Centre for Internet and Society

Annual Report 2014-15

praskrishna — 2016-12-11T07:29:05Z

For more details visit https://cis-india.org/about/reports/annual-report-2014-15.pdf

Comments on the Draft National Policy on Software Products

Anubha Sinha, Rohini Lakshané, and Udbhav Tiwari — 2016-12-12T14:45:11Z

The Centre for Internet & Society submitted public comments to the Department of Electronics & Information Technology (DeitY), Ministry of Information & Communications Technology, Govt. of India on the National Policy of Software Products on December 9, 2016.

I. Preliminary

1. This submission presents comments by the Centre for Internet and Society, India (“CIS”) on the Draft National Policy on Software Products [1] (“draft policy”), released by the Ministry of Electronics & Information Technology (“MeitY ”).

2. CIS commends MeitY on its initiative to present a draft policy, and is thankful for the opportunity to put forth its views in this public consultation period.

3. This submission is divided into three main parts. The first part, ‘Preliminary’, introduces the document; the second part, ‘About CIS’, is an overview of the organization; and, the third part contains the comments by CIS on the Draft National Policy on Software Products.

II. About CIS

4. CIS is a non-profit organisation [2] that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, freedom of speech and expression, intermediary liability, digital privacy, and cyber security.

5. CIS values the fundamental principles of justice, equality, freedom and economic development. This submission is consistent with CIS' commitment to these values, the safeguarding of general public interest and the protection of India's national interest at the international level. Accordingly, the comments in this submission aim to further these principles.

III. Comments on the Draft National Policy on Software Products

General Comments

6. CIS commends MeitY on its initiative to develop a consolidated National Policy on Software Products. We believe that there are certain salient points in the draft policy that deserve particular appreciation for being in the interest of all stakeholders, especially the public. An indicative list of such points include:

A focus on aiding digital inclusion via software, especially in the fields of finance, education and healthcare.
The recognition of the need for openness and application of open data principles in the private and public sector. Identifying the need for diversification of the information technology sector into regions outside the developed cities in India.
Identifying the need for innovation and original research in emerging fields such as Internet of Things and Big Data.

7. We observe that the draft policy weighs in the favour of creating a thriving digital economy, which indeed is a commendable objective per se. However, there are certain aspects which remain to be addressed by the draft policy, to ensure that the growth of our domestic software industry truly achieves the vision set out in Digital India for better delivery of government services and maximisation of the public interest.

8. We submit that the proposed policy should include certain additional guiding principles to direct creation of software and its end-utilisation. These principles would ensure responsible, inclusive, judicious and secure software product life cycle by all the relevant stakeholders, including the industry, the government and especially the public. An indicative list of such principles that we believe should be explicitly included in the policy are:

Ensuring that internationally accepted principles of privacy are followed in software development and utilisation, including public awareness.
Requiring basic yet sufficient standards of information security to ensure protection of user data at all stages of the software product life cycle.
Enforcing lingual diversity in software to allow for India’s diverse population to operate indigenous software in an inclusive manner.
Mandating minimum standards on accessibility in software creation, procurement and implementation to ensure sustainable use by the differently-abled.
Focusing on transparency & accountability in software procurement for all public funded projects.
Implementing the utilisation of Free and Open Source Software (“FOSS”) in the execution of public funded projects as per the mandate of the Policy on Adoption of Open Source Software for Government of India; thereby incentivising the creation of FOSS for use in both private and public sector.
For software to be truly inclusive of the goals of Digital India, it is essential that to provide supports to Indic languages and scripts without yielding an inferior experience or results for the end user in non-English interfaces. Software already deployed should be translated and localised.

9. The inclusion of these principles in substantive clauses of the policy will go a long way in ensuring the sustainable and transparent growth of domestic software product ecosystem.

Specific Comments

10. Development of a robust Electronic Payment Infrastructure

10.1. CIS observes that clauses 5.4 and 6.7 of the draft policy aim to establish a seamless electronic payment infrastructure. We submit that an electronic payment infrastructure should be designed with strong standards of information security, privacy and inclusivity (both accessibility and lingual).

10.2. We recommend that the policy mandate minimum standards of information security, privacy and inclusivity in all payment systems across private and public sectors. The policy should, therefore, ideally specify the respective standards for these categories, for instance ISO 27001 and National Policy on Universal Electronics Accessibility [3], alongside other industry standards for Electronic Payment Infrastructure.

11. Government Procurement

11.1. CIS observes that clause 6.1 of the draft policy seeks to develop a framework for inclusion of Indian software in government procurement. It is commendable that the draft policy identifies the need for a better framework. CIS notes that the existing procurement procedure allows for usage of Indian software. In fact, the Government e-Marketplace(eGM) already has begun to incorporate some of these principles in general procurement.

11.2. Indeed, the presence of a transparent and accountable government procurement, which leverages technology and the internet, is key to ensuring a sustainable and fair market. CIS recommends that the policy refer to these guiding principles to enable the development of a viable cache of Indian software products by creating more avenues, including government procurement.

12. Incentives for Digital India oriented software

12.1. CIS observes that clause 6.3 of the draft policy incentivises the creation of software addressing the action pillars of the commendable Digital India programme.

12.2. For development of superior quality software which will ensure excellent success of the Digital India programme, CIS recommends that the incentives should be provided contingent to the incorporation of certain minimum standards of software development. Such products and services should, inter alia, adhere to the stipulations under National Policy on Universal Electronics Accessibility, the Guidelines for Indian Government Websites, Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, etc. In the process, the software should be subjected to reviews by a neutral entity to gauge the compliance with the abovementioned minimum standards.

13. Increasing adoption of Open APIs and Open Data

13.1. CIS observes that clause 6.6 of the draft policy promotes the use of open APIs and open data in development of e-government services.

13.2. We strongly recommend that open APIs and open data principles be adopted by software used in all government organizations, and non-commercial software . Open Data and Open APIs can serve a vital role in ensuring transparent, accountable and efficient governance, which can be leveraged in a major way within the policy by the public and civil society.

14. Creation of Enabling Environment for Innovation, R&D, and IP Creation and Protection

14.1. CIS observes that clause 8.1 of the draft policy seeks to create an enabling environment for innovation, R&D, and IP creation and protection.

14.2. CIS submits that the existing TRIPS-compliant Indian intellectual property law regime is adequately designed to incentivise creativity and innovation in the area of software development. The Indian Patents Act, 1970 read with the Guidelines for Examination of Computer Related Inventions, 2016 do not permit the patenting of computer programmes per se. Several Indian software developers, notably small and medium sized development companies have made evidence-based submissions to the government previously on the negative impact of software patenting on software innovation [4].

14.3. CIS recommends that the proposed policy re-affirm the adequacy of the Indian intellectual property regime to protect software development, in compliance with the TRIPS Agreement.

IV. Conclusion

15. CIS commends the MeitY on the development of the draft policy. We strongly urge MeitY to address the issues highlighted above, especially emphasising the incorporation of essential principles such as information security, privacy, accessibility, etc. Adoption of such measures will ensure a fair balance between commercial growth of domestic software industry and the maximisation of public interest.

[1]. National Policy on Software Products (2016, Draft internal v1. 15) available at http://meity.gov.in/sites/upload_files/dit/files/National%20Policy%20on%20Software%20Products.pdf

[2]. See The Centre for Internet and Society, available at http://cis- india.org for details of the organization,and our work.

[3]. See http://meity.gov.in/sites/upload_files/dit/files/Accessible-format-National%20Policy%20on%20Universal%20Electronics.pdf

[4]. See http://economictimes.indiatimes.com/articleshow/52159304.cms?utm_source=contentofinterest&utm_me dium=text&utm_campaign=cppst

For more details visit https://cis-india.org/internet-governance/blog/comments-on-draft-national-policy-on-software-products

Comments on Draft National Policy on Software Products

praskrishna — 2016-12-11T03:32:14Z

For more details visit https://cis-india.org/internet-governance/files/comments-on-draft-national-policy-on-software-products.pdf

National Policy on Software Products

praskrishna — 2016-12-11T03:30:25Z

For more details visit https://cis-india.org/internet-governance/files/national-policy-on-software-products.pdf

Consultation Note on Model for Nation-wide Interoperable and Scalable Publi Wi-Fi

praskrishna — 2016-12-11T03:02:18Z

For more details visit https://cis-india.org/telecom/files/consultation-note-on-model-for-publi-wifi.pdf

The Digital Protection of Traditional Knowledge: Questions Raised by the Traditional Knowledge Digital Library in India

Sunil Abraham and Vidushi Marda — 2016-12-09T15:50:36Z

This is an edited version of part three of a study that considers the International Covenant on Economic, Social and Cultural Rights (ICESCR) through aspects of intellectual property in India, namely, mobile patents, free and open source software, and India's Traditional Knowledge Digital Library. Through these, it demonstrates the potential of the internet in realising ESCRs.

The original report published by GISWatch can be read here. Aditya Singh Chawla, Parvathy Nair, Raji Gururaj and Balaji Subramaniam provided research assistance for this paper during their internships with the Centre for Internet and Society. Click to download the PDF

Introduction

The first problem one encounters in studying traditional knowledge (TK) is the extent and meaning of the term itself. No globally accepted definition of TK exists,^[1] and therefore no clear delineation of its scope. The definition adopted by the World Intellectual Property Organization (WIPO) is that TK is “knowledge, know-how, skills and practices that are developed, sustained and passed on from generation to generation within a community, often forming part of its cultural or spiritual identity.”⁴ While TK embraces traditional cultural expressions within its ambit, and includes distinctive signs and symbols associated with traditional knowledge,^[2] the scope of this report does not extend to traditional cultural expressions as they necessarily would fall under the purview of copyright law.

Before we frame TK in terms of economic, social and cultural rights (ESCRs), let us understand the phenomenom of biopiracy in a bit more detail using two examples, one connected to the right to food, and the other connected to health. Biopiracy is the use of intellectual property (IP) systems to legitimise control over biological products and processes that were previously used for centuries in non- industrialised cultures.^[3] The case of neem-related patents, through which bio-prospectors attempted to appropriate the royalty arising from a plant whose medicinal value was already in the public domain, is well documented.^[4] Another case worth noting is that of the “Enola bean”, in which Larry Proctor, a United States (US) citizen, purchased a package of Mexican beans of various colours, separated out the yellow ones, and spent three years selectively breeding the plants. He then named his line “Enola” and obtained patent protection for the bean, its plant, its pollen, and the method of producing it.^[5]^[6]

This case is far more worrying than the neem case for two reasons.^[7] First, it was a case that had an immediate and tangible impact on the producers of the commodity in that yellow Mexican beans were exported into the United States before the patent was granted, and the assertion of the patent led to significant reductions in bean exports, representing a quantifiable economic loss for bean farmers.^[8] Second, the patent was allowed to stand for almost a decade, amounting to half the life of a legitimate patent.^[9] This represents an incredibly unjust outcome – an invention (“specifically selected yellow beans”) arising from traditional knowledge in the public domain (since Mexican farmers had been cultivating and exporting these beans) being monopolised by a private entity illegally for almost a decade.

The differences between TK and other forms of IP are the following:

With other forms of IP, property rights are afforded to the innovator or creator, whereas communities own TK.
Other forms of IP are designed as incentive mechanisms for the creation of new property; however, there is no such incentive to create new property with TK.
IP is also time-bound, whereas TK is held in perpetuity from generation to generation.
The invention under IP must also satisfy the requirement for novelty and industrial application, whereas TK does not have these requirements.

Although patent law is not tailored to protect TK, it has been used to prevent misappropriation of TK.

The Traditional Knowledge Digital Library

At the turn of the millennium, an expert group found that roughly 2,000 patents linked to India’s TK in medicine were being granted annually around the world.^[10] This expert group proposed the establishment of the Traditional Knowledge Digital Library (TKDL)¹³in order to reduce biopiracy. The TKDL was envisaged as “a home-grown effort to ensure patent offices around the world do not grant patents for applications founded on India’s wealth of TK that has existed for millennia.”¹⁴ In 2001 India launched the initiative, which digitised its wide repository of TK, with the hope of enabling the protection of this knowledge and preventing its misuse.

The TKDL is a digital knowledge repository of Indian traditional knowledge about medicinal plants and formulations, and practices used in Indian systems of medicine. Its knowledge base is primarily derived from Ayurveda, Unani, Siddha and Yoga. These areas are being documented by collating the information on TK from literature existing in local languages such as Sanskrit, Urdu, Arabic, Persian and Tamil in digitised format. These have been made available in five international languages: English, German, Spanish, French and Japanese. While it is clear that the first three systems of medicine (i.e. Ayurveda, Unani and Siddha) are systems that have a corresponding system of traditional medicines, the framing of Yoga as a system of medicine is unclear as there is no medicine administered to the patient. Increasingly, however, medical procedures are being patented, and the Indian government in August 2015 shortlisted 1,500 yoga asanas to be included in the TKDL to prevent foreign parties from patenting them.^[11] This was in response to several yoga-related patents being applied for^[12] and granted^[13] around the world, notably in the United States.

The TKDL’s appeal lies in the manner in which it approaches attempts to patent TK (the “state of the art”) – it serves to pre-empt the granting of a patent, rather than to contest a patent’s validity after it has been granted. This, it is claimed, reduces the time taken to contest claims from a matter of years to a few weeks.^[14]

Defining the right

The protection of TK can be primarily placed within Article 15 of the International Covenant on Economic, Social and Cultural Rights (ICESCR). In order to understand the relationship between TK and Article 15, we must first appreciate that TK is also scientific knowledge. There are two ways in which the right of the TK community can be mapped onto Article 15. First, the Article recognises “the right to take part in cultural life”, and second, “to enjoy the benefits from scientific progress and its applications”. This ensures that communities have the right to continue to operationalise and use TK. Further, Article 15 includes the right “to benefit from the protection of the moral and material interests resulting from any scientific, literary or artistic production”. However, while this is a universal right, in practice it will only happen when national law recognises the property rights of the community, facilitates protection of these rights, takes legal action against infringements, and provides mechanisms for the collection and distribution of royalties. What might not strike the reader as obvious is that the benefits of protecting the moral and material interests in the world of TK accrue to the community, while in other forms of IP the rights holder is either an individual or corporation.

Article 11 of the ICESCR is also relevant to TK. It recognises the right of everyone to an adequate standard of living, including adequate food, clothing and housing, and to the continuous improvement of living conditions. Article 11 (2) (a) mandates that states parties to the Covenant take measures to “improve methods of production, conservation and distribution of food by making full use of technical and scientific knowledge, by disseminating knowledge of the principles of nutrition and by developing or reforming agrarian systems in such a way as to achieve the most efficient development and utilization of natural resources.”^[15] TK is connected to food in multiple ways, such as ecosystem and landscape management, water management, soil conservation, biological control of pests and diseases, ecological agriculture and livestock practices, and plant and animal breeding – and most importantly, with regard to the latter, breeding and preserving varieties of plant and animal species. Suman Sahai, founder of the Gene Campaign,^[16] helps us understand the connection between food security and traditional knowledge. She argues that farmers are a community of women and men who have not only created several thousand breeds of food and cash crops, but also “identified valuable genes and traits in these crops and maintained them over generations through a highly sophisticated system of crossing and selection.”^[17]

There exist a host of international and national norms, both of a general and a specific nature, enunciating the right of indigenous communities to their traditional knowledge. One specific example is the World Health Organization’s approach to Traditional and Complementary Medicine (T&CM). In this, it urges states to “prevent the misappropriation of T&CM by implementing the relevant international instruments in line with the WHO global strategy and plan of action on public health, innovation and intellectual property, adopting or amending national intellectual property legislation, and enacting other defensive protection strategies.”^[18]

India has signed the Convention on Biological

Diversity (CBD), a treaty with 194 parties in total.^[19] The CBD provides for the respect, preservation and maintenance of “knowledge, innovation and practices of indigenous and local communities embodying traditional lifestyles relevant for the conservation and sustainable use of biological diversity”, and also for encouraging the wider application of such practices while ensuring that the benefits arising from such utilisation are shared equit ably with the communities in question.^[20] Having signed this convention, India has the duty to protect this knowledge without appropriating it, and the TKDL is a means to protect this right.

Such provisions have been included in India’s Biological Diversity Act,^[21] which was enacted in pursuance of India’s duties under the CBD. Restrictions on the granting of patents for inventions arising from research on biological resources,²⁶ the transfer of biological resources or knowledge,^[22] and the enforcement of equitable benefit sharing^[23] aim to serve as effective legal bars to biopiracy and unauthorised use of traditional knowledge.

Successes of the TKDL

Since the inception of the TKDL, in just under two years, and in Europe alone, India has succeeded in using this resource to bring about the cancellation or withdrawal of 36 applications to patents traditionally known as medicinal formulations.

Between 2001 and 2015, out of a total of 189 pharmaceutical applications which include medicines, therapeutics, etc., 21 were granted while 17 were rejected. An additional 30 were deemed withdrawn and another 31 were abandoned. At the time of writing, 90 have their examination still in progress. Out of the 10 applications under cosmetics, seven are under progress while one each has been accepted, rejected and deemed to be withdrawn. There was only one application under agriculture which was rejected. The domain of food had three applications out of which one was rejected, one deemed to be withdrawn and the last one in progress.^[24]

India and the US had the maximum number of applications at 75 and 43 respectively. Japan and Korea were third and fourth at 16 and 11 respectively. Most of these applications were in progress, with 12 applications from India being rejected and 17 being abandoned. Only five had been granted to India while three were deemed to be withdrawn; 38 of India’s applications and 12 of those from the US are pending. Taiwan and Jordan’s only applications were granted while Spain’s only application was rejected.^[25]

But do digital databases work as a form of IP protection?

While proponents of the database have been vocal in their vision for its application, it has received criticism on several grounds.

First of all, there is a fair amount of disagreement regarding the best possible means through which TK can be protected.^[26] Indeed, existing literature already features catalogues of international law (both “hard” and “soft”), regional norms and domestic legislation that accord protection to TK within the framework of culture.^[27] While some believe that data aggregation and record creation is the best means to tackle biopiracy, others propose different approaches,^[28] such as negotiating access agreements between indigenous communities and bio-prospectors.^[29]

Secondly, the TKDL has also attracted criticism because of its high level of confidentiality. In response to a right to information application, the Council for Scientific and Industrial Research (CSIR) clarified that the TKDL can only be accessed by foreign patent offices.^[30] It is not made available to the Indian Patent Office or to CSIR scientists. As per the same response, the decision to make the TKDL confidential was taken during a cabinet meeting in 2006, but there exists no legal instrument that mandates such confidentiality. TK databases in other countries do not impose access restrictions. The Korean Traditional Knowledge Portal, for example, explicitly states the motivation behind making itself publicly available:

The database is presented on-line through the Korean Traditional Knowledge Portal (KTKP). The reasons for making the database publicly accessible through the KTKP are as follows:

To lay the foundation for international protection of Korean traditional knowledge, thereby preventing unauthorized use of patents inside and outside the country.
To provide an abundance of information on traditional knowledge and related research, thereby expediting the development of related studies and industries.
To provide essential information for patent examinations, thereby enhancing the quality of intellectual property applications for traditional knowledge.^[31]

Similarly, the contents of the China Traditional Medicine Patent Database are also publicly available on the internet.^[32]

Finally, the TKDL has also raised questions of copyright, with claims that it falls foul of the Indian Copyright Act, 1957, since it has digitised works (such as translations or compilations of ancient texts) that are still under copyright without the consent of their authors.³⁸ Responding to the same right to information application discussed above, the CSIR claimed that no consent was required since the traditional knowledge in question was authored many years ago. This is a perplexing position to take, as there is significant skill and labour involved in translating and compiling these ancient texts and putting this knowledge together, which merits copyright protection.^[33]

The need for open knowledge systems

There seems to be no reason to keep a valuable resource such as the TKDL away from the public’s reach, especially considering the fact that the entire project was bankrolled by the Indian taxpayer. Restricting access to the TKDL severely limits the benefit that the general public could derive from this knowledge. Even if one were to accept that there exist compelling reasons to keep the data confidential, it is clear that the TKDL, by its very nature, cannot possibly be invulnerable to breach. Problems of access control are endemic to large databases – it has been postulated that large aggregations of secret data are fundamentally impossible because security must be traded off for ease of access in such situations. Thus, “you cannot construct a database with scale, functionality and security because if you design a large system for ease of access it becomes insecure, while if you make it watertight it becomes impossible to use.”^[34] For this reason, governments have been urged to make use of centralised databases only when absolutely necessary.^[35] If we accept the premise that centralised databases cannot possibly be both accessible and secure, then we must examine whether the TKDL represents a balanced trade-off between accessibility and confidentiality.

There are three changes that are necessary in this regard:

The need to push for open knowledge A system like the TKDL constitutes a mechanism for defensive protection of TK – it seeks to keep TK in the public domain rather than to exclusively put it in the hands of the community that evolved it. This is similar to the Peer-to-Patent^[36] initiative, which ensures that more eyes are involved in following the process: a crowd-sourced approach to preventing inappropriate appropriation.

The need to address legal barriers Primarily, the TKDL’s data seems to be far from infallible, with several reports of mistranslations^[37] and exaggerated claims^[38] made by the CSIR. Apart from this, the most important requirement that the TKDL must fulfil is for its data to meet the legal criteria established for prior art in various jurisdictions. This would entail ensuring that the knowledge is made available with clear evidence of the date of its publication, and the presentation of the knowledge in a manner that clearly establishes that a patent claim is anticipated by the data contained in the library.^[39] Further, the fundamental challenge faced by any defensive protection mechanism is its vulnerability to differing definitions of prior art in various jurisdictions:

European Patent Convention (EPC): The most TKDL-friendly jurisdictions are those such as the EU. The EPC defines prior art as “everything made available to the public by means of a written or oral description, by use, or in any other way, before the date of filing of the European patent application”.^[40] Thus, innovations detailed in the works indexed by the TKDL would fall within the definition of prior art, and therefore be unpatentable – assuming, of course, that all the works digitised and translated by the database were publicly available. An overwhelming majority of the TKDL’s self-proclaimed “successes” have been achieved in the EU – around 120 of the 180 “successful outcomes” are against European patent applications.^[41]
United States: On the other end of the spectrum is the US definition of prior art. The United States Patent Act provides that a person “shall be entitled to a patent unless (a) the invention was known or used by others in this country, or patented or described in a printed publication in this or a foreign country, before the invention thereof by the applicant for patent.”⁴⁸ This effectively excludes protection for any non-published knowledge outside the US. Further, given the restrictive access to the TKDL, it appears that the database would not fall within the definition of a “printed publication”, since it has never been “published” – merely circulated among patent examiners on conditions of non-disclosure. Thus, it appears that there is no legal basis for the TKDL to be cited as evidence of prior art in the US, or other jurisdictions that have similar definitions of prior art.^[42]

The need to address structural barriers

In choosing to characterise itself as an archive of prior art, the TKDL has placed the burden of enforcing TK assertions upon patent examiners around the world. In doing so, it has pigeonholed itself into a doctrine (namely prior art) that has a tendency to go largely unheard in patent examinations. With studies showing that more experienced patent examiners, typically occupying higher positions in the patent office, are less likely to cite examples of prior art in their examinations,^[43]^[44] and still other evaluations showing that applicants for patents are extremely unlikely to provide and identify prior art surrounding their claims,^[45] it is evident that there are structural imbalances working against the efficacy of the prior art doctrine in preventing illegitimate patent claims. Thus, efforts must be made to counter this imbalance at two levels: first, access to the TKDL must be made as easy as possible; second, the TKDL has to undertake proactive patent monitoring efforts.

Patent monitoring, while an onerous and expensive task, is nevertheless necessary for the success of a defensive system such as the TKDL, especially in those jurisdictions which do not have the legislative framework to enable provisions of the CBD that mandate disclosure of genetic material sources.

Conclusion

For the reasons stated above, the access policy of the TKDL requires significant modification if the database is to reach its true potential for providing accurate, efficient and time-bound protection to TKbased innovations through the use of a centralised database that is wired into a network of interested parties.

TK systems require all the external support they can get in order to protect their mandate. Civil society must engage effectively with the TKDL initiative, encourage the accuracy of its records through research, and stimulate dialogue regarding the key issues discussed in this report. As pointed out by the UN Special Rapporteur on the rights of indigenous people: “Much more needs to be done to understand fully how … treaties and agreements can undermine or reinforce indigenous peoples’ rights and how they shape the trajectories of national economic development plans.”^[46]

[1] Traditional Knowledge, WIPO. www.wipo.int/tk/en/tk 4 Ibid.

[2] WIPO. (2010). List and Brief Technical Explanation of Various Forms in which Traditional Knowledge May be Found. www.wipo.int/ meetings/en/doc_details.jsp?doc_id=147152

[3] Shiva, V. (2001). Protect or Plunder? Understanding Intellectual Property Rights. London: Zed Books.

[4] See, e.g., Horsbrugh Porter, A. (2006, 17 April). Neem: India’s tree of life. BBC. news.bbc.co.uk/2/hi/south_asia/4916044.stm; BBC. (2005, 9 March). India wins landmark patent battle. BBC. news. bbc.co.uk/2/hi/science/nature/4333627.stm; Hoggan, K. (2000, 11 May). Neem tree patent revoked. BBC. news.bbc.co.uk/2/hi/ science/nature/745028.stm

[5] In re POD-NERS, L.L.C., Re-examination No. 90/005,892, US Fed.

Cir. 2009. law.justia.com/cases/federal/appellate-courts/cafc/08-

[6] /08-1492-2011-03-27.html

[7] It is also noteworthy for another reason: it is illustrative of the time and effort required to contest claims after a patent has been granted. Proponents of the TKDL would argue that what took a decade in the Enola bean case could have been achieved in a manner of weeks at the application stage by a patent office equipped with such a database.

[8] Shashikant, S., & Asghedom, A. (2009, 12 August). The ‘Enola Bean’ dispute: patent failure & lessons for developing countries. Third World Network. twn.my/title2/wto.info/2009/ twninfo20090811.htm

[9] Crouch, D. (2009, 10 July). Mexican Yellow Bean Patent Finally Cooked. Patently-O. patentlyo.com/patent/2009/07/mexican yellow-bean-patent-finally-cooked.html

[10] Gupta, V. K. (2011). Protecting Indian Traditional Knowledge from Biopiracy. WIPO. www.wipo.int/export/sites/www/meetings/ en/2011/wipo_tkdl_del_11/pdf/tkdl_gupta.pdf 13 www.tkdl.res.in/tkdl/langdefault/common/Home.asp?GL=Eng 14 Gupta, V. K. (2011). Op. cit.

[11] PTI. (2015, 9 August). Over 1500 yoga asanas shortlisted to thwart patenting by foreign parties. Indian Express. indianexpress.com/ article/india/india-others/over-1500-yoga-asanas-shortlisted-to thwart-patenting-by-foreign-parties

[12] TNN. (2007, 18 May). US patent on yoga? Indian gurus fume. Indian Express. timesofindia.indiatimes.com/india/US-patent-on yoga-Indian-gurus-fume/articleshow/2058285.cms

[13] Lee, T. B. (2013, 13 December). A yoga patent? Here’s why the USPTO approves so many dubious applications. Washington Post. https://www.washingtonpost.com/news/the-switch/ wp/2013/12/13/a-yoga-patent-heres-why-the-uspto-approves-so many-dubious-applications

[14] Press Information Bureau. (2010, 28 April). India Partners with US and UK to Protect Its Traditional Knowledge and Prevent Bio-Piracy. pib.nic.in/newsite/erelease.aspx?relid=61122

[15] www.ohchr.org/EN/ProfessionalInterest/Pages/CESCR.aspx

[16] genecampaign.org

[17] Sahai, S. (1996). Importance of Indigenous Knowledge in IPR. Economic and Political Weekly, 31(47).

[18] World Health Organization. (2013). WHO Traditional Medicine Strategy 2014-2023. apps.who.int/iris/ bitstream/10665/92455/1/9789241506090_eng.pdf?ua=1

[19] List of Parties, Convention on Biological Diversity. https://www. cbd.int/information/parties.shtml

[20] Article 8(j) of the Convention on Biological Diversity. https://www.

cbd.int/convention/text

[21] nbaindia.org/content/25/19/1/act.html 26 Section 6 of the Biological Diversity Act, 2002.

[22] Section 20 of the Biological Diversity Act, 2002.

[23] Section 21 of the Biological Diversity Act, 2002.

[24] www.tkdl.res.in/tkdl/langdefault/Common/ExaminerReport.

asp?homepage=sub

[25] Ibid.

[26] WIPO. (2010). Op. cit., Annex 2.

[27] See, e.g., Coombe, R. J. (2005). Protecting Traditional

Environmental Knowledge and New Social Movements in the

Americas: Intellectual Property, Human Right, or Claims to an Alternative Form of Sustainable Development? Florida Journal of International Law, 17(1), 115-136.

[28] Swiderska, K. (2006). Banishing the Biopirates: A New Approach to Protecting Traditional Knowledge. International Institute for Environment and Development. pubs.iied.org/pdfs/14537IIED.pdf

[29] Intergovernmental Committee on Intellectual Property and Genetic Resources, Traditional Knowledge and Folklore. (2002). Review of Existing Intellectual Property Protection of Traditional Knowledge. WIPO. www.wipo.int/edocs/mdocs/tk/en/wipo_grtkf_ic_3/ wipo_grtkf_ic_3_17-main1.html

[30] Reddy, P. (2012, 29 March). Is the TKDL a ‘confidential database’ and is it compliant with Indian copyright law? SpicyIP. spicyip. com/2012/03/is-tkdl-confidential-database-and-is-it.html

[31] KTKP Introduction, Korean Traditional Knowledge Portal. www. koreantk.com/en/m_about/about_01.jsp?about=1

[32] Brief introduction of China Traditional Medicine (TCM) Patent Database, China TCM Patent Database. 221.122.40.157/tcm_ patent/englishversion/help/help.html 38 Op. cit.

[33] Reddy, P. (2012, 21 April). The need for an ‘independent’ review of the TKDL project. SpicyIP. spicyip.com/2012/04/need-for anindependent-review-of-tkdl.html

[34] Proposed by Ross J. Anderson, this thumb-rule has come to be known as Anderson’s Rule. See: Porter, H. (2009, 10 August). Nine sacked for breaching core ID card database. The Guardian. www. theguardian.com/commentisfree/henryporter/2009/aug/10/ id-card-database-breach

[35] See, e.g., Anderson, R. et. al. (2009). Database State. Joseph Rowntree Reform Trust. www.jrrt.org.uk/sites/jrrt.org.uk/files/

documents/database-state.pdf

[36] www.peertopatent.org

[37] Rathi, M. (2012, 20 April). Guest Post – TKDL: A success – Really?

SpicyIP. spicyip.com/2012/04/guest-post-tkdl-success-really.html

[38] Reddy, P. (2012, 19 March). Guest Post: The Traditional Knowledge Digital Library and the EPO. SpicyIP. spicyip.com/2012/03/guest post-traditional-knowledge.html

[39] Intergovernmental Committee on Intellectual Property and Genetic Resources, Traditional Knowledge and Folklore. (2003). Practical Mechanisms for the Defensive Protection of Traditional Knowledge and Genetic Resources within the Patent System. WIPO. www.wipo. int/edocs/mdocs/tk/en/wipo_grtkf_ic_5/wipo_grtkf_ic_5_6.pdf

[40] Article 54(2) of the Convention on the Grant of European Patents. https://www.epo.org/law-practice/legal-texts/epc.html

[41] Outcomes against bio-piracy, Traditional Knowledge Digital Library. www.tkdl.res.in/tkdl/langdefault/common/Outcome.asp 48 35 U.S.C. § 102(a).

[42] Quinn, G. (2009, 30 November). US Patent Office to Reject Based on Traditional Knowledge. IPWatchdog. www.ipwatchdog.com/2009/11/30/us-patent office-to-reject-based-on-traditional-knowledge/ id=7502

[43] Lemley, M. A., & Sampat, B. (2012). Examiner Characteristics and

Patent Office Outcomes. The Review of Economics and Statistics,

[44] (3), 817-827. www.mitpressjournals.org/doi/abs/10.1162/ REST_a_00194?journalCode=rest

[45] Sampat, B. (2010). When do Applicants Search for Prior Art? The Journal of Law and Economics, 53(2), 399-416. www.journals. uchicago.edu/doi/abs/10.1086/651959?journalCode=jle

[46] Human Rights Council. (2014). Report of the Special Rapporteur on the Rights of Indigenous People. unsr.vtaulicorpuz.org/site/index. php/documents/annual-reports/26-annual-report-hrc-2014

For more details visit https://cis-india.org/a2k/blogs/giswatch-december-9-2016-sunil-abraham-and-vidushi-marda-digital-protection-of-traditional-knowledge-questions-raised-by-traditional-knowledge-digital-library-in-india

Privacy and Security Implications of Public Wi-Fi - A Case Study

praskrishna — 2016-12-09T14:01:44Z

For more details visit https://cis-india.org/internet-governance/files/privacy-and-security-implications-of-public-wi-fi-a-case-study

Privacy and Security Implications of Public Wi-Fi - A Case Study

vanya — 2016-12-12T12:29:49Z

Today internet is an essential necessity in everyday work and recognizing its vital role, governments across the world including the Indian government, are giving access to public Wi-Fi. However, use of public Wi-Fi brings along with it certain privacy and security risks. This research paper analyses some of these concerns, along with the privacy policies of key ISPs in India providing public Wi-Fi service in Bangalore-namely D-VoIS and Tata Docomo, as a case study to provide suitable recommendations.

Download (PDF)

1. Introduction

2. Global Scenario

3. Overview of Public Wi-Fi in India

4. Indian Policy and Legal Conundrum

5. Public Wi-Fi and Privacy Concerns

5.1. Data Theft

5.2. Tracking an Individual

5.3. Makes the Electronic Devices Prone to Hacking and Setting up Fake Networks

5.4. Illegal Use of Data

6. Ranking Digital Rights Project

6.1. D-VoIS, Bangalore

6.2. Tata Docomo, Bangalore

7. Compliance of Privacy Policies with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

8. Conclusion and Recommendations

8.1. Commitment

8.2. Freedom of Expression

8.3. Privacy

1. Introduction

Recognizing internet as a critical tool for day-to-day work and facilitating increased access to it in the past few years,^[1] the Indian Government as well as Governments across the world have rolled out plans for offering public Wi-Fi. However, privacy risks of using public Wi-Fi have also been flagged across jurisdictions, which will be discussed in this paper. Apart from highlighting key privacy concerns associated with the use of free public Wi-Fi, this case study aims to analyse the privacy policies of two of the Internet Service Providers in India-namely Tata Docomo^[2] and D-VoiS^[3], which offer public Wi-Fi services in Bangalore city against the indicators listed under the Ranking Digital Rights project^[4], as well as the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011^[5]. Based on this analysis, this paper shall list key recommendations to these ISPs to ensure sound privacy policies and practices with a view to have a balanced framework and ecosystem in light of key privacy considerations, especially in light of public Wi-Fi.

2. Global Scenario

Security and privacy concerns around the use of free and public Wi-Fi have been raised in India^[6] as well as across the globe. In various cities like Bangalore, Delhi, Hyderabad, New York, London, Paris, etc., privacy experts have raised concerns over the public Wi-Fi systems at metro stations, malls, payphones and other such public places.^[7]

For many years, New York City has been in the process of developing a “free” public Wi-Fi project called LinkNYC^[8] to bring wireless Internet access to the residents of the city. However, privacy concerns have been raised by the users and privacy advocates like the New York Civil Liberties Union, where the latter also issued a letter to the Mayor's office regarding this^[9] as the collection of potentially sensitive personal, locational and behavioral data, without adequate safeguards could result in sharing of such data without the data subject’s consent or knowledge. For example, one of the concerns raised has been regarding retention of user's data by CityBridge, the company behind the LinkNYC kiosks, often indefinitely, for building a massive database which carries a risk of security breaches and unwarranted surveillance by the police. ^[10] Also, users are concerned that their internet browsing history may reveal sensitive information about their political views, religious affiliations or medical issues^[11], since registration is required to use LinkNYC by submitting their email addresses and by agreeing to allow CityBridge to collect information about the websites they visit, the duration for which they linger on certain information on a webpage and the links they click on. On the contrary, the privacy policy of CityBridge states that this massive amount of personally identifiable user information would be cleared only if there have been 12 months of user inactivity, raising an alarm in light of privacy concerns.^[12]

In the year 2015, the Information Commissioner’s Office (ICO) conducted a review of public Wi-Fi services on a UK high street, where it was found that the Wi-Fi networks requested for varying levels of personal data, which was also processed for marketing purposes. The results highlighted that while some networks did not request any personal data, others asked for varying amounts, including information regarding name, postal and email address, mobile number, gender, as well as asking for a date of birth as a mandatory requirement (except for gender). During the sign-up process, though some Wi-Fi networks provided users with the choice to opt-in or opt-out for receiving electronic newsletters and updates, others offered no choice at all.^[13] As a result of the review process, the ICO notified Wi-Fi network providers that it had reviewed and advised them of improvements that they could make to their service and issued guidance^[14] regarding the dangers of using public Wi-Fi^[15]. ICO also recommended users to take time to read all the information given by providers of Wi-Fi services before connecting.

In 2006, the European Data Retention Directive 2006/24/EC^[16] was introduced for the retention of communications data by providers of public electronic communications services for national security. The Directive provides an obligation for providers of publicly available electronic communications services and public communications networks to retain traffic and location data for the purpose of the investigation, detection, and prosecution of serious crime.^[17] Also, the Data Retention (EC Directive) Regulations 2009^[18] were introduced to implement the Directive in the UK. However, this was challenged on grounds of insufficient safeguards for the privacy rights of individuals, given the substantial interference which it facilitated with those rights.^[19]

To ensure protection of user’s data and information, the Data Protection Act 1998^[20] in UK obliges businesses retaining people’s data to comply with the law, which involves informing people about what data is being collected and ensure that the data is stored securely.^[21] . Therefore, in case of ISP’s providing public Wi-Fi service, this would relate to the information people provide when they log on, such as their email address. Under the Act, the data protection principles must be complied with by the data controllers and it needs to be ensured that the information is used fairly and lawfully, for limited and stated purposes, used in a way that is adequate, relevant and not excessive, kept for no longer than is absolutely necessary, handled according to people’s data protection rights, kept safe and secure and not transferred outside the European Economic Area without adequate protection.^[22] This would soon be updated and synced with the European Union’s General Data Protection Directive (GDPR).

3. Overview of Public Wi-Fi in India

In India, the public Wi-Fi in some cases has been offered free for a limited duration, in several cities across the country. For example, in 2014, Bangalore became the first city in the country to establish free public Wi-Fi- Namma Wi-Fi (802.11N) to make Bangalore a smart and connected city. The service is offered at MG Road, Brigade Road and four other locations in Bangalore including Traffic and Transit Management Centres (TTMCs) at Shanthinagar, Yeshwanthpur, Koramangala and CMH Road in Indiranagar.^[23] The internet and Wi-Fi service provider for Namma Wi-Fi is D-VoiS Broadband Ltd,a city-based firm.^[24] However, it seems the State Government plans to pull the plug on the project, funds, lack of awareness and difficulty in access as key constraints.^[25] Tata Docomo has inked an agreement with GMR Airports to offer Wi-Fi services at several International Airports in the country, including the Bangalore International Airport. It offers access to access free Wi-Fi service for 45 minutes, following which they users are required to pay for the service online, to continue using the Wi-Fi service.^[26]

Delhi has also introduced free Wi-Fi at its premier shopping hubs of Connaught Place and Khan Market in the year 2014, and BSNL launched a free WiFi service at Karnataka’s Malpe beach in the year 2016 making it the first WiFi beach in the three coastal districts of the state.^[27] The State Governments of Mumbai, Kolkata, Patna and Ahmedabad also offer free Wi-Fi services in limited areas.^[28] As part of the flagship programme by Indian Government, Digital India, the Government announced the rollout of Wi-Fi services by June 2015 at select public places in 25 Indian cities with population of over 10 lakh and tourist destinations by December 2015.^[29] Also, the Government has plans to digitise India by rolling out free Wi-Fi in 2500 towns and cities over a span of 3 years.^[30] Google plans to deploy WiFi at 100 railway stations in partnership with Railtel. Under this scheme, Mumbai Central was the first station to get free Wi-Fi in the year 2016.^[31] Also, Google's Project Loon aims to provide internet connectivity in remote and rural areas in India, which is currently being tested in other countries.^[32].

4. Indian Policy and Legal Conundrum

In light of national security concerns around the misuse of public Wi-Fi, the Department of Telecommunication, GoI, published a regulation^[33] dated February 2009, defining procedures for the establishment and use of public Wi-Fi to prevent misuse of public Wi-Fi and to be able to track the perpetrator in case of abuse. Indeed, the DOT has stated that “Insecure Wi-Fi networks are capable of being misused without any trail of user at later date”.^[34]

As per the 2009 Regulations, DoT has instructed ISPs to enforce centralized authentication using Login ID and Password for each user to ensure that the identity of the user can be traced.^[35] Regarding Wi-Fi services provided at public places, the Regulations state that bulk login IDs shall be created for controlled distribution, with authentication done at a centralized server. The subscribers are required to use public Wi-Fi by registering with temporary user ID and password, in the following methods:

Obtaining copy of photo identity of the subscriber, to be maintained by Licensee for one year; or
Providing details of user ID and password via SMS on subscriber's mobile phone , to be used as his/her identity by keeping the mobile number for one year.

Additionally, the data protection regime in India is governed by section 43A of the Information Technology Act, 2000 and the Rules^[36] notified under it. It obliges corporate bodies which possess, deal or handle any sensitive personal data to implement and maintain reasonable security practices, failing which they would be held liable to compensate those affected by any negligence attributable to this failure. The said Rules also define requirements and safeguards that every Body Corporate is legally required to incorporate into the company's privacy policy. The Rules put restrictions on body corporates on collecting sensitive personal information, and also states that it must obtain prior consent from the “provider of information” regarding “purpose, means and modes of use of the information, along with limiting disclosure of such information.^[37] Most of the ISPs in India being a private company, like D-VoiS and Tata Docomo, are obliged to comply with these provisions. Also, under the model License Agreement for Unified License^[38] by Ministry of Communication & IT, Department of Telecommunications, Government of India, where the Unified Access License Framework allows for a single license for multiple services such as telecom, the internet and television and provides certain security guidelines, privacy of communications is to be maintained by the Licensee (the ISPs in this case) and network security practices and audits are mandated along with penalties for contravention in addition to what is prescribed under the Information Technology Act,2000. It also provides for ensuring unauthorized interception of messages does not take place. Therefore, the ISPs providing public Wi-Fi services in various cities across India would be governed by the data protection regime and could be held liable under these provisions in case of non-compliance with the security measures so stated.

In July 2016, the Telecom Regulatory Authority of India (hereinafter referred as “TRAI”) floated a Consultation paper on Proliferation of Broadband through Public Wi-Fi Networks^[39] with an objective to examine the need of encouraging public Wi-Fi networks in the country from a public policy point of view and discuss the issues as well as solutions in its proliferation. The paper recognises the fact that India is still in a green field deployment phase in terms of adoption of public Wi-Fi services and requires solutions for resolving the challenges and risks being faced in the process and lay a strong foundation to evolve towards a meaningful position in the advancement of initiatives related to Internet of Things, Smart Cities, etc.^[40] This is an important step towards fulfilment of the Digital India scheme of the Indian Government to ensure better connectivity. In the paper, TRAI has advocated development of a payment platform which allows easy access to Wi-Fi services across internet service providers (ISPs) and through any payment instrument.^[41] Besides that, the paper raises issues of various regulatory, licensing or policy measures required to encourage ubiquitous city-wide Wi-Fi networks as well as expansion of Wi-Fi networks in remote or rural areas, along with the issue of encouraging interoperability between the Wi-Fi networks of different service providers, both within the country and internationally, as well as between cellular and Wi-Fi networks.^[42]

5. Public Wi-Fi and Privacy Concerns

Since proliferation of public Wi-Fi in India is happening at a moderate pace, the paper discusses key issues towards this, one of them being the logistics of deploying this service. This section briefly states and acknowledges privacy and security concerns as an important factor that may be posing issues in the adoption of public Wi-Fi services in the country. Since there have been numerous cases of security vulnerabilities in public Wi-Fi networks worldwide, security of networks and cyber crimes is a key issue for consideration.^[43]

Deployment of public wireless access points has made it more convenient for people to access the Internet outside of their offices or homes. Despite advantages like ease of accessibility, connectivity and convenience, public Wi-Fi connection pose serious concerns as well. “The proliferation of public Wi-Fi is one of the biggest threats to consumer data”, says David Kennedy, founder of TrustedSec, a specialised information security consulting company based in the United States of America.^[44] Also, the networks become an easier target with little public awareness about the existence of such threats wherein users expose valuable personal data over Wi-Fi hotspots. The recently released Norton Cyber Security Report 2016^[45] shows how the benefit of constant connectivity is often outweighed by consumer complacency, leaving consumers and their Wi-Fi networks at risk. For the purpose of this report, Norton surveyed 20,000 people (over a 1,000 from India ) which reflects that though users in India may be increasingly becoming aware of the cyber threats they face due to use of public Wi-Fi, they don’t fully understand the accompanying risks and their online behaviour is often contradictory.^[46] Also, it is important to consider that the services which claim to be free, actually generate revenue by advertisements, where the model works by providing free access to internet in exchange for user's’ personal and behavioral data, which is subsequently used to target ads to them.^[47]

Some of the privacy harms stemming from use of public Wi-Fi are listed below.

5.1. Data Theft

With hackers finding it easy to access personal information of the data subjects, data can be hijacked by unauthorized internet access by spoofing the MAC and IP addresses of the authenticated user’s device or by use of default settings (saved passwords or IPs).^[48] The following kinds of data is at a risk of being stolen and further misused:

demographic and locational data^[49]
forms of personal information acting as identifiers like financial information, social and personal information^[50]
private information like passwords to social networking sites, email accounts and banking websites^[51]
historical data from the devices^[52]

5.2. Tracking an Individual

Like cell phones, Wi-Fi devices have unique identifiers that can be used for tracking purposes which can cause potential security issues. Tracking by using a Wi-Fi hotspot can also lead to third party harms like stalking.^[53] To receive or use a service, often websites require the user to share their personal information such as name, age, ZIP code, or personal preferences, which is many times shared with advertisers and other third parties, without the knowledge or consent of the users.^[54]

5.3. Makes the Electronic Devices Prone to Hacking and Setting up Fake Networks

A recent experiment conducted by the chief scientist at mobile security firm Appknox at the Bengaluru International Airport, India, found that the wireless devices could be easily hacked over the airport’s free Wi-Fi network due to the easily exploitable security holes in the software made by Apple, Google, and Microsoft.^[55] A similar experiment was backed by the European law enforcement agency, Europol, where a mobile hotspot was created in central London^[56] and the hacker was able to gain access to passwords, apps, and even credit card and banking information with ease.^[57] Lack of secure softwares and prevalence of open, unprotected Wi-Fi has made it fairly easy for hackers to set up fake twin access points that give them access to data histories and personal information.^[58] This makes is easy to track data histories of users. Even if certain softwares use encryption codes, a simple decryption software can be used to obtain the information.^[59]

5.4. Illegal Use of Data

By authorities: the authorities have easier access to people’s browsing details and habits, and with justification in the name of national security, could be used to monitor the people without their consent.^[60]

Wi-Fi provider: can sell the user’s demographic and location information. ^[61] Also, it was revealed in a study that the personal information of users is often transmitted by service providers without encryption. Anyone along the path between the user and the service’s data center can then intercept this information, opening users to grave privacy and security risks.^[62]

By hackers: steal information and hack into unsuspecting victim’s bank accounts and misuse corporate financial information and secrets^[63]

6. Ranking Digital Rights Project

The "Ranking Digital Rights" project, an ongoing international non-profit research initiative, aims to promote greater respect for freedom of expression and privacy by focusing on the policies and practices of companies in the information communications technology (ICT) sector^[64], rank such companies in this light, and undertake research to develop the ranking methodology.^[65]

In November 2015, the Ranking Digital Rights project launched the Corporate Accountability Index. Since several actors like the Internet and telecommunications companies, software producers, and device and networking equipment manufacturers exert growing influence over the political and civil lives of people all over the world, it is important to state that these organisations share a responsibility to respect human rights. For this purpose, 16 Internet and telecommunications companies were evaluated according to 31 indicators, which focused on corporate disclosure of policies and practices that affect users’ freedom of expression and privacy.^[66]

The data produced by the index can help companies improve their policies, practices and help them identify challenges faced by companies in meeting their corporate obligations to respect human rights like Freedom of Expression and Privacy in the digital space.^[67] Some of the key corporate practices which affect these rights are :

How companies handle government requests to hand over user data or restrict content;
How companies enforce their own terms of service;
What information companies collect about users and how long they retain it; and
To whom they share or sell user information.^[68]

The 2015 Corporate Accountability Index assesses transparency levels of the World’s most powerful Internet and telecommunications companies regarding their commitments, policies and practices that affect users’ freedom of expression and privacy and evaluates what companies share about these practices and offers recommendations for improvement. The methodology adopted relies on publicly available information so that advocates, researchers, journalists, policy makers, investors, and users can understand the extent to which different companies respect freedom of expression and privacy, and make appropriate policy, investment, and advocacy decisions. Also, public disclosures would enable researchers and journalists to investigate and verify the accuracy of company statements.^[69]

For the purpose of this research, we would apply this index and the indicators to the internet service provider of public Wi-Fi in Bangalore-D-VoiS Ltd. and Tata Docomo to understand how comprehensive their privacy policies are when compared to global standards and make informed recommendations. Analysing policies against the index can help these companies identify best practices, as well as the obstacles they face in meeting their corporate obligations to respect human rights in the very digital spheres they helped to create.^[70] The information has been gathered and analysed on the basis of publicly available information, and this can help companies empower users to make informed decisions about how they use technology, which would help build trust between users and companies in the long run.^[71]

6.1. D-VoIS^[72], Bangalore

For the purpose of this case study, the Privacy Policies of D-VoIS have been analysed on the basis of the Corporate Accountability index, and the answers can be accessed in Annex 1.

Summary

On the basis of the indicators and the information available, it can be ascertained that:

The Company has a freely available and understandable Privacy Policy and Terms of Use, though only in the English language.

The company does not commit to notify users in case of changes in the privacy policy of the company.

The company states circumstances in which it would restrict use of its services, along with reasons for content restriction.

The Company commits to the principle of data minimization, discloses circumstances when it shares information with third parties, and provides users with options to control the company’s collection and sharing of their information

Deploys industry standards for security of products and services.

Analysis

Commitment: D-VoIS fares low on Commitment since it has made no overarching public commitments to protect users’ freedom of expression or privacy in a manner that meets the Index’s criteria. The Company lacks adequate top-level policy commitments to users’ freedom of expression and privacy, establishing executive and management oversight over these issues, creating a process for human rights impact assessment, and lacks stakeholder engagement and a grievance mechanism.

Freedom of Expression: The Company also fares low on Freedom of Expression as the terms of services, though easily available, are only in English language. Also, it does not commit to notify users about changes to the terms of service. While the company discloses what content and activities it prohibits , it provides no information about how the company notifies these restrictions to the users.

Regarding transparency about content restriction requests, since the Indian law prevents the company from disclosing government requests for content removal^[73], but it does not prevent the company from publishing more information about private requests for content restriction. D-VoIS does not provide any information with respect to this.

Privacy: D-VoIS is required by law to have a privacy policy available on its website, this policy is available in English, but not in other languages spoken in India. Also, D-VoIS does not disclose what user information is collected, how and why, nor does it offer users meaningful access to their information. D-VoIS does not disclose any information regarding retention of user information, and the company could improve its disclosures about what user information it collects and how long it is retained.

Though the company discloses information about its security practices, it does not disclose any information regarding its efforts to educate users about security threats. It also does not disclose information regarding requests by non-governmental entities for user data.

6.2. Tata Docomo^[74], Bangalore

The Privacy Policy and Terms & Conditions of Tata Docomo have been analysed on the basis of the Corporate Accountability index, and the answers can be accessed in Annex 2.

Summary

On the basis of the indicators and the information available, it can be ascertained that:

The Company has a freely available and understandable Data Privacy Policy and Terms of Use, though only in English language.

The Company has established electronic and administrative safeguards designed to secure the information collected to prevent unauthorized access to or disclosure of that information and to ensure it is used appropriately.

The company states circumstances in which it would restrict use of its services, along with reasons for content restriction. The company’s disclosed policies and practices demonstrate how it works to avoid contributing to actions that may interfere with the right to freedom of expression, except where such actions are lawful, proportionate and for a justifiable purpose.

The Company clearly states the kind of information collected, ways of collection and the reasons for collection as well as sharing.

Deploys industry standards for security of products and services

Analysis

Commitment: Tata Docomo fares low on Commitment since it has made no overarching public commitments to protect users’ freedom of expression or privacy in a manner that meets the Index’s criteria. Though the Company has established electronic and administrative safeguards designed to secure the information collected, it lacks adequate top-level policy commitments to users’ freedom of expression and privacy, establishing executive and management oversight over these issues, creating a process for human rights impact assessment, and lack of stakeholder engagement.

Freedom of Expression: The Company fares low on Freedom of Expression as the terms of services, though easily available, are only in English language. Also, it does not commit to notify users about changes to the terms of service. While the company discloses what content and activities it prohibits , it provides no information about how the company notifies these restrictions to the users.

Regarding transparency about content restriction requests, since the Indian law prevents the company from disclosing government requests for content removal, it does not prevent the company from publishing more information about private requests for content restriction. Tata Docomo does not provide any information with respect to that.

Privacy: Tata Docomo is required by law to have a privacy policy available on its website, this policy is available in English, but not in other languages spoken in India. No information is publically available regarding users option to control company's collection of information. Tata Docomo discloses that user information shall be retained as long as required and does not mention a specific duration for the same. Though the company discloses information about its security practices, it does not disclose any information regarding its efforts to educate users about security threats. It also does not disclose information regarding requests by non-governmental entities for user data.

7. Compliance of Privacy Policies with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

The Privacy Policy and Terms & Conditions of D-VoIS and Tata Docomo have been analysed on the basis of the security measures and procedures stated under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 to ascertain how sound and compliant the framework is with the existing data protection regime in India. The comparison can be accessed in Annex 3.

Comparing the requirements listed under the Rules with the policies of both the companies, it can be said that though the websites of both companies provide privacy policies and are easily accessible, they lack crucial information regarding consent of the user before collection as well as sharing of information. Also, though the policies state the purpose of sharing such data with third parties, it does not state the purpose of collection of the information. The policies are also silent regarding the requirements to be complied with before transferring personal data into another jurisdiction . There is also no information about the companies having a grievance officer. Additionally, though the terms of services of D-VoIS state that the customer may choose to restrict the collection or use of their personal information, both companies do not specifically provide for an opt out mechanism to its users.

8. Conclusion and Recommendations

To allay the numerous concerns regarding privacy and security with respect to public Wi-Fi’s, the ISPs must have a sound Privacy Policy in place. For this purpose, adherence to the indicators as listed under the Corporate Accountability Index, along with requirements for security of personal information stated under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 and improving the policies accordingly shall greatly contribute to protection of Freedom of Expression and ensure Privacy of user information. Ensuring compliance with the existing data protection regime in the country becomes more important in light of the growing privacy and security concerns due to proliferation of free and public Wi-Fi service in India. Adequate measures like acquiring consent for collection and sharing of user data, commitment by company executives to ensure protection of rights of individuals, adoption of security standards, creating awareness about security concerns, etc. by such corporate must be considered to ensure protection of personal information and reduce the likelihood of a data breach. Both D-VoIS and Tata Docomo must consider the following recommendations in order to meet the criteria set by the Ranking Digital Rights project, ensuring commitment towards protection of right to freedom of expression and privacy of the users.

8.1. Commitment

Set in place an oversight mechanism to monitor how the company’s policies and practices affect freedom of expression and privacy. In case the Company already has that in place, information regarding the same must be made publically available for greater transparency.
Also, they must conduct regular, comprehensive, and credible due diligence, such as human rights impact assessments, to identify how all aspects of their business impact freedom of expression and privacy.
In addition to that, they must Provide for a remedy or grievance mechanism. The Telecom Regulatory Authority of India also requires that all service providers have redress mechanisms. In case the Company already has that in place, information regarding the same must be made publically available for greater transparency.

8.2. Freedom of Expression

The Companies must make an effort to make the Terms of Service available in the most commonly spoken languages by its users, besides English.
Also, it is recommended that the Companies must ensure to provide meaningful notice to users regarding change in terms of service.
Besides disclosing what content and activities the companies prohibit, they must disclose information regarding how it enforces these prohibitions and should provide examples regarding the circumstances under which it may suspend service to individuals or areas to help users understand such policies.
The Companies must also disclose information regarding the process for evaluating and responding to requests from third parties to restrict content or service. Additionally, it must disclose how long it retains user information, publish process for evaluating and responding to requests from government and other third parties for stored user data and/or real-time communications.

8.3. Privacy

Though both the Companies disclose that the user information shall be shared with third parties, and Tata Docomo discloses what information is collected and how, yet there should be no legal impediment for the companies to improve its disclosures about what user information it collects, with whom it is shared, and how long it is retained to protect the privacy of the users.
Though Tata Docomo allows the users to review and correct their Personal Information collected by the Company, D-VoIS must release information regarding whether the users are able to view, download or otherwise obtain all of the information about them that the company holds. In case it does not allow, the Company must duly change its policy regarding the same.
The Companies must also publish information to help users defend against cyber threats.

^[1] The Financial Express, ‘Free wi-fi: Digital Dilemma’, February 22, 2015,

http://www.financialexpress.com/article/economy/free-Wi-Fi-digital-dilemma/45804/

^[2] Tata Docomo, http://www.tatadocomo.com/

^[3] D-VoIS Communication Pvt. Ltd. http://www.dvois.com/

^[4] Ranking Digital Rights, https://rankingdigitalrights.org/

^[5] the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. Available at : http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf

^[6] See : http://indianexpress.com/article/technology/technology-others/public-wifi-can-be-used-to-steal-private-information-it-security-expert/, http://www.aljazeera.com/indepth/features/2016/03/india-unlocking-public-wi-fi-hotspots-160308072320835.html , http://www.business-standard.com/article/technology/indians-most-willing-to-share-personal-data-over-public-wifi-116083000673_1.html and http://articles.economictimes.indiatimes.com/2015-05-20/news/62413108_1_corporate-espionage-hotspots-bengaluru-airport

^[7] Scroll, ‘Free wifi in Delhi is good news but here is the catch’, November 21, 2014, http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch

^[8] LinkNYC, https://www.link.nyc/

^[9] See : http://www.nyclu.org/files/releases/city%20wifi%20letter.pdf

^[10] The Huffingtonpost, ‘Maybe You Shouldn't Use Public Wi-Fi In New York City’, March 16, 2016, http://www.huffingtonpost.in/entry/public-wifi-nyc_us_56e96b1ce4b0b25c9183f74a

^[11] NYCLU, ‘City’s Public Wi-Fi Raises Privacy Concerns’, March 16, 2016,

http://www.nyclu.org/news/citys-public-wi-fi-raises-privacy-concerns

^[12] NYCLU, ‘City’s Public Wi-Fi Raises Privacy Concerns’, March 16, 2016,

http://www.nyclu.org/news/citys-public-wi-fi-raises-privacy-concerns

^[13]Information Commissioner’s Office Blog, ‘Be wary of public Wi-Fi’September 25, 2015, https://iconewsblog.wordpress.com/2015/09/25/be-wary-of-public-Wi-Fi/

^[14]Information Commissioner’s Office Blog, ‘Be wary of public Wi-Fi’September 25, 2015, https://iconewsblog.wordpress.com/2015/09/25/be-wary-of-public-Wi-Fi/

^[15]Marketing Law, ‘The ICO sounds a warning on public wi-fi and privacy’, November 24, 2015,

http://marketinglaw.osborneclarke.com/data-and-privacy/the-ico-sounds-a-warning-on-public-Wi-Fi-and-privacy/

^[16]Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32006L0024

^[17] Feiler, L., "The Legality of the Data Retention Directive in Light of the Fundamental Rights to Privacy and Data Protection", European Journal of Law and Technology, Vol. 1, Issue 3, 2010, http://ejlt.org/article/view/29/75

^[18] The Data Retention (EC Directive) Regulations 2009 http://www.legislation.gov.uk/ukdsi/2009/9780111473894/pdfs/ukdsi_9780111473894_en.pdf

^[19] Purple, ‘Update on the legal implications of offering public WiFi in the UK’, September 10, 2014, http://purple.ai/update-legal-implications-offering-public-wifi-uk/

^[20] Data Protection Act 1998, http://www.legislation.gov.uk/ukpga/1998/29/contents

^[21] Wireless Social, http://www.wireless-social.com/how-it-works/legal-compliance/

^[22] Data Protection Act 1998, https://www.gov.uk/data-protection/the-data-protection-act

^[23]The Hindu, ‘Free wifi on M.G. Road and Brigade Road from Friday’, January 23, 2014, http://www.thehindu.com/news/cities/bangalore/free-wifi-on-mg-road-and-brigade-road-from-friday/article5606757.ece

^[24]The Telegraph, ‘Free Wi-fi on tech city streets- Bangalore offers five public hotspots’, January 25, 2014, http://www.telegraphindia.com/1140125/jsp/nation/story_17863705.jsp#.VwIv_Zx97IU

^[25]Economic Times, ‘Karnataka Govt pulls the plug on public Wi-Fi spots in Bengaluru’, March 15, 2016, http://tech.economictimes.indiatimes.com/news/internet/karnataka-govt-pulls-the-plug-on-public-Wi-Fi-spots-in-bengaluru/51404414

^[26] Medianama, ‘Why Don’t Indian Airports Offer Free WiFi To Passengers?’, May 22, 2013, http://www.medianama.com/2013/05/223-indian-airports-free-wifi/

^[27]Hindustan Times, ‘BSNL launches free public WiFi at Karnataka’s Malpe beach’, January 25, 2016, http://www.hindustantimes.com/tech/bsnl-launches-free-public-wifi-on-karnataka-s-malpe-beach/story-XVM06KQKIcoyqV8CLJoYzJ.html

^[28]TechTree, ‘Problems With Free City-Wide Wi-Fi Hotspots In India’, September 28, 2015,

http://www.techtree.com/content/features/9914/problems-free-city-wide-Wi-Fi-hotspots-india.html#sthash.2ZSf9kq7.dpuf

^[29]India Today, ‘25 Indian cities to get free public Wi-Fi by June 2015’, December 17, 2014, http://indiatoday.intoday.in/technology/story/25-indian-cities-to-get-free-public-Wi-Fi-by-june-2015/1/407214.html

^[30]Business Insider, ‘Modi Government To Roll Out Free Wi-Fi In 2,500 Towns And Cities To Make India Digital’, January 23, 2015, http://www.businessinsider.in/Modi-Government-To-Roll-Out-Free-Wi-Fi-In-2500-Towns-And-Cities-To-Make-India-Digital/articleshow/45989339.cms

^[31]RailTel launches free high-speed public Wi-Fi service with Google at Mumbai Central, http://www.railtelindia.com/images/Mumbai.pdf

^[32]Economic Times, ‘Google may get government nod to conduct pilot for Project Loon in India’, May 24, 2016,

http://economictimes.indiatimes.com/tech/internet/google-may-get-government-nod-to-conduct-pilot-for-project-loon-in-india/articleshow/52408455.cms

^[33]Department of Telecommunications, Ministry of Communications & IT, Government of India, February 23, 2009, http://www.dot.gov.in/sites/default/files/Wi-%20fi%20Direction%20to%20UASL-CMTS-BASIC%2023%20Feb%2009.pdf

^[34] Scroll, ‘Free wifi in Delhi is good news but here is the catch’ November 21, 2014, http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch

^[35]MojoNetworks, ‘Complying with DoT Regulation on Secure Use of WiFi: Less in Letter, More in Spirit’, http://www.mojonetworks.com/fileadmin/pdf/Implementing_DoT_Regulation_on_WiFi_Security.pdf

^[36] Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011

^[37]The Centre for Internet & Society, ‘Privacy and the Information Technology Act — Do we have the Safeguards for Electronic Privacy?’, April 7, 2011, http://cis-india.org/internet-governance/blog/privacy/safeguards-for-electronic-privacy

^[38]License Agreement for Unified License, http://www.dot.gov.in/sites/default/files/Unified%20Licence.pdf

^[39] Telecom Regulatory Authority of India, ‘Consultation Paper on Proliferation of Broadband through Public Wi-Fi Networks’ July 13, 2016, https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf

^[40] Telecom Regulatory Authority of India, ‘Consultation Paper on Proliferation of Broadband through Public Wi-Fi Networks’ July 13, 2016, https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf

^[41] The Economic Times, ‘Trai floats consultation paper to boost broadband through Wi-Fi in public places’, July 14, 2016, http://economictimes.indiatimes.com/articleshow/53195586.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

^[42] Telecom Regulatory Authority of India, ‘Consultation Paper on Proliferation of Broadband through Public Wi-Fi Networks’ July 13, 2016, https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf

^[43]Mint, ‘Trai issues paper on public Wi-Fi networks’ July 14, 2016, http://www.livemint.com/Industry/1jVgso2R2Lz4NR5IYFaCtN/Trai-issues-paper-on-public-WiFi-networks.html

^[44]Forbes,’How To Avoid Data Theft When Using Public Wi-Fi’, March 4, 2014, http://www.forbes.com/sites/amadoudiallo/2014/03/04/hackers-love-public-wi-fi-but-you-can-make-it-safe/#373c75e32476

^[45]Symantec, ‘Norton Cyber Security Insights Report’, 2016, https://www.symantec.com/content/dam/symantec/docs/reports/2016-norton-cyber-security-insights-report.pdf

^[46]The Indian Express, ‘Indian cybercrime victims don’t learn from past experience: Norton Report’, November 18, 2016, http://indianexpress.com/article/technology/tech-news-technology/indian-users-complacent-when-it-comes-to-cyber-security-norton-report/

^[47]Mashable, ‘This is the real price you pay for 'free' public Wi-Fi’, January 26, 2016, http://mashable.com/2016/01/25/actual-cost-free-Wi-Fi/?utm_cid=mash-com-Tw-main-link#WmAJGJ_COiq5

^[48]MojoNetworks, ‘Complying with DoT Regulation on Secure Use of WiFi: Less in Letter, More in Spirit’, http://www.mojonetworks.com/fileadmin/pdf/Implementing_DoT_Regulation_on_WiFi_Security.pdf

^[49]Network Computing, ‘Public WiFi, Location Data & Privacy Anxiety’, July 4, 2015, http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374

^[50]Network Computing, ‘Public WiFi, Location Data & Privacy Anxiety’, July 4, 2015, http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374

^[51]The Indian Express, ‘Public Wifi can be used to steal private information: IT Security Expert’, May 19, 2015, http://indianexpress.com/article/technology/technology-others/public-wifi-can-be-used-to-steal-private-information-it-security-expert/#sthash.xiuWtL6v.dpuf

^[52]Medium, ‘Maybe Better If You Don’t Read This Story on Public WiFi’, October 14, 2014, https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv

^[53]Network Computing, ‘Public WiFi, Location Data & Privacy Anxiety’, July 4, 2015, http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374

^[54]University of Washington, Computer Science and Engineering, ‘When I am on Wi-Fi, I am Fearless:” Privacy Concerns & Practices in Everyday Wi-Fi Use’, https://djw.cs.washington.edu/papers/wifi-CHI09.pdf

^[55]Breitbart, ‘Fre Public Wi-Fi poses security risks’, May 19, 2015, http://www.breitbart.com/big-government/2015/05/19/free-public-wifi-poses-security-risk/

^[56]The Guardian, ‘Londoners give up eldest children in public Wi-Fi security horror show’, September 29, 2014, https://www.theguardian.com/technology/2014/sep/29/londoners-Wi-Fi-security-herod-clause

^[57] Medium, ‘Maybe Better If You Don’t Read This Story on Public WiFi’, October 14, 2014, https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv

^[58]ABC13, ‘Hackers set up fake Wi-Fi hotspots to steal your information, July 10, 2015, http://abc13.com/technology/hackers-set-up-fake-Wi-Fi-hotspots-to-steal-your-information/835223/

^[59]Medium, ‘Maybe Better If You Don’t Read This Story on Public WiFi’, October 14, 2014, https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv

^[60] Scroll, ‘Free wifi in Delhi is good news but here is the catch’ November 21, 2014, http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch

^[61] Scroll, ‘Free wifi in Delhi is good news but here is the catch’ November 21, 2014, http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch

^[62]University of Washington, Computer Science and Engineering, ‘When I am on Wi-Fi, I am Fearless:” Privacy Concerns & Practices in Everyday Wi-Fi Use’, https://djw.cs.washington.edu/papers/wifi-CHI09.pdf

^[63] Breitbart, ‘Fre Public Wi-Fi poses security risks’, May 19, 2015, http://www.breitbart.com/big-government/2015/05/19/free-public-wifi-poses-security-risk/

^[64] Ranking Digital Rights, https://rankingdigitalrights.org/who/frequently-asked-questions/

^[65] Business & Human Rights Resource Centre, ‘Ranking Digital Rights Project’, http ://business-humanrights.org/en/documents/ranking-digital-rights-project

^[66] Ranking Digital Rights, https://rankingdigitalrights.org/about/

^[67] Ranking Digital Rights, https://rankingdigitalrights.org/about/

^[68] Ranking Digital Rights, https://rankingdigitalrights.org/who/frequently-asked-questions/

^[69] Ranking Digital Rights, https://rankingdigitalrights.org/who/frequently-asked-questions/

^[70] Ranking Digital Rights, https://rankingdigitalrights.org/about/

^[71] Ranking Digital Rights, https://rankingdigitalrights.org/who/frequently-asked-questions/

^[72] D-VoIS Communication Pvt. Ltd. http://www.dvois.com/

^[73]Section 16 of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 states that all request and complaints must be kept confidential.

^[74] Tata Docomo, http://www.tatadocomo.com/

For more details visit https://cis-india.org/internet-governance/blog/privacy-and-security-implications-of-public-wi-fi-a-case-study

Guru Gomke is a Stylish Ol Chiki Typeface for India’s Santali Speakers

praskrishna — 2016-12-01T14:56:41Z

The blog post was published by AIGA.org on November 29, 2016. Subhashish Panigrahi was consulted.

Back story: Ever met a teenaged girl yearning to be a typeface designer? Yes? Then perhaps you know Pooja Saxena, who recognized her life’s calling when she was still in high school. Saxena went on to study with type historian and designer Fiona Ross at the University of Reading in the UK.

The idea for Guru Gomke came from a chat she had with Panigrahi, whose work with the Access to Knowledge (A2K) Program at the Centre for Internet and Society in Bangalore underscored the lack of tools and resources available for India’s minority languages online. For example, Ol Chiki is the alphabet needed to write the language Santali, used by over 5 million people in India and its neighboring countries. “At the time of our conversation, we couldn’t find a single Unicode-compliant font in the script—forget a typeface family with a bold or an italic. [Noto Sans Ol Chiki, in regular and bold, has since been released]. Subhashish mentioned all these minority scripts in India that people can’t use because fonts and keyboards for them don’t exist,” Saxena says. “I was enthusiastic to help create a free open-source typeface family and input methods in Ol Chiki, and thanks to Subhashish’s work with A2K, he was able to make it happen.”

Why’s it called Guru Gomke? Guru Gomke is a title of respect for Pandit Raghunath Murmu, creator of the Ol Chiki script in the early 20th century. The name translates to “great teacher.” It was recommended to Panigrahi by one of the language experts consulted by the designers, and they found it a wonderful nod to the history of the script.

What are its distinguishing characteristics? Its very existence, frankly. It’s now one of just two Unicode-compliant fonts with both bold and italic character sets.

What should I use it for? Next time you need to set absolutely anything in Ol Chiki.

What other typefaces do you like to pair it with? Matched to Source Sans Pro visually and proportionally, these two fonts are visually harmonic used anywhere Ol Chiki and Latin texts have to work together. In fact, the Latin glyphs included in Guru Gomke are derived from Source Sans Pro.

For more details visit https://cis-india.org/a2k/news/eye-on-design-aiga-guru-gomke-is-stylish

The Technology Behind Big Data

praskrishna — 2016-12-02T01:23:26Z

For more details visit https://cis-india.org/internet-governance/files/technology-behind-big-data.pdf

The Technology behind Big Data

Geethanjali Jujjavarapu and Udbhav Tiwari — 2016-12-04T09:53:43Z

The authors undertakes a high-level literature review of the most commonly used technological tools and processes in the big data life cycle. The big data life cycle is a conceptual construct that can be used to study the various stages that typically occur in collecting, storing and analysing big data, along with the principles that can govern these processes.

Download the Paper (PDF, 277 kb)

Introduction

Defining big data is a disputed area in the field of computer science^{^[1]}, there is some consensus on a basic structure to its definition^{^[2]}. Big data is data that is collected in the form of datasets that has three main criteria: size, variety & velocity, all of which operate at an immense scale^{^[3]}. It is ‘big’ in size, often running into petabytes of information, has vast variety within its components, and is created, captured and analysed at an incredibly rapid velocity. All of this also makes big data difficult to handle using traditional technological tools and techniques.

This paper will attempt to perform a high-level literature review of the most commonly used technological tools and processes in the big data life cycle. The big data life cycle is a conceptual construct that can be used to study the various stages that typically occur in collecting, storing and analysing big data, along with the principles that can govern these processes. The big data life cycle consists of four components, which will also be the key structural points of the paper, namely: Data Acquisition, Data Awareness, Data Analytics & Data Governance.⁴ The paper will focus on the aspects that the author believes are relevant for analysing the technological impact of big data on both technology itself and society at large.

Scope: The scope of the paper is to study the technology used in big data using the "Life Cycle of Big Data" as model structure to categorise & study the vast range of technologies that are involved in big data. However, the paper will be limited to the study of technology related directly to the big data life cycle. It shall specifically exclude the use/utilisation of big data from its scope since big data is most often being fed into other, unrelated technologies for consumption leading to rather limitless possibilities.

Goal: Goal of the paper is twofold: a.) to use the available literature on the technological aspects of big data, to perform a brief overview of the technology in the field and b.) to frame the relevant research questions for studying the technology of big data and its possible impact on society.

Data Acquisition

Acquiring big data has two main sub components to it, the first being sensing the existence of the data’ itself and the second, the stage of collecting and storing this data. Both of these subcomponents are incredibly diverse fields, with lots of rapid change occurring in the technology utilised to carry out these tasks. The section will provide a brief overview of the subcomponents and then discuss the technology used to fulfil the tasks.

Data Sensing

Data does not exist in a vacuum and is always created as a part of a larger process, especially in the aspect of modern technology. Therefore, the source of the data itself plays a vital role in determining how it can be captured and analysed in the larger scheme of things. Entities constantly emit information into the environment that can be utilised for the purposes of big data, leading to two main kinds of data: data that is “born digital” or “born analogue.”^{^[4]}

Born Digital Data

Information that is “born digital,” is created, by a user or by a digital system, specifically for use by a computer or data‐processing system. This is a vast range of information and newer fields are being added to this category on a daily basis. It includes, as a short, indicative list: email and text messaging, any form of digital input, including keyboards, mouse interactions and touch screens, GPS location data, data from daily home appliances (Internet of Things), etc. All of this data can be tracked and tagged to users as well as be aggregated to form a larger picture, massively increasing the scope of what may constitute the ‘data’ in big data.

Some indicative uses of how such born digital data is catalogued by technological solutions on the user side, prior to being sent for collection/storage are:

a.) Cookies - There are small, often just text, files that are left on user devices by websites in order to that visit, task or action (for example, logging into an email account) with a subsequent event.^{^[5]} (for example, revisiting the website)

b.) Website Analytics^{^[6]} - Various services, such as Google Analytics, Piwik, etc., can use JavaScript and other web development languages to record a very detailed, intimate track of a user's actions on a website, including how long a user hovers above a link, the time spent on the website/application and in some cases, even the time spent specific aspects of the page.

c.) GPS^{^[7]} - With the almost pervasive usage of smartphones with basic location capabilities, GPS sensors on these devices are used to provide regular, minute driven updates to applications, operating systems and even third parties about the user's location. Modern variations such as A-GPS can be used to provide basic positioning information even without satellite coverage, vastly expanding the indoor capabilities of location collection.

All of these instances of sensing born digital data are common terms, used in daily parlance by billions of people from all over the world, which is a symbolic of just how deeply they have pervaded into our daily lifestyle. Apart from privacy & security concerns this in turn also leads to an exponential increase in the data available to collect for any interested party.

Sensor Data

Information is said to be “analogue” when it contains characteristics of the physical world, such as images, video, heartbeats, etc. Such information becomes electronic when processed by a “sensor,” a device that can record physical phenomena and convert it into digital information. Some examples to better illustrate information that is born analogue but collected via digital means are:

a.) Voice and/or video content on devices - Apart from phone calls and other forms communication, video and voice based interactions have started to regularly be captured to provide enhanced services. These include Google Now^{^[8]}, Cortana^{^[9]} and other digital assistants as well as voice guided navigation systems in cars, etc.

b.) Personal health data such as heartbeats, blood pressure, respiration, velocity, etc. - This personal, potentially very powerful information is collected by dedicated sensors on devices such as Fitbit^{^[10]}, Mi Band^{^[11]}, etc. as well as by increasingly sophisticated smartphone applications such as Google Fit that can do so without any special device.

c.) Camera on Home Appliances - Cameras and sensors on devices such as video game consoles (Kinect^{^[12]} being a relevant example) can record detailed human interactions, which can be mined for vast amounts of information apart from carrying out the basic interactions with the devices itself.

While not as vast a category as born digital data, the increasingly lower costs of technology and ubiquitous usage of digital, networked devices is leading to information that was traditionally analogue in nature to be captured for use at a rapidly increasing rate.

Data Collection & Storage

Traditional data was normally processed using the Extract, Transform, Load (ETL) methodology, which was used to collect the data from outside sources, modify the data to fit needs, and then upload the data into the data storage system for future use.^{^[13]} Technology such as spreadsheets, RDBMS databases, Structured Query Languages (SQL), etc. were all initially used to carry out these tasks, more often than not manually. ^{^[14]}

However, for big data, the methodology traditionally followed is both inefficient and insufficient to meet the demands of modern use. Therefore, the Magnetic, Agile, Deep (MAD) process is used to collect and store data^{^[15]}^{^[16]}. The needs and benefits of such a system are: attracting all the data sources regardless of their quality (magnetic), logical and physical contents of storage systems adapting to the rapid data evolution in big data (agile) and complex algorithmic statistical analysis required of big data on a very short notice^{^[17]}. (deep)

The technology used to perform data storage using the MAD process requires vast amount of processing power, which is very difficult to create in a single, physical space/unit for nonstate or research entities, who cannot afford supercomputers. Therefore, most solutions used in big data rely on two major components to store data: distributed systems and Massive Parallel Processing^{^[18]} (MPP) that run on non-relational (in-memory) database systems. Database performance and reliability is traditionally gauged using pure performance metrics (FLOPS per second, etc.) as well as the Atomicity, consistency, isolation, durability (ACID) criteria.^{^[19]} The most commonly used database systems for big data applications are given below. The specific operational qualities and performance of each of these databases is beyond the scope of this review but the common criteria that makes them well suited for big data storage have been delineated below.

Non-relational databases

Databases traditionally used to be structured entities that operated solely on the ability to correlate information stored in them using explicitly defined relationships. Even prior to the advent of big data, this outlook was turning out to be a limiting factor in how large amounts of stored information could be leveraged, this led to the evolution of non relational database systems. Before going into them in detail, a basic primer on their data transfer protocols will be helpful in understanding their operation.

A protocol is a model that structures instructions in a particular manner so that it can be reproduced from one system to another^{^[20]}^{^[21]}. The protocols which govern technology in the case of big data have gone through many stages of evolution, starting off with simple HTML based systems^{^[22]}, which then evolved to XML driven SOAP systems^{^[23]}, which led to JavaScript Object Notation, or JSON^{^[24]}, the currently used form for in most big database systems. JSON is an open format used to transfer data objects, using human-readable text and is the basis for most of the commonly used non-relational database management systems. Examples of Non-relational databases also known as NoSQL databases, include MongoDB^{^[25]}, Couchbase^{^[26]}, etc. They were developed for both managing as well as storing unstructured data. They aim for scaling, flexibility, and simplified development. Such databases rather focus on the high-performance scalable data storage, and allow tasks to be written in the application layer instead of databases specific languages, allowing for greater interoperability.^{^[27]}

In-Memory Databases

In order to overcome performance limitation of traditional database systems, some modern databases now use in-memory databases. These systems manage the data in the RAM memory of the server, thus eliminating storage disk input/output. This allows for almost realtime responses from the database, in comparisons to minutes or hours required on traditional database systems. This improvement in the performance is so massive that, entirely new applications are being developed for using IMDB systems.^{^[28]} These IMDB systems are also being used for advanced analytics on big data, especially to increase the access speed to data and increase the scoring rate of analytic models for analysis.^{^[29]} Examples of IMDB include VoltDB^{^[30]}, NuoDB^{^[31]}, SolidDB^{^[32]} and Apache Spark^{^[33]}.

Hybrid Systems

These are the two major systems used to store data prior to it being processed or analysed in a big data application. However, the divide between data storage and data management is a slim one and most database systems also contain various unique attributes that cater them to specific kinds of analysis. (as can be seen from the IMDB example above) One example of a very commonly used Hybrid system that deals with storage as well as awareness of the data is Apache Hadoop³³, which is detailed below.

Apache Hadoop

Hadoop consists of two main components: the HDFS for the big data storage, and MapReduce for big data analytics, each of which will be detailed in their respective section.

The HDFS^{^[34]}^{^[35]} storage function in Hadoop provides a reliable distributed file system, stored across multiple systems for processing & redundancy reasons. The file system is optimized for large files, as single files are split into blocks and spread across systems known as cluster nodes.^{^[36]} Additionally, the data is protected among the nodes by a replication mechanism, which ensures availability even if any node fails. Further, there are two types of nodes: Data Nodes and Name Nodes.^{^[37]} Data is stored in the form of file blocks across the multiple Data Nodes while the Name Node acts as an intermediary between the client and the Data Node, where it directs the requesting client to the particular Data Node which contains the requested data.

This operating structure for storing data also has various variations within Hadoop such as HBase for key/value pair type queries (a NoSQL based system), Hive for relational type queries, etc. Hadoop’s redundancy, speed, ability to run on commodity hardware, industry support and rapid pace of development have led to it being almost co-equivalently associated with big data.^{^[38]}

Data Awareness

Data Awareness, in the context of big data, is the task of creating a scheme of relationships within a set of data, to allow different users of the data to determine a fluid yet valid context and utilise it for their desired tasks.^{^[39]} It is a relatively new field, in which most of the work is currently being done on semantic structures to allow data to gain context in an interoperable format, in contrast to the current system where data is given context using unique, model specific constructs.^{^[40]} (such as XML Schemes, etc.)

Some of the original work on this field was carried out in the form of utilising the Resource Description Framework (RDF), which was built primarily to allow describing of data in a portable manner, especially being agnostic towards platforms and systems for Semantic Web at the W3C. SPARQL is the language used to implement RDF based designs but both largely remain underutilised in both the public domain as well as big data. Authors such as Kurt

Cagle^{^[41]} and Bob DuCharme^{^[42]} predict its explosion in the next couple of years. Companies have also started realising the value of interoperable context, with Oracle Spatial^{^[43]} and IBM’s DB2^{^[44]} already including RDF and SPARQL support in the past 3 years.

While underutilised, the rapid developments taking place in the field will make the impact that data awareness may have on big data as big as Hadoop and maybe even SQL. Some aspects of it are already beginning to be used in Artificial Intelligence, Natural Language Processing, etc. with tremendous scope for development.^{^[45]}

Data Processing & Analytics

Data Processing largely has three primary goals: a. determines if the data collected is internally consistent; b. make the data meaningful to other systems or users using either metaphors or analogy they can understand; and (what many consider most importantly) provide predictions about future events and behaviours based upon past data and trends.^{^[46]}

Being a very vast field with rapidly changing technologies governing its operation, this section will largely concentrate on the most commonly used technologies in data analytics.

Data analytics requires four primary conditions to be met in order to carry out effective processing: fast, data loading, fast query processing, efficient utilisation of storage and adaptivity to dynamic workload patterns. The analytical model most commonly associated with meeting this criteria and with big data in general is MapReduce, detailed below. There are other, more niche models and algorithms (such as Project Voldemort^{^[47]} used by LinkedIn), which are used in big data but they are beyond the scope of the review, and more information about them can be read at article linked in the previous citation. (Reference architecture and classification of technologies, products and services for big data system)

MapReduce

MapReduce is a generic parallel programming concept, derived from the “Map” and “Reduce” of functional programming languages, which makes it particularly suited for big data operations. It is at the core of Hadoop^{^[48]}, and performs the data processing and analytics functions in other big data systems as well.^{^[49]} The fundamental premise of MapReduce is scaling out rather than scaling up, i.e., (adding more numerical resources, rather than increasing the power of a single system)^{^[50]}

MapReduce operates by breaking a task down into steps and executing the steps in parallel, across many systems. This comes with two advantages, a reduction in the time needed to finish the task and also a decrease in the amount of resources one has to expend to perform the task, in both power and energy. This model makes it ideally suited for the large data sets and quick response times required of big data operations generally.

The first step of a MapReduce job is to correlate the input values to a set of keys/value pairs as output. The “Map” function then partitions the processing tasks into smaller tasks, and assigns them to the appropriate key/value pairs.^{^[51]} This allows unstructured data, such as plain text, to be mapped to a structured key/value pair. As an example, the key could be the punctuation in a sentence and the value of the pair could be the number of occurrences of the punctuation overall. This output of the Map function is then passed on “Reduce” function.^{^[52]} Reduce then collects and combines this output, using identical key/value pairs, to provide the final result of the task.^{^[53]} These steps are carried using the Job Tracker & Task Tracker in Hadoop but different systems have different methodologies to carry out similar tasks.

Data Governance

Data Governance is the act of managing raw big data as well as the processed information that arises from big data in order to meet legal, regulatory and business imposed requirements. While there is no standardized format for data governance, there have been increasing call with various sectors (especially healthcare) to create such a format to ensure reliable, secure and consistent big data utilisation across the board. The following tactics and techniques have been utilised or suggested for data governance, with varying degrees of success:

Zero-knowledge systems: This technological proposal maintains secrecy with respect to the low-level data while allowing encrypted data to be examined for certain higherlevel abstractions.^{^[54]} For the system to be zero-knowledge, the client’s system will have to encrypt the data and send it to the storage provider. Due to this, the provider stores the data in the encrypted format and cannot decipher the same unless he/she is in possession of the key which will decrypt the data into plaintext. This allows the individual to store his data with a storage provider while also maintaining anonymity of the details contained in such information. However, these are currently just beginning to be used in simple situations. As of now, they are not expandable to unstructured and complex cases and have to be developed marginally before they can be used for research and data mining purposes.
Homomorphic encryption: Homomorphic encryption is a privacy preserving technique which performs searches and other computations over data that is encrypted while also protecting the individual’s privacy.^{^[55]} This technique has however been considered to be impractical and is deemed to be an unlikely policy alternative for near future purposes in the context of preserving privacy in the age of big data.^{^[56]}
Multi-party computation: In this technique, computation is done on encrypted distributed data stores.^{^[57]} This mechanism is closely related to homomorphic encryption where individual data is kept private using encryption algorithms called “collusion-robust” while the same is used to calculate statistics.^{^[58]} The parties involved are aware of some private data and each of them use a protocol which produces results based on the information they are aware of and the information they are not aware of, without revealing the data they are not already aware of.^{^[59]} Multi-party computations thus help in generating useful data for statistical and research purposes without compromising the privacy of the individuals.

Differential Privacy: Although this technological development is related to encryption, it follows a different technique. Differential privacy aims at maximizing the precision of computations and database queries while reducing the identifiability of the data owners who have records in the database, usually through obfuscation of query results.^{^[60]} This is widely applied today in the existence of big data in order to ensure preservation of privacy while trying to reap the benefits of large scale data collection.^{^[61]}
Searchable encryption: Through this mechanism, the data subject can make certain data searchable while minimizing exposure and maximizing privacy.^{^[62]} The data owner can make his information available through search engines by providing the data in an encrypted format but by adding tags consisting of certain keywords which can be deciphered by the search engine. This encrypted data shows up in the search results when searched with these particular keywords but can only be read when the person is in possession of the key which is required for decrypting the information.

This technique of encryption provides maximum security to the individual’s data and preserves privacy to the greatest possible extent.

K-anonymity: The property of k-anonymity is being applied in the present day in order to preserve privacy and avoid re-identification.^{^[63]} A certain data set is said to possess the property of k-anonymity if individual specific data can be released and used for various purposes without re-identification. The analysis of the data should be carried out without attributing the data to the individual to whom it belongs and should give scientific guarantees for the same.
Identity Management Systems: These systems enable the individuals to establish and safeguard their identities, explain those identities with the help of attributes, follow the activity of their identities and also delete their identities if they wish to.^{^[64]} It uses cryptographic schemes and protocols to make anonymous or pseudonymous the identities and credentials of the individuals before analysing the data.
Privacy Preserving Data Publishing: This is a method in which the analysts are provided with the individual’s personal information with the ability to decipher particular information from the database while preventing the inference of certain other information which might lead to a breach of privacy.^{^[65]} Data which is essential for the analysis will be provided for processing while sensitive data will not be disclosed. This tool primarily focuses on microdata.
Privacy Preserving Data Mining: This mechanism uses perturbation methods and randomization along with cryptography in order to permit data mining on a filtered version of the data which does not contain any form of sensitive information. PPDM focuses on data mining results unlike PPDP.^{^[66]}

Conclusion

Studying the technology surrounding big data has led to two major observations: the rapid pace of development in the industry and the stark lack of industry standards or government regulations directed towards big data technologies. These observations have been the primary motivating factor for framing further research in the field. Understanding how to deal with big data technologically, rather than just the potential regulation of possible harms after the technological processes have been performed might be critical for the human rights dialogue as these processes become even more extensive, opaque and technologically complicated.

[1] EMC: Data Science and Big Data Analytics. In: EMC Education Services, pp. 1–508 (2012)

[2] Bakshi, K.: Considerations for Big Data: Architecture and Approaches. In: Proceedings of the IEEE Aerospace Conference, pp. 1–7 (2012)

[3] Adams, M.N.: Perspectives on Data Mining. International Journal of Market Research 52(1), 11–19 (2010) ⁴ Elgendy, N.: Big Data Analytics in Support of the Decision Making Process. MSc Thesis, German University in Cairo, p. 164 (2013)

[4] Big Data and Privacy: A Technological Perspective - President’s Council of Advisors on Science and

Technology (May 2014)

[5] Chen, Hsinchun, Roger HL Chiang, and Veda C. Storey. "Business Intelligence and Analytics: From Big Data to Big Impact." MIS quarterly 36.4 (2012): 1165-1188.

[6] Chandramouli, Badrish, Jonathan Goldstein, and Songyun Duan. "Temporal analytics on big data for web advertising." 2012 IEEE 28th international conference on data engineering. IEEE, 2012.

[7] Laurila, Juha K., et al. "The mobile data challenge: Big data for mobile computing research." Pervasive Computing. No. EPFL-CONF-192489. 2012.

[8] Lazer, David, et al. "The parable of Google flu: traps in big data analysis." Science 343.6176 (2014): 12031205.

[9] ibid

[10] Banaee, Hadi, Mobyen Uddin Ahmed, and Amy Loutfi. "Data mining for wearable sensors in health monitoring systems: a review of recent trends and challenges." Sensors 13.12 (2013): 17472-17500.

[11] ibid

[12] Chung, Eric S., John D. Davis, and Jaewon Lee. "Linqits: Big data on little clients." ACM SIGARCH Computer Architecture News. Vol. 41. No. 3. ACM, 2013.

[13] Kornelson, Kevin Paul, et al. "Method and system for developing extract transform load systems for data warehouses." U.S. Patent No. 7,139,779. 21 Nov. 2006.

[14] Henry, Scott, et al. "Engineering trade study: extract, transform, load tools for data migration." 2005 IEEE Design Symposium, Systems and Information Engineering. IEEE, 2005.

[15] Cohen, Jeffrey, et al. "MAD skills: new analysis practices for big data." Proceedings of the VLDB Endowment

[16] .2 (2009): 1481-1492.

[17] Elgendy, Nada, and Ahmed Elragal. "Big data analytics: a literature review paper." Industrial Conference on Data Mining. Springer International Publishing, 2014.

[18] Wu, Xindong, et al. "Data mining with big data." IEEE transactions on knowledge and data engineering 26.1 (2014): 97-107.

[19] Supra Note 17

[20] Hu, Han, et al. "Toward scalable systems for big data analytics: A technology tutorial." IEEE Access 2 (2014):

[21] -687.

[22] Kurt Cagle, Understanding the Big Data Lifecycle - LinkedIn Pulse (2015)

[23] Coyle, Frank P. XML, Web services, and the data revolution. Addison-Wesley Longman Publishing Co., Inc., 2002.

[24] Pautasso, Cesare, Olaf Zimmermann, and Frank Leymann. "Restful web services vs. big'web services: making the right architectural decision." Proceedings of the 17th international conference on World Wide Web. ACM, 2008.

[25] Banker, Kyle. MongoDB in action. Manning Publications Co., 2011

[26] McCreary, Dan, and Ann Kelly. "Making sense of NoSQL." Shelter Island: Manning (2014): 19-20.

[27] ibid

[28] Zhang, Hao, et al. "In-memory big data management and processing: A survey." IEEE Transactions on Knowledge and Data Engineering 27.7 (2015): 1920-1948.

[29] ibid

[30] ibid

[31] Supra Note 20

[32] Ballard, Chuck, et al. IBM solidDB: Delivering Data with Extreme Speed. IBM Redbooks, 2011.

[33] Shanahan, James G., and Laing Dai. "Large scale distributed data science using apache spark." Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 2015. ³³ Shvachko, Konstantin, et al. "The hadoop distributed file system." 2010 IEEE 26th symposium on mass storage systems and technologies (MSST). IEEE, 2010.

[34] Borthakur, Dhruba. "The hadoop distributed file system: Architecture and design." Hadoop Project Website

[35] .2007 (2007): 21.

[36] ibid

[37] ibid

[38] Zikopoulos, Paul, and Chris Eaton. Understanding big data: Analytics for enterprise class hadoop and streaming data. McGraw-Hill Osborne Media, 2011.

[39] Bizer, Christian, et al. "The meaningful use of big data: four perspectives--four challenges." ACM SIGMOD Record 40.4 (2012): 56-60.

[40] Kaisler, Stephen, et al. "Big data: issues and challenges moving forward." System Sciences (HICSS), 2013 46th Hawaii International Conference on. IEEE, 2013.

[41] Supra Note 21

[42] DuCharme, Bob. "What Do RDF and SPARQL bring to Big Data Projects?." Big Data 1.1 (2013): 38-41.

[43] Zhong, Yunqin, et al. "Towards parallel spatial query processing for big spatial data." Parallel and

Distributed Processing Symposium Workshops & PhD Forum (IPDPSW), 2012 IEEE 26th International. IEEE, 2012.

[44] Ma, Li, et al. "Effective and efficient semantic web data management over DB2." Proceedings of the 2008 ACM SIGMOD international conference on Management of data. ACM, 2008.

[45] Lohr, Steve. "The age of big data." New York Times 11 (2012).

[46] Pääkkönen, Pekka, and Daniel Pakkala. "Reference architecture and classification of technologies, products and services for big data systems." Big Data Research 2.4 (2015): 166-186.

[47] Sumbaly, Roshan, et al. "Serving large-scale batch computed data with project voldemort." Proceedings of the 10th USENIX conference on File and Storage Technologies. USENIX Association, 2012.

[48] Bar-Sinai, Michael. "Big Data Technology Literature Review." arXiv preprint arXiv:1506.08978 (2015).

[49] ibid

[50] Condie, Tyson, et al. "MapReduce Online." Nsdi. Vol. 10. No. 4. 2010.

[51] Supra Note 47

[52] Dean, Jeffrey, and Sanjay Ghemawat. "MapReduce: a flexible data processing tool." Communications of the ACM 53.1 (2010): 72-77.

[53] ibid

[54] Big Data and Privacy: A Technological Perspective, White House,

https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014

[55] Tene, Omer, and Jules Polonetsky. "Big data for all: Privacy and user control in the age of analytics." Nw. J. Tech. & Intell. Prop. 11 (2012): xxvii.

[56] Big Data and Privacy: A Technological Perspective, White House,

https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014

[57] Privacy by design in big data, ENISA

[58] Big Data and Privacy: A Technological Perspective, White House,

https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014

[59] Id

[60] Id

[61] Tene, Omer, and Jules Polonetsky. "Privacy in the age of big data: a time for big decisions." Stanford Law Review Online 64 (2012): 63.

[62] Lane, Julia, et al., eds. Privacy, big data, and the public good: Frameworks for engagement. Cambridge University Press, 2014.

[63] Crawford, Kate, and Jason Schultz. "Big data and due process: Toward a framework to redress predictive privacy harms." BCL Rev. 55 (2014): 93.

[64] http://homes.esat.kuleuven.be/~sguerses/papers/DanezisGuersesSurveillancePets2010.pdf

[65] Seda Gurses and George Danezis, A critical review of 10 years of privacy technology, August 12th 2010, http://homes.esat.kuleuven.be/~sguerses/papers/DanezisGuersesSurveillancePets2010.pdf

[66] Id

For more details visit https://cis-india.org/internet-governance/blog/technology-behind-big-data

BIS on Smart Cities Indicators

praskrishna — 2016-11-30T15:56:58Z

For more details visit https://cis-india.org/internet-governance/files/bis-on-smart-cities-indicators.pdf

The Quest for Education – Persons with Disabilities, Severely Challenged

nirmita — 2016-11-30T15:38:55Z

Education is the fundamental building block of development; it leads to an improved quality of life, employment, social acceptance and inclusion, national development and intellectual growth.

Published in Your Story on November 24, 2016

The right to education and the current census figures

Over the past decade, multiple efforts and initiatives associated with policy and programme towards achieving the goal of education have taken place. However, there are still millions of children with disabilities and students who are struggling to access basic and higher education and for whom economic independence appears to be an elusive dream.

The 2011 census figures show that the literacy rates for persons with disabilities are much lower than that of the non-disabled population of the country and even within that, certain disabilities and women across disabilities have a lower percentage. The overall literacy rate for persons with disabilities is 59 percent compared to 74 percent for the general population. The literacy level of women with disabilities in urban areas is 61 percent, which is 9 percent lower than their male counterparts. While women with disabilities in rural areas are worse with a literacy rate of 38 percent, 20 percent lower than disabled males. And people with multiple disabilities fare the worst, with a 35.8 percent literacy rate. Their education needs in terms of content, technology, training and support remain unfulfilled.

Challenges faced by the disabled

The issues faced by children with different disabilities vary. For instance, in the case of children with print impairment, there is need for aggressive implementation of schemes to provide assistive technology since most disabled students do not have access to technologies in most states. Students who are blind are dependent upon Braille materials, which often do not reach them before half the school term is over. And this only supports the bare minimum need in terms of reading and not any extra knowledge building requirements. In some states, laptops are being distributed; however, these are unaccompanied by any training requirements, so it is unclear how many students are really able to use their devices. In places where these devices are available, they are mostly provided to students from the ninth standard.

Thus, in some states, laptops are being distributed; however, these are unaccompanied by any training requirements, so it is unclear how many students are really able to use their devices. In places where these devices are available, they are mostly provided to students from the ninth standard. Thus, transition becomes difficult and they find it hard to write their own exams. So while their sighted counterparts are experimenting with technology from a much earlier age, they are introduced to it at a much later stage, by which time their colleagues are far ahead of them.

Children with hearing impairments also face many challenges. They are isolated from mainstream communication as well; there are only around 250 sign language interpreters in India and sometimes one person has to cater to the requirements of an entire state. Hence, they grow and are educated in isolation without proper means of integration in inclusive schools. The physical environments in most schools also tend to be inaccessible for those with mobility impairments.

It is a rather dismal scenario content wise too. The course content put out by different boards is not in accessible formats, so organisations serving the blind have to convert them into an accessible format. There is a strain on resources. In the case of regional language content, the expense of typing out Telugu or Tamil is high and often increases the cost of the book 10-fold. Just converting the basic course syllabus for any one subject for a BA course can run into lakhs. Hence, there is very limited access to books.

The third challenge is the lack of trained manpower and resources to provide an enriching reading experience for a child with a disability. Children not only have to deal with restrictive resource conditions, but also difficult social conditions and stigma at school. Attitudinal changes need to occur and a lot of this begins at home and school. Consider this, in a rural setting; students in a class have access to a teacher full time during school hours. But there may be only one special needs teacher catering to students with multiple disabilities across several schools. So instead of having more support, a student with disability has to actually deal with severely limited support.

Often these teachers are ironically paid much lesser than other teachers, considering that they actually need more skills and patience to teach children with disabilities. Only in the field of disability does one encounter a situation where a specialisation is undervalued and under paid, whereas in all other genre of professions like medicines, one has to do a generalisation before a specialisation. What sort of prospects then do we offer children with disabilities? What we need is resource centres at each college and school, or if that is not possible, then at least resource centres at district level coordinating support in an appropriate manner with adequately paid and skilled teachers.

Promoting technology

Promoting use of technology and open source software and imparting training at an early age will go a long way in making students with disabilities self-sufficient and independent. And of course, the issue of content is of primary importance. All boards must embrace accessible standards such as EPUB 3.0 for publications and WCAG 2.0 for their websites and make course content available in accessible formats. Exemption of certain topics should be replaced by facilitating learning using innovative methods and tools. Importantly, there also needs to be focus on providing education targeted towards profession and gainful employment.

Clearly, there is a long way to go before we can talk of inclusive education for children with disabilities; there is a severe shortage of even exclusive or special education. To improve the situation, individual piecemeal efforts alone will not make a difference. It is essential to have a systemic approach to inclusive education, with sufficient implementation and infrastructural support, if we are to progress to a point where every child with disability is encouraged to learn and be prepared for a world of employment, independence and dignity.

For more details visit https://cis-india.org/accessibility/blog/your-story-nirmita-narasimhan-november-24-2016-quest-for-education-persons-with-disabilities-severely-challenged

Comments to the BIS on Smart Cities Indicators

Elonnai Hickok, Rohini Lakshané and Udbhav Tiwari — 2016-12-11T07:56:16Z

The Bureau of Indian Standards released the Smart Cities - Indicator on 30 September 2016. The Centre for Internet & Society (CIS) presented its views.

View the PDF

Name of the Commentator/ Organisation: The Centre for Internet and Society, India^[1]

PRELIMINARY

This submission presents comments by the Centre for Internet and Society, India (“CIS”) on the Smart Cities - Indicators (dated 30 September 2016), released by the Bureau of Indian Standards (“BIS”).
CIS is thankful for the opportunity to put forth its views.
This submission is divided into three main parts. The first part, ‘Preliminary’, introduces the document; the second part, ‘About CIS’, is an overview of the organization; and, the third part contains the ‘Comments’.

ABOUT CIS

CIS is a non-profit organisation^{^[2]} that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, freedom of speech and expression, intermediary liability, digital privacy, and cybersecurity.
CIS values the fundamental principles of justice, equality, freedom and economic development. This submission is consistent with CIS' commitment to these values, the safeguarding of general public interest and the protection of India's national interest at the international level. Accordingly, the comments in this submission aim to further these principles.

III. Comments

Clause/ Para/ Table/ Figure No. commented	Comments/Modified Wordings	Justification of Proposed Change
General Comment	The indicators could generally utilize more of smart data, from both analog and digital sources, to better reflect the performance of various	Using technology to gather information rather than limiting its scope to existing mostly non-digital sources of data. There is a lot of potential information,

	indicators.	already collected, that simply goes unused or underutilized. Principled use of such information to make informed decisions on key aspects of urban development will lead to ‘truly’ smart cities. Further, the indicators should include actionable aspects and include avenues to leverage research to better their performance. Moreover, indicators that allow for audits for rights and transparency should be focused on as core indicators.
General Comment	Indicators are limited in scope to basic sustainability.	The indicators in their current form restrict themselves to sustainability, focused on basic sustenance, which seems to limit the scope of the Smart Cities project. Having a core set of indicators that is more relevant to India but also have an optional, more ambitious set of indicators for cities to become truly advanced and for the standard to be more dynamic. Encourage them by leveraging technology in a sustainable, human welfare and development-oriented approach, which the indicators can inculcate. Further, policy pivots being driven by these indicators could be given to make the decision making in smart cities more transparent and accountable.
Economy	Granularity of information pertaining to macro-level economic indicators	All the indicators in the Economic section pertain to macro-level standards/ indicators. Their limitation is that they provide very little information about the diversity of the economy of a city, the factors responsible for positive or negative effects and offer no real way to encourage microeconomic changes that can lead to the improvement of the economic condition of a city, aided by modern technology. Example indicators could be: average GDP of districts within a city, and total number of operating businesses and merchants in sub-localities in the city. All of this data can also be used to drive micro policies to enable localized development.

Education	Include data at city-level and indicators for higher education.	The indicators measured in the Education section only look at city level information about schools, ignoring district and even school level information already recorded and present in the system. Teacher and student attendance rates, level of basic infrastructure present in schools, presence of toilets for both genders, provisions for meals, etc. are some of the parameters that can be included in the indicator list. Further, the list completely excludes college education (both degree and diploma level) as a relevant indicator, nor does it include indicators for the average education of the population of the city, both of which can be easily measured using census data.

		Further, data that allows for a holistic decision making process - poverty levels, distance to schools, transportation levels, access to higher learning, etc. can also be used as supporting indicators. These could come from studies already done that call out the factors.
5. Education 5.1, 5.2, 5.3, 5.5	Include gender-specific indicators for students completing primary education, secondary education, and higher education, and enrolled in education institutions. Change the term “survival rate” to “retention rate”.	Indicators for the “survival rate” (may be better represented as retention rate) of students who identify as female or transgender in schools and universities, and enrollment of school-aged and college-aged girls, women and transgender students would help work towards an inclusive smart city.
Energy	Better utilisation of data from digital electricity meters.	The advent of digital meters allows for home/business level capturing of energy usage. This information can be leveraged to better target energy leaks, theft, repair work, pricing and even renewable energy incentives.
Finance	Indicators for digital and cashless payment and transaction systems.	The strong push by the government towards digital payments could also be reflected on the list of indicators, such as the “number of establishments accepting (and not accepting) digital payment systems” being a supporting indicator. Similar standards can be extended to include microfinance (number of avenues available for lending, successful payback of loans, et cetera.)

Governance	Recommended inclusion of indicators pertaining to the Right to Information Act, 2005	The number of requests made under the Right to Information Act, 2005, and the time taken by the responding office to reply to them (in terms of the number of days) by the government offices in the city as a relevant factor to gauge transparency and accountability of the governance structures. The same can also be extended to map the parliamentary performance of the elected officials from the city at the state and national level, especially for the interests of the city. Parliamentary performance here would mean attendance records, number of question raised, resources spent on constituency development, et cetera.
10. Governance 10.2, 10.3, 10.6	Indicators for the number of women and transgenders elected to public office in the city, employed in the government workforce in the city in reserved positions. Indicators for women and transgendered voters registered as a percentage of the voting-age population.	In the interest of inclusive smart cities, this indicator would help fathom if positions reserved for women and transgenders are filled out and the possible reasons, if any, for some of them going vacant.The number of women and transgender voters would help track the participation of women and transgendered voters in democracy. Further, inclusion of indicators that check voter fraud, political participation levels and technologies that enable secure voter participation and involvement would also be beneficial.
Health	“Cost of basic health services” and number of healthcare facilities as a supporting indicator.	The cost, quality and access of public primary healthcare services, which can be easily measured using digital systems, should also be included in the overall scheme as a supporting indicator.

Recreation	“Utilisation of public spaces” as a supporting indicator.	Information about the utilisation of public spaces, such as parks and grounds. can be included as a supporting indicator. Relevant information could footfalls per month or year, number of public events held at these locations, et cetera. Most of this information is already present via figures for ticket sales while the rest could be collected using digital attendance systems. Other supporting indicators could include green space per resident, play area/park space per child, quality of the public space - (lack of garbage, sewage, etc).
Safety	“Overall crime reporting statistics”as a core indicator.	The overall incidence rates of various crimes reported, crimes solved, and data regarding investigations (such as mapping of the crime to a map, number of FIR's filed, not filed, outcomes of investigations, etc.) should all be included as core indicators to better gauge the safety record of the city.
Safety 13.3	Include “crimes carried out using technology or the Internet, as per the Criminal Procedure Code and Information Technology Act, 2008 (Amended)”.	This indicator will expand the scope of crimes against women to include acts of crime carried out using the Internet as well.
Safety 13.4	Include “Response time of the police department from the initial call in instances of crimes against women”	This would include crimes against women as defined in 13.3. This indicator gives more granular information about safety in general and women’s safety in particular, and of the perception of certain kinds of crimes not being serious enough for the police to respond to.

Shelter	Expansion of indicators to include per capita living space, basic amenities within the houses.	The scope of shelter should be expanded to include per capita living space in housing units as well as availability of basic home amenities to provide a more wholesome view of the living situation in a city. Some basic amenities that could be included are electricity uptime, water distribution (in liters/ per household), number of residents in the household, kind of house roofing, etc.
Telecommunication and Innovation	Inclusion of indicators on mobile phone usage, mobile network connectivity and computer literacy.	There are no indicators for mobile phone usage and computer literacy, both of which are essential for the healthy functioning of any city. Indicators to gauge this could include number of mobile phone users, number of (active) mobile connections, number of computer literate people, etc. Similar indicators should also be included for cellphone network coverage, public WiFi connectivity and digital public service provisions as well. Indicators for the same could be number of neighbourhoods/ localities/ suburbs covered by 2G/3G/4G/ 5G out of the total number in city, total number of Public WiFi spots per unit area, etc.
Transportation	Inclusion of indicators for efficiency, sustainability and planning of city-level transportation.	The current set of indicators do not include indicators to measure the efficiency, fuel consumption, sustainability and reach of public transport, especially in the outskirts or suburban areas. These can be included as supporting indicators: the number of GPS-connected public transport vehicles to the total number, number of vehicles equipped with panic buttons, quantum of vehicles in the city using renewable energy sources as fuel, automation of toll booths, automation of points where traffic offences can be logged (e.g illegal honking) or overspeeding.

Urban Planning	Digital information, such as geospatial data, remote sensing and digital mapping can be used to provide better and more sustainable core indicators.	Geo-spatial information (from surveys and satellites) can be utilised to provide macro-level data that can then be utilised to factor city expansions, illegal structures, suburban development, etc. Digital mapping and remote sensing capabilities can be leveraged to provide this information and the utilisation of such information in city development can be made a supporting indicator.
Sewerage and Sanitation	Indicators governing community hygiene and sanitation.	Information about covered toilets per capita of the population, sewage treatment plants, etc. are either absent or too vaguely detailed in the current set of indicators, despite the push from the government towards the Swachh Bharat programme. They should be included as Core Indicators to encourage sanitation at a citizen level.
Water Supply	Indicators for digital measurement of water consumption per capita and at the city-level.	Digital water meters are starting to become pervasive and can provide detailed information about water consumption at a household level that was previously unavailable in city planning. A supporting indicator at a minimum can be included to further bolster information aware governance in the field.

[1] This submission is authored, in alphabetical order, by Elonnai Hickok (elonnai@cis-india.org), Rohini Lakshané (rohini@cis-india.org) and Udbhav Tiwari (udbhav@cis-india.org) on behalf of the Centre for Internet and Society, India.

[2] See The Centre for Internet and Society,available at http://cisindia.org for details of the organization, and our work.

For more details visit https://cis-india.org/internet-governance/blog/comments-to-bis-on-smart-cities-indicators

Navigating the 'Reconsideration' Quagmire (A Personal Journey of Acute Confusion)

Padmini Baruah and Geetha Hariharan — 2016-11-30T13:48:41Z

An earlier analysis of ICANN’s Documentary Information Disclosure Policy already brought to light our concerns about the lack of transparency in ICANN’s internal mechanisms. Carrying my research forward, I sought to arrive at an understanding of the mechanisms used to appeal a denial of DIDP requests. In this post, I aim to provide a brief account of my experiences with the Reconsideration Request process that ICANN provides for as a tool for appeal.

Backdrop: What is the Reconsideration Request Process?

The Reconsideration Request process has been laid down in Article IV, Section 2 of the

ICANN Bylaws. Some of the key aspects of this provision have been outlined below^{^[1]},

ICANN is obligated to institute a process by which a person materially affected by ICANN action/inaction can request review or reconsideration.

To file this request, one must have been adversely affected by actions of the staff or the board that contradict ICANN’s policies, or actions of the Board taken up without the Board considering material information, or actions of the Board taken up by relying on false information.
A separate Board Governance Committee was created with the specific mandate of reviewing Reconsideration requests, and conducting all the tasks related to the same.
The Reconsideration Request must be made within 15 days of:
- FOR CHALLENGES TO BOARD ACTION: the date on which information about the challenged Board action is first published in a resolution, unless the posting of the resolution is not accompanied by a rationale, in which case the request must be submitted within 15 days from the initial posting of the rationale;
- FOR CHALLENGES TO STAFF ACTION: the date on which the party submitting the request became aware of, or reasonably should have become aware of, the challenged staff action, and
- FOR CHALLENGES TO BOARD OR STAFF INACTION: the date on which the affected person reasonably concluded, or reasonably should have concluded, that action would not be taken in a timely manner

.The Board Governance Committee is given the power to summarily dismiss a reconsideration request if:
- the requestor fails to meet the requirements for bringing a Reconsideration Request;
- it is frivolous, querulous or vexatious; or
- the requestor had notice and opportunity to, but did not, participate in the public comment period relating to the contested action, if applicable

If not summarily dismissed, the Board Governance Committee proceeds to review and reconsider.
A requester may ask for an opportunity to be heard, and the decision of the Board Governance Committee in this regard is final.

The basis of the Board Governance Committee’s action is public written record information submitted by the requester, by third parties, and so on.
The Board Governance Committee is to take a decision on the matter and make a final determination or recommendation to the Board within 30 days of the receipt of the Reconsideration request, unless it is impractical to do so, and it is accountable to the Board to make an explanation of the circumstances that caused the delay.
The determination is to be made public and posted on the ICANN website.

ICANN has provided a neat infographic to explain this process in a simple fashion, and I am reproducing it here:

(Image taken from https://www.icann.org/resources/pages/accountability/reconsiderationen)

Our Tryst with the Reconsideration Process

The Grievance
Our engagement with the Reconsideration process began with the rejection of two of our requests (made on September 1, 2015) under ICANN’s Documentary Information Disclosure Policy. The requests sought information about the registry and registrar compliance audit process that ICANN maintains, and asked for various documents pertaining to the same^{^[2]}:

Copies of the registry/registrar contractual compliance audit reports for all the audits carried out as well as external audit reports from the last year (20142015).
A generic template of the notice served by ICANN before conducting such an audit.
A list of the registrars/registries to whom such notices were served in the last year.
An account of the expenditure incurred by ICANN in carrying out the audit process.
A list of the registrars/registries that did not respond to the notice within a reasonable period of time.
Reports of the site visits conducted by ICANN to ascertain compliance.
Documents which identify the registries/registrars who had committed material discrepancies in the terms of the contract.
Documents pertaining to the actions taken in the event that there was found to be some form of contractual noncompliance.
A copy of the registrar selfassessment form which is to be submitted to ICANN.

ICANN integrated both the requests and addressed them via one response on 1 October, 2015 (which can be found here). In their response, ICANN inundated us with already available links on their website explaining the compliance audit process, and the processes ancillary to it, as well as the broad goals of the programme none of which was sought for by us in our request. ICANN then went on to provide us with information on their ThreeYear Audit programme, and gave us access to some of the documents that we had sought, such as the preaudit notification template, list of registries/registrars that received an audit notification, the expenditure incurred to some extent, and so on .

Individual contracted party reports were denied to us on the basis of their grounds for nondisclosure. Further, and more disturbingly, ICANN refused to provide us with the names of the contracted parties who had been found under the audit process to have committed discrepancies. Therefore, a large part of our understanding of the way in which the compliance audit process works remains unfinished.

What we did

Dissatisfied with this response, I went on to file a Reconsideration request (number 1522) as per their standard format on November 2, 2015. (The request filed can be accessed here).As grounds for reconsideration, I stated that “As a part of my research I was tracking the ICANN compliance audit process, and therefore required access to audit reports in cases where discrepancies where formally found in their actions. This is in the public interest and therefore requires to be disclosed...While providing us with an array of detailed links explaining the compliance audit process, the ICANN staff has not been able to satisfy our actual requests with respect to gaining an understanding of how the compliance audits help in regulating actions of the registrars, and how they are effective in preventing breaches and discrepancies.” Therefore, I requested them to make the records in question publicly available “We request ICANN to make the records in question, namely the audit reports for individual contracted parties that reflect discrepancies in contractual compliance, which have been formally recognised as a part of your enforcement process. We further request access to all documents that relate to the expenditure incurred by ICANN in the process, as we believe financial transparency is absolutely integral to the values that ICANN stands by.”

The Board Governance Committee’s response³

The determination of the Board Governance Committee was that our claims did not merit reconsideration, as I was unable to identify any “misapplication of policy or procedure by the ICANN Staff”, and my only issue was with the substance of the DIDP Response itself, and substantial disagreements with a DIDP response are not proper bases for reconsideration

(emphasis supplied).

The response of the Board Governance Committee was educative of the ways in which they determine Reconsideration Requests. Analysing the DIDP process, it held that ICANN was well within its powers to deny information under its defined Conditions for NonDisclosure, and denial of substantive information did not amount to a procedural violation. Therefore, since the staff adhered to established procedure under the DIDP, there was no basis for our grievance, and our request was dismissed..

Furthermore, as a postscript, it is interesting to note that the Board Governance Committee delayed its response time by over a month, by its own admission “In terms of the timing of the BGC’s recommendation, it notes that Section 2.16 of Article IV of the Bylaws provides that the BGC shall make a final determination or recommendation with respect to a reconsideration request within thirty days, unless impractical. To satisfy the thirtyday deadline, the BGC would have to have acted by 2 December 2015. However, due to the timing of the BGC’s meetings in November and December, the first practical opportunity for the BGC to consider Request 1522 was 13 January 2016.”⁴

Whither do I wander now?

To me, this entire process reflected the absurdity of the Reconsideration request structure as an appeal mechanism under the Documentary Information Disclosure Policy. As our experience indicated, there does not seem to be any way out if there is an issue with the substance of ICANN’s response. ICANN, commendably, is particular about following procedure with respect to the DIDP. However, what is the way forward for a party aggrieved by the flaws in the existing policy? As I had analysed earlier, the grounds for ICANN to not disclose information are vast, and used to deny a large chunk of the information requests that they receive. How is the hapless requester to file a meaningful appeal against the outcome of a bad policy, if the only ground for appeal is noncompliance with the procedure of said bad policy? This is a serious challenge to transparency as there is no other way for a requester to acquire information that ICANN may choose to withold under one of its myriad clauses. It cannot be denied that a good information disclosure law ought to balance the free disclosure of information with the holding back of information that truly needs to be kept private.^{^[3]}^{^[4]} However, it is this writer’s firm opinion that even instances where information is witheld, there has to be a stronger explanation for the same, and moreover, an appeals process that does not take into account substantive issues which might adversely affect the appellant falls short of the desirable levels of transparency. Global standards dictate that grounds for appeal need to be broad, so that all failures to apply the information disclosure law/policy may be remedied.⁶ Various laws across the world relating to information disclosure often have the following as grounds for appeal: an inability to lodge a request, failure to respond to a request within the set time frame, a refusal to disclose information, in whole or in part, excessive fees and not providing information in the form sought, as well as a catchall clause for other failures.⁷

Furthermore, independent oversight is the heart of a proper appeal mechanism in such situations^{^[5]}; the power to decide the appeal must not rest with those who also have the discretion to disclose the information, as is clearly the case with ICANN, where the Board Governance Committee is constituted and appointed by the ICANN Board itself [one of the bodies against whom a grievance may be raised].

Suggestions

We believe ICANN, in keeping with its global, multistakeholder, accountable spirit, should adopt these standards as well, especially now that the transition looms around the corner. Only then will the standards of open, transparent and accountable governance of the Internet upheld by ICANN itself as the ideal be truly, meaningfully realised. Accordingly, the following standards ought to be met with:

Establishment of an independent appeals authority for information disclosure cases
Broader grounds for appeal of DIDP requests
Inclusion of disagreement with the substantive content of a DIDP response as a ground for appeal.
Provision of proper reasoning for any justification of the witholding of information that is necessary in the public interest.

[1] Article IV, Section 2, ICANN Bylaws, 2014 available at https://www.icann.org/resources/pages/governance/bylawsen/#IV

[2] Copies of the request can be found here and here.

[3] Katherine Chekouras, Balancing National Security with a Community's RighttoKnow: Maintaining

Public Access to Environmental Information Through EPCRA 's NonPreemption Clause, 34 B.C. Envtl. Aff. L. Rev 107, (2007).

[4] Toby Mendel, Freedom of Information: A Comparative Legal Study 151 (2nd edn, 2008).

Id, at 152

³4 Available here. https://www.icann.org/en/system/files/files/reconsideration1522cisfinaldetermination13jan16en.pdf

[5] Mendel, supra note 6.

For more details visit https://cis-india.org/internet-governance/blog/navigating-reconsideration-quagmire-a-personal-journey-of-acute-confusion

Centre for Internet and Society

Annual Report 2014-15

Comments on the Draft National Policy on Software Products

I. Preliminary

II. About CIS

III. Comments on the Draft National Policy on Software Products

General Comments

Specific Comments

10. Development of a robust Electronic Payment Infrastructure

11. Government Procurement

12. Incentives for Digital India oriented software

13. Increasing adoption of Open APIs and Open Data

14. Creation of Enabling Environment for Innovation, R&D, and IP Creation and Protection

IV. Conclusion

Comments on Draft National Policy on Software Products

National Policy on Software Products

Consultation Note on Model for Nation-wide Interoperable and Scalable Publi Wi-Fi

The Digital Protection of Traditional Knowledge: Questions Raised by the Traditional Knowledge Digital Library in India

Introduction

The Traditional Knowledge Digital Library

Defining the right

Successes of the TKDL

The need for open knowledge systems

Conclusion

Privacy and Security Implications of Public Wi-Fi - A Case Study

Privacy and Security Implications of Public Wi-Fi - A Case Study

Download (PDF)

Contents

1. Introduction

2. Global Scenario

3. Overview of Public Wi-Fi in India

4. Indian Policy and Legal Conundrum

5. Public Wi-Fi and Privacy Concerns

5.1. Data Theft

5.2. Tracking an Individual

5.3. Makes the Electronic Devices Prone to Hacking and Setting up Fake Networks

5.4. Illegal Use of Data

6. Ranking Digital Rights Project

6.1. D-VoIS[72], Bangalore

Summary

Analysis

6.2. Tata Docomo[74], Bangalore

Summary

Analysis

7. Compliance of Privacy Policies with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

8. Conclusion and Recommendations

8.1. Commitment

8.2. Freedom of Expression

8.3. Privacy

Guru Gomke is a Stylish Ol Chiki Typeface for India’s Santali Speakers

The Technology Behind Big Data

The Technology behind Big Data

Download the Paper (PDF, 277 kb)

Introduction

Data Acquisition

Data Sensing

Born Digital Data

Sensor Data

Data Collection & Storage

Non-relational databases

In-Memory Databases

Hybrid Systems

Apache Hadoop

Data Awareness

Data Processing & Analytics

MapReduce

Data Governance

Conclusion

BIS on Smart Cities Indicators

The Quest for Education – Persons with Disabilities, Severely Challenged

The right to education and the current census figures

Challenges faced by the disabled

Promoting technology

Comments to the BIS on Smart Cities Indicators

Navigating the 'Reconsideration' Quagmire (A Personal Journey of Acute Confusion)

Backdrop: What is the Reconsideration Request Process?

Our Tryst with the Reconsideration Process

What we did

Whither do I wander now?

Suggestions

6.1. D-VoIS^[72], Bangalore

6.2. Tata Docomo^[74], Bangalore