Centre for Internet and Society

Iron out contradictions in the Digital India programme

sumandro — 2015-07-28T01:04:28Z

The Digital India initiative takes an ambitious 'Phir Bhi Dil Hai Hindustani' approach to develop communication infrastructure, government information systems, and general capacity to digitise public life in India. I of course use 'public life' in the sense of the wide sphere of interactions between people and public institutions.

The article was published in the Hindustan Times on July 15, 2015.

The 'Phir Bhi Dil Hai Hindustani' approach involves putting together Japanese shoes, British trousers, and a Russian cap to make an entertainer with a pure Indian heart. In this case, the analogy must not be understood as different components of the initiative coming from different countries, but as coming from different efforts to use digital technologies for governance in India.

It is deploying the Public Information Infrastructure vision, inclusive of the National Optical Fibre Network (now renamed as BharatNet) and the national cloud computing platform titled Meghraj, so passionately conceptualised and pursued by Sam Pitroda. It has chosen the Aadhaar ID and the authentication-as-a-service infrastructure built by Nandan Nilekani, Ram Sewak Sharma, and the team, as the identity platform for all governmental processes across Digital India projects. It has closely embraced the mandate proposed by Jaswant Singh led National Task Force on Information Technology and Software Development for completely electronic interface for paper-free citizen-government interactions.

The digital literacy and online education aspects of the initiative build upon the National Mission on Education through ICT driven by Kapil Sibal. Two of the three vision areas of the Digital India initiative, namely 'Digital infrastructure as a utility to every citizen' and 'governance and service on demand,' are directly drawn from the two core emphasis clusters of the National e-Governance Plan designed by R. Chandrashekhar and team, namely the creation of the national and state-level network and data infrastructures, and the National Mission Mode projects to enable electronic delivery of services across ministries.

And this is not a bad thing at all. In fact, the need for this programmatic and strategic convergence has been felt for quite some time now, and it is wonderful to see the Prime Minister directly addressing this need. Although, while drawing benefits from the existing programmes, the DI initiative must also deal with the challenges inherited in the process.

Recently circulated documents describes that the institutional framework for Digital India will be headed by a Monitoring Committee overseeing two main drivers of the initiative: the Digital India Advisory Group led by the minister of communication and information technology, and the Apex Committee chaired by the cabinet secretary. While the former will function primarily through guiding the implementation works by the Department of Electronics and Information Technology (DeitY), the latter will lead the activities of both the DeitY and the various sectoral ministries.

Here lies one possible institutional bottleneck that the Digital India architecture inherits from the National e-Governance Plan. Putting the DeitY in the driving seat of the digital transformation agenda in parallel with all other central government departments indicate an understanding that the transformation is fundamentally a technical issue. However, most often what is needed is administrative reform at a larger scale, and re-engineering of processes at a smaller scale.

Government agencies that have addressed such challenges in the past, such as the department of administrative reforms and public grievances, is not mentioned explicitly within the institutional framework, and instead DeitY has been trusted with a range of tasks that may be beyond its scope and core skills.

The danger of this is that the Digital India initiative will end up initiating more infrastructural and software projects, without transforming the underlying governmental processes. For example, the recently launched eBasta website creates a centralised online shop for publishers of educational materials to make books available for teachers to browse and select for their classes, and for the students to directly download, against payment or otherwise. The website has been developed by the Centre for Development of Advanced Computing and DeitY. At the same time, the ministry of human resource development, which is responsible for matters related to public education, has already collaborated with the Central Institute of Educational Technology and the Homi Bhabha Centre for Science Education in TIFR to build a comprehensive platform for multi-media resources for education – the National Repository of Open Educational Resources. The initial plans of the DI initiative are yet to explicitly recognise that the key challenge is not in building new applications and websites, but aligning existing efforts.

This mismatch, between what the Digital India initiative proposes to achieve and how it plans to achieve it, is further demonstrated in the 'e-Governance Policy Initiatives under Digital India' document. The compilation lists the key policies to govern designing and implementation of the Digital India programmes, but surprisingly fails to mention any policies, acts, and pending bills approved or initiated by any previous government. This is remarkably counter-productive as the existing policy frameworks, such as the Framework for Mobile Governance, the National Data Sharing and Accessibility Policy, and the Interoperability Framework for e-Governance, are suitably placed to complement the new policies around use of free of open source softwares for e-governance systems, so as to ensure their transparency, interoperability, and inclusive outreach. Several pending bills like The National Identification Authority of India Bill, 2010, The Electronic Delivery of Services Bill, 2011, and The Privacy (Protection) Bill, 2013, are absolutely fundamental for comprehensive and secure implementation of the various programmes under the Digital India initiative.

The next year will complete a decade of development of national e-governance systems in India, since the launch of National e-Governance Plan in 2006. Given this history of information systems sometimes partially implemented and sometimes working in isolation, a 'Phir Bhi Dil Hai Hindustani' approach to digitise India is a very pragmatic one. What we surely do not need is increased contradiction among e-governance systems. Simultaneously, we neither need digital systems that centralise governmental power within one ministry on technical grounds, or expose citizens to abuse of their digital identity and assets due to lack of sufficient legal frameworks.

(Sumandro Chattapadhyay is research director, The Centre for Internet and Society. The views expressed are personal.)

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-july-15-2015-sumandro-chattapadhyay-iron-out-contradictions-in-the-digital-india-programme

India’s digital check

sunil — 2015-09-15T14:55:47Z

All nine pillars of Digital India directly correlate with policy research conducted at the Centre for Internet and Society, where I have worked for the last seven years. This allows our research outputs to speak directly to the priorities of the government when it comes to digital transformation.

The article was originally published by DNA on July 8, 2015.

Broadband Highways and Universal Access to Mobile Connectivity: The first two pillars have been combined in this paragraph because they both require spectrum policy and governance fixes. Shyam Ponappa, a distinguished fellow at our Centre calls for the leveraging of shared spectrum and also shared backhaul infrastructure. Plurality in spectrum management, for eg, unlicensed spectrum should be promoted for accelerating backhaul or last mile connectivity, and also for community or local government broadband efforts. Other ideas that have been considered by Ponappa include getting state owned telcos to exit completely from the last mile and only focus on running an open access backhaul through Bharat Broadband Limited. Network neutrality regulations are also required to mitigate free speech, diversity and competition harms as ISPs and TSPs innovate with business models such as zero-rating.

Public Internet Access Programme: Continuing investments into Common Service Centres (CSCs) for almost a decade may be questionable and therefore a citizen’s audit should be undertaken to determine how the programme may be redesigned. The reinventing of post offices is very welcome, however public libraries are also in need urgent reinventing. CSCs, post offices and public libraries should all leverage long range WiFi for Internet and intranet, empowering BYOD [Bring Your Own Device] users. Applications will take time to develop and therefore immediate emphasis should be on locally caching Indic language content. State Public Library Acts need to be amended to allow for borrowing of digital content. Flat-fee licensing regimes must be explored to increase access to knowledge and culture. Commons-based peer production efforts like Wikipedia and Wikisource need to be encouraged.

e-Governance: Reforming Government through Technology: DeitY, under the leadership of free software advocate Secretary RS Sharma, has accelerated adoption and implementation of policies supporting non-proprietary approaches to intellectual property in e-governance. Policies exist and are being implemented for free and open source software, open standards and electronic accessibility for the disabled. The proprietary software lobby headed by Microsoft and industry associations like NASSCOM have tried to undermine these policies but have failed so far.

The government should continue to resist such pressures. Universal adoption of electronic signatures within government so that there is a proper audit trail for all communications and transactions should be made an immediate priority. Adherence to globally accepted data protection principles such as minimisation via “form simplification and field reduction” for Digital India should be applauded. But on the other hand the mandatory requirement of Aadhaar for DigiLocker and eSign amounts to contempt of the Supreme Court order in this regard.

e-Kranti — Electronic Delivery of Services: The 41 mission mode projects listed are within the top-down planning paradigm with a high risk of failure — the funds reserved for these projects should instead be converted into incentives for those public, private and public private partnerships that accelerate adoption of e-governance. The dependency on the National Informatics Centre (NIC) for implementation of e-governance needs to be reduced, SMEs need to be able to participate in the development of e-governance applications. The funds allocated for this area to DeitY have also produced a draft bill for Electronic Services Delivery. This bill was supposed to give RTI-like teeth to e-governance service by requiring each government department and ministry to publish service level agreements [SLAs] for each of their services and prescribing punitive action for responsible institutions and individuals when there was no compliance with the SLAs.

Information for All: The open data community and the Right to Information movement in India are not happy with the rate of implementation of National Data Sharing and Accessibility Policy (NDSAP). Many of the datasets on the Open Data Portal are of low value to citizens and cannot be leveraged commercially by enterprise. Publication of high-value datasets needs to be expedited by amending the proactive disclosure section of the Right to Information Act 2005.

Electronics Manufacturing: Mobile patent wars have begun in India with seven big ticket cases filed at the Delhi High Court. Our Centre has written an open letter to the previous minister for HRD and the current PM requesting them to establish a device level patent pool with a compulsory license of 5%. Thereby replicating India’s success at becoming the pharmacy of the developing world and becoming the lead provider of generic medicines through enabling patent policy established in the 1970s. In a forthcoming paper with Prof Jorge Contreras, my colleague Rohini Lakshané will map around fifty thousand patents associated with mobile technologies. We estimate around a billion USD being collected in royalties for the rights-holders whilst eliminating legal uncertainties for manufacturers of mobile technologies.

IT for Jobs: Centralised, top-down, government run human resource development programmes are not useful. Instead the government needs to focus on curriculum reform and restructuring of the education system. Mandatory introduction of free and open source software will give Indian students the opportunity to learn by reading world-class software. They will then grow up to become computer scientists rather than computer operators. All projects at academic institutions should be contributions to existing free software projects — these projects could be global or national, for eg, a local government’s e-governance application. The budget allocated for this pillar should instead be used to incentivise research by giving micro-grants and prizes to those students who make key software contributions or publish in peer-reviewed academic journals or participate in competitions. This would be a more systemic approach to dealing with the skills and knowledge deficit amongst Indian software professionals.

Early Harvest Programmes: Many of the ideas here are very important. For example, secure email for government officials — if this was developed and deployed in a decentralised manner it would prevent future surveillance of the Indian government by the NSA. But a few of the other low-hanging fruit identified here don’t really contribute to governance. For example, biometric attendance for bureaucrats is just glorified bean-counting — it does not really contribute to more accountability, transparency or better governance.

The author works for the Centre for Internet and Society which receives funds from Wikimedia Foundation that has zero-rating alliances with telecom operators in many countries across the world

For more details visit https://cis-india.org/internet-governance/blog/dna-sunil-abraham-july-8-2015-india-digital-check

India backs open source software for e-governance projects

praskrishna — 2015-04-04T16:00:49Z

India has said it will use open source software in all e-governance projects, though it did not rule out the use of proprietary software to meet specialized requirements.

The blog post originally published by IDG News Service was mirrored on the website of CIO and PC World on March 29, 2015. Sunil Abraham is quoted.

A policy document released by the federal government over the weekend makes it mandatory for all new e-governance projects and upgrades of existing legacy systems by federal agencies and participating states to first consider free and open source software (OSS) alternatives.

Federal and state agencies must make it mandatory for suppliers to give OSS a preference over proprietary or closed source software while responding to requests for proposals. ”Suppliers shall provide justification for exclusion of OSS in their response,” according to the policy statement posted to the website of the Ministry for Communication & Information Technology.

The Indian government has outlined its Digital India program that aims to make government services accessible online to citizens in their localities. The need to expand these services quickly at a low cost has likely prompted the decision in favor of open source in the country.

The government has also cited “strategic control” over its e-governance applications and systems from a long-term perspective as one of the reasons it was backing open source.

“It is a well drafted policy though policy researchers will always have possible improvements,” said Sunil Abraham, executive director of the Centre for Internet and Society, a research organization in Bangalore. Instead of coming up with a new definition for free and open source software, the policy should have used the definitions available at the Free Software Foundation and Open Source Initiative websites and adopted licenses approved by these organizations, he added.

The policy should also require that the software be made available on a public code repository except in cases where there are some security concerns, Abraham said.

The federal government had previously declined to take a stand in favor of open source, leaving the choice to its agencies, but the National Policy on Information Technology, 2012 had mentioned the promotion of “open source and open technologies” as one of its objectives.

Some states have backed open source software on ideological grounds or to cut costs. Kerala, for example, had decided to promote free and open-source software in education as way back as 2006.

The government in its new policy has, however, provided for exemptions in certain specialized domains for which OSS may not be available, or if there isn’t expertise in the particular area in open source. The requirement for OSS may also be waived if the deployment is strategic and urgent.

Google, which has shown interest in collaborating with the government in its e-governance projects, said it did not have a comment on the policy. Microsoft, which targets the government market, including with its cloud services, did not immediately comment. In a bid to woo Indian government customers, the company offered in September to host cloud services including Azure and Office 365 in the country.

For more details visit https://cis-india.org/openness/news/idg-news-service-march-29-2015-john-riberio-india-backs-open-source-software-for-e-governance-projects

WSIS+10 High Level Event: A Bird's Eye Report

geetha — 2014-06-20T15:57:32Z

The WSIS+10 High Level was organised by the ITU and collaborative UN entities on June 9-13, 2014. It aimed to evaluate the progress on implementation of WSIS Outcomes from Geneva 2003 and Tunis 2005, and to envision a post-2015 Development Agenda. Geetha Hariharan attended the event on CIS' behalf.

The World Summit on Information Society (WSIS) +10 High Level Event (HLE) was hosted at the ITU Headquarters in Geneva, from June 9-13, 2014. The HLE aimed to review the implementation and progress made on information and communication technology (ICT) across the globe, in light of WSIS outcomes (Geneva 2003 and Tunis 2005). Organised in three parallel tracks, the HLE sought to take stock of progress in ICTs in the last decade (High Level track), initiate High Level Dialogues to formulate the post-2015 development agenda, as well as host thematic workshops for participants (Forum track).

The High Level Track:

Opening Ceremony, WSIS+10 High Level Event (Source)

The High Level track opened officially on June 10, 2014, and culminated with the endorsement by acclamation (as is ITU tradition) of two Outcome Documents. These were: (1) WSIS+10 Statement on the Implementation of WSIS Outcomes, taking stock of ICT developments since the WSIS summits, (2) WSIS+10 Vision for WSIS Beyond 2015, aiming to develop a vision for the post-2015 global information society. These documents were the result of the WSIS+10 Multi-stakeholder Preparatory Platform (MPP), which involved WSIS stakeholders (governments, private sector, civil society, international organizations and relevant regional organizations).

The MPP met in six phases, convened as an open, inclusive consultation among WSIS stakeholders. It was not without its misadventures. While ITU Secretary General Dr. Hamadoun I. Touré consistently lauded the multi-stakeholder process, and Ambassador Janis Karklins urged all parties, especially governments, to “let the UN General Assembly know that the multi-stakeholder model works for Internet governance at all levels”, participants in the process shared stories of discomfort, disagreement and discord amongst stakeholders on various IG issues, not least human rights on the Internet, surveillance and privacy, and multi-stakeholderism. Richard Hill of the Association for Proper Internet Governance (APIG) and the Just Net Coalition writes that like NETmundial, the MPP was rich in a diversity of views and knowledge exchange, but stakeholders failed to reach consensus on crucial issues. Indeed, Prof. Vlamidir Minkin, Chairman of the MPP, expressed his dismay at the lack of consensus over action line C9. A compromise was agreed upon in relation to C9 later.

Some members of civil society expressed their satisfaction with the extensive references to human rights and rights-centred development in the Outcome Documents. While governmental opposition was seen as frustrating, they felt that the MPP had sought and achieved a common understanding, a sentiment echoed by the ITU Secretary General. Indeed, even Iran, a state that had expressed major reservations during the MPP and felt itself unable to agree with the text, agreed that the MPP had worked hard to draft a document beneficial to all.

Concerns around the MPP did not affect the review of ICT developments over the last decade. High Level Panels with Ministers of ICT from states such as Uganda, Bangladesh, Sweden, Nigeria, Saudi Arabia and others, heads of the UN Development Programme, UNCTAD, Food and Agriculture Organisation, UN-WOMEN and others spoke at length of rapid advances in ICTs. The focus was largely on ICT access and affordability in developing states. John E. Davies of Intel repeatedly drew attention to innovative uses of ICTs in Africa and Asia, which have helped bridge divides of affordability, gender, education and capacity-building. Public-private partnerships were the best solution, he said, to affordability and access. At a ceremony evaluating implementation of WSIS action-lines, the Centre for Development of Advanced Computing (C-DAC), India, won an award for its e-health application MOTHER.

The Outcome Documents themselves shall be analysed in a separate post. But in sum, the dialogue around Internet governance at the HLE centred around the success of the MPP. Most participants on panels and in the audience felt this was a crucial achievement within the realm of the UN, where the Tunis Summit had delineated strict roles for stakeholders in paragraph 35 of the Tunis Agenda. Indeed, there was palpable relief in Conference Room 1 at the CICG, Geneva, when on June 11, Dr. Touré announced that the Outcome Documents would be adopted without a vote, in keeping with ITU tradition, even if consensus was achieved by compromise.

The High Level Dialogues:

Prof. Vladimir Minkin delivers a statement. (Source)

The High Level Dialogues on developing a post-2015 Development Agenda, based on WSIS action lines, were active on June 12. Introducing the Dialogue, Dr. Touré lamented the Millennium Development Goals as a “lost opportunity”, emphasizing the need to alert the UN General Assembly and its committees as to the importance of ICTs for development.

As on previous panels, there was intense focus on access, affordability and reach in developing countries, with Rwanda and Bangladesh expounding upon their successes in implementing ICT innovations domestically. The world is more connected than it was in 2005, and the ITU in 2014 is no longer what it was in 2003, said speakers. But we lack data on ICT deployment across the globe, said Minister Knutssen of Sweden, recalling the gathering to the need to engage all stakeholders in this task. Speakers on multiple panels, including the Rwandan Minister for CIT, Marilyn Cade of ICANN and Petra Lantz of the UNDP, emphasized the need for ‘smart engagement’ and capacity-building for ICT development and deployment.

A crucial session on cybersecurity saw Dr. Touré envision a global peace treaty accommodating multiple stakeholders. On the panel were Minister Omobola Johnson of Nigeria, Prof. Udo Helmbrecht of the European Union Agency for Network and Information Security (ENISA), Prof. A.A. Wahab of Cybersecurity Malaysia and Simon Muller of Facebook. The focus was primarily on building laws and regulations for secure communication and business, while child protection was equally considered.

The lack of laws/regulations for cybersecurity (child pornography and jurisdictional issues, for instance), or other legal protections (privacy, data protection, freedom of speech) in rapidly connecting developing states was noted. But the question of cross-border surveillance and wanton violations of privacy went unaddressed except for the customary, unavoidable mention. This was expected. Debates in Internet governance have, in the past year, been silently and invisibly driven by the Snowden revelations. So too, at WSIS+10 Cybersecurity, speakers emphasized open data, information exchange, data ownership and control (the right to be forgotten), but did not openly address surveillance. Indeed, Simon Muller of Facebook called upon governments to publish their own transparency reports: A laudable suggestion, even accounting for Facebook’s own undetailed and truncated reports.

In a nutshell, the post-2015 Development Agenda dialogues repeatedly emphasized the importance of ICTs in global connectivity, and their impact on GDP growth and socio-cultural change and progress. The focus was on taking this message to the UN General Assembly, engaging all stakeholders and creating an achievable set of action lines post-2015.

The Forum Track:

Participants at the UNESCO session on its Comprehensive Study on Internet-related Issues (Source)

The HLE was organized as an extended version of the WSIS Forum, which hosts thematic workshops and networking opportunities, much like any other conference. Running in parallel sessions over 5 days, the WSIS Forum hosted sessions by the ITU, UNESCO, UNDP, ICANN, ISOC, APIG, etc., on issues as diverse as the WSIS Action Lines, the future of Internet governance, the successes and failures of WCIT-2012, UNESCO’s Comprehensive Study on Internet-related Issues, spam and a taxonomy of Internet governance.

Detailed explanation of each session I attended is beyond the scope of this report, so I will limit myself to the interesting issues raised.

At ICANN’s session on its own future (June 9), Ms. Marilyn Cade emphasized the importance of national and regional IGFs for both issue-awareness and capacity-building. Mr. Nigel Hickson spoke of engagement at multiple Internet governance fora: “Internet governance is not shaped by individual events”. In light of criticism of ICANN’s apparent monopoly over IANA stewardship transition, this has been ICANN’s continual response (often repeated at the HLE itself). Also widely discussed was the role of stakeholders in Internet governance, given the delineation of roles and responsibilities in the Tunis Agenda, and governments’ preference for policy-monopoly (At WSIS+10, Indian Ambassador Dilip Sinha seemed wistful that multilateralism is a “distant dream”).

This discussion bore greater fruit in a session on Internet governance ‘taxonomy’. The session saw Mr. George Sadowsky, Dr. Jovan Kurbalija, Mr. William Drake and Mr. Eliot Lear (there is surprisingly no official profile-page on Mr. Lear) expound on dense structures of Internet governance, involving multiple methods of classification of Internet infrastructure, CIRs, public policy issues, etc. across a spectrum of ‘baskets’ – socio-cultural, economic, legal, technical. Such studies, though each attempting clarity in Internet governance studies, indicate that the closer you get to IG, the more diverse and interconnected the eco-system gets. David Souter’s diagrams almost capture the flux of dynamic debate in this area (please see pages 9 and 22 of this ISOC study).

There were, for most part, insightful interventions from session participants. Mr. Sadowsky questioned the effectiveness of the Tunis Agenda delineation of stakeholder-roles, while Mr. Lear pleaded that techies be let to do their jobs without interference. Ms. Anja Kovacs raised pertinent concerns about including voiceless minorities in a ‘rough consensus’ model. Across sessions, questions of mass surveillance, privacy and data ownership rose from participants. The protection of human rights on the Internet – especially freedom of expression and privacy – made continual appearance, across issues like spam (Question 22-1/1 of ITU-D Study Group 1) and cybersecurity.

Conclusion:

The HLE was widely attended by participants across WSIS stakeholder-groups. At the event, a great many relevant questions such as the future of ICTs, inclusions in the post-2015 Development Agenda, the value of muti-stakeholder models, and human rights such as free speech and privacy were raised across the board. Not only were these raised, but cognizance was taken of them by Ministers, members of the ITU and other collaborative UN bodies, private sector entities such as ICANN, technical community such as the ISOC and IETF, as well as (obviously) civil society.

Substantively, the HLE did not address mass surveillance and privacy, nor of expanding roles of WSIS stakeholders and beyond. Processually, the MPP failed to reach consensus on several issues comfortably, and a compromise had to be brokered.

But perhaps a big change at the HLE was the positive attitude to multi-stakeholder models from many quarters, not least the ITU Secretary General Dr. Hamadoun Touré. His repeated calls for acceptance of multi-stakeholderism left many members of civil society surprised and tentatively pleased. Going forward, it will be interesting to track the ITU and the rest of UN’s (and of course, member states’) stances on multi-stakeholderism at the ITU Plenipot, the WSIS+10 Review and the UN General Assembly session, at the least.

For more details visit https://cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report

Electoral Databases – Privacy and Security Concerns

snehashish — 2014-01-16T11:07:21Z

In this blogpost, Snehashish Ghosh analyzes privacy and security concerns which have surfaced with the digitization, centralization and standardization of the electoral database and argues that even though the law provides the scope for protection of electoral databases, the State has not taken any steps to ensure its safety.

The recent move by the Election Commission of India (ECI) to tie-up with Google for providing electoral look-up services for citizens and electoral information services has faced heavy criticism on the grounds of data security and privacy.[i] After due consideration, the ECI has decided to drop the plan.[ii]

The plan to partner with Google has led to much apprehension regarding Google gaining access to the database of 790 million voters including, personal information such as age, place of birth and residence. It could have also gained access to cell phone numbers and email addresses had the voter chosen to enroll via the online portal on the ECI website. Although, the plan has been cancelled, it does not necessarily mean that the largest database of citizens of India is safe from any kind of security breach or abuse. In fact, the personal information of each voter in a constituency can be accessed by anyone through the ECI website and the publication of electoral rolls is mandated by the law.

Publication of Electoral Rolls
The electoral roll essentially contains the name of the voter, name of the relationship (son of/wife of, etc.), age, sex, address and the photo identity card number. The main objective of creation and maintenance of electoral rolls and the issue of Electoral Photo Identity Card (EPIC) was to ensure a free and fair election where the voter would have been able to cast his own vote as per his own choice. In other words, the main purpose of the exercise was to curtail bogus voting. This is achieved by cross referencing the EPIC with the electoral roll.

The process of creation and maintenance of electoral rolls is governed by the Registration of Electors Rules, 1960. Rule 22 requires the registration officer to publish the roll with list of amendments at his office for inspection and public information. Furthermore, ECI may direct the registration officer to send two copies of the electoral roll to every political party for which a symbol has exclusively been reserved by the ECI. It can be safely concluded that the electoral roll of a constituency is a public document[iii] given that the roll is published and can be circulated on the direction of the ECI.

With the computational turn, in 1998 the ECI took the decision to digitize the electoral databases. Furthermore, printed electoral rolls and compact discs containing the rolls are available for sale to general public.[iv] In addition to that, the electoral rolls for the entire country are available on the ECI website.[v] However, the current database is not uniform and standardized, and entries in some constituencies are available only in the local language. The ECI has taken steps to make the database uniform, standardized and centralized.[vi]

Security Concerns
The Registration of Electoral Rules, 1960 is an archaic piece of delegated legislation which is still in force and casts a statutory duty on the ECI to publish the electoral rolls. The publication of electoral rolls is not a threat to security when it is distributed in hard copies and the availability of electoral rolls is limited. The security risks emerge only after the digitization of electoral database, which allows for uniformity, standardization and centralization of the database which in turn makes it vulnerable and subject to abuse. The law has failed to evolve with the change in technology.

In a recent article, Bill Davidow analyzes "the dark side of Moore’s Law" and argues that with the growth processing power there has been a growth in surveillance capabilities and on this note the article is titled, “With Great Computing Power Comes Great Surveillance”[vii] Drawing from Davidow’s argument, with the exponential growth in computing power, search has become convenient, faster and cheap. A uniform, standardized and centralized database bearing the personal information of 790 million voters can be searched and categorized in accordance with the search terms. The personal information of the voters can be used for good, but it can be equally abused if it falls into the wrong hands. Big data analysis or the computing power makes it easier to target voters, as bits and pieces of personal information give a bigger picture of an individual, a community, etc. This can be considered intrusive on individual’s privacy since the personal information of every voter is made available in the public domain

For example, the availability of a centralized, searchable database of voters along with their age would allow the appropriate authorities to identify wards or constituencies, which has a high population of voters above the age of 65. This would help the authority to set up polling booths at closer location with special amenities. However, the same database can be used to search for density of members of a particular community in a ward or constituency based on the name, age, sex of the voters. This information can be used to disrupt elections, target vulnerable communities during an election and rig elections.

Current IT Laws does not mandate the protection of the electoral database
A centralized electoral database of the entire country can be considered as a critical information infrastructure (CII) given the impact it may have on the election which is the cornerstone of any democracy. Under Section 70 of the Information Technology Act, 2000 (IT Act) CII means “the computer resource, incapacitation or destruction of which, shall have debilitating impact on national security, economy.”[viii] However, the appropriate Government has not notified the electoral database as a protected system[ix]. Therefore, information security practices and procedures for a protected system are not applicable to the electoral database.

The Information Technology Rules (IT Rules) are also not applicable to electoral databases, per se. Since, ECI is not a body corporate, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), Rules, 2011 (hereinafter Reasonable Security Practices Rules) do not apply to electoral databases. Ignoring that Reasonable Security Practices Rules only apply to a body corporate, the electoral database does fall within the ambit of definition of “personal information”[x] and should arguably be made subject to the Rules.

The intent of the ECI for hosting the entire country’s electoral database online inter alia is to provide electronic service delivery to the citizens. It seeks to provide “electoral look up services for citizens ... for better electoral information services.”[xi] However, the Information Technology (Electronic Service Delivery) Rules, 2011 are not applicable to the electoral database given that it is not notified by the appropriate Government as a service to be delivered electronically. Hence, the encryption and security standards for electronic service delivery are not applicable to electoral rolls.

The IT Act and the IT Rules provide a reasonable scope for the appropriate Government to include electoral databases within the ambit of protected system and electronic service delivery. However, the appropriate government has not taken any steps to notify electoral database as protected system or a mode of electronic service delivery under the existing laws.

Conclusion
Publication of electoral rolls is a necessary part of an election process. It ensures free and fair election and promotes transparency and accountability. But unfettered access to electronic electoral databases may have an adverse effect and would endanger the very goal it seeks to achieve because the electronic database may pose threat to privacy of the voters and also lead to security breach. It may be argued that the ECI is mandated by the law to publish the electoral database and hence, it is beyond the operation of the IT Act. But Section 81 of the IT Act has an overriding effect on any law inconsistent, therewith. The appropriate Government should take necessary steps under the IT Act and notify electoral databases as a protected system.

It is recommended that the Electors Registration Rules, 1960 should be amended, taking into account the advancement in technology. Therefore, the Rules should aim at restricting the unfettered electronic access to the electoral database and also introduce purposive limitation on the use of the electoral database. It should also be noted that more adequate and robust data protection and privacy laws should be put in place, which would regulate the collection, use, storage and processing of databases which are critical to national security.

[i] Pratap Vikram Singh, Post-uproar, EC’s Google tie-up plan may go for a toss, Governance Now, January 7, 2014 available at http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss

[ii] Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at http://eci.nic.in/eci_main1/current/PN09012014.pdf

[iii] Section 74, Indian Evidence Act, 1872

[iv] eci.nic.in/eci_main1/the_function.aspx

[v] http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx

[vi] “At present, in most States and UTs the Electoral Database is kept at the district level. In some cases it is kept even with the vendors. In most States/UTs it is maintained in MS Access, while in some cases it is on a primitive technology like FoxPro and in some other cases on advanced RDBMS like Oracle or Sql Server. The database is not kept in bilingual form in some of the States/UTs, despite instructions of the Commission. In most cases Unicode fonts are not used. The database structure not being uniform in the country, makes it almost impossible for the different databases to talk to each other” – Election Commission of India, Revision of Electoral Rolls with reference to 01-01-2010 as the qualifying date – Integration and Standardization of the database- reg., No. 23/2009-ERS, January 6, 2010 available at eci.nic.in/eci_main/eroll&epic/ins06012010.pdf

[vii] http://www.theatlantic.com/technology/archive/2014/01/with-great-computing-power-comes-great-surveillance/282933/

[viii] Section 70, Information Technology Act, 2000

[ix] Computer resource which directly or indirectly affects the facility of Critical Information Infrastructure

[x] Rule 2(1)(i), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

[xi] Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at http://eci.nic.in/eci_main1/current/PN09012014.pdf

For more details visit https://cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns

E-governance hopes rise as India crosses 1 billion transactions

praskrishna — 2013-10-29T04:48:58Z

Government agencies and departments, regarded as bywords for inefficiency and red tape, have recorded over a billion e-governance transactions so far this year, watershed for the world's largest democracy that is betting on technology to cure its ills.

The article by J Srikant was published in the Economic Times on October 29, 2013. Sunil Abraham is quoted.

"It is an important milestone for India's e-governance initiative," said J Satyanarayana, secretary in the department of electronics and information technology. "With better accessibility and more projects getting completed, this number should keep rising."

Among states, Gujarat topped the list with around 389 million transactions while online payment for utility and government services was the most used government service with about 258 million transactions clocked in the year.

India is in the middle of implementing a large-scale e-governance programme which includes a vast information technology network to facilitate speedy delivery of public services. The most important of these are 31 'mission mode' projects being implemented by the central governments and states. Technology researcher Gartner estimates that government will spend Rs 36,800 crore on IT products and services in 2013. The most high-profile e-governance scheme is the unique identity project Aadhaar being implemented by former InfosysBSE -0.04 % CEO Nandan Nilekani. The biometric-linked scheme is targeting to enroll 600 million people by 2014.

A year ago, the country successfully commissioned an e-passport project where digitisation of applications and internal files vastly improved the time taken to issue new passports.

"Reaching a billion transactions with just about 100 million internet users is a commendable achievement and we should celebrate it," said Sunil Abraham, executive director of Centre for Internet and Society. "E-governance is a tough area to work in, not just in India but across the globe. So this performance should make us positive."

With more parts of the country getting connected through the National Optic Fibre Network, industry watchers expect more citizens to be accessing government services over the internet. The project aims to connect 2.5 lakh gram panchayats. The network has been launched in pockets of Rajasthan, Andhra Pradesh and Tripura, with some 80,500 transactions already recorded.

"This number (one billion) is a reflection of the increasing access of internet in the country and the acceptance of technology change happening," said Sanjoy Sen, senior director at Deloitte Touche Tohmatsu India. "E-governance helps in reducing cost and bottlenecks for the user and also brings down the time to get the work done. It is an important factor in today's economy."

Experts said that although it is working well for India, there are still certain steps that government needs to take to maintain the pace of expansion.

"Government should look at financially incentivising setting up of cyber cafes in rural India as these are an important aspect of improving the accessibility," said Abraham.

For more details visit https://cis-india.org/news/economic-times-october-29-2013-j-srikant-e-governance-hopes-rise-as-india-crosses-1-billion-transactions