and active participation by the user is a must. It should also always be possible to revoke an authenticator. After providing this understanding of the two processes the panellist then explained if biometric information could be used for identification or authentication under the UID Project. Biometric information is clearly public information and it is questionable if it can be revoked. Therefore it should never be used for authentication, but only for identity verification. There is a possibility of authentication by fingerprints under the UID Project, without conscious participation of the user. One could trace the fingerprints of an individual from any place the individual has been in contact with. Therefore, authentication must certainly be done by other means. The panellist pointed out that there were five kinds of authentication under the UID Project, out of which two-factor authentication and one time password were considered suitable but use of biometric information and demographic information was extremely threatening and must be withdrawn.

Architectures of Identification

The panelists explained the architecture of the UID Project that has been designed for identification purposes, highlighted its limitations and suggested alternatives. His explanations are reproduced below.

Under the UID Project, there is a centralised means of identification i.e. the aadhaar number and biometric information stored in one place, Central Identification Data Repository (CIDR). It is better to have multiple means of identification than one (as contemplated under the UID Project) for preservation of our civil liberties. The question is what the available alternatives are. Web of trust is a way for operationalizing distributed identification but the challenge is how one brings people from all social levels to participate in it. There is a need for registrars who will sign keys and public databases for this purpose.

The aadhaar number functions as a common index and facilitates correlation of data across Government databases. While this is tremendously attractive it raises several privacy concerns as more and more information relating to an individual is available to others and is likely to be abused.

The aadhaar number is available in human readable form. This raises the risk of identification without consent and unauthorised profiling. It cannot be revoked. Potential for damage in case of identity theft increases manifold.

Under the UID Project, for the purpose of information security, Authentication User Agencies (“AUA”) are required to use local identifiers instead of aadhaar numbers but they are also required to map these local identifiers to the aadhaar numbers. Aadhaar numbers are not cryptographically secured; in fact they are publicly available. Hence this exercise for securing information is useless. An alternative would be to issue different identifiers for different domains and cryptographically embed a “master identifier” (in this case, equivalent of aadhaar number) into each local identifier.

All field devices (for example POS machines) should be registered and must communicate directly with UIDAI. In fact, UIDAI must verify the authenticity (tamper proof) of the field device during run time and a UIDAI approved authenticity certificate must be issued for field devices. This certificate must be made available to users on demand. Further, the security and privacy frameworks within which AUAs work must be appropriately defined by legal and technical means.

Security Infrastructure of CIDR

The panelists also enumerated the security features of the UID Project and highlighted the flaws in these features. These have been summarised below.

The security and privacy infrastructure of UIDAI has the following main features:

2048 bit PKI encryption of biometric data in transit
End-to-end encryption from enrolment/POS to CIDR
HMAC based tamper detection of PID blocks
Registration and authentication of AUAs
Within CIDR only a SHA 1 Hash of Aadhaar number is stored
Audit trails are stored SHA 1 encrypted. Tamper detection?
Only hashes of passwords and PINs are stored. (biometric data stored in original form though!)
Authentication requests have unique session keys and HMAC
Resident data stored using 100 way sharding (vertical partitioning). First two digits of Aadhaar number as shard keys
All enrolment and update requests link to partitioned databases using Ref IDs (coded indices)
All accesses through a hardware security module
All analytics carried out on anonymised data

The panellists pointed out the concerns about information security on account of design flaws, lack of procedural safeguards, openness of the system and too much trust imposed on multiple players. All symmetric and private keys and hashes are stored somewhere within UIDAI. This indicates that trust is implicitly assumed which is a glaring design flaw. There is no well-defined approval procedure for data inspection, whether it is for the purpose of investigation or for data analytics. There is a likelihood of system hacks, insider leaks, and tampering of authentication records and audit trails. The ensuing discussions highlighted that the UIDAI had admitted to these security risks. The enrolment agencies and the enrolment devices cannot be trusted. AUAs cannot be trusted with biometric and demographic data; neither can they be trusted with sensitive user data of private nature. There is a need for an independent third party auditor for distributed key management, auditing and approving UIDAI programs, including those for data inspection and analytics, whitebox cryptographic compilation of critical parts of the UIDAI programs, issue of cryptographic keys to UIDAI programs for functional encryption, challenge-response for run-time authentication and certification of UIDAI programs. The panellist recommended that there was a need to to put a suitable legal framework to execute this.

The participants also discussed that information infrastructure must not be made of proprietary software (possibility for backdoors for US) and there must be a third party audit with a non-negotiable clause for public audit.

5. Aadhaar for Welfare?

The Report has summarised the discussions that took place in the sessions on ‘Direct Benefits Transfers’ and ‘Aadhaar: Broad Issues - II’ where the panellists critically analysed the claims of benefits and inclusion of Aadhaar made by the government in light of the ground realities in states where Aadhaar has been adopted for social welfare schemes.

Social Welfare: Modes of Access and Exclusion

Under the Act, a person may be required to authenticate or give proof of the aadhaar number in order to receive subsidy from the government (Section 7). A person is required to punch their fingerprints on POS machines in order to receive their entitlement under the social welfare schemes such as LPG and PDS. It was pointed out in the discussions that various states including Rajasthan and Delhi had witnessed fingerprint errors while doling out benefits at ration shops under the PDS scheme. People have failed to receive their entitled benefits because of these fingerprint errors thus resulting in exclusion of beneficiaries [9]. A panellist pointed out that in Rajasthan, dysfunctional biometrics had led to further corruption in ration shops. Ration shop owners often lied to the beneficiaries about functioning of the biometric machines (POS Machines) and kept the ration for sale in the market therefore making a lot of money at the expense of uninformed beneficiaries and depriving them of their entitlements.

Another participant organisation also pointed out similar circumstances in the ration shops in Patparganj and New Delhi constituencies. Here, the dealers had maintained the records of beneficiaries who had been categorized as follows: beneficiaries whose biometrics did not match, beneficiaries whose biometrics matched and entitlements were provided, beneficiaries who never visited the ration shop. It had been observed that there were no entries in the category of beneficiaries whose biometrics did not match however, the beneficiaries had a different story to tell. They complained that their biometrics did not match despite trying several times and there was no mechanism for a manual override. Consequently, they had not been able to receive any entitlements for months. The discussions also pointed out that the food authorities had placed complete reliance on authenticity of the POS machines and claim that this system would weed out families who were not entitled to the benefits. The MIS was also running technical glitches as a result there was a problem with registering information about these transactions hence, no records had been created with the State authority about these problems. A participant also discussed the plight of 30,000 widows in Delhi, who were entitled to pension and used to collect their entitlement from post offices, faced exclusion due to transition problems under the Jan Dhan Yojana (after the Jandhan was launched the money was transferred to their bank accounts in order to resolve the problem of misappropriation of money at the hands of post office officials). These widows were asked to open bank accounts to receive their entitlements and those who did not open these accounts and did not inform the post office were considered bogus.

In the discussions, the participants also noted that this unreliability of fingerprints as a means of authentication of an individual’s identity was highlighted at the meeting of Empowered Group of Ministers in 2011 by J Dsouza, a biometrics scientist. He used his wife’s fingerprints to demonstrate that fingerprints may change overtime and in such an event, one would not be able to use the POS machine anymore as the machine would continue to identify the impressions collected initially.

The participants who had been working in the field had contributed to the discussions by busting the myth that the UID Project helped to identify who was poor and resolve the problem of exclusion due to leakages in the social welfare programs. These discussions have been summarised below.

It is important to understand that the UID Project is merely an identification and authentication system. It only helps in verifying if an individual is entitled to benefits under a social security scheme. It does not ensure plugging of leakages and reducing corruption in social security schemes as has been claimed by the Government. The reduction in leakage of PDS, for instance, should be attributed to digitization and not UID. The Government claims, that it has saved INR 15000 crore in provision of LPG on identification of 3.34 crore inactive accounts on account of the UID Project. This is untrue because the accounts were weeded by using mechanisms completely unrelated to the UID Project. Consequently, the savings on account of UID are only of INR 120 crore and not 15000 crore.
The UID Project has resulted in exclusion of people either because they do not have an aadhaar number, or they have a wrong identification, or there are errors of classification or wilful misclassification. About 99.7% people who were given aadhaar numbers already had an identification document. In fact, during enrolment a person is required to produce one of 14 identification documents listed under the law in order to get an aadhaar number which makes it very difficult for a person with no identity to become entitled to a social welfare scheme.

A participant condemned the Government’s claim that the UID Project had helped in removing fake, bogus and duplicate cards and said that these terms could not be used synonymously and the authorities had no clarity about the difference between the meanings of these terms. The UID Project had only helped in removal of duplicate cards but had not helped in combating the use of fake and bogus cards.

Financial Inclusion and Direct Benefits Transfer

The participants also engaged in the discussions about the impact of the UID project on financial inclusion in India in the sessions titled ‘Aadhaar: Broad Issues - I & II’. We have summarised these discussions below.

The UID Project seeks to directly transfer money to a bank account in order to combat corruption. The discussions highlighted that this was nothing but introducing a neo liberal thrust in social policy and that it was not feasible for various reasons. First, 95% of rural India did not have functioning banks and banks are quite far away. Second, in order to combat this dearth of banks the idea of business correspondents, who handled banking transactions and helped in opening of bank accounts, had been introduced which had created various problems. The Reserve Bank of India reported that there was dearth of business correspondents as there was very little incentive to become one; their salary is merely INR 4000. Third, there were concerns about how an aadhaar number was considered a valid document for Know Your Customer (KYC) checks. There was a requirement for scrutiny and auditing of documents submitted during the time of enrolment which, in the present scheme of things, could not be verified. Fourth, there were no restrictions on number of bank accounts that could be opened with a single aadhaar number which gave rise to a possibility of opening multiple and shell accounts on a single aadhaar number. Therefore, records only showed transactions when money was transferred from an aadhaar number to another aadhaar number as opposed to an account-to-account transfer. The discussion relied on NPCI data which shows which bank an aadhaar number is associated with but does not show if a transaction by an aadhaar number is overwritten by another bank account belonging to the same aadhaar number.

6. Surveillance and UIDAI

The participants had discussed the possibility of an alternative purpose for enrolling Aadhaar in the session titled ‘Privacy, Surveillance, and Ethical Dimensions of Aadhaar’. The discussion traced the history of this project to gain insight on this issue. We have summarised below the key take aways from this discussion.

There are claims that the main objective of launching the UID Project is not to facilitate implementation of social security schemes but to collect personal (financial and non-financial) information of the citizens and residents of the country to build a data monopoly. For this purpose, PDS was chosen as a suitable social security scheme as it has the largest coverage. Several participants suggested that numerous reports authored by FICCI, KPMG and ASSOCHAM contained proposals for establishing a national identity authority which threw some light on the commercial intentions behind information collection under the UID Project.

It was also pointed out that there was documented proof that information collected under the UID Project might have been shared with foreign companies. There are suggestions about links established between proponents of the UID Project and companies backed by CIA or the French Government which run security projects and deal in data sharing in several jurisdictions.

7. Strategies for Future Action

The participants laid down a list of measures that must be taken to take the discussions forward. We have enumerated these recommendations below.

Prepare and compile an anthology of articles as an output of this workshop.
Prepare position papers on specific issues related to the UID Project
Prepare pamphlets/brochures on issues with the UID Project for public consumption
Prepare counter-advertisements for Aadhaar
Publish existing empirical evidence on the flaws in Aadhaar.
Set up an online portal dedicated to providing updates on the UID Project and allows discussions on specific issues related to Aadhaar.
Use Social Media to reach out to the public. Regularly track and comment on social media pages of relevant departments of the government.
Create groups dedicated to research and advocacy of specific aspects of the UID Project.
Create a Coordination Committee preferably based in Delhi which would be responsible for regularly holding meetings and for preparing a coordinated plan of action. Employ permanent to staff to run the Committee.
Organise an advocacy campaign against use of Aadhaar in collaboration with other organisations and build public domain acceptance.
The campaign must specifically focus on the unfettered scope of UID and expanse, misrepresentation of the success of Aadhaar by highlighting real savings, technological flaws, status of pilot programs and increasing corruption on account of the UID Project
Prepare a statement of public concern regarding the UID Project and collect signatures from eminent persons including academics, technical experts, civil society groups and members of parliament.
Organise events and discussions on issues relating to Aadhaar and invite members og government departments to speak and discuss the issues.
Write to Members of Parliament and Members of Legislative Assemblies raising questions on their or their parties’ support for Aadhaar and silence on the problems created by the UID Project.
Organise public hearings in states like Rajasthan to observe and document ground realities of the UID Project and share these outcomes with the state government and media.
Plan a national social audit and public hearing on the working of UID Project in the country.
File Contempt Petitions in the Supreme Court and High Courts against mandatory use of Aadhaar number for services not allowed by the Supreme Court.
Reach out to and engage with various foreign citizens and organisations that have been fighting on similar issues. The organisations and individuals who could be approached would include EPIC, Electronic Frontier foundation, David Moss, UK, Roger Clarke, Australia, Prof. Ian Angel, Snowden, Assange and Chomsky.
Work towards increasing awareness about the UID Project and gaining support from the student and research community, student organisations, trade unions, and other associations and networks in the unorganised sector.

Annexure A – Workshop Agenda

May 26, 2016

9:00-9:30	Registration
9:30-10:00	Prof. Dinesh Abrol - Welcome Self-introduction and expectations of participants Dr. Usha Ramanathan - Overview of the Workshop
10:00-11:00	Session 1: Current Status of Aadhaar Dr. Usha Ramanathan, Legal Researcher, New Delhi - What the 2016 Law Says, and How it Came into Being S. Prasanna, Advocate, New Delhi - Status and Force of Supreme Court Orders on Aadhaar Discussion
11:00-11:30	Tea Break
11:30-13:30	Session 2: Direct Benefits Transfers Prof. Reetika Khera, Indian Institute of Technology, Delhi - Welfare Needs Aadhaar like a Fish Needs a Bicycle Prof. R. Ramakumar, Tata Institute of Social Sciences, Mumbai - Aadhaar and the Social Sector: A critical analysis of the claims of benefits and inclusion Ashok Rao, Delhi Science Forum - Cash Transfers Study Discussion
13:30-14:30	Lunch
14:30-16:00	Session 3: Aadhaar: Science, Technology, and Security Prof. Subashis Banerjee, Dept of Computer Science & Engineering, IIT, Delhi - Privacy and Security Issues Related to the Aadhaar Act Pukhraj Singh, Former National Cyber Security Manager, Aadhaar, New Delhi - Aadhaar: Security and Surveillance Dimensions Discussion
16:00-16:30	Tea Break
16:30-17:30	Session 4: Aadhaar - International Dimensions Joshita Pai, Center for Communication Governance, National Law University, Delhi - Biometrics and Mandatory IDs in Other Parts of the World Dr. Gopal Krishna, Citizens Forum for Civil Liberties - International Dimensions of Aadhaar Discussion
17:30-18:00	High Tea

May 27, 2016

9:30-11:00	Session 5: Privacy, Surveillance and Ethical Dimensions of Aadhaar Prabir Purkayastha, Free Software Movement of India, New Delhi - Surveillance Capitalism and the Commodification of Personal Data Arjun Jayakumar, SFLC - Surveillance Projects Amalgamated Col Mathew Thomas, Bengaluru - The Deceit of Aadhaar Discussion
11:00-11:30	Tea Break
11:30-13:00	Session 6: Aadhaar - Broad Issues I Prof. G Nagarjuna, Homi Bhabha Center for Science Education, Tata Institute of Fundamental Research, Mumbai - How to prevent linked data in the context of Aadhaar Dr. Anupam Saraph, Pune - Aadhaar and Moneylaundering Discussion
13:00-14:00	Lunch
14:00-15:30	Session 7: Aadhaar - Broad Issues II Prof. MS Sriram, Visiting Faculty, Indian Institute of Management, Bangalore - Financial lnclusion Nikhil Dey, MKSS, Rajasthan - Field witness: Technology on the Ground Prof. Himanshu, Centre for Economic Studies & Planning, JNU - UID Process and Financial Inclusion Discussion
15:30-16:00	Session 8: Conclusion
16:00-18:00	Informal Meetings

Annexure B – Workshop Participants

Anjali Bhardwaj, Satark Nagrik Sangathan

Dr. Anupam Saraph

Arjun Jayakumar, Software Freedom Law Centre

Ashok Rao, Delhi Science Forum

Prof. Chinmayi Arun, National Law University, Delhi

Prof. Dinesh Abrol, Jawaharlal Nehru University

Prof. G Nagarjuna, Homi Bhabha Center for Science Education, Tata Institute of Fundamental Research, Mumbai

Dr. Gopal Krishna, Citizens Forum for Civil Liberties

Prof. Himanshu, Jawaharlal Nehru University

Japreet Grewal, the Centre for Internet and Society

Joshita Pai, National Law University, Delhi

Malini Chakravarty, Centre for Budget and Governance Accountability

Col. Mathew Thomas

Prof. MS Sriram, Indian Institute of Management, Bangalore

Nikhil Dey, Mazdoor Kisan Shakti Sangathan

Prabir Purkayastha, Knowledge Commons and Free Software Movement of India

Pukhraj Singh, Bhujang

Rajiv Mishra, Jawaharlal Nehru University

Prof. R Ramakumar, Tata Institute of Social Sciences, Mumbai

Dr. Reetika Khera, Indian Institute of Technology, Delhi

Dr. Ritajyoti Bandyopadhyay, Indian Institute of Science Education and Research, Mohali

S. Prasanna, Advocate

Sanjay Kumar, Science Journalist

Sharath, Software Freedom Law Centre

Shivangi Narayan, Jawaharlal Nehru University

Prof. Subhashis Banerjee, Indian Institute of Technology, Delhi

Sumandro Chattapadhyay, the Centre for Internet and Society

Dr. Usha Ramanathan, Legal Researcher

Note: This list is only indicative, and not exhaustive.

[1] Civil Appeal No. 4853 of 2014

[2] WP(C) 494/2012

[3] . WP(C) 829/2013

[4] WP(C) 833/2013

[5] WP (C) 37/2015; (Earlier intervened in the Aruna Roy petition in 2013)

[6] WP (C) 932/2015

[7] Transferred from Madras HC 2013.

[8] SLP (Crl) 2524/2014 filed against the order of the Goa Bench of the Bombay HC in CRLWP 10/2014 wherein the High Court had directed UIDAI to share biometric information held by them of all residents of a particular place in Goa to help with a criminal investigation in a case involving charges of rape and sexual assault.

[9] See :http://scroll.in/article/806243/rajasthan-presses-on-with-aadhaar-after-fingerprint-readers-fail-well-buy-iris-scanners

For more details visit https://cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges

Report on Understanding Aadhaar and its New Challenges

sumandro — 2016-09-28T12:44:38Z

For more details visit https://cis-india.org/internet-governance/files/report-on-understanding-aadhaar-and-its-new-challenges

Report on the WIPO Director General’s Meeting with NGO’s

puneeth — 2014-04-30T05:33:27Z

The Director General’s meeting with NGO’s was held on March 25, 2014. This is an annual meeting where accredited NGO’s have an opportunity to have a one on one discussion with the Director General on issues that concern them.

The webcast of the meeting can be found here.

This year’s meeting featured queries on a whole range of issues from mainstreaming the development agenda recommendations to the number of WIPO meetings. The Director General engaged in a frank exchange of views with NGO representatives and stressed the importance of NGO’s in WIPO’s work.

Opening Statement

The meeting kicked off with a statement by the Director General. He reported that the demand for IP titles was greater than the world economy- citing the growing number of patent and trademark applications. He also commended the SCCR in concluding the Marrakesh Treaty and said that the engagement and alignment of civil society actors was crucial to the signing of the Treaty. He also noted the role of the World Blind Union and the publishing community in supporting the Treaty.

The Director General also had updates on the work of various committees for the 2014-15 biennium. With respect to the Design Law Treaty in the SCT, he stated that the US and Canada had accepted the possibility of an article on technical assistance but not as a condition to convene a diplomatic conference. On the Broadcast Treaty in the SCCR, he said that a lot of work needs to be done and that the SCCR needs to decide if a Treaty with a narrower scope is feasible and if a Diplomatic Conference has to be convened in September. On the IGC, he stated that this committee was WIPO’s greatest political risk and that the Committee must find a way to deliver on a project that has been on since 2001.On the Lisbon Agreement, the Director General stated that 28 States had agreed to renew the agreement and the new agreement would cover GI and Appellations. He noted that this was a huge step forward as GI’s become more and more valuable.

In addition, he noted three areas of interest for the future work of the WIPO:

Balance between collaboration and competition: The Director General noted that there should be greater emphasis on collaboration and competition at the WIPO. He called for emphasis on cooperation, open innovation in global value chains. At the same time he stated that IP also creates competition. He stated that the tension between competition and collaboration should be under consideration in the future as it is growing into a major geopolitical issue.
Digital Economy: The Director General said that Member States should engage on the impact of an increasingly digital world on the environment. While this issue has been under discussion since the 90’s, there have been new developments that need further consideration.
Appropriate Technology: The Director General commented on the passive transfer of technology and said that there is a knowledge gap between having technology and knowing how to use it, and this should be kept in mind in future wok.

Q&A

Following the opening statement, the Director General fielded questions from NGO representative. Below is a summary of a few notable responses from the Director General.

On a question regarding the mainstreaming of the Development Agenda, the Director General said that it is up to the Members to decide how to make the Development Agenda normative. But he pointed out that both the Beijing and Marrakesh Treaties refer to the Development agenda in their text.

In response to a question on future plans and projects on public health and IP, he said that the WIPO is encouraging research projects on the issue. He also pointed out that the WTO, WIPO and WHO are engaged in an active collaboration on this issue and had also organised a seminar on it. He also said that the three Director Generals had published studies on the topic.

MSF made a number of interventions on the issue of public health. They argued that ongoing WIPO research did not meet the needs for medical innovation and that there was need for serious rethink on how to make it work better. They also said that the focus of WIPO research was currently only on LDC’s and this left out developing countries and consequently a large number of people.

In response the Director General said that the WIPO could only “build with what it’s got” and said that they should engage with more parties and with what they do. He also said that they are beginning to engage with middle income countries. He also said that WIPO research was free and that it could be easily shared and the fee was only if there was a sale.

MSF also called for a change on the nature of technical assistance as there were repeated seminars on anti-counterfeiting measures with little or no focus on the quality of medicines. On this, the Director General agreed with MSF and said that the larger problem was quality assurance which needed to be addressed, but he also pointed out that WIPO as an IP agency could not get into the issue of quality assurance.

He also fielded a question from the author on making WIPO sessions more accessible with the possible use of remote participation in the future. The Director General said that this was a good idea, but he pointed out that this was up to the Members to consider and possibly implement. He also noted that it was only recently that WIPO started webcasting meetings and that there would be issues of time management with remote participation.

On a question about the increasing number of meetings at the WIPO, the Director General acknowledged that this was a problem and that the respective Committees had to decide if it was essential to convene a meeting ever so often. But he also pointed out that the Secretariat cannot interfere in such matters and could only facilitate discussion on these issues. He also said that it might be better if experts met regularly to discuss technical issues and negotiators met only when an issue had matured.

On a further question on the number of documents being released for every meeting and their increasing length, the Director General joked that it was unlikely that anyone under the age of 30 would read all the documents. He said that this is an issue that should be looked into.

For more details visit https://cis-india.org/a2k/blogs/report-on-wipo-director-general-meeting-with-ngos

Report on the Fourth Internet Governance Forum for Commonwealth IGF

pranesh — 2012-02-29T05:42:27Z

This report by Pranesh Prakash reflects on the question of how useful the IGF is in the light of meetings on the themes of intellectual property, freedom of speech and privacy.

The first Internet Governance Forum was held in Athens in 2006, as a follow on to the 2005 Tunis World Summit on the Information Society, and to fulfil the principles drawn up at there. Its explicit objective is to “promote and assess, on an ongoing basis the embodiment of WSIS principles in Internet governance processes”. Those principles still form the basis of the talks that happen at the IGF, and are frequently referred to by the various groups that attend the IGF as the basis for their positions and claims. Sometimes, some of the values promoted by the principles are claimed by opposing groups (child safety vs. freedom of expression). Thus, in a way the negotiation of those principles were what really set the tone for the IGF, which in and of itself is a process by which those principles could be furthered. The one question that formed part of people’s conversations through the fourth Internet Governance Forum (IGF) at Sharm el Sheik, as it had in third IGF at Hyderabad, and no doubt ever since the first edition, was “How
useful is the IGF?” This report shall reflect on that question, particularly based on the workshops and meetings that happened around the themes of intellectual property, freedom of speech, and privacy.

There are not many meetings of the nature of the IGF. It is not a governmental meeting, though it is sponsored by the United Nations. It is not a meeting of civil society groups, nor of academics nor industry. It is a bit like the Internet: large and unwieldy, allowing for participation of all while privileging those with certain advantages (rich, English-speaking), and a place where a variety of interests (government, civil society, academia and industry) clash, and where no one really has the final word. While the transformational potential of the Internet and the World Wide Web have been felt by a great many, the potential of the Internet Governance Forum is still to be felt. This report, in part, seeks to present an apology of the IGF process, though it is the belief of this reporter that it could do with a few modifications.

DAY 0 (Saturday, November 14, 2009)

This reporter arrived with his colleagues at Sharm el Sheik late in the afternoon on Saturday, November 14, 2009, with the IGF set to begin the next day. Though we had been advised to register that evening itself, the fatigue of travel (in the case of my colleagues) and the requirement of purchasing new clothes to replace those in the suitcase that had been lost (in my case) kept us from doing so.

DAY 0 (Sunday, November 15, 2009)

The IGF began on Sunday, November 15, 2009, with a large delay. The registration desks seemed to have a bit of difficulty handling the number of people who were pouring in for registration that morning. By the time this reporter was done with registration, the first set of workshops were already under way, and nearing completion, leaving not much time before the commencement of Workshop 361 (Open Standards: A Rights-Based Framework), which was being organized by this reporter.

That workshop had as speakers Sir Tim Berners-Lee (World Wide Web Consortium), Renu Budhiraja (Department of IT, Government of India), Steve Mutkoski (Microsoft), Rishab Ghosh (UNU-MERIT), and Sunil Abraham (Centre for Internet and Society), with Aslam Raffee (Sun Microsystems, formerly with the Government of South Africa) chairing the session thus representing government, industry, civil society, and academia. The theme of the workshop (rights-based framework for open standards) was explored in greatest depth by Tim Berners-Lee, Sunil Abraham, and Rishab Ghosh, while Renu Budhiraja and Steve Mutkoski decided to explore the fault-lines, and the practicalities of ensuring open standards (as well as the interoperability, e-governance, and other promises of open standards). Rishab Ghosh pointed out that while a government could not make it a requirement that your car be a Ford to be granted access to the parking lot of the municipality, it often made such arbitrary requirements when it came to software and electronic access to the government.

Open standards, most of the panellists agreed, had to be royalty-free, and built openly with free participation by anyone who wished to. This model, Sir Tim pointed out, was what made the World Wide Web the success that it is today. This would ensure that different software manufacturers could ensure interoperability which would encourage competition amongst them; that all governments -- even the less developed ones -- would have equal access to digital infrastructure; that citizen-government and intragovernment interaction would be made much more equitable and efficient; and that present-day electronic information would be future-proofed and safeguard against software obsolescence.

Renu Budhiraja in a very useful and practically-grounded presentation pointed out some of the difficulties that governments faced when deciding upon definitions of “open standards”, as well as the limited conditions under which governments may justify using proprietary standards. She spoke of the importance of governments not following the path laid out by market forces, but rather working to lead the market in the direction of openness. Governments, she reminded the audience, are amongst the foremost consumers of software and standards, and have to safeguard the interests of their citizens while making such decisions. Steve Mutkoski challenged the audience to not only think about the importance of open standards, but also think of the role it plays in ensuring efficient e-governance. Standards, he contended, are but one part of e-governance, and that often the reason that e-governance models fail are not because of standards but because of other organizational practices and policies. Pointing to academic studies, he showed that open standards by themselves were not sufficient to ensure

Sunil Abraham pointed out examples of citizens’ rights being affected by lack of open standards, and pointed out the concerns made public by ‘right to information’ activists in India on the need they perceived for open standards. He also pointed out an example from South Africa where citizens wishing to make full use of the Election Commission’s website were required to use a particular browser, since it was made with non-standard proprietary elements that only company’s browser could understand. Since that browser was not a cross-platform browser like Firefox, users also had to use a particular operating system to interact with the government. The session ended with a healthy interaction with the audience.

The importance of having this discussion at the IGF was underscored by Rishab Ghosh who noted that issues of defining and choosing technical standards are often left to technical experts, while they have ramifications much further than that field. That, he opined, is the reason that discussing open standards at a forum like the IGF is important. A more complete report of this workshop may be found at <http://cis-india.org/advocacy/openness/blog/dcos-workshop-09>.

Post the workshop was the opening ceremony which had Mr. Sha Zukang, U.N. Under-Secretary General for Economic and Social Affairs, Tarek Kamel, the Egyptian Minister for Communications and Information Technology, Dr. Ahmed Nazif, the Prime Minister of Egypt, Tim Berners-Lee, and Jerry Yang. The theme of this year’s IGF was the rather unwieldy “access, diversity, openness, security, and critical Internet resources”. The spread of the Internet, as noted by Sha Zukang, is also quite revealing: In 2005, more than 50% of the people in developed regions were using the Internet, compared to 9% in developing regions, and only 1% in least developed countries. By the year 2009, the number of people connecting in developing countries had expanded by an impressive 475 million to 17.5%, and by 4 million in LDCs to 1.5%, while Internet penetration in developed regions increased to 64%. All in all (Jerry Yang pointed out), around 1.6 billion people, or about 25 per cent of the world, is online. Mr. Kamel noted that “the IGF has
proved only over four years that it is not just another isolated parallel process but it has rather managed to bring on board all the relevant stakeholders and key players”.

Of importance in many of the speeches were the accountability structures of the Internet due to the Affirmation of Commitment that the U.S. Department of Commerce signed with ICANN, and the growing internationalisation of the World Wide Web due to ICANN’s decision to allow for domain names in multiple languages. Tim Berners-Lee again pointed out the need to keep the Web universal, and in particular highlighted the role that royalty-free open standards play in building the foundations of the World Wide Web. Other than small remarks, privacy and freedom of expression did not really figure greatly in the opening ceremony. Jerry Yang, through his talk of the Global Net Initiative, was the one who most forcefully pointed out the need for both online. The Prime Minister of Egypt, in passing, pointed out the need to safeguard intellectual property rights online, but that note was (in a sense) countered by Sir Tim’s warning about the limiting effect of strong intellectual property would have on the very foundations of the World Wide Web and the Internet.

DAY 2 (Monday, November 16, 2009)

On the second day was begun by attending the Commonwealth IGF Open Forum. This open forum was most enlightening as in it one truly got to see Southern perspectives on display. Speakers (both on the dais as well as from the audience) were truly representative of the diversity of the Commonwealth, which presently includes 54 states and around 2.1 billion people (including 1.1 billion from India). Issues of concern included things such as the lack of voice of whole regions like East and West Africa in the international IG policy-making arena. Some of the participants noted that issues such as music piracy, which is a favourite topic of conversation in the West, is of no relevance to most in Africa where the pressing copyright- related issues those of education, translation rights, etc. One participant noted that “Intellectual property issues need developing countries to speak in one voice at international fora; the Commonwealth IGF might allow that.”

A number of people also brought up the issue of youth, and pointing towards children as both the present and the future of the Internet. This attitude also showed up in the session that was held later that day at Workshop 277 (IGF: Activating and Listening to the Voice of Tweens) in which not only were youth and IG issues discussed, but the discussion was also by youth. The formation of the new Dynamic Coalition on Youth and Internet Governance with Rafik Dammak as the coordinator also underlines the importance of this issue which came up at the CIGF open forum.

Other concerns were that of sharing ICT best practices and examples, and the need to urgently bridge the rural-urban divide that information and communication technologies often highlight, and sometimes end up precipitating. This divide is, in many ways, similar to the divide between developing and developed nations, and this point was also highlighted by many of the participants. One strength that the CIGF has as a platform, which the IGF possibly lacks, is the commonality of the legal systems of most of the Commonwealth countries, and hence the possibility that arises of joint policy-making. It was heartening to see that British Parliamentarians, apart from bureaucrats from many countries, were in attendance. This strong focus on developing countries and Southern perspective is, this reporter believes, one of the strengths of the CIGF, which needs to be pushed into the global IGF.

The next workshop attended was Workshop 92: A Legal Survey of Internet Censorship and Filtering, which was organized by UNESCO. A large number of very interesting people presented here, and panellists included IFLA/Bibliotheca Alexandrina (whose Sohair Washtawi was surprisingly critical of the Egyptian government), UNESCO (Mogens Schmidt), Freedom House (Robert Guerra), and Frank La Rue, U.N. Special Rapporteur for Freedom of Opinion and Expression. What came of this workshop was the need to engage with to study the online state of freedom of expression as fully as “offline” state of press freedoms are studied, as an interesting fact that came out of this workshop was that there are currently more online journalists behind bars around the world than traditional journalists. A critique of the Freedom House’s online freedom report, which was not sufficiently voiced at the workshop itself, is that it represents a very Western, state-centric idea of freedom of speech and expression, and often looks at the more direct forms of censorship (state censorship) rather than private censorship (via advertising revenue, copyright law, and “manufactured consent”) and self-censorship. This reporter also intervened from the audience to point out that copyright is often a way of curbing freedom of speech (as was the case with the newspaper scholarly reprints of Nazi-era newspapers in Germany recently, or with the Church of Scientology wishing
to silence its critics). The panellists, including Mogens Schmidt and Frank La Rue agreed, and responded by noting that this dimension of copyright requires greater reflection by those groups involved in promoting and safeguarding freedom of speech and expression both online and offline.

The time before the meeting of the Dynamic Coalition on Open Standards was spent listening to Bruce Schneier, Marc Rotenberg, Frank La Rue, Namita Malhotra, and others at the Openness, Security and Privacy Session. Bruce Schneier, one of the most astute and insightful thinkers on issues of security and privacy, focussed on a topic that anyone who reads his blog/newsletters would be familiar with: that openness, security and privacy are not really, contrary to popular perception, values that are inimical to each other. Mr. Schneier instead sees them as values that complement each other, and argued that one cannot ensure security by invading privacy of citizens and users. He noted that “privacy, security, liberty, these aren’t salient. And usually whenever you have these sort of non-salient features, the way you get them in society is through legislation.” On the same note, he held the view that privacy should not be a saleable commodity, but an inalienable fundamental right of all human beings (a position that Frank La Rue agreed with).

Apart from the traditional focus area of states, there was also a lot of focus on corporations and their accountability to their users. On the issue of corporations versus states, Frank La Rue made it clear that he believed the model that some corporations were advocating of first introducing technologies into particular markets, expanding, and then using that to push for human rights, was not a viable model. Human rights, he reiterated, were not alienable, and stated: “You [internet companies] strengthen democracy and democratic principles and then you bring up the technology. Otherwise, it will never work, and it is a self defeating point.”

The meeting of the Dynamic Coalition on Open Standards was next. This meeting served as a ground to build a formal declaration from Sharm el Sheik for DCOS. The meeting was held in the room Luxor, the seating in which was rectangular, promoting a vibrant discussion rather than making some people “presenters” and the rest “audience”. Many of the members of the Dynamic Coalition on Accessibility and Disability were in attendance, seeing common purpose with the work carried out by DCOS. There was spirited discussion on how best to move from a formulation of open standards as “principles” to more citizen- centric “rights”. This shift, pointed out as an important one because they allow for claims to be made in a way that principles and concessions do not. One of the participants helped re-draft the entire statement, based on suggestions that came from him and the rest of the participants. This was, in a sense, the IGF’s multi-stakeholderism (to coin a phrase) at its best.

Because of the late ending to the DCOS meeting, this reporter arrived late for the Commonwealth IGF follow-up meeting. It seemed that the meeting took its time in finding its raison d’être. It was, for a long while, unclear what direction the meeting was headed in because the suggestions from the audience members were of different types: programmatic actionable items, general thematic focus area suggestions, as well as general wishlists. However, in the end, this came together and became productive thanks to the focus that the chairperson and the rapporteur brought to the discussion. Furthermore, it was a great opportunity to connect with the various young people who had been brought together from various backgrounds to attend the IGF by the CIGF travel bursary. It will be interesting to see the shape that CIGF’s future work takes.

Day 3 (Tuesday, November 17, 2009)

The first session attended on the third day was the meeting on “Balancing the Need of Security with the Concerns for Civil Liberties”. The speakers included Alejandro Pisanty (Workshop Chair), Wolfgang Benedek, Steve Purser, Simon Davies, and Bruce Schneier. Once again, the one point that everyone agreed on is that those pitting security against privacy are creating a false dichotomy, and that for security to exist, privacy must be safeguarded. Steve Purser pointed out that common sense takes a long while to develop and that we, as a human collective, have not yet developed “electronic common sense”. Simon Davies’ main point was that accountability must necessarily be appended to all breaches of privacy in the name of security. Indeed, he lamented that oftentimes the situation is such that people have to justify their invocation of privacy, though the state’s invocation of security to trample privacy does not require any such justification. Security, he pointed out, is not something that is justified by the government, judged by the people, and to which the government is held accountable for its breaches of civil liberties.

Bruce Schneier, as usual, was quite brunt about things. He noted that only identity-based security have anything to do with privacy, and that there are a great many ways of ensuring security (metal detectors in a building, locks in a hotel room) that do not affect privacy. At the meeting, this reporter made a comment noting that a lot of debate is happening at a theoretical level, and that while a lot of good ideas are coming out of that discussion, those ideas have to be translated into good systems of governance in countries like India. Some organizations internationally are trying to make human readable privacy signs such as the human readable copyright licences used by Creative Commons. Concerning citizens’ privacy, a lot of systems (such as key escrow) that have been discredited by knowledgeable people (such as Bruce Schneier) are still being considered or adopted by many countries such as India (where this blew up because of a perceived security threat due to RIM BlackBerry’s encryption). National ID schemes are also being considered in many countries, without their privacy implications being explored. In the name of combatting terrorism, unregistered open wireless networks are being made illegal in India. While there have been informed debates on these issues at places like the IGF, these debates need to find actual recognition in the governance systems. That translation is very important.

The next session this reporter attended was the meeting of the Dynamic Coalition on Freedom of Expression of the Media on the Internet. Amongst the other items of discussion during the session, the site Global Voices Online was showcased, and many of the speakers gave their opinions on whether freedom of speech online required a new formulation of the rights, or just new applications of existing rights. The consensus seemed to be that tying up with the Internet Rights and Principles DC would be useful, but that the project need not be one of reformulation of existing rights, since the existing formulations (as found in a variety of international treaties, including the UDHR) were sufficient. One of the participants stressed though that it was important to extend freedom of press guarantees to online journalists (in matters such as defamation, or copyright violation, where news organizations might be granted protection over and above that which an ordinary citizen would receive). Citizen-led initiatives for circumventing censorship were also discussed.

Two very important points were raised during the Openness main session on Day 2 when someone noted that the freedom of expression was not only an individual right but it also a collective right: the right of peoples to express not only ideas but to express their cultures, their traditions, their language and to reproduce those cultures and languages and traditions without any limitation or censorship. This aspect of the freedom of expression finds much resonance in many Southern countries where collective and cultural rights are regarded as being as important as individual and civil-political rights. Secondly, Frank La Rue pointed out that freedom of speech and expression went beyond just giving out information and opinion: it extended to the right to receive information and opinion. Excessively harsh copyright regimes harm this delicate balance, and impinge on the free speech.

One of the issues that was not explored sufficiently was that of the changes wrought by the Internet on the issues raised by the participants. For instance, while there was much talk about defamation laws in many countries and their grave faults (criminal penalties, defamation of ideas and not just persons), there was no talk of issues such as forum-shopping that arises due to online defamation being viewable around the world with equal ease. Thankfully, the coordinators of the Dynamic Coalition urged people to register on the DC’s Ning site (http://dcexpression.ning.com) and keep the conversation alive there and on the DC’s mailing list.

The session held on Research on Access to Knowledge and Development, organized by the A2K Global Academy was most informative. It brought together many recent surveys of copyright law systems from around the world and their provisions for access to knowledge, including the Africa Copyright and Access to Knowledge project with which this reporter is very familiar. The three main focus areas of discussion were Access to Education (A2E), Open Source Software (OSS) and Access to Medicines (A2M). The best presentation of the day was that made by Carlos Affonso of FGV (Brazil) who made an impassioned case for access to knowledge in the developing world, showcasing many practical examples from Brazil. He noted that many of the examples he was showing were plainly illegal under Brazilian laws, which had very limiting limitations and exceptions. He showcased the usage of Creative Commons licensing, Technobrega music, usage of common ICT infrastructure (such as cybercafes), which are often only semi-legal, and the general acceptance of commons-based peer production. The conclusion of the Egyptian study was that more work is needed to expand access to educational materials, including expansion of the limitations and
exceptions to copyright law for educational purposes. The overall consensus of all the various studies was that open source software was playing a very useful and crucial role in promotion of access to knowledge, but pointed out that the main barrier that open source software was facing was that of anti-competitive practices and not something related to copyright law.

Day 4 (Wednesday, November 18, 2009)

On the last day, this reporter was a presenter in a workshop on the “Global State of Copyright and Access to Knowledge”. This session had the following panellists: Tobias Schonwetter, Faculty of Law, University of Cape Town; Bassem Awad, Chief Judge at the Egyptian Ministry of Justice and IP Expert; Perihan Abou Zeid, Faculty of Legal Studies and International Relations, Pharos University; Pranesh Prakash, Programme Manager, Centre for Internet and Society; Jeremy Malcolm, Project Coordinator, Consumers International; and Lea Shaver, Associate Research Scholar and Lecturer in Law at Yale Law School.

This workshop was the result of the merger of workshops proposed by the African Copyright and Access to Knowledge project, and by Consumers International (to showcase their IP Watch List). Lea Shaver noted that the purpose of copyright law is to encourage creativity and the diffusion of creative works, and not as an industrial subsidy. If copyright law gets in the way of creativity and access to knowledge, then it is in fact going against its purpose. She asserted that copyright law should be assessed by touchstones of access, affordability and participation. “Copyright shapes affordability and access because as the scope of rights expands, the more control is centralised and the less competition. It also shapes participation, because under current law the amateur who wants to build upon existing works is at a disadvantage, and risks running afoul of others’ rights.” Rent-seeking behaviour is what is driving the expansion that we see globally in the coverage of copyright law, and not the costs of production and distribution (which are ever becoming cheaper).

Dr. Abou Zeid noted that technology grants copyright holders (and even non-holders) great control over knowledge, and that strong safeguards are required against this control in the form of limitations to technological protection methods (TPMs). Further, copyright law must take advantage of the benefits offered by technology, such as distance education, granting access to the disabled, and must extend present day E&L to cover these as well. Tobias Schonwetter presented the findings of the ACA2K project, and noted that most countries granted greater protection to rights holders than international law required. Amongst the survey countries, none dealt with distance and e-learning, and only one (Uganda) dealt with the needs of the disabled. He hoped that the extended dissemination phase would assist other projects to build on ACA2K’s work. Thus, “legal systems worldwide are not meeting consumers’ needs for access to knowledge. A better legal system, the research suggests, would support non-commercial sharing and reuse of material, which in turn would drive down costs and increase sales of licensed material, and could also increase consumers’ respect for the law overall.”

The present reporter started by asking why this abstract phrase “access to knowledge” is so important. A2K actually effects almost all areas of concern to citizens and consumers: education, industry, food security, health, amongst many more areas. Mark Getty notes that “IP is the oil of the 21st century”. By creating barriers through IP, there is less scope for expansion and utilization of knowledge, and this most affect “IP poor” nations of the South. In India, there is a new copyright amendment that will introduce DRMs, even though India is not bound by international law to do so. There is also a very worrisome movement to pass state-level criminal statutes that class video pirates in the same category as “slum lords, drug peddlers and goonda”, which includes measures for preventative detention without warrant.

One tool to help change the mindsets of the public is the Consumers International IP Watch List, which can help policy makers and academics and advocates compare the best and worst practices of various countries. At an earlier session, Carlos Affonso of FGV had used the Watch List to demonstrate the weakness of Brazil’s copyright law on the educational front. Copyright is often characterised as a striking of balance between the interests of creators and consumers, but this rhetoric might be misplaced. In fact creators often benefit from freer sharing by users. Knowledge is an input into creation of works, not just an output from it. Given this, it is important to counter IP expansionism by using laws promoting freedom of speech, competition law, consumer law, privacy law, while framing them within the context of development (as appropriate in various countries), to eventually produce a change in mindsets of people.

Stock-Taking

As Jeremy Malcolm of Consumers International notes in his response to the formal stock-taking process, “the IGF is yet to develop from a simple discussion forum into a body that helps to develop public policy in tangible ways.” This reporter, writing for the Dynamic Coalition on Open Standards, also voted for the continuation of the IGF, “in order to ensure that the WSIS Declaration of Principles, specifically in the important area of open standards, be realised through a multi-stakeholder process.” The IGF is, in a sense, the least bureaucratic of the UN’s endeavours. But certain rules, evolved in inter-governmental settings, might require careful reconsiderations to suit the multi-stakeholder approach that the IGF embodies. The IGF also needs to reach out from being a conference for a few to becoming a place/process for the many.

General Reflections

While this year there were more remote participation hubs (13) than last (11), and the Remote Participation Working Group seems to have done much work and some serious reflection on that work, individual experiences sometimes did not match up with what was perceived as the collective experience (via RPWG’s feedback survey). As a workshop organizer, this reporter was not provided any information about the remote participation tools, nor was there any screening of remote participants’ comments. With the shift from a single (open-source) product DimDim, to two products, WebEx (sponsored by Cisco) and Elluminate, much confusion was created even amongst those in the know since there were two separate tools being used. It is this reporter’s perception that live captioning from the main sessions has been a great success, and will have to be used much more extensively, especially if places where the bandwidth to download streaming video does not exist. Further, they help create very useful quasi-official records of the various workshops and open fora that are held at the IGF. That apart, the suggestions offered by the
RPWG (live video feedback from the remote hubs, dedicated remote participation chair in each workshop,
etc.) should be worked upon this year to enable those who cannot travel to Vilnius to participate more effectively.

All the sessions that happened around intellectual property rights were highly critical of the present state of IP laws around the world, and were calling for a reversal of the IP expansionism we see from various perspectives (access to knowledge, competition law, etc.) However, it was often felt by this reporter that these workshops were cases of the choir being preached to. Of course, many new people were being introduced to these ideas, but generally there was appreciation but not as much opposition as one is used to hearing outside the IGF. An exception (in the IP arena) was the workshop on open standards, in which there was much heat as well as illumination. Perhaps, a greater effort could be made to engage with people who are critical of the Access to Knowledge movement, those who are critical of privacy being regarded as a fundamental right, and those who believe that cultural relativism (for instance) must find a central place while talking about the right to free speech. After all, when one leaves the IGF, these voices
are heard. Those voices must be engaged with at the IGF itself, and a way forward (in terms of concrete policy recommendations, whether at the local level or the international level) must be found. Of course, the problem with the above suggestion is that many of these values are embedded in the WSIS principles, and are taken as a granted. But, still, if such debate is not had at the IGF, it might become something much worse than a ‘talking shop’: a forum where not much meaningful talk happens.

Appendix I: Tweets and Dents During the IGF

This is list of some posts made by the reporter on the microblogging sites Twitter
(http://twitter.com/pranesh_prakash) and Identi.ca (http://identi.ca/pranesh) during the IGF.
# @leashaver: Recording of yesterday’s session by the Access to Knowledge ♺ Global Academy:
http://trunc.it/3dldl #a2kga #IGF09 #yaleisp 8:55 PM Nov 18th, 2009
# “Great possibilities of #foss, but a disabling, anti-competitive environment has stunted growth of
open source software in #Egypt.” #igf09 6:47 PM Nov 17th, 2009
# Excellent set of resources on Access to Knowledge, from @YaleISP: http://tr.im/F8At #igf09 6:37 PM
Nov 17th, 2009
# “Tecno brega in Brazil can only be bought from street vendors: good relationship between artists
and street vendors.” #igf09 6:30 PM Nov 17th, 2009
# “There is not even a private copying exception in Brazil”, but is still part of “axis of IP evil” for
rightsholders #igf09 6:26 PM Nov 17th, 2009
# Tobias: “Even though s/w patents are not allowed by SA law, some large MNC s/w comps found
ways of bypassing that & getting patents” #igf09 6:19 PM Nov 17th, 2009
# Case studies from SA: CommonSense project, Freedom to Innovate SA, OOXML v. ODF struggle #igf09
6:18 PM Nov 17th, 2009
# 2 new studies on #a2k from Brazil (http://tr.im/F8tI)and SA (http://tr.im/F8uJ). Also see ACA2K’s
outputs: http://tr.im/F8uQ #igf09 6:13 PM Nov 17th, 2009
# ♺ @sunil_abraham: RT @mathieuweill: #igf09 Dardailler : Internet standards are open standards
and that makes a difference! 3:57 PM Nov 17th, 2009
# Oops. Wrong URL. It should be: http://threatened.globalvoicesonline.org/ #igf09 3:46 PM Nov 17th,
2009
# Mogens Schmidt of UNESCO praises Global Voices Online. Says defamation & libel laws should not
be *criminal* offences. #igf09 3:40 PM Nov 17th, 2009
# http://threatened.globalvoices.org/ helps report on FoE issues with bloggers through crowdsourcing.
#igf09 3:24 PM Nov 17th, 2009
# “Along with the right to give out information and opinion is the right to receive information and
opinion”: Frank La Reu #a2k #igf09 3:13 PM Nov 17th, 2009
# Schneier: “Before we die, we will have a US President who’ll send a lolcat to the Russian PM” #igf09
2:06 PM Nov 17th, 2009
# Privacy vs. security is a false dichotomy. But any privacy that is taken away in name of security
must be turned into accountability. #igf09 1:50 PM Nov 17th, 2009
# All wireless networks now have to be registered in India, and we talk of privacy? @schneier #igf09
1:47 PM Nov 17th, 2009
# RT @rmack Free Expression Online dynamic coalition meeting at 11:30am Egypt time in Siwa Room.
http://dcexpression.ning.com #igf09 1:36 PM Nov 17th, 2009
# @OWD: E Daniel, (http://bit.ly/3oFYqu), takes on the myth of the Digital Native, ♺ reveals the shallowness
of their native knowledge. #igf09 12:05 AM Nov 17th, 2009
# Commonwealth IGF’s follow-up meeting took time to find out its raison d’etre, but ended on a productive
note. #igf09 11:34 PM Nov 16th, 2009
# #schneierfact : Bruce Schneier actually exists! I can see him! 6:53 PM Nov 16th, 2009
# @timdavies: You might then be interested at a report by @cis_india on a different take at DNs:
http://tr.im/F3tk 3:29 PM Nov 16th, 2009 from Gwibber in reply to timdavies
# Estonia & Georgia DDoS are famous, but individual NGOs are also being targetted by DoSes. #igf09
3:08 PM Nov 16th, 2009
# Now more online journalists are behind bars than offline ones. #freespeech #igf09 3:07 PM Nov 16th,
2009
# ♺ @aslam: if you get an email from nigeria people will block it because they think that it is spam -
reputation #fail #igf09 2:14 PM Nov 16th, 2009
# Many are saying: listen to children; document and share best ICT practices and examples; bridge
rural-urban divide as also devel’d-devel’g. 1:57 PM Nov 16th, 2009
# Several British Parliamentarians in the room at the Commonwealth IGF event #igf09 1:56 PM Nov
16th, 2009
# CIGF should look at gaps at IGF and speak to them. Our common legal systems allow for focus on legislations
(ie, on data protection) #igf09 1:36 PM Nov 16th, 2009
# “We need to get to a point where access to the Internet is seen as a human right” #igf09 1:27 PM
Nov 16th, 2009
# “Intellectual property issues need developing countries to speak in one voice at intl fora. Commonwealth
IGF might allow that.” #igf09 1:24 PM Nov 16th, 2009
# “Music aspects of the Internet debates, which gets so much focus, doesn’t have as much relevance
in W. Africa as education & health.” #igf09 1:21 PM Nov 16th, 2009
# Commonwealth covers more than 2 billion people. Some whole regions, like E. & W. Africa “have no
voice in Geneva & global IGF” #igf09 1:18 PM Nov 16th, 2009

For more details visit https://cis-india.org/internet-governance/blog/report-on-fourth-IGF

Report on the 5th Privacy Round Table meeting

maria — 2013-07-26T08:24:27Z

This report entails an overview of the discussions and recommendations of the fifth Privacy Round Table in Calcutta, on 13th July 2013.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

In 2013, the Centre for Internet and Society (CIS) in collaboration with the Federation of Indian Chambers of Commerce and Industry (FICCI), and the Data Security Council of India (DSCI), is holding a series of seven multi-stakeholder round table meetings on “privacy” from April 2013 to October 2013. The CIS is undertaking this initiative as part of their work with Privacy International UK on the SAFEGUARD project.

In 2012, the CIS and DSCI were members of the Justice AP Shah Committee which created the “Report of Groups of Experts on Privacy”. The CIS has recently drafted a Privacy (Protection) Bill 2013, with the objective of contributing to privacy legislation in India. The CIS has also volunteered to champion the session/workshops on “privacy” in the meeting on Internet Governance proposed for October 2013.

At the roundtables the Report of the Group of Experts on Privacy, DSCI´s paper on “Strengthening Privacy Protection through Co-regulation” and the text of the Privacy (Protection) Bill 2013 will be discussed. The discussions and recommendations from the round table meetings will be presented at the Internet Governance meeting in October 2013.

The dates of the seven Privacy Round Table meetings are enlisted below:

New Delhi Roundtable: 13 April 2013
Bangalore Roundtable: 20 April 2013
Chennai Roundtable: 18 May 2013
Mumbai Roundtable: 15 June 2013
Kolkata Roundtable: 13 July 2013
New Delhi Roundtable: 24 August 2013
New Delhi Final Roundtable and National Meeting: 19 October 2013

Following the first four Privacy Round Tables in Delhi, Bangalore, Chennai and Mumbai, this report entails an overview of the discussions and recommendations of the fifth Privacy Round Table meeting in Kolkata, on 13th July 2013.

Presentation by Mr. Reijo Aarnio – Finnish Data Protection Ombudsman

The fifth Privacy Round Table meeting began with a presentation by Mr. Reijo Aarnio, the Finnish Data Protection Ombudsman. In particular, Mr. Aarnio initiated his presentation by distinguishing privacy and data protection and by emphasizing the need to protect both equally within a legal framework. Mr. Aarnio proceeded by highlighting that 96 percent of the Finnish community believes that data protection is necessary, especially since it is considered to play an essential role in the enhancement of the self-determination of the individual. Fuerthermore, Mr. Aarnio pointed out that the right to privacy in Finland in guaranteed under section 10 of the Finnish constitution.

The Finnish Data Protection Ombudsman argued that in order for India to gain European data protection adequacy, the implementation of a regulation for data protection in the country is a necessary prerequisite. Mr. Aarnio argued that although the draft Privacy (Protection) Bill 2013 provides a decisive step in regulating the use of data, the interception of communications and surveillance in India, it lacks in defining the data controller and the data subject, both of which should be legally specified.

In order to support his argument that India needs privacy legislation, the Ombudsman clarified the term “data protection” by stating that it relates to the following:

individual autonomy
the right to know
the right to live without undue interference
the right to be evaluated on the basis of correct and relevant information
the right to know the criteria automatic decision-making systems are based on
the right to trust data security
the right to receive assistance from independent authorities
the right to be treated in accordance with all other basic rights in a democracy
the right to have access to public documents
the freedom of speech

In addition to the above, Mr. Aarnio argued that the reason why data protection is important is because it ensures the respect for human dignity, individual autonomy and honor.

The Finnish Data Protection Ombudsman gave a brief overview of the development and history of data protection, by citing the oathe of Hippokrates, the Great Revolutions and World War II, all throughout which data protection has gained increased significance. Mr. Aarnio pointed out that as a result of the development and proliferation of technology, societies have evolved and that data protection is a major component of the contemporary Information Society. The Ombudsman stated that in the Information Society, information is money and open data and big data are products which are being commercialised and commodified. Hence, in order to ensure that human rights are not commericalised and commodified in the process, it is necessary to establish legal safeguards which can prevent potential abuse.

Article 8 of the European Charter of Fundamental Rights guarantees the protection of personal data. Mr. Aarnio argued that the Parliament is the most important data protection authority in Europe and that privacy is legally guaranteed on three levels:

Protection of personal life: The Criminal Code (chapter 24) addresses and protects freedom of speech and secrecy regulations
Communication: Protection of content and traffic data
Data Protection: The Personal Data Act creates Right to Know and to affect/impact, the right to organise one's personal life, automatic processing of personal data and maintenance of register

The Ombudsman also referred to the Directive 95/46/EC of the European Parliament of 24 October 1995 on the protection of individuals with regard to the processing of personal data and the free movement of such data.

Mr. Aarnio argued that in the contemporary ecosystem of the Information Society, countries need “Privacy by Design”, which entails the description of the processing of personal data and the evaluation of its lawfulness. In particular, the purpose for the collection and processing of data should be legally defined, as well as whether such data will be shared with third parties, disclosed and/or retained. The Ombudsman argued that India needs to define its data controllers and to legally specify their roles, in order to ensure that the management of data does not result in the infringement upon the right to privacy and other human rights.

The Finnish Data Protection Ombudsman concluded his presentation by stating that data security is not only a technological matter, but also – and in some cases, mostly – a legal issue, which is why India should enact the draft Privacy (Protection) Bill 2013.

Discussion of the draft Privacy (Protection) Bill 2013

Chapter I: Definitions

The discussion of the draft Privacy (Protection) Bill 2013 commenced with a debate on whether such a Bill is necessary at all, given that section 43 of the IT Act is considered (by participants at the round table) to regulate the protection of data. It was pointed out that although section 43 of the Information Technology Act provides some rules for data protection, the Committee has stated that these rules are inadequate. In particular, India currently lacks statutory provisions dealing with data protection and rules are inadequate because they are subject to parliamentary debate, and the Parliament does not have the right to vote on rules. The Parliament does not have the right to amend rules, which means that it does not have the right to amend the rules on data protection under the IT Act. Since the rules under section 43 of the IT Act are not subject to parliamentary review, India needs a seperate privacy statutue. Hence, the round table reached a consensus on the discussion of the draft Privacy (Protection) Bill 2013.

Personal data is defined in the draft Privacy (Protection) Bill 2013 as any data which relates to a natural person, while sensitive personal data is defined as a subset of personal data, such as biometric data, medical history, sexual preference, political affiliation and criminal history. It was pointed out that race, religion and caste are not included in the Bill's definition for sensitive personal data because the Government of India refuses to acknowledge these types of information as personal data. According to the Government, the collection of such data is routine and there have been no cases when such data has been breached, which is why race, religion and caste should not be included in the definition for sensitive personal information. However, the last caste sensus took place in 1931 and since then there has been no caste sensus, because it is considered to be a sensitive issue. This contradictory fact to the government's position was pointed out during the round table meeting.

A participant argued that financial information should be included within the definition for sensitive personal data. This was countered by a participant who argued that India has the Credit Information Companies Act which covers credit information and sets out specific information for the protection of credit data by banks and relevant companies. Yet the question of whether general financial information should be included in the definition for sensitive personal data was further discussed, and many participants supported its inclusion in the definition.

The question of whether IP addresses should be included in the definition for personal data was raised. The response to this question was that IP addresses should be included in the definition since they relate to the identification of a natural person. However, the question of whether a specific IP address is considered personal data, as many individuals use the Web through the same IP address, remained unclear. Other participants raised the question of whether unborn humans and deceased persons should have privacy rights. The response to this was that in India, only the court can decide if a deceased person can have the right to privacy.

The controversy between the UID project and the protection of biometric data under the definition for sensitive personal information was discussed in the round table. In particular, it was pointed out that because the UID scheme requires the mass biometric collection in India is contradictory to the protection of such data under the Bill. As the UID scheme remains unregulated, it is unclear who will have access to the biometric data, who it will be shared with, whether it will be disclosed and retained and if so, for how long. All the questions which revolve around the implementation of the UID scheme and the use of the biometric data collected raise concerns in regards to what extent such data can realistically be protected under privacy legislation.

On this note, a participant mentioned that under EU regulation, an ID number is included in the definition for sensitive personal information and it was recommended that the same is added in India's draft Privacy (Protection) Bill 2013. Furthermore, a participant recommended that fingerprints are also included in the definition for sensitive personal data, especially in light of the NPR and UID scheme.

A participant argued that passwords should also be included in the definition for sensitive personal data, as well as private keys which are used for encryption and decryption. It was pointed out that section 69 of the IT Act requires the disclosure of encryption keys upon the request from authorities, which potentially can lead to the violation of privacy and other human rights. Hence the significance of protecting passwords and encryption keys which can safeguard data was highly emphasized and it was argued that they should definitely be included in the definition for sensitive personal data. This position was countered by a participant who argued that the Government of India should have access to private encyrption keys for national security purposes.

On the definition of sensitive personal data, it was emphasized that this term should relate to all data which can be used for discrimination, which is why it needs to be protected. It was further emphasized that it took Europe twelve years to reach a definition for personal data, which is why India still needs to look at the issue in depth and encounter all the possible violations which may potentially occur from the non-regulation of various types of data. Most participants agreed that financial information, passwords and private encryption keys should be added in the definition for sensitive personal data.

The fifth round table entailed a debate on whether political affiliation should be included in the definition for sensitive personal data. In particular, one participant argued that political parties disclose the names of their members and that in many cases they are required to do in order to show their source of income. Hence, it was argued that political affiliation should not be included in the definition for sensitive personal data, since it is not realistic to expect political parties to protect their members' privacy. This was countered by other participants who argued that anonymity in political communications is important, especially when an individual is in a minority position, which is why the term political affiliation should be included in the definition for sensitive personal data.

The discussion on the definitions in the draft Privacy (Protection) Bill 2013 concluded with comments that the definiton for surveillance is very exclusive of many types of surveillance. In particular, it was argued that the definition for surveillance does not appear to cover artificial intelligence, screen shots and various other forms of surveillance, all of which should be regulated.

Chapter II: Right to Privacy

Section 4 of the draft Privacy (Protection) Bill 2013 states that all natural persons have a right to privacy. Section 5 of the Bill includes exemptions to the right to privacy. On this note, it was pointed out that during the round table that there is no universal definition of privacy and thus it is challenging to define the term and to regulate it. Furthermore, the rapid pace at which technology is proliferating was emphasized, along with its impact on the right to privacy. For example, it was mentioned that emails were not covered by privacy legislation in the past, but this needs to be amended accordingly. The European Data Protection Directive was established in 1995 and does not regulate many privacy issues which arise through the Internet, which is why it is currently being reviewed. Similarily, it was argued that privacy legislation in India should encompass provisions for potential data breaches which may occur through the Internet and various forms of technology.

A participant argued that the draft Privacy (Protection) Bill 2013 should include provisions for data subjects, which enable them to address their rights. In particular, it was argued that data subjects should have the right to access information collected and retained about them and that they should have the right to make corrections. The reponse to this comment was that the Bill may be split into two seperate Bills, where the one would regulate data protection and the other would regulate the interception of communications and surveillance, while the data subject would be addressed extensively. Furthermore, participants raised questions of how to define the data controller and the data subjects within the Indian context.

Other questions which were raised during the round table included whether spam should be addressed by the Bill. Several participants argued that spam should not be regulated, as it is not necessarily harmful to data subjects. Other participants argued that the isse of access to data should be addressed prior to the definition of privacy. Another argument was that commerical surveillance should not be conducted within restrictions, which is why it should not be inlcuded in the exemptions to the right to privacy. It was also pointed out that residential surveillance should be allowed, as long as the cameras are pointed inwards and do not capture footage of third parties outside of a residence. On this note, it was argued that surveillance in the work place should also be exempted from the right to privacy, as that too can be considered the private property of the owner. Moreover, it was emphasized that the surveillance of specific categories of people should also be excluded from the exemptions to the right to privacy.

A participant argued that in some cases, NGOs may be collecting information for some “beneficial purpose” and that such cases should be excluded from the exemptions to the right to privacy. Other participants argued that in many cases, data needs to be collected for market research and that the Bill should regulate what applies in such cases. All such arguments were countered by a participant, who argued that Section 5 of the Bill on the exemptions to the right to privacy should be deleted, as it creates to many complications. This recommendation was backed up by the example of a husband capturing a photograph of his wife and then publishing the image without her consent.

During this discussion, a participant raised the question of to what extent the right to privacy applies to minors. This question was supported by the example of Facebook, where many minors have profiles but the extent to which this data is protected remains ambiguous. Furthermore, it was pointed out that it remains unclear whether privacy legislation can practically safeguard minors who choose to share their data online. A participant responded to these concerns by stating that Facebook is a data controller and has to comply with privacy law to protect its customers' data. It was pointed out that it does not matter if the data controller is a company or an NGO; in every case, the data controller is obliged to comply with data protection law and regulations.

Furthermore, it was pointed out that Facebook allows for minors aged 13 to create a profile, while it remains unclear how minors can enforce their privacy rights. In particular, it remains unclear how the mediated collection of minors' data can be regulated and it was recommended that this is addressed by the Bill. A participant replied to this by stating that Indian laws rule in favour of minors, but that this simultaneously remains a grey area. In particular, it was pointed out that rules under section 43 of the Information Technology (IT) Act cover Internet access by minors, but this still remains an unclear area which needs further debate and analysis.

The question which prevailed at the end of the discussion of Chapter 2 of the Bill was on the social media and minors, and on how minors' data can be protected when it is being published immediately through the social media, such as Facebook. Furthermore, it was recommended that the Bill addresses the practical operationalisation of the right to privacy within the Indian context.

Chapter III: Protection of Personal Data

The discussion of Chapter 3 of the draft Privacy (Protection) Bill 2013 on the protection of personal data commenced with a reference to the nine privacy principles of the Justice AP Shah Justice Committee. The significance of the principles of notice and consent were outlined, as it was argued that individuals should have the right to be informed about the data collected about them, as well as to have the rigt to access such data and make possible corrections.

Collection of Personal Data

The discussion on the collection of personal data (as outlined in Section 6 of Chapter 3 of the Bill) commenced with a participant arguing that a company seeking to collect personal data should always have a stated function. In particular, a company selling technological products or services should not collect biometric data, for example, unless it serves a specified function. It was pointed out that data collection should be restricted to the specified purposes. For example, a hospital should be able to collect medical data because it relates to its stated function, but an online company which provides services should not be eligible to collect such data, as it deviates from its stated function.

During the discussion, it was emphasized that individuals should have the right to be informed when their data is being collected, which data is being collected, the conditions for the disclosure of such data and everything else that revolves around the use of their data once it has been collected. However, a participant questioned whether it is practically feasible for individuals to provide consent to the collection of their data every time it is being collected, especially since the privacy policies of companies keep changing. Moreover, it was questioned whether companies can or should resume the consent of their customers once their privacy policy has changed. On this note, a participant argued that companies should be obliged to notify their customers every time their privacy policy changes and every time the purpose behind their data collection changes.

On the issue of consent for data collection, a participant argued that individuals should have the right to withdraw their consent, even after their data has been collected and in such cases, such data should be destroyed. This was countered by another participant who argued that it is not realistic to expect companies to acquire individual consent every time the purpose behind data collection changes, nor is it feasible to allow for the withdrawal of consent without probable cause.

The issue of indirect consent to the collection of personal data was raised and, in particular, several participants argued that the Bill should have provisions which would regulate circumstances where indirect consent can be obtained for the collection of personal data. Furthermore, it was emphasized that the Bill should also include a notice for all potential purposes of data collection which may arise in the future; if the purpose for data collection changes based on conditions specified, then companies should not be mandated to notify individuals. Moreover, a participant argued that the Bill should include provisions which would enable individuals to opt-in and/or opt-out from data collection.

On the issue of consent, it was further outlined that consent provides a legitimate purpose to process data and that the data subject should have the right to be informed prior to the collection of his or her data. However, it was emphasized that the draft Privacy (Protection) Bill 2013 is a very strict regulation, as consent cannot always be acquired prior to data collection, because there are many cases where this is not practically feasible. It was pointed out that in the European Data Protection Directive, it is clear that consent cannot always be acquired prior to data collection. The example of medical cases was mentioned, as patients may not always be capable to provide consent to data collection which may be necessary.

In particular, it was highlighted that the European Data Protection Directive includes provisions for the processing of personal data, as well as exceptions for when consent is not required prior to data collection. The Directive guarantees the legitimate interest of the data controller and data processing is based upon the provisions of privacy legislation. The outsourcing of data is regulated in the European Union, and it was recommended that India regulates it too. Following this comment, it was stated that the recent leaks on the NSA's surveillance raise the issue of non-consentual state collection of data and non-consentual private disclosure of data and a brief debate revolved around these issues in the round table.

On the issue of mediated data collection, the situations in which collected data is mediated by third parties was analysed. It was recommended that the law is flexible to address the various types of cases when collected data is mediated, such as when a guardian needs to handle and take decisions for data of a mentally disabled person being collected. However, it was pointed out that mediated data collection should be addressed sectorally, as a doctor, for example, would address mediated data in a different manner than a company. It was emphasized that specific cases – such a parent taking a mediated decision on the data collection of his or her child – should be enabled, whereas all other cases should be prohibited. Thus it was recommended that language to address the mediated collection of data should be included in the Bill.

A participant raised the question of whether there should be seperate laws for the private collection of data and state collection of data. It was mentioned that this is the case in Canada. Another question which was raised was what happens when state collectors hire private contractors. The UID was brought as an example of state collection of data, while private contractors have been hired and are involved in the process of data collection. This could potentially enable the collection and access of data by unauthorised third parties, to which individuals may have not given their consent to. Thus it was strongly recommended that the Bill addresses such cases and prevents unauthorised collection and access of data.

The discussion on the collection of personal data ended with an interesting test case study for privacy: should the media have the right to disclose individuals' personal data? A debate revolved around this question and participants recommended that the Bill regulates the collection, processing, sharing, disclosure and retention of personal data by the media.

Retention of Personal Data

The discussion on the retention of personal data commenced with the statement that there are various exceptions to the retention of data in India, which are outlined in various court cases. It was pointed out that data should be retained in compliance with the law, but this is problematic as, in various occasions, a verbal order by a policeman can be considered adequate, but this can potentially increase the probability for abuse. A question which was raised was whether an Act of Parliament should allow for the long term storage of data, especially when there is inadequate data to support its long-term retention. It was pointed out that in some cases there are laws which allow for the storage of data for up to ten years, without the knowledge – let alone the consent – of the individual. Thus, the issue of data retention in India remains vague and should be addressed by the draft Privacy (Protection) Bill 2013.

Questions were raised on the duration of data retention periods and on whether there should be one general data retention law or several sectoral data retention laws. The participants disagreed on whether an Act of Parliament should regulate data retention or whether data retention should be regulated by sectoral authorities. A participant recommended “privacy by design” and stated that the question of data retention should be addressed by data controllers. Other participants raised the question of purpose limitation, especially for cases when data is being re-retained after the end of its retention period. A participant recommended that requirements for the anonymisation of data once it has exceeed its retention period should be established. However, this proposal was countered by participants who argued that the pracitcal enforcement of the anonymisation of retained data is not feasible within India.

Destruction of Personal Data

The retention of personal data can be prevented once data has been destroyed. However, participants argued that various types of data are being collected through surveillance products which are controlled by private parties. In such cases, it was argued that it remains unclear how it will be verified that data has indeed being destroyed.

A participant argued that the main problem with data destruction is that even if data has been deleted, it can be retrieved up to seven times; thus the question which arises is how can individuals know if their data has been permanently destroyed, or if it is being secretly retrieved. Questions were raised on how the permanent retention of data can be prevented, especially when even deleted data can be retrieved. Hence it was recommended that information security experts cooperate with data controllers and the Privacy Commissioner, to ensure that data is permanently destroyed and/or that data is not being accessed after the end of its retention period. Such experts would ensure that data is actually being destroyed.

Another participant pointed out the difference between the wiping of data and the deletion of data. In particular, the participant argued that data is being deleted when it is being overwritten by other data, and can potentially be recovered. Wiping of data, on the other hand, involves the wiping out of data which can never be recovered. The participant recommended that the Bill explicitly states that data is wiped out in order to ensure that data is not being indirectly retained.

Processing of Personal Data

The dicsussion on the processing of personal data began with the question of national archives. In particular, participants argued that if the processing of data is strictly regulated, that would restrict access to national archives and the draft Privacy (Protection) Bill 2013 should address this issue.

Questions were raised on the non-consentual processing of personal data and on how individual consent should be acquired prior to the processing of personal data. It was pointed out that the Article 29 Working Party has published an Opinion on purpose limitation with regards to data processing and it was recommended that a similar approach is adopted in India.

Furthermore, it was stated that IT companies are processing data from the EU and the U.S., but it remains unclear how individual consent can be obtained in such cases. A debate evolved on how to bind foreign data processors to meet the data requirements of India, as a minimum prerequisite to ensure that outsourced data is not breached. In light of the Edward Snowden leaks of NSA surveillance, many questions were raised on how Indian data outsourced and stored abroad can be protected.

It was highlighted during the round table that all data processing in India requires certification, but since the enforceability of the contracts relies on individuals, this raises issues of data security. Moreover, questions were raised on how Indian companies can protect the data of their foreign data subjects. Thus, it was recommended that the processing of data is strictly regulated through the draft Privacy (Protection) Bill 2013 to ensure that outsourced data and data processed in the country is not breached.

Security of Personal Data

On the issue of data security, the participants argued that the data subject should always be informed in cases when the confidentiality of their personal data is violated. Confidentiality is usually contractually limited, whereas secrecy is not, which is why both terms are included in the draft Privacy (Protection) Bill 2013. In particular, secrecy is usually used for public information, whereas confidentiality is not.

Participants argued that the Bill should include restrictions on the media, in order to ensure that the confidentiality and integrity of their sources' data is preserved. Several participants stated that the Bill should also include provisions for whistleblowers which would provide security and confidentiality for their data. The participants of the round table engaged in a debate on whether the media should be strictly regulated in order to ensure the confidentiality of their sources' data. On the one hand, it was argued that numerous data breaches have occured as a result of the media mishandling their sources' data. On the other hand, it was stated that all duties of secrecy are subject to the public interest, which is why the media reports on them and which is why the media should not be restricted.

Disclosure of Personal Data

The discussion on the disclosure of personal data commenced with participants pointing out that the draft Privacy (Protection) Bill 2013 does not include requirements for consent prior to the disclosure of personal data, which may potentially lead to abuse. Questions were raised on the outsourcing of Indian data abroad and on the consequences of its foreign disclosure. Once data is outsourced, it remains unclear how the lawful disclosure or non-disclosure of data can be preserved, which is why it was recommended that the Bill addresses such issues.

A participant argued that there is a binding relationship between the data controller and the data subject and that disclosure should be regulated on a contractual level. Another participant raised the question of enforcement: How can regulations on the disclosure of personal data be enforced? The response to this question was that the law should focus on the data controller and that when Indian data is being outsourced abroad, the Indian data controller should ensure that the data subjects' data is not breached. However, other participants raised the question of how data can be protected when it is outsourced to countries where the rule of law is not strong and when the country is considered inadequate in terms of data protection.

With an increased transnational flow of information, questions arise on how individuals can protect their information. A participant recommended that it should be mandatory for companies to state in their contracts who they are outsourcing data to and whether such data will be disclosed to third parties. However, this proposal as countered by a participant who argued that even if this was inforced, it is still not possible to enforce the rights of an Indian data subject in a country which does not have a strong rule of law or which generally has weak legislation. A specific example was mentioned, where E.G. Infosys and Wipro Singapore have a contractual agreement and Indian data is outsourced. It was pointed out that if such data is breached, it remains unclear if the individual should address this issue to Wipro India, as well as which law should apply in this case and whether companies should be liable.

A participant suggested that the data controller discloses data without having acquired prior consent, if the Government of India requests it. However, this was countered by a participant who argued that even in such a case, the question of regulating access to data still remains. Other participants argued that the Right to Information Act has been misused and that too much information is currently being disclosed. It was recommended that the Right to Information Act is amended and that the Bill includes strict regulations for the disclosure of personal data.

Meeting Conclusion

The fifth Privacy Round Table meeting commenced with a presentation on privacy and data protection by Mr. Reijo Aarnio, the Finnish Data Protection Ombudsman, and proceeded with a discussion of the draft Privacy (Protection) Bill 2013. The participants engaged in a heated debate and provided recommendations for the definitions used in the Bill, as well as for the regulation of data protection. The recommendations for the improvement of the draft Privacy (Protection) Bill 2013 will be considered and incorporated in the final draft.

For more details visit https://cis-india.org/internet-governance/blog/report-on-the-5th-privacy-round-table

Report on the 'Open Access to Academic Knowledge' workshop

thomas — 2012-01-08T10:57:30Z

On Wednesday the 2nd of November, during Open Access Week, the Indian Institute of Science in conjunction with the Centre for Internet and Society held a workshop on Open Access at the National Centre for Science Information, in Bangalore.

The purpose of the event was to discuss open-access (OA) among research institutions in Bangalore. A great mixture of institutions were represented - some which already had OA archives, and others which did not. The hope was to have an unstructured and open dialogue about various open-access questions, and to loosely follow an open-space technology format.

Copyright and plagiarism
Before the meeting had officially started, a debate began on the question of whether OA increases plagiarism. There were some first-hand accounts of work being made OA and then copied by third-parties, in some cases for commercial purposes. This seemed like a concern for those thinking about setting up a repository, but the counter-point was offered that plagiarism might be reduced with OA because the work is more visible, and thus copying is more visible also.

A speech by Francis Jayakanth
Then we introduced ourselves and had a speech from Dr Francis Jayakanth (recent recipient of the EPT Award) on some Open Access ideas. Afterwards we opened for group discussion. Various attendants mentioned the importance Dr Jayakanth's speech for understanding the issues.

The benefit of Open Access is increased recognition
Several participants noted that most academic literature is available via inter-library loan (albeit more slowly than OA). The real benefit was seen to be not getting literature and ideas into the institution, but increasing the visibility of the institution to those outside.

The problem of motivating academics
Another common theme was a reluctance from academics to upload work once a repository was established. It was said that OA journals need to increase their impact factor in order to encourage usage, and that academics need to be more aware of all the resources available and the personal career benefits of using OA repositories.

Topics of discussion for next time
After the event there was an opportunity to describe some of things that we might discuss next time. One participant suggested we talk more about the National Open Access Policy and its future. Another suggested topic was more explanation from institutions which do have repositories on the best way to establish one, and what issues to expect. A final point that may be included next time is preservation - how to make sure that OA repositories are backwards compatible and equipped to store information over the long term.

Conclusions
Attendance was fantastic, and we must thank Sridhar Gutam for his help. At the end of the meeting one of the attendants declared they would establish a repository within six months. Those who came were:

Indian Institute of Horticulture Research
Dr. Leela Sahijram
Dr. Dr. Akella Vani
Mr. S Thippeswamy
Dr. Chithiraichelvan

National Institute of Mental Health and Neuro Sciences
Dr. HS Siddamallaiah

Raman Research Institute
Dr. BM Meera
Ms. Vrinda J Benegal

Indian Institute of Astrophysics
Dr. Christina Birdie

National Bureau of Agriculturally Important Insects
Dr. Kumud Tyagi
Dr. Ankita Gupta
Mrs. M Pratheepa

National Aerospace Laboratories
Dr. Poornima Narayana
Ms. V Indrani
Mr. BS Shivaram

National Institute of Animal Nutrition and Physiology
Mr. Sivasankaramakrishnan

Indian Institute of Science
Ms. Maheswari
Dr. Francis Jayakanth

Centre for Internet and Society
Mr. Royson Velankanni
Mr. Tom Dane
also attending was Mr Giridhar Khasnis, a freelance writer.

The meeting was held within the Indian Institute of Science, in Bangalore.

We recorded the meeting, and you can listen to it here:

Open Access workshop at the Indian Institute of Science by Cis_India on Mixcloud

For more details visit https://cis-india.org/openness/report-on-the-open-access-to-academic-knowledge-workshop

Report on Open Standards for GISW2008

pranesh — 2009-01-05T06:52:54Z

In this report, Sunil Abraham lays out the importance and the policy implications of Open Standards.

[PDF copy]

Most computer users today remain “digitally colonised” (Bhattacharya, 2008) due to our unquestioning use of proprietary standards. As users of proprietary standards we usually forget that we lose the right to access our own files the moment the licence for the associated software expires. For example, if I were to store data, information or knowledge in .doc, .xls or .ppt format, my ability to read my own files expires the moment the licence for my copy of Microsoft Office expires.

Definition

Unlike the terms “free software” or “open source software”, the term “open standard” does not have a universally accepted definition. The free and open source software (FOSS) community largely believes that an open standard is:

[S]ubject to full public assessment and use without constraints [royalty-free] in a manner equally available to all parties; without any components or extensions that have dependencies on formats or protocols that do not meet the definition of an open standard themselves; free from legal or technical clauses that limit its utilisation by any party or in any business model; managed and further developed independently of any single vendor in a process open to the equal participation of competitors and third parties; available in multiple complete implementations by competing vendors, or as a complete implementation equally available to all parties (Greve, 2007).

The controversy

Proprietary software manufacturers, vendors and their lobbyists often provide a definition of open standards that is not in line with the above definition on two counts (Nah, 2006).

One, they do not think it is necessary for an open standard to be available on a royalty-free basis as long as it is available under a “reasonable and non-discriminatory” (RAND) licence. This means that there are some patents associated with the standard and the owners of the patents have agreed to license them under reasonable and non-discriminatory terms (W3C, 2002). One example is the audio format MP3, an ISO/IEC [International Organisation for Standardisation/International Electrotechnical Commission] standard where the associated patents are owned by Thomson Consumer Electronics and the Fraunhofer Society of Germany. A developer of a game with MP3 support would have to pay USD 2,500 as royalty for using the standard. While this may be reasonable in the United States (US), it is unthinkable for an entrepreneur from Bangladesh. Additionally, RAND licences are incompatible with most FOSS licensing requirements. Simon Phipps of Sun Microsystems says that FOSS “serves as the canary in the coalmine for the word ‘open’. Standards are truly open when they can be implemented without fear as free software in an open source community” (Phipps, 2007). RAND licences also retard the growth of FOSS, since they are patented in a few countries. Despite the fact that software is not patentable in most parts of the world, the makers of various distributions of GNU/Linux do not include reverse-engineered drivers, codecs, etc., in the official builds for fear of being sued. Only the large corporation-backed distributions of GNU/Linux can afford to pay the royalties needed to include patented software in the official builds (in this way enabling an enhanced out-of-the-box experience). This has the effect of slowing the adoption of GNU/Linux, as less experienced users using community-backed distributions do not have access to the wide variety of drivers and codecs that users of other operating systems do (Disposable, 2004). This vicious circle effectively ensures negligible market presence of smaller community-driven projects by artificial reduction of competition.

Two, proprietary software promoters do not believe that open standards should be “managed and further developed independently of any single vendor,” as the following examples will demonstrate. This is equally applicable to both new and existing standards.

Microsoft’s Office Open XML (OOXML) is a relatively new standard which the FOSS community sees as a redundant alternative to the existing Open Document Format (ODF). During the OOXML process, delegates were unhappy with the fact that many components were specific to Microsoft technology, amongst other issues. By the end of a fast-track process at the ISO, Microsoft stands accused of committee stuffing: that is, using its corporate social responsibility wing to coax non-governmental organisations to send form letters to national standards committees, and haranguing those who opposed OOXML. Of the twelve new national board members that joined ISO after the OOXML process started, ten voted “yes” in the first ballot (Weir, 2007). The European Commission, which has already fined Microsoft USD 2.57 billion for anti-competitive behaviour, is currently investigating the allegations of committee stuffing (Calore, 2007). Microsoft was able to use its financial muscle and monopoly to fast-track the standard and get it approved. In this way it has managed to subvert the participatory nature of a standards-setting organisation. So even though Microsoft is ostensibly giving up control of its primary file format to the ISO, it still exerts enormous influence over the future of the standard.

HTML, on the other hand, is a relatively old standard which was initially promoted by the Internet Engineering Task Force (IETF), an international community of techies. However, in 2002, seven years after the birth of HTML 2.0, the US Department of Justice alleged that Microsoft used the strategy of “embrace, extend, and extinguish” (US DoJ, 1999) in an attempt to create a monopoly among web browsers. It said that Microsoft used its dominance in the desktop operating system market to achieve dominance in the web-authoring tool and browser market by introducing proprietary extensions to the HTML standard (Festa, 2002). In other words, financial and market muscle have been employed by proprietary software companies – in these instances, Microsoft – to hijack open standards.

The importance

There are many technical, social and ethical reasons for the adoption and use of open standards. Some of the reasons that should concern governments and other organisations utilising public money – such as multilaterals, bilaterals, civil society organisations, research organisations and educational institutions – are listed below.

Innovation/competitiveness: Open standards are the bases of most technological innovations, the best example of which would be the internet itself (Raymond, 2000). The building blocks of the internet and associated services like the world wide web are based on open standards such as TCP/IP, HTTP, HTML, CSS, XML, POP3 and SMTP. Open standards create a level playing field that ensures greater competition between large and small, local and foreign, and new and old companies, resulting in innovative products and services. Instant messaging, voice over internet protocol (VoIP), wikis, blogging, file-sharing and many other applications with large-scale global adoption were invented by individuals and small and medium enterprises, and not by multinational corporations.
Greater interoperability: Open standards ensure the ubiquity of the internet experience by allowing different devices to interoperate seamlessly. It is only due to open standards that consumers are able to use products and services from competing vendors interchangeably and simultaneously in a seamless fashion, without having to learn additional skills or acquire converters. For instance, the mail standard IMAP can be used from a variety of operating systems (Mac, Linux and Windows), mail clients (Evolution, Thunderbird, Outlook Express) and web-based mail clients. Email would be a completely different experience if we were not able to use our friends’ computers, our mobile phones, or a cybercafé to check our mail.
Customer autonomy: Open standards also empower consumers and transform them into co-creators or “prosumers” (Toffler, 1980). Open standards prevent vendor lock-in by ensuring that the customer is able to shift easily from one product or service provider to another without significant efforts or costs resulting from migration.
Reduced cost: Open standards eliminate patent rents, resulting in a reduction of total cost of ownership. This helps civil society develop products and services for the poor.
Reduced obsolescence: Software companies can leverage their clients’ dependence on proprietary standards to engineer obsolescence into their products and force their clients to keep upgrading to newer versions of software. Open standards ensure that civil society, governments and others can continue to use old hardware and software, which can be quite handy for sectors that are strapped for financial resources.
Accessibility: Operating system-level accessibility infrastructure such as magnifiers, screen readers and text-to-voice engines require compliance to open standards. Open standards therefore ensure greater access by people with disabilities, the elderly, and neo-literate and illiterate users. Examples include the US government’s Section 508 standards, and the World Wide Web Consortium’s (W3C) WAI-AA standards.
Free access to the state: Open standards enable access without forcing citizens to purchase or pirate software in order to interact with the state. This is critical given the right to information and the freedom of information legislations being enacted and implemented in many countries these days.
Privacy/security: Open standards enable the citizen to examine communications between personal and state-controlled devices and networks. For example, open standards allow users to see whether data from their media player and browser history are being transmitted along to government servers when they file their tax returns. Open standards also help prevent corporate surveillance.
Data longevity and archiving: Open standards ensure that the expiry of software licences does not prevent the state from accessing its own information and data. They also ensure that knowledge that has been passed on to our generation, and the knowledge generated by our generation, is safely transmitted to all generations to come.
Media monitoring: Open standards ensure that the voluntary sector, media monitoring services and public archives can keep track of the ever-increasing supply of text, audio, video and multimedia generated by the global news, entertainment and gaming industries. In democracies, watchdogs should be permitted to reverse-engineer proprietary standards and archive critical ephemeral media in open standards.

Policy implications

Corporations have a right to sell products based on proprietary standards just as consumers have a right to choose between products that use open standards, proprietary standards, or even a combination of such standards. Governments, however, have a responsibility to use open standards, especially for interactions with the public and where the data handled has a direct impact on democratic values and quality of citizenship. In developing countries, governments have greater responsibility because most often they account for over 50% of the revenues of proprietary software vendors. Therefore, by opting for open standards, governments can correct an imbalanced market situation without needing any additional resources. Unfortunately, many governments lack the expertise to counter the campaigns of fear, uncertainty and doubt unleashed by proprietary standards lobbyists with unlimited expense accounts.

Most governments from the developing world do not participate in international standard-setting bodies. On the other hand, proprietary software lobbyists like the Business Software Alliance (BSA) and Comptia attend all national meetings on standards. This has forced many governments to shun these forums and exacerbate the situation by creating more (totally new) standards. Therefore, governments need the support of academic and civil society organisations in order to protect the interests of the citizen. For example, the Indian Institute of Technology in Kanpur (IIT-K) helped the government of India develop the open standard Smart Card Operating System for Transport Applications (SCOSTA) for smart card-based driving licences and vehicle registration documents. Proprietary vendors tried to jettison the move by saying that the standard was technically not feasible. IIT-K developed a reference implementation on FOSS to belie the vendor's claims. As a consequence, the government of India was able to increase the number of empanelled smart-card vendors from four to fifteen and reduce the price of a smart card by around USD 7 each (UNDP, 2007a). This will hopefully result in enormous savings during the implementation of a national multi-purpose identification card in India.

In some instances, proprietary standards are technically superior or more universally supported in comparison to open standards. In such cases the government may be forced to adopt proprietary and de facto standards in the short and medium term. But for long-term technical, financial and societal benefits, many governments across the world today are moving towards open standards. The most common policy instruments for implementation of open standards policy are government interoperability frameworks (GIFs). Governments that have published GIFs include the United Kingdom, Denmark, Brazil, Canada, the European Union, Malaysia, Hong Kong, Malaysia, New Zealand, and Australia (UNDP, 2007b).

While challenges to the complete adoption of open standards in the public sector and civil society remain, one thing is certain: the global march towards openness, though slow, is irreversible and inevitable.

References

Bhattacharya, J. (2008) Technology Standards: A Route to Digital Colonization. Open Source, Open Standards and Technological Sovereignty. .
Available at:
knowledge.oscc.org.my/practice-areas/‌government‌/oss-seminar-putrajaya-2008/technology-standards-a-route-to-digital/at_download/file

Calore, M. (2007) Microsoft Allegedly Bullies and Bribes to Make Office an International Standard. Wired, 31 August.
Available at: www.wired.com/software/coolapps/news/2007/08/ooxml_vote

Disposable (2004) Ubuntu multimedia HOWTO.
Available at: www.oldskoolphreak.com/tfiles/‌hack/‌ubuntu.txt

Festa, P. (2002) W3C members: Do as we say, not as we do. CNET News, 5 September.
Available at: news.cnet.com/2100-1023-956778.html

Greve, G. (2007) An emerging understanding of open standards.
.
Available at: www.fsfe.org/‌fellows‌/greve/freedom_bits/an_emerging_understanding_of_open_standards

Nah, S.H. (2006) FOSS Open Standards Primer. New Delhi: UNDP-APDIP.
Available at: www.iosn.net/open-standards/foss-open-standards-primer/foss-openstds-withnocover.pdf

Phipps, S. (2007) Roman Canaries..
Available at: blogs.sun.com/webmink/entry/‌roman_canaries‌

Raymond, E.S. (2000) The Magic Cauldron.
Available at: www.catb.org/~esr/writings/‌cathedral-‌bazaar/‌magic-‌cauldron/‌index.html

Toffler, A. (1980) The Third Wave. New York: Bantam.

UNDP (United Nations Development Programme) (2007a) e-Government Interoperability: A Review of Government Interoperability Frameworks in Selected Countries.
Available at: www.apdip.net/projects/gif/gifeprimer

UNDP (2007b) e-Government Interoperability: Guide.
Available at: www.apdip.net/projects/gif/GIF-Guide.pdf

US DoJ (Department of Justice) (1999) Proposed Findings of Fact – Revised.
Available at: www.usdoj.gov/‌atr/‌cases/‌f2600/v-a.pdf

W3C (World Wide Web Consortium) (2002) Current patent practice.
Available at: www.w3.org/TR/patent-practice#def-RAND

Weir, R. (2007) How to hack ISO.
Available at: www.robweir.com/blog/2007/09/how-to-hack-iso.html

For more details visit https://cis-india.org/openness/publications/standards/report-on-open-standards-for-gisw2008

Report on Open Standards for GISW 2008

pranesh — 2011-08-23T02:57:53Z

A report on Open Standards prepared by Sunil Abraham, for the Global Information Society Watch 2008. As on their site, GISWatch focuses on monitoring progress made towards implementing the World Summit on the Information Society (WSIS) action agenda and other international and national commitments related to information and communications. It also provides analytical overviews of institutions involved in implementation.

For more details visit https://cis-india.org/publications-automated/cis/sunil/Open-Standards-GISW-2008.pdf

Report on CIS' Workshop at the IGF:'An Evidence Based Framework for Intermediary Liability'

jyoti — 2014-09-24T10:47:30Z

An evidence based framework for intermediary liability' was organised to present evidence and discuss ongoing research on the changing definition, function and responsibilities of intermediaries across jurisdictions.

The discussion from the workshop will contribute to a comprehensible framework for liability, consistent with the capacity of the intermediary and with international human-rights standards.

Electronic Frontier Foundation (USA), Article 19 (UK) and Centre for Internet and Society (India) have come together towards the development of best practices and principles related to the regulation of online content through intermediaries. The nine principles are: Transparency, Consistency, Clarity, Mindful Community Policy Making, Necessity and Proportionality in Content Restrictions, Privacy, Access to Remedy, Accountability, and Due Process in both Legal and Private Enforcement. The workshop discussion will contribute to a comprehensible framework for liability that is consistent with the capacity of the intermediary and with international human-rights standards. The session was hosted by Centre for Internet and Society (India) and Centre for Internet and Society, Stanford (USA) and attended by 7 speakers and 40 participants.

Jeremy Malcolm, Senior Global Policy Analyst EFF kicked off the workshop highlighting the need to develop a liability framework for intermediaries that is derived out of an understanding of their different functions, their role within the economy and their impact on human rights. He went on to structure the discussion which would follow to focus on ongoing projects and examples that highlight central issues related to gathering and presenting evidence to inform the policy space.

Martin Husovec from the International Max Planck Research School for Competition and Innovation, began his presentation, tracking the development of safe harbour frameworks within social contract theory. Opining that safe harbour was created as a balancing mechanism between a return of investments of the right holders and public interest for Internet as a public space, he introduced emerging claims that technological advancement have altered this equilibrium. Citing injunctions and private lawsuits as instruments, often used against law abiding intermediaries, he pointed to the problem within existing liability frameoworks, where even intermediaries, who diligently deal with illegitimate content on their services, can be still subject to a forced cooperation to the benefit of right holders. He added that for liability frameworks to be effective, they must keep pace with advances in technology and are fair to right holders and the public interest.

He also pointed that in any liability framework because the ‘law’ that prescribes an interference, must be always sufficiently clear and foreseeable, as to both the meaning and nature of the applicable measures, so it sufficiently outlines the scope and manner of exercise of the power of interference in the exercise of the rights guaranteed. He illustrated this with the example of the German Federal Supreme Court attempts with Wi-Fi policy-making in 2010. He also raised issues of costs of uncertainty in seeking courts as the only means to balance rights as they often, do not have the necessary information. Similarly, society also does not benefit from open ended accountability of intermediaries and called for a balanced approach to regulation.

The need for consistency in liability regimes across jurisdictions, was raised by Giancarlo Frosio, Intermediary Liability Fellow at Stanford's Centre for Internet and Society. He introduced the World Intermediary Liability Map, a project mapping legislation and case law across 70 countries towards creating a repository of information that informs policymaking and helps create accountability. Highlighting key takeaways from his research, he stressed the necessity of having clear definitions in the field of intermediary liability and the need to develop taxonomy of issues to deepen our understanding of the issues at stake towards an understanding of type of liability appropriate for a particular jurisdiction.

Nicolo Zingales, Assistant Professor of Law at Tilburg University highlighted the need for due process and safeguards for human rights and called for more user involvement in systems that are in place in different countries to respond to requests of takedown. Presenting his research findings, he pointed to the imbalance in the way notice and takedown regimes are structured, where content is taken down presumptively, but the possibility of restoring user content is provided only at a subsequent stage or not at all in many cases. He cited several examples of enhancing user participation in liability mechanisms including notice and notice, strict litigation sanction inferring the knowledge that the content might have been legal and shifting the presumption in favor of the users and the reverse notice and takedown procedure. He also raised the important question, if multistakeholder cooperation is sufficient or adequate to enable the users to have a say and enter as part of the social construct in this space? Reminding the participants of the failure of the multistakeholder agreement process regarding the cost for the filters in the UK, that would be imposed according to judicial procedure, he called for strengthening our efforts to enable users to get more involved in protecting their rights online.

Gabrielle Guillemin from Article 19 presented her research on the types of intermediaries and models of liability in place across jurisdictions. Pointing to the problems associated with intermediaries having to monitor content and determine legality of content, she called for procedural safeguards and stressed the need to place the dispute back in the hands of users and content owners and the person who has written the content rather than the intermediary. She goes on to provide some useful and practically-grounded solutions to strengthen existing takedown mechanisms including, adding details to the notices, introducing fees in order to extend the number of claims that are made and defining procedure regards criminal content.

Elonnai Hickok introduced CIS' research to the UNESCO report Fostering Freedom Online: the Role of Internet Intermediaries, comparing a range of liability models in different stages of development and provisions across jurisdictions. She argued for a liability framework that tackles procedural and regulatory uncertainty, lack of due process, lack of remedy and varying content criteria.

Francisco Vera, Advocacy Director, Derechos Digitales from Chile raised issues related to mindful community policy-making expounding on Chile's implementation of intermediary liability obligation with the USA, the introduction of judicial oversight under Chilean legislation which led to US objection to Chile on grounds of not fulfilling their standards in terms of Internet property protection. He highlighted the tensions that arise in balancing the needs of the multiple communities and interests engaged over common resources and stressed the need for evidence in policy-making to balance the needs of rights holders and public interest. He stressed the need for evidence to inform policy-making and ensure it keeps pace with technological developments citing the example of the ongoing Transpacific Partnership Agreement negotiations that call for exporting provisions DMCA provisions to 11 countries even though there is no evidence of the success of the system for public interest. He concluded by cautioning against the development of frameworks that are or have the potential to be used as anti-competitive mechanisms that curtail innovation and therby do not serve public interest.

Malcolm Hutty associated with the European Internet Service Providers Association, Chair of the Intermediary Reliability Committee and London Internet Exchange brought in the intermediaries' perspective into the discussion. He argued for challenging the link between liability and forced cooperation, understated the problems arising from distinction without a difference and incentives built in within existing regimes. He raised issues arising from the expectancy on the part of those engaged in pre-emptive regulation of unwanted or undesirable content for intermediaries to automate content. Pointing to the increasing impact of intermediaries in our lives he underscored how exposing vast areas of people's lives to regulatory enforce, which enhances power of the state to implement public policy in the public interest and expect it to be executed, can have both positive and negative implications on issues such as privacy and freedom of expression.

He called out practices in regulatory regimes that focus on one size fits all solutions such as seeking automating filters on a massive scale and instead called for context and content specific solutions, that factor the commercial imperatives of intermediaries. He also addressed the economic consequences of liability frameworks to the industry including cost effectiveness of balancing rights, barriers to investments that arise in heavily regulated or new types of online services that are likely to be the targeted for specific enforcement measures and the long term costs of adapting old enforcement mechanisms that apply, while networks need to be updated to extend services to users.

The workshop presented evidence of a variety of approaches and the issues that arise in applying those approaches to impose liability on intermediaries. Two choices emerged towards developing frameworks for enforcing responsibility on intermediaries. We could either rely on a traditional approach, essentially court-based and off-line mechanisms for regulating behaviour and disputes. The downside of this is it will be slow and costly to the public purse. In particular, we will lose a great deal of the opportunity to extend regulation much more deeply into people's lives so as to implement the public interest.

Alternatively, we could rely on intermediaries to develop and automate systems to control our online behaviour. While this approach does not suffer from efficiency problems of the earlier approach it does lack, both in terms of hindering the developments of the Information Society, and potentially yielding up many of the traditionally expected protections under a free and liberal society. The right approach lies somewhere in the middle and development of International Principles for Intermediary Liability, announced at the end of the workshop, is a step closer to the developing a balanced framework for liability.

See the transcript on IGF website.

For more details visit https://cis-india.org/internet-governance/report-on-cis-workshop-at-igf

Report on CDIP-12

puneeth — 2014-04-22T09:53:55Z

The 12th meeting of the Committee on Development and Intellectual Property (CDIP) was held from November 18-21, 2013 at WIPO. This report discusses the proceedings of the meeting and issues that CIS could get involved at future CDIP meetings.

Agenda

The most important item on the Agenda of CDIP was to finalise the terms of reference for the Independent Review of the Implementation Development Agenda Recommendations under the Coordination Mechanism as per the request of the WIPO General Assembly (CDIP 12/5). However, the Committee was unable to reach a consensus on the Terms of Reference for the Independent Review and further discussion has been put off until the next CDIP.

In addition, the CDIP considered and discussed Progress Reports on the following ongoing WIPO projects:[1]

Specialized Databases’ Access and Support – Phase II;
A Pilot Project for the Establishment of “Start-Up” National IP Academies – Phase II;
Strengthening the Capacity of National IP Governmental and Stakeholder Institutions to Manage, Monitor and Promote Creative Industries, and to Enhance the Performance and Network of Copyright Collective Management Organizations;
Project on Intellectual Property and Product Branding for Business Development in Developing Countries and Least-Developed Countries (LDCs);
Project on Intellectual Property and Socio-Economic Development;
Project on Intellectual Property and Technology Transfer: Common Challenges – Building Solutions;
Project on Open Collaborative Projects and IP-Based Models;
Project on Patents and Public Domain;
Project on Enhancing South-South Cooperation on IP and Development Among Developing Countries and Least Developed Countries;
Project on IP and Brain Drain;
Project on IP and the Informal Economy;
Strengthening and Development of the Audiovisual Sector in Burkina Faso and Certain African Countries; and certain African Countries; and
Project on Developing Tools for Access to Patent information – Phase II.

The Committee also discussed ongoing projects like measuring WIPO’s contribution to the Millennium Development Goals, proposal for new WIPO activities related to the use of Copyright to promote access to information and creative content, and a study on Patents and the Public Domain.[2]

The following section discusses areas where CIS can play a role at future CDIPs.

Future work for CIS

Using Copyright to Promote Access to Information and Creative Content

This project is aimed at using copyright to promote access to information in three areas: education and research; software development practices, including free and open source software; and public sector information. In addition the WIPO is also looking at new projects that may help Member States achieve development goals through improved Access to Knowledge. In CDIP 11, the Committee identified six projects which could be carried out by the CDIP in the pursuance of these aims. These projects are a result of a paper by Sisule Musungu assessing the feasibility of WIPO projects in the area. [3] The implementation plan for the above was presented at CDIP 12. The six projects are as under:

Pilot Project on Creation of a Centralized Database in order to make IP-Related Education and Research (E&R) Resources Available on an Open Access (OA) Basis
Applicability of Open Licensing to E&R Resources produced by International Organizations
Development of a Training Module on Licensing and Open Source Software Development
Integrating Open Source Licensing in WIPO Copyright-Related Courses and Training Programs
Development of Model Copyright Policies and Legal Provisions for Different Copyright Approaches to Public Sector Information
International Conference for Least-Developed Countries (LDCs) on Copyright and the Management of Public Sector Information

Discussion at CDIP 12

Thiru of KEI proposed a project on a possible model copyright law similar to the Tunis Model Law for Developing Countries adopted in 1976.[4] However, the delegation from the US objected to such a proposal. Representatives from many countries suggested modifications to the 6 proposals under discussion. Revised findings will be discussed at the next CDIP.

Scope for CIS work

Many of the proposals under consideration speak directly to the work being done by the A2K team in the Indian context. I will be contributing to a critique by the TWN on these projects. Such critiques can continue on the one hand. On the other hand, CIS can get involved in the preparatory work in the lead up to future CDIPs by working closely with the south centre and TWN to mobilize opinion among developing countries. Our expertise from working with domestic policy issues in India will come in handy in shaping future work commissioned by the WIPO in these areas.

Study on the Public Domain (II)

This is the second in a series of studies commissioned by the WIPO under the Project on Patents and the Public Domain (CDIP/7/5/Rev). The paper was authored by James Conley, Peter Bican and Neil Wilkof. Among other things, it concludes that the patent process contributes to a richer public domain. While the conclusions are acceptable in principle, the paper makes some troubling assumptions with regard to the public domain and also some surprising claims with respect to Patent Pools.

Discussion at CDIP 12

TWN pointed out that the study was restricted in scope as it defined the public domain as being limited to information that has lost its patent protection either through expiration of the term of the patent or through other processes that make the patented information part of the public domain de facto. While the author offered to revise the scope of the study, the US objected to it. At a later point, the representative from Egypt picked up on this critique but wrongly attributed it to the EU. When this was pointed out, he withdrew his statement. As it stands, the study will not be revised.

Scope for CIS work

The most surprising conclusion of the paper is that Patent Pools serve to narrow the public domain or that on a scale of contribution to the public domain rank second to last to Non-Practicing Entities (NPEs). I will be contributing to the TWN critique and focus on the conclusions with respect to Patent Pools. Given the implications of the study to our Pervasive Technologies project, we should get involved in the larger project on Patents in the Public domain and respond to future work in the area as well.

[1]. For a summary of the Progress Reports, see CDIP/12/2

[2]. For a full list, see the Agenda of CDIP 12

[3]. CDIP/11/6

[4]. See http://portal.unesco.org/culture/en/files/31318/11866635053tunis_model_law_en-web.pdf/tunis_model_law_en-web.pdf

For more details visit https://cis-india.org/a2k/blogs/report-on-cpdip-2

Report of the Group of Experts on Privacy vs. The Leaked 2014 Privacy Bill

elonnai — 2014-04-14T06:10:20Z

Following our previous post comparing the leaked 2014 Privacy Bill with the leaked 2011 Privacy Bill, this post will compare the recommendations provided in the Report of the Group of Experts on Privacy by the Justice AP Shah Committee to the text of the leaked 2014 Privacy Bill. Below is an analysis of recommendations from the Report that are incorporated in the text of the Bill, and recommendations in the Report that are not incorporated in the text of the Bill.

Recommendations in the Report of the Group of Experts on Privacy that are Incorporated in the 2014 Privacy Bill

Constitutional Right to Privacy

The Report of the Group of Experts on Privacy recommends that any privacy legislation for India specify the constitutional basis of a right to privacy. The 2014 Privacy Bill has done this, locating the Right to Privacy in Article 21 of the Constitution of India.

Nine National Privacy Principles

The Report of the Group of Experts on Privacy recommends that nine National Privacy Principles be adopted and applied to harmonize existing legislation and practices. The 2014 Privacy Bill also adopts nine National Privacy Principles. Though these principles differ slightly from the National Privacy Principles recommended in the Report, they are broadly the same, and importantly will apply to all existing and evolving practices, regulations and legislations of the Government that have or will have an impact on the privacy of any individual. Presently, the 2014 Privacy Bill locates the nine National Privacy Principles in an Annex to the Bill, but also incorporates the principles in more detail in sections relating to personal data. An analysis of the principles as compared in the Report and the Bill is below:

Notice: The principle of notice as recommended by the Report of the Group of Experts on Privacy differs from the principle of notice in the 2014 Privacy Bill. According to the notice principle in the Report, a data controller shall give sample to understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Such notices should include: (during collection) What personal information is being collected; Purposes for which personal information is being collected; Uses of collected personal information; Whether or not personal information may be disclosed to third persons; Security safeguards established by the data controller in relation to the personal information; Processes available to data subjects to access and correct their own personal information; Contact details of the privacy officers and SRO ombudsmen for filing complaints. (Other Notices) Data breaches must be notified to affected individuals and the commissioner when applicable. Individuals must be notified of any legal access to their personal information after the purposes of the access have been met. Individuals must be notified of changes in the data controller’s privacy policy. Any other information deemed necessary by the appropriate authority in the interest of the privacy of data subjects.

In contrast, the 2014 Privacy Bill requires that all the data controllers provide adequate and appropriate notice of their information practices in a form that is easily understood by all intended recipients. In addition to this principle as listed in an annex, the Bill requires that on initial collection data controllers provide notice of what personal data is being collected and the legitimate purpose for which the personal data is being collected. If the purpose for which the personal data changes, data controllers must provide data subjects with a further notice that would include the use to which the personal data shall be put, whether or not the personal data will be disclosed to at third person and, if so, the identity of such person if the personal data being collected is intended to be transferred outside India and the reasons for doing so; how such transfer helps in achieving the legitimate purpose; and whether the country to which such data is transferred has suitable legislation to provide for adequate protection and privacy of the data; the security and safeguards established by the data controller in relation to the personal data; the processes available to a data subject to access and correct his personal data; the recourse open to a data subject, if he has any complaints in respect of collection or processing of the personal data and the procedure relating thereto; the name, address and contact particulars of the data controller and all persons who will be processing the personal data on behalf of the data controller. Additionally, if a breach of data takes place data controllers must inform the affected data subject that lost or stolen; accessed or acquired by any person not authorized to do so; damaged, deleted or destroyed; processed, re-identified or disclosed in an unauthorized manner.

Though the 2014 Privacy Bill requires a more comprehensive notice to be issued if the purpose for the use of personal data changes, it does not specify (as recommended by the Group of Experts on Privacy) that notice of changes to a data controller’s privacy policy be issued.

Choice and Consent: The principle of choice and consent in the 2014 Privacy Bill is similar to the principle in the Report of the Group of Experts on privacy in that it requires that all data subjects be provided with a choice to provide or not to provide personal data and that data subject will have the option of withdrawing consent at any time. Though not a part of the specific principle on ‘choice and consent’ listed in the annex the 2014 Privacy Bill also contains provisions that address mandatory collection of information which require, as recommended by the Report of the Group of Experts, that the information is anonymoized. Furthermore, the 2014 Privacy Bill provides individuals an opt-in or opt-out choice with respect to the provision of personal data.

Different from as recommended in the principle in the Report of the Group of Experts on Privacy, the 2014 Privacy Bill does not specify that in exception cases when it is not possible to provide a service with choice and consent, then choice and consent will not be required.

Collection Limitation: The principle of collection limitation as recommended in the Report of the Group of Experts on Privacy and the principle of collection limitation in the Annex of the 2014 Privacy Bill are similar in that both require that only data that is necessary to achieve an identified purpose be collected. As recommended in the Report of the Group of Experts on Privacy, the 2014 Privacy Bill also requires that notice be provided prior to collection and content taken.

Purpose Limitation: Though the principle of Purpose Limitation are similar in the Report of the Group of Experts on Privacy and the 2014 Privacy Bill as they both require personal data to be used only for the purposes for which it was collected and that the data must be destroyed after the purposes have been served, the 2014 Privacy Bill does not specify that information collected by a data controller must be adequate and relevant for the purposes for which they are processed. The 2014 Privacy Bill also incorporates elements from the principle of Purpose Limitation as defined by the Report of the Group of Experts in other parts of the Bill. For example, the 2014 Bill requires that notice be provided to the individual if there is a change in purpose for the use of the personal information, and designates a section on retention of personal data.

Access and Correction: The principle of Access and Correction in the 2014 Privacy Bill reflects the principle of Access and Correction in the Report of the Group of Experts (though not verbatim). Importantly, the 2014 Privacy Bill incorporates the recommendation from the Report of the Group of Experts on Privacy that prohibits access to personal data if it will affect the privacy rights of another individual.

Disclosure of Information: The principle of ‘Disclosure of Information’ in the Privacy Bill 2014 is similar to the principle of ‘Disclosure of Information’ as recommended in the Report of the Group of Experts on Privacy (though not verbatim). As recommended this principle requires that personal data be disclosed to third parties only if informed consent has been taken from the individual and the third party is bound the adhere to all relevant and applicable privacy principles.

Security: The principle of security in the 2014 Privacy Bill reflects the principle of Security recommended in the Report of the Group of Experts on Privacy and requires that personal data be secured through reasonable security safeguards against unauthorized access, destruction, use, modification, de-anonymization or unauthorized disclosure.

Openness: The principle of Openness in the 2014 Privacy Protection Bill is similar to the principle of Openness recommended in the Report of the Group of Experts on Privacy in that it requires data controllers to make available to all individuals in an intelligible form, using clear and plain language, the practices, procedures, and policies, and systems that are in place to ensure compliance with the privacy principles. The principle in the 2014 Privacy Bill differs from the recommendation in the Report of the Group of Experts on Privacy in that it does not require data controllers to take necessary steps to implement practices, policies, and procedures in a manner proportional to the scale, scope, and sensitivity to the data they collect.

Accountability: The principle of Accountability in the 2014 Privacy Bill is similar to the principle of Accountability as recommended in the Report of the Group of Experts as both require that the data controller is accountable for compliance with the national Privacy Principles.

Application to interception and access, video and audio recording, personal identifiers, bodily and genetic material: The Privacy Bill 2014 incorporates the recommendations from the Report of the Group of Experts on Privacy and specifies the way in which the National Privacy Principles will apply to the interception and access of communications, video and audio recording, and personal identifiers. But the 2014 Privacy Bill does not specify the application of the National Privacy Principles to bodily and genetic material (though this information is included in the definition of sensitive personal information).

With respect to the installation and operation of video recording equipment in a public space, the 2014 Privacy Bill requires that video recording equipment may only be used in accordance with a prescribed procedure and for a legitimate purpose that is proportionate to the objective for which it was installed. Furthermore, individuals cannot use video recording equipment for the purpose of identifying an individual, monitoring his personal particulars, or revealing in public his personal information. The provisions in the Bill that speak to storage, processing, retention, security, and disclosure of personal data apply to the installation and use of video recording equipment. As a note the 2014 Privacy Bill carves out an exception for law enforcement and government intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India.

With respect to the application of the National Privacy Principles to the interception of communications, the 2014 Privacy Bill lays down a regime for the interception of communications and specifies that the principles of notice, choice, consent, access and correction, and openness will apply to the interception of communications when authorised.

With respect to Personal Identifiers, the 2014 Privacy Bill notes that the principles of notice, choice, and consent will not apply to the collection of personal identifiers by the government. Additionally, the government will not be obliged to use any personal identifier only for the limited purpose for which the personal identifier was collected, provided that the use is in conformance with the other National Privacy Principles.

Additional Protection for Sensitive Personal Data

The Report of the Group of Experts on Privacy broadly recommends that sensitive personal data be afforded additional protection and existing definitions of sensitive personal data should be harmonised. The 2014 Privacy Bill incorporates these recommendations by defining sensitive personal data as data relating to physical and mental health including medical history, biometric, bodily or genetic information; criminal convictions; password, banking credit and financial data; narco analysis or polygraph test data, sexual orientation. The 2014 Privacy Bill also requires authorization from the Data Protection Authority for the collection and processing of sensitive personal data and defines circumstances of when this authorization would not be required including: collection or processing of such data is authorized by any other law for the time being in force; such data has already been made public as a result of steps taken by the data subject; collection and processing of such data is made in connection with any legal proceedings by an order of the competent court; such data relating to physical or mental health or medical history of an individual is collected and processed by a medical professional, if such collection and processing is necessary for medical care and health of that individual; such data relating to biometrics, bodily or genetic material, physical or mental health, prior criminal convictions or financial credit history is processed by the employer of an individual for the purpose of and in connection with the employment of that individual; such data relating to physical or mental health or medical history is collected an processed by an insurance company, if such processing is necessary for the purpose of and in connection with the insurance policy of that individual; such data relating to criminal conviction, biometrics and genetic is processed and collected by law enforcement agencies; such data regarding credit, banking and financial details of an individual is processed by a specific user under the Credit Information Companies (Regulation) Act, 2005; such data is processed by schools or other education institutions in connection with imparting of education to an individual; such data is collected or processed by the government Intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India, the authority has, by a general or specified order permitted the processing of such data for specific purpose and is limited to the extent of such permission. The 2014 Privacy Bill also prohibits additional transactions from being performed using sensitive personal information unless free consent was obtained for such transaction.

Privacy Officers

The Report of the Group of Experts on Privacy recommends that Privacy Officers be established at the organizational level for overseeing the processing of personal data and compliance with the Act. This recommendation has been incorporated in the 2014 Privacy Bill, which establishes Privacy Officers at the organizational level.

Co-regulatory Framework

The Report of the Group of Experts on Privacy recommends that a system of co-regulation be established, where industry levels self regulatory organizations develop privacy norms, which are in turn approved and enforced by the Privacy Commissioner. The 2014 Privacy Bill puts in place a similar co-regulatory framework where industry level self regulatory organizations can develop norms which will be turned into regulations and enforced by the Data Protection Authority. If a sector does not develop norms, the Data Protection Authority can develop norms for the specific sector.

Recommendations in the Report that are not in the Bill

Scope

The Report of the Group of Experts on Privacy recommends that the scope of any privacy framework extends to all individuals, all data processed in India, and all data originating from India. The 2014 Privacy Bill differs from these recommendations by extending the right to privacy to all residents of India, while remaining silent on whether or not the scope of the legislation extends to all data processed in India and all data originating in India. Despite this, the 2014 Bill does specify that any organization that processes or deals with data of an Indian resident, but does not have a place of business within India, must establish a ‘representative resident’ in India who will be responsible for compliance with the Act.

Exceptions

The Report of the Group of Experts recommends the following as exceptions to the right to privacy:

National security
Public order
Disclosure in the public interest
Prevention, detection, investigation, and prosecution of criminal offenses
Protection of the individual and rights and freedoms of others

The Report further clarifies that any exception must be qualified and measured against the principles of proportionality, legality, and necessary in a democratic state.

The Privacy Bill 2014 reflects only the exception of “protection of the individual rights and freedoms of others”. The exceptions as defined in the 2014 Bill are:

Sovereignty, integrity or security of India or
Strategic, scientific or economic interest of India; or
Preventing incitement to the commission of any offence; or
Prevention of public disorder; or
The investigation of any crime; or
Protection of rights and freedoms others; or
Friendly relations with foreign states; or
Any other legitimate purpose mentioned in this Act.

Instead of qualifying these exceptions with the principles of proportionality, legality, and necessary in a democratic state – as recommended in the Report of Group of Experts on Privacy, the 2014 Privacy Bill qualifies that any restriction must be adequate and not excessive to the objectives it aims to achieve.

Constitution of Infringement of Privacy

The Report of the Group of Experts on Privacy specifies that the publication of personal data for artistic and journalistic purposes in the public interest, disclosure under the Right to Information Act, 2005, and the use of personal data for household purposes should not constitute an infringement of privacy. In contrast the 2014 Privacy Bill specifies that the processing of personal data by an individual purely for his personal or household use, the disclosure of information under the provisions of the Right to information Act, 2005, and any other action specifically exempted under the Act will not constitute an infringement of privacy.

The Data Protection Authority

The Report of the Group of Experts on Privacy recommends the establishment of Privacy Commissioners (and places emphasis on Privacy Commissioner rather than Data Protection Authority) at the Central and Regional level. The Privacy Commissioner should be of a rank no lower than a retired Supreme Court Judge at the Central level and a retired High Court Judge at the regional level. The privacy commissioner should have the power to receive and investigate class action complaints and investigative powers of the commissioner should include the power to examine and call for documents, examine witnesses, and take a case to court if necessary. The Commissioner should be able to investigate data controllers on receiving complaints or suo moto, and can order privacy impact assessments. Organizations should not be able to appeal fines levied by the Privacy Commissioner, but individuals can appeal a decision of the Privacy Commissioner to the court. The Commissioner should also have broad oversight with respect to interception/access, audio & video recordings, use of personal identifiers, and the use of bodily or genetic material. The Privacy Commissioner will also have the responsibility of approving codes of conduct developed by the industry level SRO’s.

Differing from the recommendations in the Report of the Group of Experts on Privacy, the 2014 Privacy Bill establishes a Data Protection Authority (as opposed to a Privacy Commissioner) at the Central level. Instead of creating regional Data Protection Authorities, the 2014 Privacy Bill allows for the Central Government to decide where other offices of the Data Protection Authority will be located. Furthermore, the 2014 Privacy Bill does not specify a qualification for the Data Protection Authority and instead establishes a selection committee to choose and appoint a Data Protection Authority. This committee is comprised of a Cabinet Secretary, Secretary to the Department of Personnel and Training, Secretary to the Department of Electronics and Information Technology, and two experts of eminence from relevant fields that will be nominated by the Central Government.

The 2014 Privacy Bill does not specify that fines ordered by the Data Protection Authority will be binding for organizations, but does allow individuals to appeal decisions of the Data Protection Authority to the Appellate Tribunal. Differing from the recommendations in the Report of the Group of Experts on Privacy, the 2014 Privacy Bill gives the Data Protection Authority the power to call upon any data controller at any time to furnish in writing information or explanation relating to its affairs, and receive and investigate complaints about alleged violations of privacy of individuals in respect of matters covered under this Act, conduct investigations and issue appropriate orders or directions to the parties concerned. Furthermore, the 2014 Privacy Bill does not specify that the Data Protection Authority will carry out privacy impact assessments, but the Authority can conduct audits of any or all personal data controlled by a data controller, can investigate data breaches, investigate in complaint received, and adjudicate on a dispute arising between data controllers or data subjects and data controllers. Unlike the recommendations in the Report of the Group of Experts on Privacy, it does not seem that the Data Protection Authority will play an overseeing role with respect to interception, the use of video recording equipment, personal identifiers, and the use of bodily and genetic material.

Tribunal and System of Complaints

Differing from the recommendation in the Report of the Group of Experts on Privacy, which specified that a Tribunal should not be established as under the Information Technology Act as there is the risk that the institutions will not have the capacity to rule on a broad right to privacy, the 2014 Privacy Bill does establish a Tribunal under the Information Technology Act. The Report of the Group of Experts on Privacy also recommended that complaints be taken to the district level, high level, and Supreme Court – whereas the 2014 Privacy Bill allows individuals to appeal decisions from the Tribunal only to a High Court. Similar to the recommendations of the Report of the Group of Experts, the 2014 Privacy Bill has in place Alternative Dispute Resolution mechanisms at the level of the industry self regulatory organization. The 2014 Privacy Bill also specifies that individuals can seek civil remedies and leaves the issuance of compensation for privacy harm to be from a Court. Unlike the recommendations in the Report of the Group of Experts on Privacy, the 2014 Privacy Bill does not specify that the Data Protection Authority will be able to take a case to the court.

Penalties and Offenses

The Report of the Group of Experts on Privacy did not provide specific recommendations for types of offences and penalties, but did suggest that offenses similar to those spelled out in the UK Data Protection Act and Australian Privacy Act be adopted – namely non-compliance with the privacy principles, unlawful collection, processing, sharing/disclosure, access, and use of personal data, and obstruction of the privacy commissioner. The 2014 Privacy Bill does create offenses for the unlawful collection, processing, sharing/disclosure, access, and use of personal data, but does not create offenses for obstruction of the privacy commissioner or broad non-compliance with the privacy principles.

Conclusion

The Centre for Internet and Society welcomes the similarities between the recommendations in the Report of the Group of Experts on Privacy and the leaked 2014 Privacy Bill, but would recommend that on areas where there are differences, particularly in the scope of the Privacy Bill and the powers and functions of the Data Protection Authority, the 2014 Bill be brought in line with the recommendations from the Report of the Group of Experts on Privacy.

In the upcoming post, we will be comparing the text of the leaked 2014 Privacy Bill to international best practices and standards.

References

For more details visit https://cis-india.org/internet-governance/blog/report-of-group-of-experts-on-privacy-vs-leaked-2014-privacy-bill

Report of the Group of Experts on Privacy

praskrishna — 2012-11-06T09:39:43Z

The report covers international privacy principles, national privacy principles, rationale and emerging issues along with an analysis of relevant legislations/bills from a privacy perspective.

For more details visit https://cis-india.org/internet-governance/blog/report-of-group-of-experts-on-privacy.pdf

Report of the Global Accessibility Awareness Day 2017

nirmita — 2017-06-19T15:07:28Z

Aditya Tejas attended the Global Accessibility Awareness Day event organized at NIMHANS Convention Centre in Bengaluru. The event had multiple panels and presentations, including a talk on coding for accessibility, a panel on why accessibility is necessary and how India is lagging behind in implementing it, and a presentation on how accessibility principles are integrated into the product life cycle at Cisco.

Logo of Shuttleworth Foundation below:

Global Accessibility Awareness Day is celebrated across the world on May 3 every year. The objective of the event is to get everyone talking, thinking and learning about digital access/inclusion and people with different disabilities.

This year the Global Accessibility Awareness Day 2017 (GAAD 2017) organized by Prakat Solutions and co-hosted by CIS and Mitra Jyoti, was held on May 18 at NIMHANS Convention Centre in Bengaluru. The event was designed to raise awareness around digital accessibility issues for persons with disabilities. The Shuttleworth Foundation also supported this event. Approximately 250 people were in attendance. The URL for the event is here. A detailed agenda can be found here. Video recordings of the event will be made available shortly.

The event ran from 2:30-7:30 PM and featured various discussions and events, including dance ceremonies, skits, and talks by various figures.

The first event was an extended presentation on coding for accessibility by Nawaz Khan of PayPal, in which he discussed how developers can integrate accessibility principles into their software from the design phase, and how persons with disabilities can productively make their issues known to developers. He encouraged developers to adopt international standards such as WAI-ARIA, and also encouraged developers to use accessible open source libraries and testing tools. He took questions about standards for other types of disabilities beyond visual impairment, joining the global conversation around accessibility standards, and accessibility design for mobile platforms.

The main event was a panel on the awareness of accessibility issues in India and how they could be improved, both in the public and private spheres. In attendance were Abhik Biswas of Prakat Solutions, Pranay Gadodia of Deutsche Bank HR, Shalini Subramaniam of PayPal, Balachandra Shetty of Intuit, Sandeep Sabat of ZingUp Life, Kameshwari from Wipro, Mahabala Shetty from NIC, and Srinivasu from Informatica. The panel was moderated by Giri Prakash of Hindu Business Line. They discussed issues including how to promote a stronger government response to accessibility issues, initiatives that can be taken from the private or civil society sector in order to address accessibility issues, the lack of awareness around accessibility in the Indian context, and the responsibilities that developers have to make accessible apps and products. Shalini from PayPal talked about the potential for government initiatives such as Make in India could be used to further the availability of accessible consumer products and services in India.

The second speaker, Kameshwari Visarapu from Wipro, talked about how persons with disabilities need to make their voices heard in society. She stressed that, while the laws are already in place, people do not demand their rights. Without this, the government and any community, even those with the necessary power, would not be able to make the changes. Mahabala Shetty from NIC pointed out that NIC is responsible for developing and updating various government websites. He said he understood that the inaccessibility of government websites and services is a serious problem, and pledged to make sure that all websites would be made accessible in the coming months.

The fifth speaker was Sandeep Sabat of ZingUp Life, also a health tech company, which seeks to help people with issues not just around physical health, but also emotional, mental and spiritual health. He drew a comparison with the beginning of the mobile revolution, when people would say that web on mobile is a small, niche space, which eventually gave way to the idea of mobile-first design. Extending this analogy, he said that design must now be accessibility-first, in order to ensure that it becomes part of the culture of product development.

The sixth speaker at the event was Balachandra Shetty from Intuit. He pointed out that design principles needed to make a product accessible and making that product easy to use for the general public are the same, and that improving the user experience for 20% of the population effectively improves it for everyone.

The seventh speaker was Pranay Gadodia from Deutsche Bank HR, who argued that accessibility was important not just for persons with disabilities, but for everyone. He gave the example of ramps on public entrances, which make access easier for everyone. He demonstrated the use of a screen reader and tried to order food through Swiggy. When he found that the app was inaccessible, he pointed out that they had just lost a customer.

The eighth speaker, Srinivasu from Informatica, talked about his work in the accessibility space for various NGOs and companies. He argued that inaccessibility was never built into a product by design, and that any problems were the result of ignorance. He also said that accessibility work was the only career with two major benefits – that of creating an immediate impact among the community and being the kind of work that not only takes advantage of a business opportunity but also directly benefits consumers.

The ninth speaker, Abhik Biswas, said that he believes that accessibility is a nonissue, because if everyone wrote good code and followed best practices, all products would be accessible anyway. He said this was not always the case with software tools. He gave the example of work that Prakat did with a provider of legal software. In large corporate lawsuits, parties would usually share terabytes of data with each other, and legal e-discovery software is used to discover patterns for evidence. An inaccessible document would be useless to such software so, of course accessibility isn’t an issue only for a certain set of people. If you’re in the innovation space and trying to solve problems, he stressed, then accessibility is an issue.

The moderator then raised the issue of the lack of progress for persons with disabilities in the past five years. He asked what progress has been made in the legal area, and whether there are any solutions that users can come up with themselves rather than waiting for government action. Shalini pointed out the inaccessibility of the Swiggy app, and added that there are automated accessibility checkers for apps, both Apple and Android. She demonstrated this for the audience.

Kameshwari said that part of the problem is that a single person may not be able or willing to make much noise. There are a lot of communities that have been formed on a corporate/state/national level, but collectively making noise is important for major changes. One process that her own company tried was creating a repository of pre-tested accessible components, which has two advantages; the developer can pick the component from a standardized repository, and the component would have been pre-tested for accessibility and responsiveness. This is another possible solution – which people collectively come up with standardized repositories of accessible components.

She then gave the example of an accessible garden in Kerala, where persons with disabilities could visit and touch different types of plants in a guided experience to help them identify and understand them. When talking about inclusivity, she asked, why create a separate garden? Integrate these features into all gardens instead, she suggested.

The third speaker said that the government drains enthusiasm from people, and insisted that it could only play the role of a facilitator. The need is to inspire the necessary passion in people to carry forward the issues themselves.

Sandeep said that the intent is already there, but the government was not capable of doing it alone. The social fabric of the country needs to change, along with the attitude of the society. To that end, they suggested making accessibility a non-issue, and looking for opportunities to integrate it into society at large. Instead of thinking of it through a usability standpoint, consider how to improve the overall user experience of a product through the lens of a user with disabilities.

Balachandra pointed out that while love is a strong emotion, fear too is very powerful. The laws in the Commonwealth are much stricter than those in the US, he pointed out, and yet apps built in those countries are far more accessible than those in Indonesia, India etc. So, he suggested that if a product proved to be inaccessible to a certain segment of the population, the employees responsible could face down the CEO, and fear would drive them to make their products accessible. In addition, he called for stricter laws and a possible amendment of the IT Act, drawing upon laws in the Commonwealth and France. Disability discrimination in the US carries a high penalty, and suggested that similar laws would enforce accessibility in local products.

The moderator asked Pranay: is it possible for app developers or mobile platform providers to make accessibility mandatory for apps that are publicly released? He answered that as a tech developer he might not be the right person to answer that, however, he know that the iOS framework is much more stringent than Android in this regard. He called on users with disabilities to call out inaccessible design wherever they saw it, in order to inform developers and to create a healthy competition to make companies disability-inclusive. He also pointed out that many corporations hold events or draft policy for persons with disabilities without involving them in the decision-making process, and that this needed to change.

Srinivasu stressed that the job of making government services accessible fell on the developers within the government, who are in-house, or the vendors, who work for NIC. There are two things the government can do, he said; when asking for a vendor, they could refuse those who make inaccessible products, thus making accessibility a requirement for procurement.

The second is to raise accessibility issues at the level of education. He gave the example of several apps like TaxiForSure and Cleartrip, all of which responded to accessibility issues raised by their users. He stressed that any user could give feedback, and not just those with disabilities, and that raising awareness is a duty for everyone. He asked the audience to share the event on WhatsApp, and to type with their non-dominant hand, as a simple way of understanding disability. The other exercise he called on the audience to do is to write a post about the event on Facebook or their blogs using only the keyboard, without touching their mouse. In this way, he drew attention to thinking about accessibility whenever one uses a website or software.

Abhik took the opportunity to add one more dimension, an area of concern for app developers in India in particular – that of linguistic accessibility. Most apps, he pointed out, are being developed in English only, and most government apps have the additional burden of considering vernacular languages, while NVDA only supports 10-12. The government can’t solve this problem by making multilingual websites, as developers also need to contribute to projects like NVDA in order to build support for other languages. Accessibility, he stressed, wasn’t anyone’s problem, but everyone’s problem.

After this, Shekhar Naik, former captain of the Indian blind cricket team, talked about his life story. He mentioned that there are over 5c0k blind cricketers in the country. He talked about his passion for cricket, how it brought him to where he was today, and thanked the government for its increased recognition and felicitation of persons with disabilities.

After that, the owner of Pothole Raja, Pratap Bhimasena Rao, spoke about the importance of the accessibility of built environments such as roads. He pointed out that 25% of vehicular accidents cause a disability, and stressed the need to address these issues to promote not just accessibility, but prevent disability.

After this, Amit Balakrishna Joshi from the state government gave a brief overview of the Karnataka government’s accessibility and e-governance initiatives. He spoke about the Karnataka Mobile One app, an initiative to consolidate and digitize several state government services. As the world’s largest Mobile One platform, it would integrate about 40 departments, with the objective of bringing equality in service delivery across socioeconomic, linguistic and literacy divides.

At 7:00, Sean Murphy from Cisco gave a talk on universal design principles. He discussed how universal design is important to maximize market access, ensuring that a company reaches 100% of its market. In Cisco, accessibility is integrated into the product lifecycle right from the design phase to testing to rollout.

He also discussed regulatory standards such as Section 508 in the US, which he stressed were critical to securing industry-wide accessibility. The event ended at 7:30 p.m.

Images:

Participants light the lamp to commemorate the start of GAAD 2017.

Prakat Solutions co-founder Abhik Biswas speaks at GAAD 2017.

Panelists discuss accessibility challenges in India.

For more details visit https://cis-india.org/accessibility/blog/report-gaad-2017