Centre for Internet and Society

Facebook Shares 10 Key Facts about Free Basics. Here's What's Wrong with All 10 of Them.

sunil — 2015-12-25T14:59:10Z

Shweta Sengar of Catch News spoke to Sunil Abraham about the recent advertisement by Facebook titled "What Net Neutrality Activists won't Tell You or, the Top 10 Facts about Free Basics". Sunil argued against the validity of all the 'top 10 facts'.

Facebook has rebranded internet.org as Free Basics. After suffering from several harsh blows from the net neutrality activists in India, the social media behemoth is positioning a movement in order to capture user attention.

Apart from a mammoth two page advertisement on Free Basics on 23 December in a leading English daily, we spotted a numerous hoardings across the capital.

Unlike Facebook, Wikipedia has a rather upfront approach for raising funds. You must have noticed a pop-up as you open Wikipedia when they are in need of funds. What Facebook has done is branded Free Basics as 'free' as the basic needs of life.

The newspaper advertisement by Facebook was aimed at clearing all the doubts about Free Basics. The 10 facts highlighted a connected India and urging users to take the "first step towards digital equality."

In an interview with Catch, Sunil Abraham, Executive Director of Bangalore based research organisation, the Centre for Internet and Society, shared his thoughts on the controversial subject. Abraham countered each of Facebook's ten arguments. Take a look:

01 Free basics is open to any carriers. Any mobile operator can join us in connecting India.

Sunil Abraham: Free Basics was initially exclusive to only one telecom operator in most markets that it was available in.

The non-exclusivity was introduced only after activists in India complained. But now the arrangement is exclusive to Free Basics as a walled garden provider. But discrimination harms remain until other Internet services can also have what Facebook has from telecom operators ie. free access to their destinations.

02 We do not charge anyone anything for Free Basics. Period.

SA: As Bruce Schneier says "surveillance is the business model of the Internet". Free basics users are subject to an additional layer of surveillance ie. the data retention by the Facebook proxy server. Just as Facebook cannot say that they are ignoring Data Protection law because Facebook is a free product - they cannot say that Free Basics can violate network neutrality law because it is a free service. For ex. Flipkart should get Flipkart Basic on all Indian ISPs and Telcos.

03 We do not pay for the data consumed in Free Basics. Operators participate because the program has proven to bring more people online. Free Basics has brought new people onto mobile networks on average over 50% faster since launching the service.

SA: Facebook has been quoting statistics as evidence to influence the policy formulation process. But we need the absolute numbers and we also need them to be independently verifiable. At the very least we need the means to cross verify these numbers with numbers that telcos and ISPs routinely submit to TRAI.

Theoretical harms must be addressed through net neutrality regulation. For example, you don't have to build a single, centralised database of all Indian citizens to know that it can be compromised - from a security design perspective centralisation is always a bad idea. Gatekeeping powers given to any powerful entity will be compromised. While evidence is useful, regulation can already begin based on well established regulatory principles. After scientific evidence has been made available - the regulation can be tweaked.

04 Any developer or publisher can have their content on Free Basics. There are clear technical specs openly published here ... and we have never rejected an app or publisher who has me these tech specs.

SA: Again this was only done as a retrospective fix after network neutrality activists in India complained about exclusive arrangements. For example, the music streaming service Hungama is not a low-bandwidth destination but since it was included the technical specifications only mentions large images and video files. Many of the other sites are indistinguishable from their web equivalents clearly indicating that this was just an afterthought. At the moment Free Basics has become controversial so most developers and publishers are not approaching them so there is no way for us to verify Facebook's claim.

05 Nearly 800 developers in India have signed their support for Free Basics.

SA: I guess these are software developers working in the services industry who don't see themselves as potential competition to Facebook or any of the services within Free Basics. Also since Facebook as been completely disingenuous when it comes to soliciting support for their campaigns it is very hard to believe these claims. It has tried to change the meaning of the phrase "net neutrality" and has framed the debate in an inaccurate manner - therefore I could quite confidently say that these developers must have been fooled into supporting Free Basics.

06 It is not a walled garden: In India, 40% of people who come online through Free Basics are paying for data and accessing the full internet within the first 30 days. In the same time period, 8 times more people are paying versus staying on just

SA: Again, no absolute numbers and also no granularity in the data that makes it impossible for anyone to verify these numbers. Also there is no way to compare these numbers to access options that are respectful of network neutrality such as equal rating. If the numbers are roughly the same for equal rating and zero-rating then there is no strong case to be made for zero-rating.

07 Free Basics is growing and popular in 36 other countries, which have welcomed the program with open arms and seen the enormous benefits it has brought.

SA: Free Basics was one of the most controversial topics at the last Internet Governance Forum. A gratis service is definitely going to be popular but that does not mean forbearance is the only option for the regulator. In countries with strong civil society and/or a strong regulator, Free Basics has ran into trouble. Facebook has been able to launch Free Basics only in jurisdictions where regulators are still undecided about net neutrality. India and Brazil are the last battle grounds for net neutrality and that is why Facebook is spending advertising dollar and using it's infrastructure to win the global south.

08 In a recent representative poll, 86% of Indians supported Free Basics by Facebook, and the idea that everyone deserves access to free basic internet services.

SA: This is the poll which was framed in alarmist language where Indian were asked to choose between perpetuating or bridging the digital divide. This is a false choice that Facebook is perpetuating - with forward-looking positive Network Neutrality rules as advocated by Dr. Chris Marsden it should be possible to bridge digital divide without incurring any free speech, competition, innovation and diversity harms.

09 In the past several days, 3.2 million people have petitioned the TRAI in support of Free Basics.

SA: Obviously - since Free Basics is better than nothing. But the real choice should have been - are you a) against network neutrality ie. would you like to see Facebook play gatekeeper on the Internet OR b) for network neutrality ie. would you like to see Free Basics forced to comply with network neutrality rules and expand access without harms to consumers and innovators.

10 There are no ads in the version of Facebook on Free Basics. Facebook produces no revenue. We are doing this to connect India, and the benefits to do are clear.

SA: As someone who has watched the Internet economy since the first dot com boom - it is absolutely clear that consumer acquisition is as important as revenues. They are doing it to connect people to Facebook and as a result some people will also connect to the Internet. But India is the last market on the planet where the walled garden can be bigger than the Internet, and therefore Facebook is manipulating the discourse through it's dominance of the networked public sphere.

Bravo to TRAI and network neutrality activists for taking Facebook on.

Originally published by Catch News, on December 24, 2015.

For more details visit https://cis-india.org/internet-governance/news/facebook-shares-10-key-facts-about-free-basics-heres-whats-wrong-with-all-10-of-them

Smart Cities in India: An Overview

vanya — 2016-01-11T01:30:07Z

The Government of India is in the process of developing 100 smart cities in India which it sees as the key to the country's economic and social growth. This blog post gives an overview of the Smart Cities project currently underway in India. The smart cities mission in India is at a nascent stage and an evolving area for research. The Centre for Internet and Society will continue work in this area.

Overview of the 100 Smart Cities Mission

The Government of India announced its flagship programme- the 100 Smart Cities mission in the year 2014 and was launched in June 2015 to achieve urban transformation, drive economic growth and improve the quality of life of people by enabling local area development and harnessing technology. Initially, the Mission aims to cover 100 cities across the countries (which have been shortlisted on the basis of a Smart Cities Proposal prepared by every city) and its duration will be five years (FY 2015-16 to FY 2019-20). The Mission may be continued thereafter in the light of an evaluation to be done by the Ministry of Urban Development (MoUD) and incorporation of the learnings into the Mission. The Mission aims to focus on area-based development in the form of redevelopment of existing spaces, or the development of new areas (Greenfield) to accommodate the growing urban population and ensure comprehensive planning to improve quality of life, create employment and enhance incomes for all - especially the poor and the disadvantaged. ^{^[1]} On 27th August 2015 the Centre unveiled 98 smart cities across India which were selected for this Project. Across the selected cities, 13 crore population ( 35% of the urban population will be included in the development plans. ^{^[2]} The mission has been developed for the purpose of achieving urban transformation. The vision is to preserve India's traditional architecture, culture & ethnicity while implementing modern technology to make cities livable, use resources in a sustainable manner and create an inclusive environment. ^{^[3]}

The promises of the Smart City mission include reduction of carbon footprint, adequate water and electricity supply, proper sanitation, including solid waste management, efficient urban mobility and public transport, affordable housing, robust IT connectivity and digitalization, good governance, citizen participation, security of citizens, health and education.

Questions unanswered

Why and How was the Smart Cities project conceptualized in India? What was the need for such a project in India?
What was the role of the public/citizens at the ideation and conceptualization stage of the project?
Which actors from the Government, Private industry and the civil society are involved in this mission? Though the smart cities mission has been initiated by the Government of India under the Ministry of Urban Development, there is no clarity about the involvement of the associated offices and departments of the Ministry.

How are the Smart Cities being selected?

The 100 cities were supposed to be selected on the basis of Smart cities challenge^{^[4]} involving two stages. Stage I of the challenge involved Intra-State city selection on objective criteria to identify cities to compete in stage-II. In August 2015, The Ministry of Urban Development, Government of India announced 100 smart cities ^{^[5]} evaluated on parameters such as service levels, financial and institutional capacity, past track record, called as the 'shortlisted cities' for this purpose. The selected cities are now competing for selection in the Second stage of the challenge, which is an All India competition. For this crucial stage, the potential 100 smart cities are required to prepare a Smart City Proposal (SCP) stating the model chosen (retrofitting, redevelopment, Greenfield development or a mix), along with a Pan-City dimension with Smart Solutions. The proposal must also include suggestions collected by way of consultations held with city residents and other stakeholders, along with the proposal for financing of the smart city plan including the revenue model to attract private participation. The country saw wide participation from the citizens to voice their aspirations and concerns regarding the smart city. 15th December 2015 has been declared as the deadline for submission of the SCP, which must be in consonance with evaluation criteria set by The MoUD, set on the basis of professional advice. ^{^[6]} On the basis of this, 20 cities will be selected for the first year. According to the latest reports, the Centre is planning to fund only 10 cities for the first phase in case the proposals sent by the states do not match the expected quality standards and are unable to submit complete area-development plans by the deadline, i.e. 15th December, 2015. ^{^[7]}

Questions unanswered

Who would be undertaking the task of evaluating and selecting the cities for this project?
What are the criteria for selection of a city to qualify in the first 20 (or 10, depending on the Central Government) for the first phase of implementation?

How are the smart cities going to be Funded?

The Smart City Mission will be operated as a Centrally Sponsored Scheme (CSS) and the Central Government proposes to give financial support to the Mission to the extent of Rs. 48,000 crores over five years i.e. on an average Rs. 100 crore per city per year. ^{^[8]} The additional resources will have to be mobilized by the State/ ULBs from external/internal sources. According to the scheme, once list of shortlisted Smart Cities is finalized, Rs. 2 crore would have been disbursed to each city for proposal preparation.^{^[9]}

According to estimates of the Central Government, around Rs 4 lakh crore of funds will be infused mainly through private investments and loans from multilateral institutions among other sources, which accounts to 80% of the total spending on the mission. ^{^[10]} For this purpose, the Government will approach the World Bank and the Asian Development Bank (ADB) for a loan costing £500 million and £1 billion each for 2015-20. If ADB approves the loan, it would be it will be the bank's highest funding to India's urban sector so far.^{^[11]} Foreign Direct Investment regulations have been relaxed to invite foreign capital and help into the Smart City Mission. ^{^[12]}

Questions unanswered

The Government notes on Financing of the project mentions PPPs for private funding and leveraging of resources from internal and external resources. There is lack of clarity on the external resources the Government has/will approach and the varied PPP agreements the Government is or is planning to enter into for the purpose of private investment in the smart cities.

How is the scheme being implemented?

Under this scheme, each city is required to establish a Special Purpose Vehicle (SPV) having flexibility regarding planning, implementation, management and operations. The body will be headed by a full-time CEO, with nominees of Central Government, State Government and ULB on its Board. The SPV will be a limited company incorporated under the Companies Act, 2013 at the city-level, in which the State/UT and the Urban Local Body (ULB) will be the promoters having equity shareholding in the ratio 50:50. The private sector or financial institutions could be considered for taking equity stake in the SPV, provided the shareholding pattern of 50:50 of the State/UT and the ULB is maintained and the State/UT and the ULB together have majority shareholding and control of the SPV. Funds provided by the Government of India in the Smart Cities Mission to the SPV will be in the form of tied grant and kept in a separate Grant Fund.^{^[13]}

For the purpose of implementation and monitoring of the projects, the MoUD has also established an Apex Committee and National Mission Directorate for National Level Monitoring^{^[14]}, a State Level High Powered Steering Committee (HPSC) for State Level Monitoring^{^[15]} and a Smart City Advisory Forum at the City Level ^{^[16]}.

Also, several consulting firms^{^[17]} have been assigned to the 100 cities to help them prepare action plans.^{^[18]} Some of them include CRISIL, KPMG, McKinsey, etc. ^{^[19]}

Questions unanswered

What policies and regulations have been put in place to account for the smart cities, apart from policies looking at issues of security, privacy, etc.?
What international/national standards will be adopted while development of the smart cities? Though the Bureau of Indian Standards is in the process of formulating standardized guidelines for the smart cities in India^{^[20]}, yet there is lack of clarity on adoption of these national standards, along with the role of international standards like the ones formulated by ISO.

What is the role of Foreign Governments and bodies in the Smart cities mission?

Ever since the government's ambitious project has been announced and cities have been shortlisted, many countries across the globe have shown keen interest to help specific shortlisted cities in building the smart cities and are willing to invest financially. Countries like Sweden, Malaysia, UAE, USA, etc. have agreed to partner with India for the mission.^{^[21]} For example, UK has partnered with the Government to develop three India cities-Pune, Amravati and Indore.^{^[22]} Israel's start-up city Tel Aviv also entered into an agreement to help with urban transformation in the Indian cities of Pune, Nagpur and Nashik to foster innovation and share its technical know-how.^{^[23]} France has piqued interest for Nagpur and Puducherry, while the United States is interested in Ajmer, Vizag and Allahabad. Also, Spain's Barcelona Regional Agency has expressed interest in exchanging technology with the Delhi. Apart from foreign government, many organizations and multilateral agencies are also keen to partner with the Indian government and have offered financial assistance by way of loans. Some of them include the UK government-owned Department for International Development, German government KfW development bank, Japan International Cooperation Agency, the US Trade and Development Agency, United Nations Industrial Development Organization and United Nations Human Settlements Programme. ^{^[24]}

Questions unanswered

Do these governments or organization have influence on any other component of the Smart cities?
How much are the foreign governments and multilateral bodies spending on the respective cities?
What kind of technical know-how is being shared with the Indian government and cities?

What is the way ahead?

On the basis of the SCP, the MoUD will evaluate, assess the credibility and select 20 smart cities out of the short-listed ones for execution of the plan in the first phase. The selected city will set up a SPV and receive funding from the Government.

Questions unanswered

Will the deadline of submission of the Smart Cities Proposal be pushed back?
After the SCP is submitted on the basis of consultation with the citizens and public, will they be further involved in the implementation of the project and what will be their role?
How will the MoUD and other associated organizations as well as actors consider the implementation realities of the project, like consideration of land displacement, rehabilitation of the slum people, etc.
How are ICT based systems going to be utilized to make the cities and the infrastructure "smart"?
How is the MoUD going to respond to the concerns and criticism emerging from various sections of the society, as being reflected in the news items?
How will the smart cities impact and integrate the existing laws, regulations and policies? Does the Government intend to use the existing legislations in entirety, or update and amend the laws for implementation of the Smart Cities Mission?

^{^[1]} Smart Cities, Mission Statement and Guidelines, Ministry of Urban Development, Government of India, June 2015, Available at : http://smartcities.gov.in/writereaddata/SmartCityGuidelines.pdf

^{^[2]} http://articles.economictimes.indiatimes.com/2015-08-27/news/65929187_1_jammu-and-kashmir-12-cities-urban-development-venkaiah-naidu

^{^[3]} http://india.gov.in/spotlight/smart-cities-mission-step-towards-smart-india

^{^[4]} http://smartcities.gov.in/writereaddata/Process%20of%20Selection.pdf

^{^[5]} Full list : http://www.scribd.com/doc/276467963/Smart-Cities-Full-List

^{^[6]} http://smartcities.gov.in/writereaddata/Process%20of%20Selection.pdf

^{^[7]} http://www.ibtimes.co.in/modi-govt-select-only-10-cities-under-smart-city-project-this-year-report-658888

^{^[8]} http://smartcities.gov.in/writereaddata/Financing%20of%20Smart%20Cities.pdf

^{^[9]} Smart Cities presentation by MoUD : http://smartcities.gov.in/writereaddata/Presentation%20on%20Smart%20Cities%20Mission.pdf

^{^[10]} http://indianexpress.com/article/india/india-others/smart-cities-projectfrom-france-to-us-a-rush-to-offer-assistance-funds/

^{^[11]} http://indianexpress.com/article/india/india-others/funding-for-smart-cities-key-to-coffer-lies-outside-india/#sthash.5lnW9Jsq.dpuf

^{^[12]} http://india.gov.in/spotlight/smart-cities-mission-step-towards-smart-india

^{^[13]} http://smartcities.gov.in/writereaddata/SPVs.pdf

^{^[14]} http://smartcities.gov.in/writereaddata/National%20Level%20Monitoring.pdf

^{^[15]} http://smartcities.gov.in/writereaddata/State%20Level%20Monitoring.pdf

^{^[16]} http://smartcities.gov.in/writereaddata/City%20Level%20Monitoring.pdf

^{^[17]} http://smartcities.gov.in/writereaddata/List_of_Consulting_Firms.pdf

^{^[18]} http://pib.nic.in/newsite/PrintRelease.aspx?relid=128457

^{^[19]} http://economictimes.indiatimes.com/articleshow/49242050.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

^{^[20]} http://www.business-standard.com/article/economy-policy/in-a-first-bis-to-come-up-with-standards-for-smart-cities-115060400931_1.html

^{^[21]} http://accommodationtimes.com/foreign-countries-have-keen-interest-in-development-of-smart-cities/

^{^[22]} http://articles.economictimes.indiatimes.com/2015-11-20/news/68440402_1_uk-trade-three-smart-cities-british-deputy-high-commissioner

^{^[23]} http://www.jpost.com/Business-and-Innovation/Tech/Tel-Aviv-to-help-India-build-smart-cities-435161?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

^{^[24]} http://indianexpress.com/article/india/india-others/smart-cities-projectfrom-france-to-us-a-rush-to-offer-assistance-funds/#sthash.nCMxEKkc.dpuf

For more details visit https://cis-india.org/internet-governance/blog/smart-cities-in-india-an-overview

CIS's Position on Net Neutrality

sunil — 2015-12-09T13:06:06Z

As researchers committed to the principle of pluralism we rarely produce institutional positions. This is also because we tend to update our positions based on research outputs. But the lack of clarity around our position on network neutrality has led some stakeholders to believe that we are advocating for forbearance. Nothing can be farther from the truth. Please see below for the current articulation of our common institutional position.

Net Neutrality violations can potentially have multiple categories of harms — competition harms, free speech harms, privacy harms, innovation and ‘generativity’ harms, harms to consumer choice and user freedoms, and diversity harms thanks to unjust discrimination and gatekeeping by Internet service providers.
Net Neutrality violations (including some those forms of zero-rating that violate net neutrality) can also have different kinds benefits — enabling the right to freedom of expression, and the freedom of association, especially when access to communication and publishing technologies is increased; increased competition [by enabling product differentiation, can potentially allow small ISPs compete against market incumbents]; increased access [usually to a subset of the Internet] by those without any access because they cannot afford it, increased access [usually to a subset of the Internet] by those who don't see any value in the Internet, reduced payments by those who already have access to the Internet especially if their usage is dominated by certain services and destinations.
Given the magnitude and variety of potential harms, complete forbearance from all regulation is not an option for regulators nor is self-regulation sufficient to address all the harms emerging from Net Neutrality violations, since incumbent telecom companies cannot be trusted to effectively self-regulate. Therefore, CIS calls for the immediate formulation of Net Neutrality regulation by the telecom regulator [TRAI] and the notification thereof by the government [Department of Telecom of the Ministry of Information and Communication Technology]. CIS also calls for the eventual enactment of statutory law on Net Neutrality. All such policy must be developed in a transparent fashion after proper consultation with all relevant stakeholders, and after giving citizens an opportunity to comment on draft regulations.
Even though some of these harms may be large, CIS believes that a government cannot apply the precautionary principle in the case of Net Neutrality violations. Banning technical innovations and business model innovations is not an appropriate policy option. The regulation must toe a careful line to solve the optimization problem: refraining from over-regulation of ISPs and harming innovation at the carrier level (and benefits of net neutrality violations mentioned above) while preventing ISPs from harming innovation and user choice. ISPs must be regulated to limit harms from unjust discrimination towards consumers as well as to limit harms from unjust discrimination towards the services they carry on their networks.
Based on regulatory theory, we believe that a regulatory framework that is technologically neutral, that factors in differences in technological context, as well as market realities and existing regulation, and which is able to respond to new evidence is what is ideal.

This means that we need a framework that has some bright-line rules based, but which allows for flexibility in determining the scope of exceptions and in the application of the rules. Candidate principles to be embodied in the regulation include: transparency, non-exclusivity, limiting unjust discrimination.
The harms emerging from walled gardens can be mitigated in a number of ways. On zero-rating the form of regulation must depend on the specific model and the potential harms that result from that model. Zero-rating can be: paid for by the end consumer or subsidized by ISPs or subsidized by content providers or subsidized by government or a combination of these; deal-based or criteria-based or government-imposed; ISP-imposed or offered by the ISP and chosen by consumers; Transparent and understood by consumers vs. non-transparent; based on content-type or agnostic to content-type; service-specific or service-class/protocol-specific or service-agnostic; available on one ISP or on all ISPs. Zero-rating by a small ISP with 2% penetration will not have the same harms as zero-rating by the largest incumbent ISP. For service-agnostic / content-type agnostic zero-rating, which Mozilla terms ‘equal rating’, CIS advocates for no regulation.
CIS believes that Net Neutrality regulation for mobile and fixed-line access must be different recognizing the fundamental differences in technologies.
On specialized services CIS believes that there should be logical separation and that all details of such specialized services and their impact on the Internet must be made transparent to consumers both individual and institutional, the general public and to the regulator. Further, such services should be available to the user only upon request, and not without their active choice, with the requirement that the service cannot be reasonably provided with ‘best efforts’ delivery guarantee that is available over the Internet, and hence requires discriminatory treatment, or that the discriminatory treatment does not unduly harm the provision of the rest of the Internet to other customers.
On incentives for telecom operators, CIS believes that the government should consider different models such as waiving contribution to the Universal Service Obligation Fund for prepaid consumers, and freeing up additional spectrum for telecom use without royalty using a shared spectrum paradigm, as well as freeing up more spectrum for use without a licence.
On reasonable network management CIS still does not have a common institutional position.

For more details visit https://cis-india.org/internet-governance/blog/cis-position-on-net-neutrality

Crowdsourcing Incidents of Communication Privacy Violation in India

sumandro — 2015-10-16T10:49:17Z

In the context of several ongoing threads of debates and policy discussions, we are initiating this effort to crowdsource incidents of violation of digital/online/telephonic privacy of persons and organisations in India. The full list of submitted incidents is publicly shared, under Creative Commons Attributions-ShareAlike 4.0 International license. Please contribute and share with your friends and colleagues.

Report an incident: http://goo.gl/forms/8Xcf0zcWZW

Collected incidents: http://bit.ly/privacy-violation-india (CC BY-SA 4.0)

You are welcome to cross-post this to your website or other online forum. Please provide attribution, and link back to this page. For any clarification, write to Sumandro Chattapadhyay, Research Director, CIS, at sumandro[at]cis-india[dot]org.

For more details visit https://cis-india.org/internet-governance/crowdsourcing-incidents-of-communication-privacy-violation-in-india

Open Letter to PM Modi on Intellectual Property Rights issues on His Visit to the United States of America in September, 2015

Pranesh Prakash and Nehaa Chaudhari — 2015-09-25T06:43:12Z

This is an open letter by CIS to the Prime Minister, Shri Narendra Modi in light of his impending visit to the USA. This letter asks the Prime Minister to urge the USA to ratify the Marrakesh Treaty; and asks that India not be a party to TPP negotiations, in light of recent reports on a study encouraging India to join the TPP.

Shri Narendra Damodardas Modi
Hon’ble Prime Minister of India
152, South Block, Raisina Hill
New Delhi-110011

22 September, 2015

Dear Sir,

We write on behalf of the Centre for Internet and Society, India [1], a Bangalore and New Delhi based not-for-profit organization engaging in research on among others, accessibility for persons with disabilities, intellectual property rights, openness and access to knowledge. Over the past fifteen months, we have welcomed and support certain initiatives of our government as being in line with some of our research interests, specifically, the "Make in India" and "Digital India" initiatives, and your vision of a digitally empowered India, as we have noted in an earlier open letter to you. [2]

This letter is in light of your visit to the United States of America (“USA”) this month, to articulate a two-fold request: first, that during the course of your visit you request the government of the USA to ratify the Marrakesh Treaty for visually impaired persons (“Marrakesh Treaty”); [3] and second, that the Indian government not enter into any negotiations around the Trans-Pacific Partnership trade agreement (“the TPP”).

On the Marrakesh Treaty

According to figures by the World Blind Union, approximately 90% of all published material is not accessible to blind or print disabled people. [4] The severity of the ‘book famine’ experienced by the world’s estimated 300 million blind or otherwise print or visually disabled people (of which an estimated 63 million are in India) was highlighted by India in its Closing Statement at the Diplomatic Conference convened to conclude the Marrakesh Treaty. [5] India has historically been a strong advocate of the spirit of the Marrakesh Treaty, becoming the first country to ratify it in June, 2014. [6] Amendments in 2012 to India’s copyright law predated the signature to the Marrakesh Treaty. These amendments created disability and works neutral exceptions to our copyright law, well beyond the mandate of the Marrakesh Treaty.

The true realization of the promise of the Marrakesh Treaty however will remain a distant dream until the treaty comes into effect (three months) after 20 Member States have ratified it or acceded to it. [7] According to information available from the World Intellectual Property Organization [8], this number is currently only 9, and the USA is not one of the countries to have done so. The USA is home [9] to some of the largest publishers of both academic and other/leisure material including Penguin Random House, Harper Collins, John Wiley & Sons, the RELX Group, McGraw-Hill Education, Scholastic and Cengage Learning to name a few. It accounts for a large volume of the world’s book and other print material export. The active participation of the USA through the ratification of the Marrakesh treaty is critical if the treaty is to be truly effective.

During your visit, we urge you request the government of the United States of America to ratify the Marrakesh Treaty at the earliest. This will bring us one important step closer to eradicating the book famine.

On the TPP

We are concerned after reports [10] of a recent study authored by C Fred Bergsten that encourages India to join the TPP. On this front, we are in complete agreement with the reported statement of the Hon’ble Ambassador Shri Arun K. Singh, where he disagrees with some of the findings and analysis of this recent report. [11]

The TPP has come into severe criticism [12] over the years [13] from a vast multitude [14] of sources [15] (including a group of 30 law professors in 2012) [16] across the various countries that are a party to the negotiations. Among others and most relevant to us as an organization is the criticism around the secrecy of negotiations [17] as well as the content of the chapter on intellectual property in the TPP. It is our belief that eventually, India stands to lose as a result of the TPP [18] with its possible adverse impact on our economy. [19]

The rigid intellectual property protections (including criminal penalties for unintentional copying) [20] sought to be enforced through the TPP would benefit only US pharmaceutical and entertainment industries. [21] These provisions (among others) mandate the inclusion of TRIPS plus provisions in national laws, envisage possible extensions in term of protection on patents, restrict copyright exceptions and limitations, extend copyright protection terms and impose a higher liability on intermediaries; [22]all of which would be disastrous for an emerging economy such as India’s, which is a heavy user of intellectual property and not a heavy producer of the same.

Historically, India has been a supporter of a transparent, multilateral decision making process, a commitment to which was also reiterated recently by the Hon’ble Minister of State for Commerce and Industry, Smt. Nirmala Sitharaman. [23]India has also raised many of its concerns (on the secrecy of the negotiations as well as substantive provisions themselves) around the TPP and its close cousin, the Anti-Counterfeiting Trade Agreement (“ACTA”) in 2011 [24] and 2012 [25] at the World Trade Organization (“WTO”) TRIPS Council and on the ACTA in 2010, also at the WTO Trips Council. [26]

In light of the above, we strongly urge the Indian government to not engage in negotiations on the TPP. At a minimum, we would request that any engagement in TPP negotiations be preceded by national consultations on the same, soliciting input from various stakeholders with diverging interests, including academia, civil society, industry associations, large Indian corporations, small and medium enterprises and multi- national corporations, rights holders associations and other interest groups.

We thank you for the opportunity to present these views to you. We do hope that you will consider these suggestions favourably, in the interests of India’s economic and social development. We welcome any opportunity to assist you with any queries you may have with regard to these submissions.

Thank you.

Yours truly

(For the Centre for Internet and Society, India)

Pranesh Prakash, Policy Director
Nehaa Chaudhari, Programme Officer

Copies to:

Smt. Smriti Zubin Irani, Minister for Human Resource Development, Government of India.
Prof. (Dr.) Ram Shankar Katheria, Minister of State for Human Resource Development (Higher Education), Government of India.
Smt. Nirmala Sitharaman, Minister of State for Commerce and Industry, Government of India.
Shri Vinay Sheel Oberoi, Secretary (Department of Higher Education), Ministry of Human Resources Development, Government of India, Government of India.
Shri Amitabh Kant, Secretary (Department of Industrial Policy and Promotion), Ministry of Commerce and Industry, Government of India.

(Edit - 25 September, 2015) - The following people have reached out to us in support of this letter and have expressed a desire to have their signatures placed on record as support. We wish to acknowledge the same.

Prof. Dinesh Abrol - Convenor, National Working Group on Patent Laws and WTO
Dr. B. Ekbal - President, Democratic Alliance for Knowledge Freedom, Kerala
T.C. James - President, NIPO
Dr. Suman Sahai - Chairperson, Gene Campaign
Dr. Biswajit Dhar - Professor, Centre for Economic Studies and Planning, School of Social Sciences, Jawaharlal Nehru University

[1]See generally http://cis-india.org/ (last accessed 22 September, 2015).

[2]Rohini Lakshane, Open Letter to Prime Minister Modi, available at http://cis-india.org/a2k/blogs/open-letter-to-prime-minister-modi (last accessed 22 September, 2015); Centre for Internet and Society/Rohini Lakshane, Digital India & Make in India : Form a patent pool of critical mobile technologies – CIS India, available at http://www.medianama.com/2015/03/223-digital-india-make-in-india-form-a-patent-pool-of-critical-mobile-technologies-cis-india/ (last accessed 22 September, 2015).

[3]The Marrakesh Treaty to Facilitate Access to Published Works by Visually Impaired Persons and Persons with Print Disabilities adopted on June 27, 2013. Treaty text and other official documentation available at http://www.wipo.int/treaties/en/ip/marrakesh/ (last accessed 22 September, 2015).

[4]World Blind Union, Marrakesh Treaty – Right to Read Campaign, available at http://www.worldblindunion.org/English/our-work/our-priorities/Pages/right-2-read-campaign.aspx (last accessed 22 September, 2015).

[5]Pranesh Prakash, India’s Closing Statement at Marrakesh on the Treaty for the Blind, available at http://cis-india.org/a2k/blogs/india-closing-statement-marrakesh-treaty-for-the-blind (last accessed 22 September, 2015).

[6]Nehaa Chaudhari, India’s Ratification of the Marrakesh Treaty Celebrated; Accessible Books Consortium Launched, available at http://cis-india.org/accessibility/blog/indias-ratification-of-marrakesh-treaty-celebrated (last accessed 22 September, 2015).

[7]Article 18 of the Marrakesh Treaty.

[8]World Intellectual Property Organization, WIPO Administered Treaties: Contracting Parties > Marrakesh VIP Treaty (Treaty not yet in force), available at http://www.wipo.int/treaties/en/ShowResults.jsp?lang=en&treaty_id=843 (last accessed 22 September, 2015).

[9]Publishers Weekly, The World’s 57 Largest Book Publishers, 2015, available at http://www.publishersweekly.com/pw/by-topic/international/international-book-news/article/67224-the-world-s-57-largest-book-publishers-2015.html (last accessed 22 September, 2015).

[10]S Rajagopalan, US Report Pushes India to Join the Trans-Pacific Partnership, available at http://www.dailypioneer.com/world/us-report-pushes-india-to-join-trans-pacific-partnership.html (last accessed 22 September, 2015); Indo-Asian News Service on NDTV, India Can Boost Exports by $500 Billion with Trade Liberalization: Study, available at http://www.ndtv.com/india-news/india-can-boost-exports-by-500-billion-with-trade-liberalization-study-1218887 (last accessed 22 September, 2015); Raghavendra M., India can boost exports by $500 billion with trade liberalization: study, available at http://www.americanbazaaronline.com/2015/09/18/india-can-boost-exports-by-500-billion-with-trade-liberalization-study/ (last accessed 22 September, 2015); Press Trust of India in the Business Standard, India can boost exports by USD 500 bn by joining the TPP: report, available at http://www.business-standard.com/article/pti-stories/india-can-boost-exports-by-usd-500-bn-by-joining-tpp-report-115091701149_1.html (last accessed 22 September, 2015); Seema Sirohi, India must expand its trade before it gets left behind in the race, available at http://blogs.economictimes.indiatimes.com/letterfromwashington/india-must-expand-its-trade-before-it-gets-left-behind-in-the-race/ (last accessed 22 September, 2015).

[11]S Rajagopalan, US Report Pushes India to Join the Trans-Pacific Partnership, available at http://www.dailypioneer.com/world/us-report-pushes-india-to-join-trans-pacific-partnership.html (last accessed 22 September, 2015)

[12]Natasha Lennard, Noam Chomsky: Trans-Pacific Partnership is a “neoliberal assault”, available at http://www.salon.com/2014/01/13/chomsky_tpp_is_a_neoliberal_assault/ (last accessed 22 September, 2015); Zach Carter and Ryan Grim, Noam Chomsky: Obama Trade Deal a ‘Neoliberal Assault’ to ‘Further Corporate Domination’, available at http://www.huffingtonpost.com/2014/01/13/noam-chomsky-obama-trans-pacific-partnership_n_4577495.html?ir=India&adsSiteOverride=in (last accessed 22 September, 2015); Sean Flynn;, Margot E Kaminski, Brook K Baker and Jimmy H Koo., "Public Interest Analysis of the US TPP Proposal for an IP Chapter" (2011). PIJIP Research Paper Series. Paper 21. http://digitalcommons.wcl.american.edu/research/21 (last accessed 22 September, 2015).

[13]BBC News, TPP: What is it and why does it matter?, available at http://www.bbc.com/news/business-21782080 (last accessed 22 September, 2015);

[14]For a compilation on writing on the TPP see James Love, Trans-Pacific Partnership (TPP also known as the TPPA), available at http://keionline.org/tpp (last accessed 22 September, 2015); see also American University Program on Information Justice and Intellectual Property, Trans-Pacific Partnership, available at http://infojustice.org/tpp (last accessed 22 September, 2015).

[15]Zach Carter, Alan Grayson on Trans-Pacific Partnership: Obama Secrecy Hides ‘Assault on Democratic Government’, available at http://www.huffingtonpost.com/2013/06/18/alan-grayson-trans-pacific-partnership_n_3456167.html?ir=India&adsSiteOverride=in (last accessed 22 September, 2015); James Love, KEI analysis of Wikileaks leak of TPP IPR text, from August 30, 2013, available at http://keionline.org/node/1825 (last accessed 22 September, 2015); Ian Verrender, The TPP has the potential for real harm, available at http://www.abc.net.au/news/2015-03-16/verrender-the-tpp-has-the-potential-for-real-harm/6321538 (last accessed 22 September, 2015).

[16]Sean Flynn, Law Professors Call for Trans-Pacific Partnership (TPP) Transparency, available at http://infojustice.org/archives/21137 (last accessed 22 September, 2015).

[17]Sachie Mizohata, "The Trans-Pacific Partnership and Its Critics: An introduction and a petition," The Asia-Pacific Journal, Vol. 11, Issue 36, No. 3, available at http://japanfocus.org/-Sachie-MIZOHATA/3996/article.html (last accessed 22 September, 2015).

[18]Vijay Rajamohan, Trans-Pacific Partnership – Should India Join this Mega Trade Deal?, available at http://swarajyamag.com/world/trans-pacific-partnership-should-india-join-this-mega-trade-deal/ (last accessed 22 September, 2015).

[19]Sylvia Mishra, How will the Trans-Pacific Partnership affect India?, available at http://www.observerindia.com/cms/sites/orfonline/modules/analysis/AnalysisDetail.html?cmaid=85684&mmacmaid=85685 (last accessed 22 September, 2015).

[20]Gabrielle Chan, Trans-Pacific Partnership: a guide to the most contentious issues, available at http://www.theguardian.com/world/2013/dec/10/trans-pacific-partnership-a-guide-to-the-most-contentious-issues (last accessed 22 September, 2015).

[21]James Love, New leak of TPP consolidated text on intellectual property provides details of pandering to drug companies and publishers, available at http://www.keionline.org/node/2108 (last accessed 22 September, 2015); Vijay Rajamohan, Trans-Pacific Partnership – Should India Join this Mega Trade Deal?, available at http://swarajyamag.com/world/trans-pacific-partnership-should-india-join-this-mega-trade-deal/ (last accessed 22 September, 2015) referencing Paul Krugman.

[22]William New, Leaked TPP Draft Reveals Extreme Rights Holder Position Of US, Japan, Outraged Observers Say, available at http://www.ip-watch.org/2014/10/17/leaked-tpp-draft-reveals-extreme-rights-holder-position-of-us-japan-outraged-observers-say/ (last accessed 22 September, 2015).

[23]Lalit K Jha, India not being left out of global trade pacts: Minister, available at http://www.thestatesman.com/news/business/india-not-being-left-out-of-global-trade-pacts-minister/91679.html (last accessed 22 September, 2015).

[24]Thirukumaran Balasubramaniam, WTO TRIPS Council: India raises concerns on ACTA and TPPA on discussion of “Trends in the Enforcement of IPRs”, available at https://donttradeourlivesaway.wordpress.com/2011/10/29/wto-trips-council-india-raises-concerns-on-acta-and-tppa-on-discussion-of-trends-in-the-enforcement-of-iprs/ (last accessed 22 September, 2015).

[25]Thirukumaran Balasubramaniam, 28 Feb 2012: Intervention delivered by India at WTO TRIPS Council on IP Enforcement Trends noting concerns with ACTA and TPPA, available at http://keionline.org/node/1376 (last accessed 22 September, 2015).

[26]Kanaga Raja, ACTA comes in for criticism at the TRIPS council, available at http://www.twn.my/title2/wto.info/2010/twninfo100606.htm (last accessed 22 September, 2015).

For more details visit https://cis-india.org/a2k/blogs/open-letter-on-intellectual-property-rights-issues-during-your-visit-to-the-united-states-of-america-in-september-2015

Security: Privacy, Transparency and Technology

sunil — 2015-09-15T10:53:52Z

The Centre for Internet and Society (CIS) has been involved in privacy and data protection research for the last five years. It has participated as a member of the Justice A.P. Shah Committee, which has influenced the draft Privacy Bill being authored by the Department of Personnel and Training. It has organised 11 multistakeholder roundtables across India over the last two years to discuss a shadow Privacy Bill drafted by CIS with the participation of privacy commissioners and data protection authorities from Europe and Canada.

The article was co-authored by Sunil Abraham, Elonnai Hickok and Tarun Krishnakumar. It was published by Observer Research Foundation, Digital Debates 2015: CyFy Journal Volume 2.

Our centre’s work on privacy was considered incomplete by some stakeholders because of a lack of focus in the area of cyber security and therefore we have initiated research on it from this year onwards. In this article, we have undertaken a preliminary examination of the theoretical relationships between the national security imperative and privacy, transparency and technology.

Security and Privacy

Daniel J. Solove has identified the tension between security and privacy as a false dichotomy: "Security and privacy often clash, but there need not be a zero-sum tradeoff." [1] Further unpacking this false dichotomy, Bruce Schneier says, "There is no security without privacy. And liberty requires both security and privacy." [2] Effectively, it could be said that privacy is a precondition for security, just as security is a precondition for privacy. A secure information system cannot be designed without guaranteeing the privacy of its authentication factors, and it is not possible to guarantee privacy of authentication factors without having confidence in the security of the system. Often policymakers talk about a balance between the privacy and security imperatives—in other words a zero-sum game. Balancing these imperatives is a foolhardy approach, as it simultaneously undermines both imperatives. Balancing privacy and security should instead be framed as an optimisation problem. Indeed, during a time when oversight mechanisms have failed even in so-called democratic states, the regulatory power of technology [3] should be seen as an increasingly key ingredient to the solution of that optimisation problem.

Data retention is required in most jurisdictions for law enforcement, intelligence and military purposes. Here are three examples of how security and privacy can be optimised when it comes to Internet Service Provider (ISP) or telecom operator logs:

Data Retention: We propose that the office of the Privacy Commissioner generate a cryptographic key pair for each internet user and give one key to the ISP / telecom operator. This key would be used to encrypt logs, thereby preventing unauthorised access. Once there is executive or judicial authorisation, the Privacy Commissioner could hand over the second key to the authorised agency. There could even be an emergency procedure and the keys could be automatically collected by concerned agencies from the Privacy Commissioner. This will need to be accompanied by a policy that criminalises the possession of unencrypted logs by ISP and telecom operators.
Privacy-Protective Surveillance: Ann Cavoukian and Khaled El Emam [4] have proposed combining intelligent agents, homomorphic encryption and probabilistic graphical models to provide “a positive-sum, ‘win–win’ alternative to current counter-terrorism surveillance systems.” They propose limiting collection of data to “significant” transactions or events that could be associated with terrorist-related activities, limiting analysis to wholly encrypted data, which then does not just result in “discovering more patterns and relationships without an understanding of their context” but rather “intelligent information—information selectively gathered and placed into an appropriate context to produce actual knowledge.” Since fully homomorphic encryption may be unfeasible in real-world systems, they have proposed use of partially homomorphic encryption. But experts such as Prof. John Mallery from MIT are also working on solutions based on fully homomorphic encryption.
Fishing Expedition Design: Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal have proposed a standard [5] that could be adopted by authorised agencies, telecom operators and ISPs. Instead of giving authorised agencies complete access to logs, they propose a format for database queries, which could be sent to the telecom operator or ISP by authorised agencies. The telecom operator or ISP would then process the query, and anonymise/obfuscate the result-set in an automated fashion based on applicable privacypolicies/regulation. Authorised agencies would then hone in on a subset of the result-set that they would like with personal identifiers intact; this smaller result set would then be shared with the authorised agencies.

An optimisation approach to resolving the false dichotomy between privacy and security will not allow for a total surveillance regime as pursued by the US administration. Total surveillance brings with it the ‘honey pot’ problem: If all the meta-data and payload data of citizens is being harvested and stored, then the data store will become a single point of failure and will become another target for attack. The next Snowden may not have honourable intentions and might decamp with this ‘honey pot’ itself, which would have disastrous consequences.

If total surveillance will completely undermine the national security imperative, what then should be the optimal level of surveillance in a population? The answer depends upon the existing security situation. If this is represented on a graph with security on the y-axis and the proportion of the population under surveillance on the x-axis, the benefits of surveillance could be represented by an inverted hockey-stick curve. To begin with, there would already be some degree of security. As a small subset of the population is brought under surveillance, security would increase till an optimum level is reached, after which, enhancing the number of people under surveillance would not result in any security pay-off. Instead, unnecessary surveillance would diminish security as it would introduce all sorts of new vulnerabilities. Depending on the existing security situation, the head of the hockey-stick curve might be bigger or smaller. To use a gastronomic analogy, optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.

In India the designers of surveillance projects have fortunately rejected the total surveillance paradigm. For example, the objective of the National Intelligence Grid (NATGRID) is to streamline and automate targeted surveillance; it is introducing technological safeguards that will allow express combinations of result-sets from 22 databases to be made available to 12 authorised agencies. This is not to say that the design of the NATGRID cannot be improved.

Security and Transparency

There are two views on security and transparency: One, security via obscurity as advocated by vendors of proprietary software, and two, security via transparency as advocated by free/open source software (FOSS) advocates and entrepreneurs. Over the last two decades, public and industry opinion has swung towards security via transparency. This is based on the Linus rule that “given enough eyeballs, all bugs are shallow.” But does this mean that transparency is a necessary and sufficient condition? Unfortunately not, and therefore it is not necessarily true that FOSS and open standards will be more secure than proprietary software and proprietary standards.

Optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.

The recent detection of the Heartbleed [6] security bug in Open SSL, [7] causing situations where more data can be read than should be allowed, and Snowden’s revelations about the compromise of some open cryptographic standards (which depend on elliptic curves), developed by the US National Institute of Standards and Technology, are stark examples. [8]

At the same time, however, open standards and FOSS are crucial to maintaining the balance of power in information societies, as civil society and the general public are able to resist the powers of authoritarian governments and rogue corporations using cryptographic technology. These technologies allow for anonymous speech, pseudonymous speech, private communication, online anonymity and circumvention of surveillance and censorship. For the media, these technologies enable anonymity of sources and the protection of whistle-blowers—all phenomena that are critical to the functioning of a robust and open democratic society. But these very same technologies are also required by states and by the private sector for a variety of purposes—national security, e-commerce, e-banking, protection of all forms of intellectual property, and services that depend on confidentiality, such as legal or medical services.

In order words, all governments, with the exception of the US government, have common cause with civil society, media and the general public when it comes to increasing the security of open standards and FOSS. Unfortunately, this can be quite an expensive task because the re-securing of open cryptographic standards depends on mathematicians. Of late, mathematical research outputs that can be militarised are no longer available in the public domain because the biggest employers of mathematicians worldwide today are the US military and intelligence agencies. If other governments invest a few billion dollars through mechanisms like Knowledge Ecology International’s proposed World Trade Organization agreement on the supply of knowledge as a public good, we would be able to internationalise participation in standard-setting organisations and provide market incentives for greater scrutiny of cryptographic standards and patching of vulnerabilities of FOSS. This would go a long way in addressing the trust deficit that exists on the internet today.

Security and Technology

A techno-utopian understanding of security assumes that more technology, more recent technology and more complex technology will necessarily lead to better security outcomes.

This is because the security discourse is dominated by vendors with sales targets who do not present a balanced or accurate picture of the technologies that they are selling. This has resulted in state agencies and the general public having an exaggerated understanding of the capabilities of surveillance technologies that is more aligned with Hollywood movies than everyday reality.

More Technology

Increasing the number of x-ray machines or full-body scanners at airports by a factor of ten or hundred will make the airport less secure unless human oversight is similarly increased. Even with increased human oversight, all that has been accomplished is an increase in the potential locations that can be compromised. The process of hardening a server usually involves stopping non-essential services and removing non-essential software. This reduces the software that should be subject to audit, continuously monitored for vulnerabilities and patched as soon as possible. Audits, ongoing monitoring and patching all cost time and money and therefore, for governments with limited budgets, any additional unnecessary technology should be seen as a drain on the security budget. Like with the airport example, even when it comes to a single server on the internet, it is clear that, from a security perspective, more technology without a proper functionality and security justification is counter-productive. To reiterate, throwing increasingly more technology at a problem does not make things more secure; rather, it results in a proliferation of vulnerabilities.

Latest Technology

Reports that a number of state security agencies are contemplating returning to typewriters for sensitive communications in the wake of Snowden’s revelations makes it clear that some older technologies are harder to compromise in comparison to modern technology. [9] Between iris- and fingerprint-based biometric authentication, logically, it would be easier for a criminal to harvest images of irises or authentication factors in bulk fashion using a high resolution camera fitted with a zoom lens in a public location, in comparison to mass lifting of fingerprints.

Complex Technology

Fifteen years ago, Bruce Schneier said, "The worst enemy of security is complexity. This has been true since the beginning of computers, and it’s likely to be true for the foreseeable future." [10] This is because complexity increases fragility; every feature is also a potential source of vulnerabilities and failures. The simpler Indian electronic machines used until the 2014 elections are far more secure than the Diebold voting machines used in the 2004 US presidential elections. Similarly when it comes to authentication, a pin number is harder to beat without user-conscious cooperation in comparison to iris- or fingerprint-based biometric authentication.

In the following section of the paper we have identified five threat scenarios [11] relevant to India and identified solutions based on our theoretical framing above.

Threat Scenarios and Possible Solutions

Hacking the NIC Certifying Authority
One of the critical functions served by the National Informatics Centre (NIC) is as a Certifying Authority (CA). [12] In this capacity, the NIC issues digital certificates that authenticate web services and allow for the secure exchange of information online. [13] Operating systems and browsers maintain lists of trusted CA root certificates as a means of easily verifying authentic certificates. India’s Controller of Certifying Authority’s certificates issued are included in the Microsoft Root list and recognised by the majority of programmes running on Windows, including Internet Explorer and Chrome. [14] In 2014, the NIC CA’s infrastructure was compromised, and digital certificates were issued in NIC’s name without its knowledge. [15] Reports indicate that NIC did not "have an appropriate monitoring and tracking system in place to detect such intrusions immediately." [16] The implication is that websites could masquerade as another domain using the fake certificates. Personal data of users can be intercepted or accessed by third parties by the masquerading website. The breach also rendered web servers and websites of government bodies vulnerable to attack, and end users were no longer sure that data on these websites was accurate and had not been tampered with. [17] The NIC CA was forced to revoke all 250,000 SSL Server Certificates issued until that date [18] and is no longer issuing digital certificates for the time being. [19]Public key pinning is a means through which websites can specify which certifying authorities have issued certificates for that site. Public key pinning can prevent man-in-the-middle attacks due to fake digital certificates. [20] Certificate Transparency allows anyone to check whether a certificate has been properly issued, seeing as certifying authorities must publicly publish information about the digital certificates that they have issued. Though this approach does not prevent fake digital certificates from being issued, it can allow for quick detection of misuse. [21]

‘Logic Bomb’ against Airports
Passenger operations in New Delhi’s Indira Gandhi International Airport depend on a centralised operating system known as the Common User Passenger Processing System (CUPPS). The system integrates numerous critical functions such as the arrival and departure times of flights, and manages the reservation system and check-in schedules. [22] In 2011, a logic bomb attack was remotely launched against the system to introduce malicious code into the CUPPS software. The attack disabled the CUPPS operating system, forcing a number of check-in counters to shut down completely, while others reverted to manual check-in, resulting in over 50 delayed flights. Investigations revealed that the attack was launched by three disgruntled employees who had assisted in the installation of the CUPPS system at the New Delhi Airport. [23] Although in this case the impact of the attack was limited to flight delay, experts speculate that the attack was meant to take down the entire system. The disruption and damage resulting from the shutdown of an entire airport would be extensive.

Adoption of open hardware and FOSS is one strategy to avoid and mitigate the risk of such vulnerabilities. The use of devices that embrace the concept of open hardware and software specifications must be encouraged, as this helps the FOSS community to be vigilant in detecting and reporting design deviations and investigate into probable vulnerabilities.

Attack on Critical Infrastructure
The Nuclear Power Corporation of India encounters and prevents numerous cyber attacks every day. [24] The best known example of a successful nuclear plant hack is the Stuxnet worm that thwarted the operation of an Iranian nuclear enrichment complex and set back the country’s nuclear programme. [25]

The worm had the ability to spread over the network and would activate when a specific configuration of systems was encountered [26] and connected to one or more Siemens programmable logic controllers. [27] The worm was suspected to have been initially introduced through an infected USB drive into one of the controller computers by an insider, thus crossing the air gap. [28] The worm used information that it gathered to take control of normal industrial processes (to discreetly speed up centrifuges, in the present case), leaving the operators of the plant unaware that they were being attacked. This incident demonstrates how an attack vector introduced into the general internet can be used to target specific system configurations. When the target of a successful attack is a sector as critical and secured as a nuclear complex, the implications for a country’s security and infrastructure are potentially grave.

Security audits and other transparency measures to identify vulnerabilities are critical in sensitive sectors. Incentive schemes such as prizes, contracts and grants may be evolved for the private sector and academia to identify vulnerabilities in the infrastructure of critical resources to enable/promote security auditing of infrastructure.

Micro Level: Chip Attacks
Semiconductor devices are ubiquitous in electronic devices. The US, Japan, Taiwan, Singapore, Korea and China are the primary countries hosting manufacturing hubs of these devices. India currently does not produce semiconductors, and depends on imported chips. This dependence on foreign semiconductor technology can result in the import and use of compromised or fraudulent chips by critical sectors in India. For example, hardware Trojans, which may be used to access personal information and content on a device, may be inserted into the chip. Such breaches/transgressions can render equipment in critical sectors vulnerable to attack and threaten national security. [29]

Indigenous production of critical technologies and the development of manpower and infrastructure to support these activities are needed. The Government of India has taken a number of steps towards this. For example, in 2013, the Government of India approved the building of two Semiconductor Wafer Fabrication (FAB) manufacturing facilities [30] and as of January 2014, India was seeking to establish its first semiconductor characterisation lab in Bangalore. [31]

Macro Level: Telecom and Network Switches

The possibility of foreign equipment containing vulnerabilities and backdoors that are built into its software and hardware gives rise to concerns that India’s telecom and network infrastructure is vulnerable to being hacked and accessed by foreign governments (or non-state actors) through the use of spyware and malware that exploit such vulnerabilities. In 2013, some firms, including ZTE and Huawei, were barred by the Indian government from participating in a bid to supply technology for the development of its National Optic Network project due to security concerns. [32] Similar concerns have resulted in the Indian government holding back the conferment of ‘domestic manufacturer’ status on both these firms. [33]

Following reports that Chinese firms were responsible for transnational cyber attacks designed to steal confidential data from overseas targets, there have been moves to establish laboratories to test imported telecom equipment in India. [34] Despite these steps, in a February 2014 incident the state-owned telecommunication company Bharat Sanchar Nigam Ltd’s network was hacked, allegedly by Huawei. [35]

Security practitioners and policymakers need to avoid the zero-sum framing prevalent in popular discourse regarding security VIS-A-VIS privacy, transparency and technology.

A successful hack of the telecom infrastructure could result in massive disruption in internet and telecommunications services. Large-scale surveillance and espionage by foreign actors would also become possible, placing, among others, both governmental secrets and individuals personal information at risk.

While India cannot afford to impose a general ban on the import of foreign telecommunications equipment, a number of steps can be taken to address the risk of inbuilt security vulnerabilities. Common International Criteria for security audits could be evolved by states to ensure compliance of products with international norms and practices. While India has already established common criteria evaluation centres, [36] the government monopoly over the testing function has resulted in only three products being tested so far. A Code Escrow Regime could be set up where manufacturers would be asked to deposit source code with the Government of India for security audits and verification. The source code could be compared with the shipped software to detect inbuilt vulnerabilities.

Conclusion

Cyber security cannot be enhanced without a proper understanding of the relationship between security and other national imperatives such as privacy, transparency and technology. This paper has provided an initial sketch of those relationships, but sustained theoretical and empirical research is required in India so that security practitioners and policymakers avoid the zero-sum framing prevalent in popular discourse and take on the hard task of solving the optimisation problem by shifting policy, market and technological levers simultaneously. These solutions must then be applied in multiple contexts or scenarios to determine how they should be customised to provide maximum security bang for the buck.

[1]. Daniel J. Solove, Chapter 1 in Nothing to Hide: The False Tradeoff between Privacy and Security (Yale University Press: 2011), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1827982.

[2]. Bruce Schneier, “What our Top Spy doesn’t get: Security and Privacy aren’t Opposites,” Wired, January 24, 2008, http://archive.wired.com/politics/security commentary/security matters/2008/01/securitymatters_0124 and Bruce Schneier, “Security vs. Privacy,” Schneier on Security, January 29, 2008, https://www.schneier.com/blog/archives/2008/01/security_vs_pri.html.

[3]. There are four sources of power in internet governance: Market power exerted by private sector organisations; regulatory power exerted by states; technical power exerted by anyone who has access to certain categories of technology, such as cryptography; and finally, the power of public pressure sporadically mobilised by civil society. A technically sound encryption standard, if employed by an ordinary citizen, cannot be compromised using the power of the market or the regulatory power of states or public pressure by civil society. In that sense, technology can be used to regulate state and market behaviour.

[4]. Ann Cavoukian and Khaled El Emam, “Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism,” Information & Privacy Commisioner, September 2013, Ontario, Canada, http://www.privacybydesign.ca/content/uploads/2013/12/pps.pdf.

[5]. Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal, “Information Integration and Analysis: A Semantic Approach to Privacy”(presented at the third IEEE International Conference on Information Privacy, Security, Risk and Trust, Boston, USA, October 2011), ebiquity.umbc.edu/_file_directory_/papers/578.pdf.

[6]. Bruce Byfield, “Does Heartbleed disprove ‘Open Source is Safer’?,” Datamation, April 14, 2014, http://www.datamation.com/open-source/does-heartbleed-disprove-open-source-is-safer-1.html.

[7]. “Cybersecurity Program should be more transparent, protect privacy,” Centre for Democracy and Technology Insights, March 20, 2009, https://cdt.org/insight/cybersecurity-program-should-be-more-transparent-protect-privacy/#1.

[8]. “Cracked Credibility,” The Economist, September 14, 2013, http://www.economist.com/news/international/21586296-be-safe-internet-needs-reliable-encryption-standards-software-and.

[9]. Miriam Elder, “Russian guard service reverts to typewriters after NSA leaks,” The Guardian, July 11, 2013, www.theguardian.com/world/2013/jul/11/russia-reverts-paper-nsa-leaks and Philip Oltermann, “Germany ‘may revert to typewriters’ to counter hi-tech espionage,” The Guardian, July 15, 2014, www.theguardian.com/world/2014/jul/15/germany-typewriters-espionage-nsa-spying-surveillance.

[10]. Bruce Schneier, “A Plea for Simplicity,” Schneier on Security, November 19, 1999, https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html.

[11]. With inputs from Pranesh Prakash of the Centre for Internet and Society and Sharathchandra Ramakrishnan of Srishti School of Art, Technology and Design.

[12]. “Frequently Asked Questions,” Controller of Certifying Authorities, Department of Electronics and Information Technology, Government of India, http://cca.gov.in/cca/index.php?q=faq-page#n41.

[13]. National Informatics Centre Homepage, Government of India, http://www.nic.in/node/41.

[14]. Adam Langley, “Maintaining Digital Certificate Security,” Google Security Blog, July 8, 2014, http://googleonlinesecurity.blogspot.in/2014/07/maintaining-digital-certificate-security.html.

[15]. This is similar to the kind of attack carried out against DigiNotar, a Dutch certificate authority. See: http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1246&context=jss.

[16]. R. Ramachandran, “Digital Disaster,” Frontline, August 22, 2014, http://www.frontline.in/the-nation/digital-disaster/article6275366.ece.

[17]. Ibid.

[18]. “NIC’s digital certification unit hacked,” Deccan Herald, July 16, 2014, http://www.deccanherald.com/content/420148/archives.php.

[19]. National Informatics Centre Certifying Authority Homepage, Government of India, http://nicca.nic.in//.

[20]. Mozilla Wiki, “Public Key Pinning,” https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning.

[21]. “Certificate Transparency - The quick detection of fraudulent digital certificates,” Ascertia, August 11, 2014, http://www.ascertiaIndira.com/blogs/pki/2014/08/11/certificate-transparency-the-quick-detection-of-fraudulent-digital-certificates.

[22]. “Indira Gandhi International Airport (DEL/VIDP) Terminal 3, India,” Airport Technology.com, http://www.airport-technology.com/projects/indira-gandhi-international-airport-terminal -3/.

[23]. “How techies used logic bomb to cripple Delhi Airport,” Rediff, November 21, 2011, http://www.rediff.com/news/report/how-techies-used-logic-bomb-to-cripple-delhi-airport/20111121 htm.

[24]. Manu Kaushik and Pierre Mario Fitter, “Beware of the bugs,” Business Today, February 17, 2013, http://businesstoday.intoday.in/story/india-cyber-security-at-risk/1/191786.html.

[25]. “Stuxnet ‘hit’ Iran nuclear plants,” BBC, November 22, 2010, http://www.bbc.com/news/technology-11809827.

[26]. In this case, systems using Microsoft Windows and running Siemens Step7 software were targeted.

[27]. Jonathan Fildes, “Stuxnet worm ‘targeted high-value Iranian assets’,” BBC, September 23, 2010, http://www.bbc.com/news/technology-11388018.

[28]. Farhad Manjoo, “Don’t Stick it in: The dangers of USB drives,” Slate, October 5, 2010, http://www.slate.com/articles/technology/technology/2010/10/dont_stick_it_in.html.

[29]. Ibid.

[30]. “IBM invests in new $5bn chip fab in India, so is chip sale off?,” ElectronicsWeekly, February 14, 2014, http://www.electronicsweekly.com/news/business/ibm-invests-new-5bn-chip-fab-india-chip-sale-2014-02/.

[31]. NT Balanarayan, “Cabinet Approves Creation of Two Semiconductor Fabrication Units,” Medianama, February 17, 2014, http://articles.economictimes.indiatimes.com/2014-02-04/news/47004737_1_indian-electronics-special-incentive-package-scheme-semiconductor-association.

[32]. Jamie Yap, “India bars foreign vendors from national broadband initiative,” ZD Net, January 21, 2013, http://www.zdnet.com/in/india-bars-foreign-vendors-from-national-broadband-initiative-7000010055/.

[33]. Kevin Kwang, “India holds back domestic-maker status for Huawei, ZTE,” ZD Net, February 6, 2013, http://www.zdnet.com/in/india-holds-back-domestic-maker-status-for-huawei-zte-70 00010887/. Also see “Huawei, ZTE await domestic-maker tag,” The Hindu, February 5, 2013, http://www.thehindu.com/business/companies/huawei-zte-await-domesticmaker-tag/article4382888.ece.

[34]. Ellyne Phneah, “Huawei, ZTE under probe by Indian government,” ZD Net, May 10, 2013, http://www.zdnet.com/in/huawei-zte-under-probe-by-indian-government-7000015185/.

[35]. Devidutta Tripathy, “India investigates report of Huawei hacking state carrier network,” Reuters, February 6, 2014, http://www.reuters.com/article/2014/02/06/us-india-huawei-hacking-idUSBREA150QK20140206.

[36]. “Products Certified,” Common Criteria Portal of India, http://www.commoncriteria-india.gov.in/Pages/ProductsCertified.aspx.

For more details visit https://cis-india.org/internet-governance/blog/security-privacy-transparency-and-technology

Konkani Wikipedia Goes Live After 'Nine Years' of Incubation

subha — 2016-06-18T18:15:05Z

Konkani Wikipedia is the second Wikimedia project after Odia Wikisource that has gone live out of incubation. The project stayed in the incubation for nine long years and the community has gone through a long debate to have a Wikipedia of their own. Here is a blog highlighting three Konkani Wikimedians and an advocate of the Wikipedia movement whose efforts finally paid off.

Read the original blog entry published on Wikimedia Blog on July 15, 2015 here.

The Goan Konkani Wikipedia (available at gom.wikipedia.org) has gone live after spending nine long years in incubation.

An Indo-Aryan language, of the Indo-European family of languages, Konkani is the official language of Goa. It is a minority language in other Indian states, such as Maharashtra, Karnataka, northern Kerala, Dadra and Nagar Haveli, and Daman and Diu. It is spoken by about 7.4 million people.

Konkani can be written in five different scripts: Devanagari—officially used by the Government of Goa—as well as Latin (locally known as Romi Konkani), Kannada, Malayalam, and Persian. Of these, the Goan Antruz dialect of the language, in the Devanagari script, is considered standard by the Indian constitution.

The Konkani Wikipedia has many heroes, as we see them. Melissa Simoes and Darshan Kandolkar are two of the many long-term contributors who joined during the Konkani Wikipedia @ Goa University program and are still active even after the program formally concluded. Darshan is an assistant professor at the Government College Pernem in Goa. His professor at Goa University, Dr. Madhavi Sardesai—who passed away last year—played a vital role in inspiring him to go for higher studies in Konkani. Darshan realized that there is a lot to be written in Konkani when he was introduced to Wikipedia, and after that, he became dedicated to contributing to the project.

“I would like to bring more students as contributors to our Konkani Wikipedia,” Darshan says. “My aim is to start with my students at Government College Pernem. Being an alumnus of Goa University, I also want my juniors there to join our community and enrich Konkani Wikipedia.”

“I have a dream to start a project for the freedom fighters of Goa and involve a diverse set of people, from students to journalists and columnists. I also want to build partnership with educational institutions so we could engage with the students for a longer run and the existing Konkani community could mentor them,” he continues.

“Being a new Wikipedia project, Konkani Wikipedia needs more quality measures and the articles have to grow to good quality articles with more images and templates, I want to take it to the level of English Wikipedia with both quantitative and qualitative growth in articles!”

The Konkani Wikimedia community has been using social media actively to promote the Konkani Wikipedia project, and to celebrate the successes of its contributors. After Melissa became the top contributor to the project, her fellow editor Luis Gomes congratulated her. That brought Melissa into the spotlight, gaining the attention of editors from the global Wikimedia community. The community is continuing a tradition to rewarding the most prolific contributor of each month as the “Wikipedian of the Month”.

Melissa was introduced to the Wikipedia program at her university where the target for each participating student was to write one article each about a village in Goa. “I wrote my article just for the sake of the marks, but never bothered to think about why I am writing it. After the program was over, I became inactive on Wikipedia.

“After some time, I met Father [Luis Gomes] in parish and then Darshan and Father inspired me to resume editing. Then, it became an addiction and I never stopped even for a day. I would come back from work and sit in front of my computer.

“Now, I am a teacher, and my fellow teachers are mostly women. I would like to introduce the Goan Konkani Wikipedia to them so they could also contribute to Wikipedia,” Melissa says.

As Konkani Wikipedia went live, long term Wikimedian Fredrick Noronha, an early advocate of Konkani Wikipedia, said, “It is a wonderful feeling to see the Goan Konkani Wikipedia live. I would like to congratulate all who have been involved in some or the other way with the making of Konkani Wikipedia live from the days of its inception and incubation.

“I am not a great contributor or even a language expert. I come from a content background and found my interest in Wikipedia, Wikimedia Commons and Creative Commons long ago. But this helped me to associate myself in some way with the Konkani Wikipedia incubator. I am happy that CIS-A2K chipped in to help build a community and help it grow in collaboration with the Goa University.

“Students of the Konkani department in the university are the real heroes to take this effort forward by filling the Wikipedia incubator with more editing activity to which the institutional backing acted as catalyst,” he added.

Fredrick feels there are major challenges that the community now has to start taking measures for: “The macrolanguage is written in multiple scripts. Out of five of the scripts three—Devanagari, Romi/Latin and Kannada—are actively used in printing and publication currently. People using all the scripts should be equally participating in a movement like Wikipedia to take their languages to other native speakers using Wikipedia as a digital tool.

“The second challenge is with the contributors. Goa, being home to majority of the Konkani language speakers, has English education from the primary level. This means many have a great level of technical ability. The technical contributor community here would be of great use to Konkani Wikipedia if tapped,” he adds.

“The technical contributors are eager to contribute but have not been approached in a manner that would interest them. Similarly the Konkani authors who are helping propagate the language to masses have sadly no or very little clue about Wikipedia’s existence in Konkani. This disparity is stopping a massive flow of local encyclopedic content to the Konkani Wikipedia. Unless we tap into the technological and the linguistic groups it will be only a tip of the iceberg.”

Fredrick explains that the the current Konkani Wikipedia community is primarily made up of students of Goa University. “This is both good and bad,” he says. “Having young and enthusiastic students as Wikipedia editors is helping the project to leap forward, which might not have happened if the faculty were targeted instead. There is, however, a great need for diversification.

“The approach to bring in authors in the 60–70 years age group will vary from the approach to bring in, for example, technical people. Our outreach strategies should ultimately fulfill both the literary and technological contributors, so that their work can help us to both grow content and to solve the problem of the multiple scripts, respectively,” Fredrick adds.

The Konkani Wikipedia community is organizing a public seminar on July 18 at Goa University to celebrate the launch of the Konkani Wikipedia and to pay tribute to Dr. Madhavi Sardesai, who always dreamed of the Konkani Wikipedia getting out of incubation.

Video


Wikimedian Darshan Kandolkar shares his experience of contributing to Konkani Wikipedia. Video in Konkani. Video by Wikimedia India, freely licensed under CC-BY-SA 4.0.

For more details visit https://cis-india.org/openness/blog-old/konkani-wikipedia-goes-live

DesiSec: Cybersecurity and Civil Society in India

Laird Brown — 2015-06-29T16:25:43Z

As part of its project on mapping cyber security actors in South Asia and South East Asia, the Centre for Internet & Society conducted a series of interviews with cyber security actors. The interviews were compiled and edited into one documentary. The film produced by Purba Sarkar, edited by Aaron Joseph, and directed by Oxblood Ruffin features Malavika Jayaram, Nitin Pai, Namita Malhotra, Saikat Datta, Nishant Shah, Lawrence Liang, Anja Kovacs, Sikyong Lobsang Sangay and, Ravi Sharada Prasad.

Originally the idea was to do 24 interviews with an array of international experts: Technical, political, policy, legal, and activist. The project was initiated at the University of Toronto and over time a possibility emerged. Why not shape these interviews into a documentary about cybersecurity and civil society? And why not focus on the world’s largest democracy, India? Whether in India or the rest of the world there are several issues that are fundamental to life online: Privacy, surveillance, anonymity and, free speech. DesiSec includes all of these, and it examines the legal frameworks that shape how India deals with these challenges.

From the time it was shot till the final edit there has only been one change in the juridical topography: the dreaded 66A of the IT Act has been struck down. Otherwise, all else is in tact. DesiSec was produced by Purba Sarkar, shot and edited by Aaron Joseph, and directed by Oxblood Ruffin. It took our team from Bangalore to Delhi and, Dharamsala. We had the honour of interviewing: Malavika Jayaram, Nitin Pai, Namita Malhotra, Saikat Datta, Nishant Shah, Lawrence Liang, Anja Kovacs, Sikyong Lobsang Sangay and, Ravi Sharada Prasad. Everyone brought something special to the discussion and we are grateful for their insights. Also, we are particularly pleased to include the music of Charanjit Singh for the intro/outro of DesiSec. Mr. Singh is the inventor of acid house music, predating the Wikipedia entry for that category by five years. Someone should correct that.

DesiSec is released under the Creative Commons License Attribution 3.0 Unported (CC by 3.0). You can watch it on Vimeo: https://vimeo.com/123722680 or download it legally and free of charge via torrent. Feel free to show, remix, and share with your friends. And let us know what you think!

Video

For more details visit https://cis-india.org/internet-governance/blog/desi-sec-cybersecurity-and-civil-society-in-india

International Open Data Charter: First Public Draft

sumandro — 2015-06-02T15:51:12Z

The first public draft of the International Open Data Charter was released at the International Open Data Conference in Ottawa, Canada, May 28-29, 2015. It is being developed by a range of organisations led by the Open Government Partnership (OGP) Open Data Working Group (co-chaired by Government of Canada and the Web Foundation), the Government of Mexico, the Open Data for Development (OD4D) Network, and Omidyar Network. CIS has contributed comments to a previous version of the draft, and also took part in the pre-release meeting of potential stewards of the Charter on May 26 in Ottawa. Here is the text of the draft Charter. Please visit opendatacharter.net/charter/ to submit your comments.

Consultation Draft, May 2015

Preamble

1) The world is witnessing the growth of a global movement facilitated by technology and digital media and fuelled by information – one that contains enormous potential to create more accountable, efficient, responsive, and effective governments and businesses, and to spur economic growth.

Open data sit at the heart of this global movement.

2) Building a more democratic, just, and prosperous society requires transparent, accountable governments that engage regularly and meaningfully with citizens. Accordingly, there is an ongoing effort to enable collaboration around key social challenges, to provide effective oversight of government activities, to support economic development through innovation, and to develop effective, efficient public policies and programmes.

Open data is essential to meeting these challenges.

3) Effective access to data allows individuals and organisations to develop new insights and innovations that can generate social and economic benefits to improve the lives of people around the world, and help to improve the flow of information within and between countries. While governments collect a wide range of data, they do not always share these data in ways that are easily discoverable, useable, or understandable by the public.

This is a missed opportunity.

4) Today, many people expect to be able to access high quality information and services, including government data, when and how they want. Others see the opportunity presented by government data as one which can provide innovative policy solutions and support economic and social benefits for all members of society. We have arrived at a point at which people can use open data to generate value, insights, ideas, and services to create a better world for all.

5) Open data can increase transparency around what government is doing. Open data can also increase awareness about how countries’ natural resources are used, how extractives revenues are spent, and how land is transacted and managed – all of which promotes accountability and good governance, enhances public debate, and helps to combat corruption.

6) Providing access to government data can drive sustainable and inclusive growth by empowering citizens, the media, civil society, and the private sector to identify gaps, and work toward better outcomes for public services in areas such as health, education, public safety, environmental protection, and governance. Open data can do this by:

showing how and where public money is spent, which provides strong incentives for governments to demonstrate that they are using public money effectively;
supporting citizens, civil society organisations, governments and the private sector to collaborate on the design of policies and the delivery of better public services;
supporting assessments of the impact of public programs, which in turn allows governments, civil society organisations, and the private sector to respond more effectively to the particular needs of local communities; and
enabling citizens to make better informed choices about the services they receive and the service standards they should expect.

7) Open government data can be used in innovative ways to create useful tools and products that help to navigate modern life more easily. Used in this way, open data are a catalyst for innovation in the private sector, supporting the creation of new markets, businesses, and jobs. These benefits can multiply as more private sector and civil society organisations adopt open data practices modelled by government and share their own data with the public.

8) We, the adherents to the International Open Data Charter, agree that open data are an under-used resource with huge potential to encourage the building of stronger, more interconnected societies that better meet the needs of our citizens and allow innovation and prosperity to flourish.

9) We therefore agree to follow a set of principles that will be the foundation for access to, and the release and use of, open government data. These principles are:

Open Data by Default;
Quality and Quantity;
Accessible and Useable by All;
Engagement and Empowerment of Citizens;
Collaboration for Development and Innovation;

10) We will develop an action plan in support of the implementation of the Charter and its Technical Annexes, and will update and renew the action plan at a minimum of every two years. We agree to commit the necessary resources to work within our political and legal frameworks to implement these principles in accordance with the technical best practices and timeframes set out in our action plan.

Principle 1: Open Data by Default

11) We recognise that free access to, and the subsequent use of, government data are of significant value to society and the economy, and that government data should, therefore, be open by default.

12) We acknowledge the need to promote the global development and adoption of tools and policies for the creation, use, and exchange of open data and information.

13) We recognise that the term ‘government data’ is meant in the widest sense possible. This could apply to data held by national, federal, and local governments, international government bodies, and other types of institutions in the wider public sector. This could also apply to data created for governments by external organisations, and data of significant benefit to the public which is held by external organisations and related to government programmes and services (e.g. data on extractives entities, data on transportation infrastructure, etc).

14) We recognise that there is domestic and international legislation, in particular pertaining to security, privacy, confidentiality, intellectual property, and personally-identifiable and other sensitive information, which must be observed and/or updated where necessary.

15) We will:

develop and adopt policies and practices to ensure that all government data is made open by default, as outlined in this Charter, while recognising that there are legitimate reasons why some data cannot be released;
provide clear justifications as to why certain data cannot be released;
establish a culture of openness, not only through legislative or policy measures, but also with the help of training and awareness programs, tools, and guidelines designed to make government, civil society, and private sector representatives aware of the benefits of open data; and
develop the leadership, management, oversight, and internal communication policies necessary to enable this transition to a culture of openness.

Principle 2: Quality and Quantity

16) We recognise that governments and other public sector organisations hold vast amounts of information that may be of interest to citizens, and that it may take time to identify data for release or publication.

17) We also recognise the importance of consulting with citizens, other governments, non-governmental organisations, and other open data users, to identify which data to prioritise for release and/or improvement.

18) We agree, however, that governments’ primary responsibility should be to release data in a timely manner, without undue delay.

19) We will:

create, maintain, and share public, comprehensive lists of data holdings to set the stage for meaningful public discussions around data prioritisation and release;
release high-quality open data that are timely, comprehensive, and accurate in accordance with prioritisation that is informed by public requests. To the extent possible, data will be released in their original, unmodified form and at the finest level of granularity available, and will also be linked to any visualisations or analyses created based on the data, as well as any relevant guidance or documentation;
ensure that accompanying documentation is written in clear, plain language, so that it can be easily understood by all;
make sure that data are fully described, and that data users have sufficient information to understand their source, strengths, weaknesses, and any analytical limitations;
ensure that open datasets include consistent core metadata, and are made available in human- and machine-readable formats under an open and unrestrictive licence;
allow users to provide feedback, and continue to make revisions to ensure the quality of the data is improved as needed; and
apply consistent information lifecycle management practices, and ensure historical copies of datasets are preserved, archived, and kept accessible as long as they retain value.

Principle 3: Accessible and Usable by All

20) We recognise that opening up data enables citizens, governments, civil society organisations, and the private sector to make better informed decisions.

21) We recognise that open data should be made available free of charge in order to encourage their widest possible use.

22) We recognise that when open data are released, they should be made available without bureaucratic or administrative barriers, such as mandatory user registration, which can deter people from accessing the data.

23) We will:

release data in open formats and free of charge to ensure that the data are available to the widest range of users to find, access, and use them. In many cases, this will include providing data in multiple formats, so that they can be processed by computers and used by people; and
ensure data can be accessed and used effectively by the widest range of users. This may require the creation of initiatives to raise awareness of open data, promote data literacy, and build capacity for effective use of open data.

Principle 4: Engagement and Empowerment of Citizens

24) We recognise that the release of open data strengthens our public and democratic institutions, encourages better development, implementation, and assessment of policies to meet the needs of our citizens, and enables more meaningful, better informed engagement between governments and citizens.

25) We will:

implement oversight and review processes to report regularly on the progress and impact of our open data initiatives;
engage with community and civil society representatives working in the domain of transparency and accountability to determine what data they need to effectively hold governments to account;encourage the use of open data to develop innovative, evidence-based policy solutions that benefit all members of society, as well as empower marginalised groups; and
be transparent about our own data collection, standards, and publishing processes, by documenting all of these related processes online.

Principle 5: Collaboration for Development and Innovation

26) We recognise the importance of diversity in stimulating creativity and innovation. The more citizens, governments, civil society, and the private sector use open data, the greater the social and economic benefits that will be generated. This is true for government, commercial, and non-commercial uses.

27) We recognise that the potential value of our open data is greatly increased when it can be used in combination with open data from other governments, the private sector, academic, media, civil society, and other non-governmental organisations.

28) We will:

create or explore potential partnerships to support the release of open data and maximise their impact through effective use. This may include local, regional, and global partnerships between governments, civil society, and the private sector;
engage with civil society, the private sector, and academic representatives to determine what data they need to generate social and economic value;
provide training programs, tools, and guidelines designed to ensure government employees are capable of using open data effectively in policy development processes;
encourage non-governmental organisations to open up data created and collected by them in order to move toward a richer open data ecosystem with multiple sources of open data;
share technical expertise and experience with other governments and international organisations around the world, so that everyone can reap the benefits of open data; and
empower a future generation of data innovators inside and outside of government by supporting an environment optimised for increasing open data literacy and encouraging developers, civil society organisations, academics, media representatives, government employees, and other open data users, to unlock the value of open data.

Crossposted from http://opendatacharter.net/charter/.

For more details visit https://cis-india.org/openness/blog-old/international-open-data-charter-first-public-draft

Call for Participation: Global Congress on Intellectual Property and the Public Interest

sinha — 2015-06-24T16:11:07Z

We are pleased to announce the call for participation for the fourth edition of the Global Congress on Intellectual Property and the Public Interest (“Global Congress”), being hosted at New Delhi from December 15 to 17, 2015.

The theme for this year’s Congress will be “Three Decades of Openness; Two Decades of TRIPS.” We are now inviting applications to participate in the Congress, including session participation and presentations. We are also welcoming proposals for panels and workshops.

The application form is available now at [http://form.jotformpro.com/form/50854976184973?] Please note that this form is for application purposes, and does not amount to confirmation of participation. The registrations for the plenary sessions, which are open to the public, will open closer to the date of the Global Congress.

Deadlines

August 1st: Priority Deadline for Applications- Applicants will be considered on a rolling basis, with applications made by August 1st being given first consideration. Applications after August 1st to receive travel assistance will be considered only under exceptional circumstances (these details will be collected in a subsequent form).

November 1st: All applications for session participation and paper submissions will close on November 1st.

Application Information

For applications to participate/host: Applications to present or host workshops shall be considered based on the proposals to be submitted in the form.

For applications to attend sessions: Applications to attend sessions as discussants will be considered based on the statement of purpose and/or any other relevant information provided by the applicant.

Limited travel grants to cover accommodation and/or travel to the Congress will be available, with priority to those from developing countries.

Background, Theme and Expected Outcomes

The Global Congress on Intellectual Property and the Public Interest is the most significant event on the calendar for scholars and policy advocates working on intellectual property from a public interest perspective. By sharing their research and strategies, the network of experts and activists supported by the Global Congress are empowered to put forward a positive agenda for policy reform. The Global Congress began in Washington D.C. in 2011, moved to Rio de Janeiro in 2012, and was held in Cape Town in 2013. The fourth Global Congress will now be held in New Delhi, in December 2015. The event would be the largest convening of public interest-oriented intellectual property practitioners ever held in Asia, and would help link in the world's most populous region to these global debates around how intellectual property policy can best serve the public interest.

The fourth edition of the Global Congress brings research, civil society, industry and regulatory and policy-making communities together for active, intense engagement on key public-interest intellectual property issues. Opportunities for these groups to interact are rare but valuable; and have been proven to lead to successful policy outcomes. The 4^th edition of the Congress, slated to be held in December, 2015 in New Delhi seeks to be one such opportunity.

The theme for the 2015 Congress is Three Decades of Openness; Two Decades of TRIPS-coming at a pivotal time for reflection, revision, and further strategizing. Specifically, the 2015 Congress seeks to produce three outcomes- first, the mobilization of existing scholarly research directly into the hands of civil society advocates, business leaders and policy makers, leading to evidence-based policies and practices; second, the collaborative identification of urgent, global and local research priorities and generation of a joint research/advocacy agenda; and third, the solidification of an inter-disciplinary, cross-sector and global networked community of experts focused on public interest aspects of IP policy and practice.

Participation Opportunities

Discussions at the Global Congress will be carried out in the form of plenary sessions, thematic tracks, cross-track sessions, and the room of scholars. Participation is invited for the thematic track sessions, cross-track sessions and the room of scholars.

The thematic tracks at the Global Congress are: 1) Openness, 2) Access to Medicines, 3) User Rights, 4) IP and Development. Cross-track sessions will feature research that cuts across tracks in order to facilitate engagement between tracks on themes of mutual interest.

The Room of Scholars will feature presentations of research outputs such as draft works or white papers that may not fit directly within the thematic tracks but fall within the overall theme of the Global Congress.

Participation could be in the form of presenting / discussing conference papers or policy briefs, or by conducting workshops where they may share their own work and solicit feedback from peers, during the aforementioned sessions.

The application form for participation is available now at http://form.jotformpro.com/form/50854976184973?. Please forward this invitation to interested lists and individuals. For more information or questions, you may contact global-congress@cis-india.org.

Organisation

The 4^th Global Congress on Intellectual Property and Public Interest, is being organised in cooperation with National Law University, Delhi, by the American Assembly at Columbia University, the Centre for Internet and Society, Open A.I.R., and the Program on Information Justice and Intellectual Property at American University Washington College of Law.

For more details visit https://cis-india.org/a2k/blogs/call-for-participation-global-congress-on-intellectual-property-and-the-public-interest

2015 USTR Report: Old Wine in New Bottle

sinha — 2015-06-16T10:24:49Z

Every year, the Office of the United States Trade Representative (USTR) undertakes an elaborate exercise to castigate countries' domestic intellectual property (IP) law and policy. The criticisms and recommendations are presented in a document called the Special 301 Report. This year's edition puts India on the Priority Watch List for the twenty-sixth time in a row. Below, I rebut the report's prejudicial claims and demands, and argue that the report puts free speech, innovation and public interest in jeopardy.

Keeping in tradition , the 2015 report yet again exposes US' hypocrisy by faithfully serving Hollywood and Big Pharma. In the past, countries such as Israel and Canada have publicly rejected the USTR's findings and derided the US for unwarranted interference with domestic law and policy. Last year, India too had refused to cooperate with a USTR initiated unilateral investigation (Out of Cycle review) of its IP regime because the investigation violated international law.

The Electronic Frontier Foundation has released a hard-hitting response to the report. It draws case studies of countries where overbroad IP law has affected public interest, free speech and innovation. For instance, it mentions how Colombia's 'reformed' copyright law has become a travesty. Colombia introduced extreme enforcement and harsh criminal sanctions for unauthorised sharing of works at the behest of the US. Last year, news surfaced that a Colombian biodiversity researcher faced upto eight years in prison for sharing an academic article on Scribd. Any balanced IP regime (including India) permits such use of copyrighted works under the fair use principle, however, Colombia's narrow fair use provision has led to a situation where citizens now face prison for ordinary use of academic works.

This year the Special 301 Report in its section on India approves the Prime Minister's statements to align IP law with international standards, which is a cause for concern. Firstly, what are these “international standards” that both US and India refer to exactly? The most comprehensive international agreement on IP that binds 160 member nations is the WTO Agreement on Trade related aspects of Intellectual Property (TRIPS Agreement). Ergo, this agreement would qualify as the most accepted “international standard”, which India already complies with. Secondly, the TRIPS Agreement sets down certain global minimum standards for protecting and enforcing IP, simultaneously providing countries a certain degree of flexibility. However, the US has consistently pushed India to enact tougher provisions known as TRIPS Plus provisions. This is reflected in the report as well. Legally speaking, under international law India is not obligated to accede to such demands, and it should not if it wants a balanced IP regime to protect and serve the interests both of rights holders and its citizens.

The report shamelessly aligns its concerns with the financial interests of foreign rights holders and American companies. It erroneously projects IP as a tool to only maximise revenues, agnostic to public interest. While IP rights are temporary monopolies, they also are a tool to ensure innovation, social, scientific and cultural progress and further access to knowledge. It is well established that flexible IP laws enable access to knowledge and promote innovation. Such a flexible regime is critical to developing countries like India. The USTR conveniently forgets that lax IP law and enforcement for a large part of the 19th century helped the US to accelerate into an economic powerhouse and a front-runner in innovation. It also brazenly threatens to impose unilateral sanctions against a country designated as a Priority Foreign Country on the list. This treatment is usually reserved for the worst offender on the list. Such unilateral threats and sanctions are again a direct violation of international law.

Unsurprisingly, the report is critical of India's under-enforcement of copyright laws and the impact of patent law on pharmaceuticals. It demands a specific legislation to counter camcording and video piracy. The prospective legislation is unnecessary because all movie theatres in India prohibit camcorders and the prevailing Copyright Act, 1957 contains penalties to punish offenders. Instead of creating new offences, we should re-evaluate the need of existing offences. For instance, copyright infringement on non-commercial scales should not be a criminal offence at all . Instead, the law should provide convenient and affordable access to such works to counter petty infringement.

India is home to the world's largest apothecary. The Indian pharmaceutical and medical device industry provides affordable healthcare to the citizens, and also exports drugs to countries in need. In fact, the compulsory licensing mechanism has ensured affordable access to life saving liver and kidney drugs in India. The report comments on the undesirability of section 3(d) and the compulsory licensing mechanism in Indian patent law. With respect to section 3(d), the US wishes India to to change its patent law to enable large pharma companies to patent new forms of known substances that aren't even better. This alarmist outlook smacks of hypocrisy because the US, in fact, has a higher rate of patent invalidation and compulsory license grants! It also demands data exclusivity – which would extend proprietary rights to patentees over government mandated drug data, and would be detrimental to the local pharma industry. Further, the report states that the Indian system is biased against enforcement of foreign patent rights holders - which is mere speculation. There is no evidence to draw such a conclusion. The claims relating to localisation trends in pharma are half- baked and speculative again.

The report observes that at the UNFCCC negotiations, India recognised patents as an obstacle to dissemination of climate change technologies. It wishes India understood the critical role of patent protection and competitiveness to ensure innovation, which is a flawed co-relation. While strong IP rights may protect inventors against infringement and provide return on investment, however, stronger IP rights also raise the cost of innovation by raising the price of technological inputs into innovation and lower the frequency of innovation.

As far as the issue of counterfeit medicines is concerned, a better remedy lies in health safety laws and consumer laws, than the trademark law. The report also approves of state legislatures' version of the Goondas Act. These Acts provide for detainment of criminals and lumpen elements in society, and with recent amendments have expanded to include video pirates and digital offenders. Karnataka's Goonda Act enabling preventive detention violates constitutional rights. While the Sixth Amendment to the United States Bill of rights protects offenders against preventive detention, the US has no qualms about approving such unconstitutional procedures in India.

The arguments above underscore the irrelevance of the report. The Prime Minister may have made appeasing statements to the USA, however, in a welcome development Commerce and Industry Minister Nirmala Sithraman in response to the report stated “India is fully aligned with international intellectual property rights standards and "there is no need for anyone to question us."” Our IP regime with its inherent flexibilities should be preserved and not sacrificed at the altar of US' business interests. Using compulsory licensing across sectors would indeed accelerate technology transfer and diminish initial capex for manufacturers, a move promoted by the National Manufacturing Policy. The ambitious Make in India and Digital India campaigns are set to suffer if India incorporates TRIPS plus standards into its IP regime. The government supports opennes s and has implemented policies mandating use of open standards and open source software as a part of the Digital India campaign. India should not let foreign hands dictate its IPR Policy, and proceed to develop a policy which is informed by broader principles of fairness and equity, balancing intellectual property protections with limitations and exceptions/user rights such as those for research, education and access to medicines.

For more details visit https://cis-india.org/a2k/blogs/2015-ustr-report-old-wine-in-new-bottle

Inclusive Financial Services - Global Trends in Accessibility Requirements

nirmita — 2015-05-03T06:55:49Z

Inclusive Financial Services is a G3ict White Paper researched in cooperation with the Centre for Internet and Society. The research paper comprises a Foreword and Introduction, four chapters — Barriers to Access for Persons with Disabilities and Diverse Abilities, International Framework, Integrating Accessibility into the System, and State of Practice - Impact of the Convention on Inclusive Finance and Accessibility Efforts around the Globe.

Foreword

Global demand for accessibility continues to grow, due in part to the strengthening voice worldwide of more than one billion people with disabilities, including the aging population, and important frameworks, such as the United Nations Convention on the Rights of Persons with Disabilities. From a private sector standpoint, the Convention represents a unique opportunity to ensure equal access to information while achieving global harmonization of standards and economies of scale. Understanding that technology is the great equalizer for underserved populations and having a clear roadmap towards inclusive information and communications technologies (ICT), rather than simple compliance strategies, will benefit everyone in every industry.

Specifically, the financial services sector is faced with the need to transform operations while providing truly exceptional customer experiences. Disruptive trends -- such as the aging population, influx of mobile devices and global regulations – are driving demand for more human-centric technology, and creating an opportunity for innovation that are proving to be differentiators for the institutions embracing them. Consumer demand to be in control of interactions and information is forcing those in financial services to reconsider what’s important to stay competitive. By offering an online experience through any device personalized to individual needs, preferences and abilities, organizations can ensure they are reaching the broadest base of the population, especially the “unbanked” and “underbanked,” to enhance interactions and improve sales opportunities.

Customers with lifelong disabilities or age-related impairments represent an increasingly large population among the biggest markets in the world such as OECD countries and China. Also, in many countries aging persons are the holders of a majority of the assets and highly dependent on insurance, retirement and banking services. Ensuring they can use the services they need without encountering accessibility barriers is a powerful way to earn their loyalty in a highly competitive environment.

IBM has a long tradition and culture of accessibility and understands the importance of improving the user experience, managing accessibility compliance, and creating an inclusive workplace environment. Consistent with our own experience, this report highlights the organizational and process adjustments needed to ensure everyone has equal access to timely information they need for work and life.

By creating a holistic strategy for embedding accessible technology across the entire enterprise - from processes to product development to people – organizations can reinvigorate individual channels and harmonize them across the bank. G3ict has written this timely publication for the financial services sector that provides a clear picture of the global forces at work that are transforming how employee- and client-facing applications, products and services are delivered to reach the broadest set of customers. The report also serves as a useful benchmarking source for governments and advocates based on its review of existing solutions already implemented around the world. We applaud G3ict for taking this first step on the road of advocating for greater accessibility of financial services in cooperation with stakeholders from around the world.

Ian Hurst, General Manager, Global Financial Services Sector, IBM Corporation
Frances W. West, Chief Accessibility Officer, IBM Corporation

Introduction

Financial services play a necessary and important role in societies by enabling access to products, resources, and services, enabling savings and asset creation, and facilitating economic self-sufficiency. Access to financial services for all is a necessity in today’s world not simply at the community or household level, but at an individual level, to open doors to banking services, credit services, stocks and shares, insurance, and other markets. Access to and inclusion in financial services is crucial to poverty reduction and participation in economic prosperity and growth and development.

The increasing pervasiveness of technology in the delivery of financial services and the disruption of traditional channels of delivery through ‘FinTech’ (technology for financial service delivery) have generated new enthusiasm and newer ways for reaching out to persons who remain unbanked. Similarly, the increasing nature of services now available through technology has triggered growing demand among persons who remained marginalized from traditional paper-based banking services, as well as calls to ensure that they do not in turn create new barriers to access. Accompanying this growth spurt in technology there has also been an increasing recognition of the rights of persons with disabilities and the utmost importance of providing equal access to them to all services, including financial services.

Persons with disabilities and diverse abilities have been amongst those traditionally marginalized from the financial services sector through a mix of inaccessibility, presumptions of limited need and capacity to manage finances, and mindsets that did not view them as a profitable consumer base. This paradigm is now rapidly changing with growing evidence of their demand and need for access to services as well as the increasing income base of persons with disabilities around the world. Persons with disabilities and diverse abilities are demanding better and easier access to the entire range of financial services. Access to and inclusion in financial services is important to persons across the economic spectrum. And for persons with disabilities who live under the poverty line, it is essential that they are involved in financial inclusion initiatives and programs that will empower them and enable them to become financially independent.

A range of factors are serving as drivers to enhance the inclusion of persons with disabilities and diverse abilities through accessible financial services including demographics, attaining a competitive advantage and improving market share nationally and globally, Corporate Social Responsibility, regulations, legislation and compliance, enhancing business value, ensuring and increasing an inclusive workplace for employees with disabilities, maximizing on technology advances, and ensuring diversity and inclusion for all.

This report offers an introduction and overview to the need for, and mechanisms to achieve accessibility in financial services:

Chapter 1 offers an understanding of the barriers posed by inaccessible financial services to persons with different disabilities.

Chapter 2 highlights the different international mandates and frameworks that are accelerating the promotion of financial inclusion for persons with disabilities.

Chapter 3 offers in-depth descriptions of the accessibility needs based on the type of technology in use, along with examples of effective practices and solutions to promote inclusion. It also offers a look at how different countries are striving to achieve the accessibility mandate.

Chapter 4 focuses on the state of practice of financial inclusion for persons with disabilities across countries and the implementation of the Convention’s requirements for ICT accessibility and financial inclusion. This chapter describes findings from two major studies undertaken by G3ict that paint a picture of the state of financial accessibility today and offer a glimpse into the financial sector’s commitment to incorporate accessibility into their work and services in the future.

Finally, in the Conclusions section, the report offers recommendations for relevant stakeholders to incorporate the principles of inclusion to drive accessibility through product design and delivery, policy and legal structures, and distribution channels and pathways.

Download the report

For more details visit https://cis-india.org/accessibility/blog/inclusive-financial-services-global-trends-in-accessibility-requirements

DeitY says 143 URLs have been Blocked in 2015; Procedure for Blocking Content Remains Opaque and in Urgent Need of Transparency Measures

jyoti — 2015-04-30T07:37:40Z

Across India on 30 December 2014, following an order issued by the Department of Telecom (DOT), Internet Service Providers (ISPs) blocked 32 websites including Vimeo, Dailymotion, GitHub and Pastebin.

In February 2015, the Centre for Internet and Society (CIS) requested the Department of Electronics and Information Technology (DeitY) under the Right to Information Act, 2005 (RTI Act) to provide information clarifying the procedures for blocking in India. We have received a response from DeitY which may be seen here.

In this post, I shall elaborate on this response from DeitY and highlight some of the accountability and transparency measures that the procedure needs. To stress the urgency of reform, I shall also touch upon two recent developments—the response from Ministry of Communication to questions raised in Parliament on the blocking procedures and the Supreme Court (SC) judgment in Shreya Singhal v. Union of India.

Section 69A and the Blocking Rules

Section 69A of the Information Technology Act, 2008 (S69A hereinafter) grants powers to the central government to issue directions for blocking of access to any information through any computer resource. In other words, it allows the government to block any websites under certain grounds. The Government has notified rules laying down the procedure for blocking access online under the Procedure and Safeguards for Blocking for Access of Information by Public Rules, 2009 (Rules, 2009 hereinafter). CIS has produced a poster explaining the blocking procedure (download PDF, 2.037MB).

There are three key aspects of the blocking rules that need to be kept under consideration:

Officers and committees handling requests

Designated Officer (DO) – Appointed by the Central government, officer not below the rank of Joint Secretary.
Nodal Officer (NO) – Appointed by organizations including Ministries or Departments of the State governments and Union Territories and any agency of the Central Government.
Intermediary contact–Appointed by every intermediary to receive and handle blocking directions from the DO.
Committee for Examination of Request (CER) – The request along with printed sample of alleged offending information is examined by the CER—committee with the DO serving as the Chairperson and representatives from Ministry of Law and Justice; Ministry of Home Affairs; Ministry of Information and Broadcasting and representative from the Indian Computer Emergency Response Team (CERT-In). The CER is responsible for examining each blocking request and makes recommendations including revoking blocking orders to the DO, which are taken into consideration for final approval of request for blocking by the Secretary, DOT.
Review Committee (RC) – Constituted under rule 419A of the Indian Telegraph Act, 1951, the RC includes the Cabinet Secretary, Secretary to the Government of India (Legal Affairs) and Secretary (Department of Telecom). The RC is mandated to meet at least once in 2 months and record its findings and has to validate that directions issued are in compliance with S69A(1).

Provisions outlining the procedure for blocking

Rules 6, 9 and 10 create three distinct blocking procedures, which must commence within 7 days of the DO receiving the request.

a) Rule 6 lays out the first procedure, under which any person may approach the NO and request blocking, alternatively, the NO may also raise a blocking request. After the NO of the approached Ministry or Department of the State governments and Union Territories and/or any agency of the Central Government, is satisfied of the validity of the request they forward it to the DO. Requests when not sent through the NO of any organization, must be approved by Chief Secretary of the State or Union Territory or the Advisor to the Administrator of the Union Territory, before being sent to the DO.

The DO upon receiving the request places, must acknowledge receipt within 24 four hours and places the request along with printed copy of alleged information for validation by the CER. The DO also, must make reasonable efforts to identify the person or intermediary hosting the information, and having identified them issue a notice asking them to appear and submit their reply and clarifications before the committee at a specified date and time, within forty eight hours of the receipt of notice.

Foreign entities hosting the information are also informed and the CER gives it recommendations after hearing from the intermediary or the person has clarified their position and even if there is no representation by the same and after examining if the request falls within the scope outlined under S69A(1). The blocking directions are issued by the Secretary (DeitY), after the DO forwards the request and the CER recommendations. If approval is granted the DO directs the relevant intermediary or person to block the alleged information.

b) Rule 9 outlines a procedure wherein, under emergency circumstances, and after the DO has established the necessity and expediency to block alleged information submits recommendations in writing to the Secretary, DeitY. The Secretary, upon being satisfied by the justification for, and necessity of, and expediency to block information may issue an blocking directions as an interim measure and must record the reasons for doing so in writing.

Under such circumstances, the intermediary and person hosting information is not given the opportunity of a hearing. Nevertheless, the DO is required to place the request before the CER within forty eight hours of issuing of directions for interim blocking. Only upon receiving the final recommendations from the committee can the Secretary pass a final order approving the request. If the request for blocking is not approved then the interim order passed earlier is revoked, and the intermediary or identified person should be directed to unblock the information for public access.

c) Rule 10 outlines the process when an order is issued by the courts in India. The DO upon receipt of the court order for blocking of information submits it to the Secretary, DeitY and initiates action as directed by the courts.

Confidentiality clause

Rule 16 mandates confidentiality regarding all requests and actions taken thereof, which renders any requests received by the NO and the DO, recommendations made by the DO or the CER and any written reasons for blocking or revoking blocking requests outside the purview of public scrutiny. More detail on the officers and committees that enforce the blocking rules and procedure can be found here.

Response on blocking from the Ministry of Communication and Information Technology

The response to our RTI from E-Security and Cyber Law Group is timely, given the recent clarification from the Ministry of Communication and Information Technology to a number of questions, raised by parliamentarian Shri Avinash Pande in the Rajya Sabha. The questions had been raised in reference to the Emergency blocking order under IT Act, the current status of the Central Monitoring System, Data Privacy law and Net Neutrality. The Centre for Communication Governance (CCG), National Law University New Delhi have extracted a set of 6 questions and you can read the full article here.

The governments response as quoted by CCG, clarifies under rule 9—the Government has issued directions for emergency blocking of a total number of 216 URLs from 1st January, 2014 till date and that a total of 255 URLs were blocked in 2014 and no URLs has been blocked in 2015 (till 31 March 2015) under S69A through the Committee constituted under the rules therein. Further, a total of 2091 URLs and 143 URLs were blocked in order to comply with the directions of the competent courts of India in 2014 and 2015 (till 31 March 2015) respectively. The government also clarified that the CER, had recommended not to block 19 URLs in the meetings held between 1^stJanuary 2014 upto till date and so far, two orders have been issued to revoke 251 blocked URLs from 1st January 2014 till date. Besides, CERT-In received requests for blocking of objectionable content from individuals and organisations, and these were forwarded to the concerned websites for appropriate action, however the response did not specify the number of requests.

We have prepared a table explaining the information released by the government and to highlight the inconsistency in their response.

Applicable rule and procedure outlined under the Blocking Rules	Number of websites
	2014	2015	Total
Rule 6 - Blocking requests from NO and others	255	None	255
Rule 9 - Blocking under emergency circumstances	-	-	216
Rule 10 - Blocking orders from Court	2091	143	2234
Requests from individuals and orgs forwarded to CERT-In	-	-	-
Recommendations to not block by CER	-	-	19
Number of blocking requests revoked	-	-	251

In a response to an RTI filed by the Software Freedom Law Centre, DeitY said that 708 URLs were blocked in 2012, 1,349 URLs in 2013, and 2,341 URLs in 2014.

Shreya Singhal v. Union of India

In its recent judgment, the SC of India upheld the constitutionality of 69A, stating that it was a narrowly-drawn provision with adequate safeguards. The constitutional challenge on behalf of the People’s Union for Civil Liberties (PUCL) considered the manner in which the blocking is done and the arguments focused on the secrecy present in blocking.

The rules may indicate that there is a requirement to identify and contact the originator of information, though as an expert has pointed out, there is no evidence of this in practice. The court has stressed the importance of a written order so that writ petitions may be filed under Article 226 of the Constitution. In doing so, the court seems to have assumed that the originator or intermediary is informed, and therefore held the view that any procedural inconsistencies may be challenged through writ petitions. However, this recourse is rendered ineffective not only due to procedural constraints, but also because of the confidentiality clause. The opaqueness through rule 16 severely reigns in the recourse that may be given to the originator and the intermediary. While the court notes that rule 16 requiring confidentality was argued to be unconstitutional, it does not state its opinion on this question in the judgment. One expert, holds the view that this, by implication, requires that requests cannot be confidential. However, such a reading down of rule 16 is yet to be tested.

Further, Sunil Abraham has pointed out, “block orders are unevenly implemented by ISPs making it impossible for anyone to independently monitor and reach a conclusion whether an internet resource is inaccessible as a result of a S69A block order or due to a network anomaly.” As there are no comprehensive list of blocked websites or of the legal orders through which they are blocked exists, the public has to rely on media reports and filing RTI requests to understand the censorship regime in India. CIS has previously analysed the leaked block lists and lists received as responses to RTI requests which have revealed that the block orders are full of errors and blocking of entire platforms and not just specific links has taken place.

While the state has the power of blocking content, doing so in secrecy and without judical scrutiny, mark deficiencies that remain in the procedure outlined under the provisions of the blocking rules . The Court could read down rule 16 except for a really narrow set of exceptions, and in not doing so, perhaps has overlooked the opportunities for reform in the existing system. The blocking of 32 websites, is an example of the opaqueness of the system of blocking orders, and where the safeguards assumed by the SC are often not observed such as there being no access to the recommendations that were made by the CER, or towards the revocation of the blocking orders subsequently. CIS filed the RTI to try and understand the grounds for blocking and related procedures and the response has thrown up some issues that must need urgent attention.

Response to RTI filed by CIS

Our first question sought clarification on the websites blocked on 30^thDecember 2014 and the response received from DeitY, E-Security and Cyber Law Group reveals that the websites had been blocked as “they were being used to post information related to ISIS using the resources provided by these websites”. The response also clarifies that the directions to block were issued on 18-12-2014 and as of 09-01-2015, after obtaining an undertaking from website owners, stating their compliance with the Government and Indian laws, the sites were unblocked.

It is not clear if ATS, Mumbai had been intercepting communication or if someone reported these websites. If the ATS was indeed intercepting communication, then as per the rules, the RC should be informed and their recommendations sought. It is unclear, if this was the case and the response evokes the confidentiality clause under rule 16 for not divulging further details. Based on our reading of the rules, court orders should be accessible to the public and without copies of requests and complaints received and knowledge of which organization raised them, there can be no appeal or recourse available to the intermediary or even the general public.

We also asked for a list of all requests for blocking of information that had been received by the DO between January 2013 and January 2015, including the copies of all files that had accepted or rejected. We also specifically, asked for a list of requests under rule 9. The response from DeitY stated that since January 1, 2015 to March 31, 2015 directions to block 143 URLs had been issued based on court orders. The response completely overlooks our request for information, covering the 2 year time period. It also does not cover all types of blocking orders under rule 6 and rule 9, nor the requests that are forwarded to CERT-In, as we have gauged from the ministry's response to the Parliament. Contrary to the SC's assumption of contacting the orginator of information, it is also clear from DeitY's response that only the websites had been contacted and the letter states that the “websites replied only after blocking of objectionable content”.

Further, seeking clarification on the functioning of the CER, we asked for the recent composition of members and the dates and copies of the minutes of all meetings including copies of the recommendations made by them. The response merely quotes rule 7 as the reference for the composition and does not provide any names or other details. We ascertain that as per the DeitY website Shri B.J. Srinath, Scientist-G/GC is the appointed Designated Officer, however this needs confirmation. While we are already aware of the structure of the CER which representatives and appointed public officers are guiding the examination of requests remains unclear. Presently, there are 3 Joint Secretaries appointed under the Ministry of Law and Justice, the Home Ministry has appointed 19, while 3 are appointed under the Ministry of Information and Broadcasting. Further, it is not clear which grade of scientist would be appointed to this committee from CERT-In as the rules do not specify this. While the government has clarified in their answer to Parliament that the committee had recommended not to block 19 URLs in the meetings held between 1st January 2014 to till date, it is remains unclear who is taking these decisions to block and revoke blocked URLs. The response from DeitY specifies that the CER has met six times between 2014 and March 2015, however stops short on sharing any further information or copies of files on complaints and recommendations of the CER, citing rule 16.

Finally, answering our question on the composition of the RC the letter merely highlights the provision providing for the composition under 419A of the Indian Telegraph Rules, 1951. The response clarifies that so far, the RC has met once on 7th December, 2013 under the Chairmanship of the Cabinet Secretary, Department of Legal Affaits and Secretary, DOT. Our request for minutes of meetings and copies of orders and findings of the RC is denied by simply stating that “minutes are not available”. Under 419A, any directions for interception of any message or class of messages under sub-section (2) of Section 5 of the Indian Telegraph Act, 1885 issued by the competent authority shall contain reasons for such direction and a copy of such order shall be forwarded to the concerned RC within a period of seven working days. Given that the RC has met just once since 2013, it is unclear if the RC is not functioning or if the interception of messages is being guided through other procedures. Further, we do not yet know details or have any records of revocation orders or notices sent to intermediary contacts. This restricts the citizens’ right to receive information and DeitY should work to make these available for the public.

Given the response to our RTI, the Ministry's response to Parliament and the SC judgment we recommend the following steps be taken by the DeitY to ensure that we create a procedure that is just, accountable and follows the rule of law.

The revocation of rule 16 needs urgent clarification for two reasons:

Under Section 22 of the RTI Act provisions thereof, override all conflicting provisions in any other legislation.
In upholding the constitutionality of S69A the SC cites the requirement of reasons behind blocking orders to be recorded in writing, so that they may be challenged by means of writ petitions filed under A rticle 226 of the Constitution of India.

If the blocking orders or the meetings of the CER and RC that consider the reasons in the orders are to remain shrouded in secrecy and unavailable through RTI requests, filing writ petitions challenging these decisions will not be possible, rendering this very important safeguard for the protection of online free speech and expression infructuous. In summation, the need for comprehensive legislative reform remains in the blocking procedures and the government should act to address the pressing need for transparency and accountability. Not only does opacity curtial the strengths of democracy it also impedes good governance. We have filed an RTI seeking a comprehensive account of the blocking procedure, functioning of committees from 2009-2015 and we shall publish any information that we may receive.

For more details visit https://cis-india.org/internet-governance/blog/deity-says-143-urls-blocked-in-2015

Pervasive Technologies Project Working Document Series: Literature Review on IPR in Mobile app development

sinha — 2015-08-31T13:48:02Z

This post is literature survey of material exploring and analysing the role of Application Platforms in the Mobile Applications Development ecosystem, albeit from an intellectual property perspective. The document is a work in progress.

1. What are the decisions developers are making within their practice in terms of location of their enterprise and clients, scale of audience, funding, business models and mobile apps marketplace (app stores)? Who is the primary actor in the mobile applications development cycle in India?

1.1. Is the mobile apps marketplace organically developing into a Bazaar model, or a Cathedral model?

1.2. What are the contractual terms between the enterprise and the employee? What is the typical nature of agreements in the mobile apps development industry between enterprise- employee and enterprise- client?

The role of Mobile application developers (“developers”) is critical in the app market, especially when such markets are regarded as the key entry and dissemination point for mobile content. Developers are seen as innovation engines and the fastest route to innovation, so understanding factors that attract and retain third party mobile application developers is of importance to mobile platform providers in order to survive.

Who are the primary actors in the mobile applications development cycle in India?

This chapter of the Pervasive Technologies Project (“Project”) aims to study developers who are key contributors to the mobile applications space within India; and the problems, those being faced by them as they attempt to navigate an emerging and ambiguous ecosystem. The results of our qualitative research give us insight into the characteristics of this new tribe. A majority of the developers do not own the products they innovate and instead assign ownership of their IP over to their clients. Innovating for the purpose of creating and retaining ownership is a key motivation and is reflected in the tendency of developers to move away from the services sector to develop their own products.[1]

As one developer puts it, “unless you're a 1000 man enterprise, there's no economic benefit in services; as competition has driven pricing so low, everyone's struggling to deliver $12-14 per hour.”

Every startup in mobile development, especially, is doing services to stay afloat and would like to move toward a product model.

Further, IAMAI conducted a survey[2] in 2013 and the report presents an analysis in four sections:

a) Who? The App Developer in India

b) What? The Preference of Users and Developers in India

c) Why? The Business of Apps in India

d) How? The Future of Apps in India

The Report states:

“The vast majority of app developers in India are male. In their survey of 454 developers, only 35 respondents were female reflecting the gender bias. On the demand side 80 percent of smartphone users in India are male reinforcing the male dominance. Geographically the respondents were all based in India except one developer of Indian origin residing in Malaysia. The well known and established IT cities in India are attractive for app developers because they provide with easy access to infrastructure, skill and a ready market for products. The survey shows the concentration of app developers in the cities of Bangalore, Mumbai, Delhi NCR, Hyderabad and Ahmedabad. A larger percentage of developers in such IT cities make apps on a full-time basis as compared to developers in other cities. The survey data also shows that Bangalore, Mumbai and NCR have the maximum number of companies (organized business operations) engaged in app development. Cities like Ahmedabad, Hyderabad and Chennai host many small teams of app developersas well as self-employed app professionals. In most of the other cities such as Bhubaneshwar, Cochin, Coimbatore, Gandhinagar and Kota, app development is done primarily on a part-time basis and is not the primary source of income. This could be the result of limited monetization options that make app development an unsustainable livelihood for many.

The popularity of international apps was evident in the survey data. The average download of ‘Indian’ apps was very low. Only 14 of the 454 developers has crossed the hundred thousand download mark, of which only 5 surpassed the one million milestone. These numbers do not pertain to a single app, but to the cumulative number of downloads across all the apps created by each developer, supporting the thesis of low visibility of apps developed domestically.

In their sample of 454 developers, entertainment apps including gaming and social networking are the dominant categories reflecting demand side preference. Utilities, health and education are the other important categories. The survey also below provided the number of apps developed under each category. The list does not include lifestyle and enterprise apps which are exceptions. One forceful result of their survey is the focus of app developers on foreign app demand in preference to producing locally-relevant content - as the latter is less profitable. Each respondent in their sample had developed an average of 38 apps. Of these 13 have developed 100 or more apps and these are the larger professional app companies. After excluding extreme values, the average number of apps developed by each respondent fell to 17.

Skewed revenue sharing models biased against content providers was one of the main reasons why Indian app developers focus on international app stores such as Apple App Store or Google PlayStore that offer a flat 70 percent of the total revenue to developers. This adversely affected development of India-specific apps and even popular apps such as Saavn and Zomato have expanded abroad because of this very reason.

Survey results indicated an Android dominated future for the app economy in India for two apparent reasons. One, Android devices are more affordable and two, the Android ecosystem is open allowing OEMs such as Samsung and HTC to manufacture mobile devices that use the Android OS. The drawback turns out to be the resulting fragmentation in screen sizes, resolution limits and hardware traits. Because of this, “developing apps that work across the whole range of Android devices can be extremely challenging and time-consuming.” Moreover, Indian app developers need to recognise the existence of an active market for used phones and thus the appeal of ‘backward compatibility’ i.e. an app that can work across old devices as well as new ones and also function across both old and new versions of operating systems will stand a better chance of success.

On the whole, app development was not considered to be a remunerative business opportunity. 17 percent of respondents who answered the question on choice of revenue model indicated that they did not have a specific revenue generation plan. While some developers are engaged in contractual development, there are few developers who self finance their project and do not actively market or promote their app. The business of app development in India seems to be at a stage in which it could be characterised as one based on a ‘hit and trial’ philosophy. Self financing is common in the industry. Only 7 and 13 developers approached banks or venture capitalists for financing. Funding an app developer was not an investor’s primary choice. Recognising the market failure and the utility of apps, the Department of Electronics and IT and Department of Telecommunication have both instituted funds to encourage mobile technology ventures

and app development in India.[3] One can argue on the efficacy of the use of limited public resources for app development, but not the fact that app development in India needs a boost. The industry is still very young and ‘unorganized’ and is largely dependent on own and informal sources for financing. The study presents presents the source of financing for app developers.”

Understanding of IP

There is a lack of understanding of IP amongst the developers. During the course of interviews, IP was often thought of as mere content or code. There was also confusion between the terms IP and IPR. The few developers who understood the nuances of IP better, voiced a need for the developer community to deepen their understanding of what parts of their work are IP. Samuel Mani, Founding Partner of Mani Chengappa & Mathur, stressed that developers should recognize the value within not just the product or software itself, but the background business processes. According to Mani, the execution of the idea is the true source of innovation; how one accesses the market, and maybe who the market is as well.[4]

The IAMAI report[5] had some observations on the impact of IP on the apps industry. According to the report, “since the industry thrived on innovation, protection of intellectual property was important to developers. The balance between protection and sharing of innovation was part of a larger and often tendentious debate on open source versus proprietary software development.[6] The survey did not attempt to deconstruct that debate; merely reported that 70 percent of respondents were of the view that intellectual property protection was a concern for app developers. However, not all had taken steps to protect intellectual property. The lack of seriousness could be associated with poor revenue potential from apps. Among those who had, some obtained copyrights/patents, while others worked with individual checks on in-app piracy using code morphing, copy protection, server–based checks, or both etc (The study provides data on different IP protection measures).”

Nature of their clients

Out-sourced 'mobile app services' is marginal as a business model here in India.[7]

Ownership of their product/service:

Often, the lack in understanding can be traced to the developers working in isolation from the legalities involved in assigning the product to the client. Majority of those interviewed developed mobile app products for clients, and in turn assigned ownership of their products to their clients. As previously mentioned, they commonly shared an interest in leaving the services sector to create products of their own, with some of them already having made the transition within their business model.[8]

Contractual clauses most important to mobile app developers: Delving deeper into the aspect of assigning ownership to clients, the most common practice is for developers to enter into a work-for-hire agreement with the client. Typically, a work-for-hire agreement mandates that if a worker is paid to carry out a particular project, whatever is created within the project belongs to the client.[9]

For startups where team players are small in number, it is likely that all will have access to any contract agreements entered into with clients. For larger corporate software developer firms, there may be a specialized department for legal-related matters. In such cases, the mobile app developers themselves would seldom lay eyes on the legalese of contracts, for the primary reason being that it doesn't concern them. Instead, the terms of agreement more familiar to them would be those that they obliged to upon working for their employer. The interviews revealed that the importance of contract agreements was actually underestimated in the country.[10]

Within a work-for-hire agreement, it is commonplace for developers to enter into restrictive agreements that obstruct the freedoms of what they can do with the code created for the client. Problematic areas proved to be those related to the time periods in which the developer was not allowed to take up future work for competing clients (i.e. the non-compete clause), or could not talk about their work for the client at all (the “quiet period”).[11]

Developers are unable to license their work to other interested clients when one client retains ownership. “Clients typically do not want a perpetual license, but complete ownership”, says a website developer. He further explains that, “this means they could make a derivative work or use it for another project. Depending on how bad we want the project, we'll work out some middle ground.” But it does not seem to be so easy for he and his SME to do so: “The thing about contracts is it’s all about a sort of differential bargaining power that the two parties have... you’ll have very little control about what happens once you’ve got paid.”[12]

To have any sort of bargaining power within a work-for-hire arrangement requires a lot of time for negotiating, and the space for communication to begin with. In many cases, contracts may not even be introduced into a work agreement, leaving a lot of intricacies to the unknown.

The problems are further compounded by contract illiteracy, more so in second tier cities.[13]

2. What is the nature of innovation emerging from the mobile app industry? What is the awareness of the "mobile applications developer and its enterprise on rules concerning code, content and design? How does re-use and sharing of code, content and design occur in the mobile application developer ecosystem ? What is the perceived impact of the Indian IPR regime on the aforementioned aspects? Finally, do the emerging trends in re-use and sharing of code run afoul of Indian IP law?

There is a marked shift towards using open source software amongst developers. According to a Gartner study, most software makers will have some open source applications or code in their portfolio by 2016. The study also reaches the conclusion that 99% of Forbes’ Global 2000 companies will be using some form of open source software.[14]

Awareness

The interviews revealed different personal understandings of the meaning of IP. The most common responses were the following[15]:

A : When questioned about IP to developers, they did not know what it meant, because it didn’t have anything to do with what they were doing.

B : Developers often did not know what part of their app was IP... there is was gap in understanding with respect to IP.

For the most part, it seems, IP was considered to refer to content or code across interviews, and was even confused at one point with IPR (IP Rights) within a response referring to an SME's trademark and pending application.

For those who appeared to be better versed in matters related to IP, they emphasised on the need for developers to be better acquainted with what parts of their work are IP. One interviewee stressed on the importance of developers to recognize the value of background business processes, apart from software and the product itself. [16]

In certain cases, it took $1 million in sales for a medium-sized software development enterprise to start paying attention to IP. The enterprise tried to obtain patent protection for their application, but the effort turned out to be futile.[17]

Protection of work (Speaks to awareness also)

When asked, those interviewed responded with a variance in answers. Some simply stated that their work is not protected, while a few mentioned that they acquired trademark or intend to apply for trademark protection. One interviewee had a patent pending in India and the US, as well. In many conversations, developers mentioned that their code for their apps is under open source licenses, and a couple others entailed sharing that the content is under creative commons licenses, “individual licenses,” or joint copyright. Additionally, within one interview, one mentioned the use of encryption tools as a technical means of protection for their work.[18]

“The concept of securing IP is relatively new within the Indian context... it becomes a question of priority between innovation and protection" — Aravind Krishnaswamy, Levitum.

Of the developers interviewed, many exhibited some sort of confusion or misunderstanding related to the protection of their works by means of intellectual property rights (IPR). Those interviewed seemed to either express an interest to acquire IPR in the future for their products in the forms of patent or trademark protection, or expressed their appreciation for openness source licensing—or both! Beneath these immediate responses, however, many repeated patterns, as well as contradictions, are revealed. Conversations that followed within these interviewed entailed the opportunity to hear from personal experiences and opinions on different areas within their practice intersecting IPR.[19]

Across interviews conducted, one particular observation entailed the tendency for developers to have worked in the past for corporate employers that have dealt with cases of infringement or have acquired IP protection. Almost half of those interviewed shared the fact that they worked for a corporate employer and became better familiar with different notions of intellectual property through that experience. It may not be too far-fetched to suggest, then, that for the developer the idea of acquiring IPR protection is one that may be reinforced from previous employers or other successful development companies with IPR of their own.[20]

Impact of law & reasons for IPR Protection

One would assume that if a startup was bootstrapped with minimal cash flow, then it would place a low priority on getting IP protection for its products. Aravind Krishnaswamy of startup, Levitum, also stated that “the concept of securing IP was relatively new within the Indian context.” [21]

Yet, many developers who were interviewed did express an interest in IPR. The main concerns developers believed IP protection would address, were proving ownership over their work or preventing problems in the future. One developer's commented on how the mobile app market is a “new and potentially volatile area for software development.” For this reason, it was imperative that he and his team attempted to avoid trouble in the future, and ensure that they going about mobile app development the right and moral way.[22]

Within another interview, developer, John Paul of mobile app SME, Plackal, explained his motives for seeking to acquire patent protection, the application for which back then was pending in India and the US: "For us, applying for a patent is primarily defensive. And if it does get infringed upon, it would give us a good opportunity to generate revenue from it." For the company's trademark, they sought to be able to enforce their ownership over their product's brand: “As a precautionary, we've trademarked the app so that should there be a situation where the app is pirated, we can claim ownership for that app.”[23]

Do the emerging trends run afoul of Indian law?

Yes. This was evident from the legal practices of mobile app developers and the resulting cases of infringement.

Some instances of infringement (limited to Mobile app content (i.e. logos, pictures, etc.)) are[24]:

• Pirated apps in app stores

• “Dummy apps” or imitations of another's app

• Breaching app stores user agreement

• Violation of License agreements of code created by another

• Violation of Open source licenses

• Breaching of terms of agreement for by commissioning clients

• Breaching of terms of agreement for by those hired

Some of the developers indicated that they weren't a fish big enough to be pursued for infringement. “The big companies do not go after small developers; it depends on how much money they're making.” said a developer. He added,“Patent lawsuits can cost something like millions of dollars, so unless they're going to get more back, they wouldn't go through the trouble of doing so... but that is true even in the US.”

Some added that others who may have been apparently copying you, may have been working on the same content independently. Corporate players are in non-compliance knowingly than not, whereas more SMEs infringe upon others without being aware that they are. Just as well, the degree to which infringement takes place may differ between the two types of industry players: “At the corporate level, where they know they are not in compliance, the degree of non-compliance might be very small or specific, but it still exists.” On the other hand, for startup developers, a substantial amount of their code may not comply with the licenses and agreements they are obliged to—something that could pose problems for them later down the road if left unfixed. [25]

3. The apps marketplace is extremely important since they are the gatekeepers enabling access to apps. What is the nature of the apps marketplace? What are the limitations associated with it ? How do the existing regulatory models intersect with this relatively new marketplace? What is the enforcement carried out by these app stores in terms of IP?

“The app platform is a gatekeeper which provides the consumer and developer a virtual space to buy and sell products (mobile apps). What is the nature of the app platform? What are the limitations associated with it?

An app dealing in pirated content or infringing intellectual property faces the risk of getting barred by the app platform. What is the enforcement carried out by app platforms to protect intellectual property?”

Firstly, what is an app platform?

Iansteti and Levien[26] state that at the core of each innovation network is a focal organization known as platform owner (or keystone) that provides the platform to facilitate contribution by other members in the network.

Hagiu[27] defines a platform as a product, service or technology that provides a foundation for other parties to develop complementary products.

Specifically, I Kouris[28] defines an app platform as a special kind of electronic market which enable software developers to distribute their software applications(apps) among users of mobile devices like smartphones or tablets. An app platform owner dictates the entire infrastructure(like user interface, server space, etc.) and determines the rules for the interaction between the developers and users. They usually provide information about apps and developers and serve as a trusted third party by controlling app quality. Fransman M[29] characterised the app platform as an 'innovation ecosystem incorporating app developers effectively.'

Innovation can happen within the enterprise, or can take a more open route and benefit from external innovation. In order to gain the benefit of external innovation, platform owners must open their platforms up beyond their internal base of developers and provide resources to third party developers.[30]

What is the platform concept in software?

Broadly, Noori[31], discusses the issues about the platform concept in software and attempts to address the subject of platform strategy. Tsai, Phal & Robert[32] further the discussion by stating principles for an effective platform strategy.

In mobile ecosystems building a developer community is one of the niches to attract the developers to join the ecosystem. However, health can mean differing things for different ecosystem members. In order to stimulate innovation[33] the keystone company is often forced to relinquish much of their control over the platform to the development community. This involves a careful balancing act in relinquishing enough control to create a healthy environment for developers, and not stifling innovation while retaining a necessary and desired degree of control.[34]

Baskin[35] examines the problems concerning software patent under the mobile applications platform environment. The scope of the analysis is limited to two mobile applications platforms: Apple's iOS and Google's Android. The analysis throws light on the problems of innovation in software systems like iOS and Android. The note also proposes several changes to both antitrust and patent laws that will make it more difficult for established market players to prevent new competitors from entering high tech markets, thereby promoting greater openness and innovation. The part on software patents discusses the effects of enforcement of patent rights on open and closed systems. The note observes that the US Federal Circuit's decisions (Fonar Corp. v. Gen. Elec. Co., io7 F.3d 1543, 1549 (Fed. Cir. 1997)) have severely curtailed both the enablement and best mode requirements for successful software patents., thereby limiting the disclosure and preventing many of the invention's useful elements from reaching the public domain. Patentability issues have affected open systems such as Android more than Apple, owing to a greater dependency on third parties to run android systems, leading to more patent infringement issues. It recommends, that, intellectual property law should promote open systems above patent protection in high tech fields, allow reverse engineering of software and introduce an 'independent invention' defence in the law for innovators.

A certain paper addresses rejection of apps in the AppStore on three grounds: rejection on content grounds (including some competition-driven restrictions), rejection on development grounds, and the regulation of transactions.

Apple's and Google's foray into building a mobile development platform

Coming from the music and personal computer industry, Apple disrupted the mobile industry by making its mobile development platform available to third party developers and eliminating the barriers between those developers and customers. The main goal of Apple in the mobile world is to increase the cross-sales of its high-margin products by providing a continuous experience roaming (iPhone, iPad, Mac, and Apple TV) using complements such as mobile applications, content, services, and accessories.[36] Google, on the other hand, is an online advertising company which provides an open source mobile operating system, in the shape of Android, on which mobile handset manufacturers can develop smartphones without paying software licensing fees. By commoditizing mobile device production under its unique governance structure and building a large developer community, Google secured a means of reducing the barriers to new users accessing their advertising through smartphones. Microsoft through its Windows Phone is the most recent addition to the leading mobile platform providers. Its motivations lie in trying to protect its core business of software licensing which has been disrupted by falling PC sales linked to the emergence of mobile technology and free cloud technology services provided by companies such as Google which have impacted respectively on its licensing fees for Windows OS and Microsoft Office[37].

Luis H Hestres[38] analyzes Apple’s guidelines and approval process on the App Store, discusses content-based rejections of apps, and outlines the consequences of this process for developers’ and consumers’ freedom of expression. It outlines a set of principles to ensure “app-neutrality” whilie ensuring device quality and safety. The article illustrates challenges faced by app developers working on the iOS platform. Criticisms have come forth about Apple's arbitrary and opaque review process. Apple has a rejection rate of 30% of the 26,000 apps submitted to the app store each week[39]. Van Grove[40] comments that the ambiguity, opaqueness, and susceptibility to outside pressures that seems to characterize Apple’s approval process do a disservice to a democratic online culture. With more than 400 million iOS devices sold worldwide since 2007[41], Apple’s devices and app store have become important online intermediaries for Internet users. The article proposes a few basic guidelines, anchored on widely accepted international laws and treaties, such as the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights.

Statistics

A Report[42] presents us with some important insights into the growth of Google Play. Following are the highlights of the report: There are now well over 1 million apps available on Google Play App downloads and revenue from Google Play increased dramatically over the past year; Markets such as Brazil, Russia, Mexico, Turkey and Indonesia are driving growth in app downloads from Google Play; Google Play is experiencing rapid expansion of monetization in established markets such as Japan, the United States and South Korea; Games played a major role in the acceleration of Google Play revenue growth, but almost all app categories experienced expansion and accounted for almost 90% of revenue in Q1 2014; The freemium business model advanced its domination of Google Play app revenue, and represents a growing proportion of downloads; Asian markets lead the way in generating freemium revenue. Another report8 reiterates the explosion of gaming apps.

4. How does Indian copyright law and patent law apply to the mobile applications development ecosystem, in respect of the various business models operating in the industry?

4.1. The patent regime is grounded on a laboratory model of innovation. What does the niche mobile applications development industry (working on a micro-creativity model of innovation) require differently from the patent regime to foster growth?

4.2. Similarly, copyright law has a distinct design for digital objects. Examine the design and its suitability to regulate a mobile application.

A. The interviews reveal a dichotomy existing in the mobile app developer space. While some developers argued for strong IPR protections, several of app developers opposed strict IPR protection (patents, especially) and advocated use of open source software.[43]

Open source for future protection (Applicable as literature to Research question 2)

Sometimes developers license for community values primarily, however, the assumption is that dominant reason is to retain the ability to use their own work across clients. A designer from a services enterprise gave a different reason for doing so: to guarantee their ability to use their work again. “Since we use a bunch of templates and things like that, those we license using a non-exclusive license, because we reuse those elements on different bits of code in different projects,” he explains, “so there are bits of it which is used over multiple projects and there are stuff that is built exclusively for the client.”[44]

Here one can gather some insight, that perhaps developers do not necessarily license for community values primarily, but for the ability to use their own work across clients. That being said, we begin to wonder what the possibility that open source code may serve as a loophole for work-for-hire contracts, which require the developer to assign all written intellectual property to whoever is commissioning the project. If the code happened to “already be available by open source,” a developer may still be honouring any restrictive agreements with clients, and ensuring their ability to use their code in this future again.[45]

As a developer suggests, that startups should first and foremost protect themselves by making wiser choices related to code in order to prevent being litigated against by others—such as using an open source equivalent to a piece of code that one does not have the rights to, or instead putting the extra time in to develop it from scratch.[46]

Of those who expressed an interest in the open source movement, not all had said that their products were to be open licensed as well. One developer explicitly stated: “I like the idea of open source, and building upon others' work...but our app is not open source, it's proprietary.” It may be a given, then, that all or most developers within our interview sample rely on open source code within their practice, but not all may contribute their resulting product's source code back.[47]

Vivek Durai, from Humble Paper said that despite the fact that “open source has really taken route... on the smaller levels, people will come to a point when philosophies begin to change the moment you start seeing commercial.”[48]

B. A certain paper[49] examines from various angles the complex relationship between intellectual-property rights and technological innovation. Following are the conclusions:

1) Intellectual property rights are most likely to foster innovation when the following conditions converge in a particular industry: (a) high research-and-development costs; (b) a high degree of uncertainty concerning whether specific lines of research will prove fruitful; (c) the content of technological advances can be ascertained easily by competitors through “reverse engineering”; and (d) technological advances can be mimicked by competitors rapidly and inexpensively.

2) The likelihood that intellectual-property rights will impede more than stimulate innovation increases as more and more of the following factors obtain in a particular field: (a) trade-secret protection or lead-time advantages reduce the ability of competitors to take advantage of technological advances; (b) innovation in the field tends to be highly cumulative; (c) researchers in the field are motivated primarily by non-monetary incentives; (d) the field is characterized by strong network externalities. The last three of these circumstances were all present during the development of the technical infrastructure of the Internet; it is thus not surprising that that development proceeded rapidly and effectively with little reliance upon intellectual-property systems.

3) The following techniques may be employed to mitigate the economic side-effects of intellectual-property systems: (a) compulsory licenses; (b) facilitation of price discrimination; (c) strict enforcement of the “utility” requirement; (d) encouragement of appropriate cross-licensing agreements (provided that cartel behavior can be simultaneously discouraged); (e) narrow interpretations of “similarity”; (f) strict enforcement of “enablement” and “best-mode” requirements; and (g) the affirmative defenses of patent and copyright misuse.

4) In contexts in which reliance upon these mitigating devices is not feasible, the following alternative ways of solving the public-goods problem may be superior to intellectual-property rights as ways of stimulating innovation:government research; government funding for private research; or post-hoc government rewards for private technological advances.

C. In a paper[50], the authors study the determinants of patent quality and volume of patent applications when inventors care about perceived patent quality. They analyze the effects of various policy reforms, specifically, a proposal to establish a two‐tiered patent system. In the two‐tiered system, applicants can choose between a regular patent and a more costly, possibly more thoroughly examined, ‘gold‐plate’ patent. Introducing a second patent‐tier can reduce patent applications, reduce the incidence of bad patents, and sometimes increase social welfare. The gold‐plate tier attracts inventors with high ex‐ante probability of validity, but not necessarily applicants with innovations of high economic value.

D. Copyrights related to apps are still being hashed out in the courts. Oracle, for example, sued Google[51] for copyright infringement regarding the structure of Java APIs in its Android operating system[52], and the case was decided by the U.S. Supreme Court.

E. Policy Levers in Patent Law[53]

The paper argues that some industries should be the subject of patent tailoring – which can make them illustrative of certain policy levers. Use of obviousness and disclosure doctrines to modulate the scope and frequency of patents, as might be necessary where anti-commons to patent thicket theories are applicable.

Nature of software vis-a-vis biological/chemical inventions

Software inventions tend to have a quick, cheap, and fairly straightforward post- invention development cycle. Most of the work in software development occurs in the initial coding, not in development or production. The lead time to market in the software industry tends to be short. Because innovation is less uncertain in software than in industries like biotechnology, Merges’ economic framework suggests that the non-obviousness bar should be rather high.

Implementing a rational software policy obviously requires some significant changes to existing case law. A number of policy levers might be brought to bear on this problem. First, obviousness doctrine needs to be reformed, preferably by way of a more informed application of the level of skill in the art or alternatively by application of new secondary considerations of non-obviousness.

Poor handling of software patents by the Federal Circuit

The paper argued that broad software patents were indeed what the existing Federal Circuit jurisprudence will likely produce. By relaxing the enablement requirement and permitting software inventions defined in broad terms, supported by very little in the way of detailed disclosure, the Federal Circuit has encouraged software patents to be drafted broadly and to be applied to allegedly infringing devices that are far removed from the original patented invention.

By implication, the Federal Circuit’s standard also seems to suggest that many narrower software patents on low- level incremental improvements will be invalid for obviousness in view of earlier, more general disclosures. They may also be invalidated under the on- sale bar, because the Supreme Court’s view that a software invention is “ready for patenting” when it is the subject of a commercial order and when the inventor has described its broad functions, even if it is not clear how the code will be written or that it will work for its intended purpose, means that any patentee who waits until the code is written to file a patent application risks being time-barred for not filing earlier. Unfortunately, the Federal Circuit’s current standard seems to be precisely backwards. Software is an industry characterized by at least to a limited extent by competition theory and to a greater extent by cumulative innovation. Cumulative innovation theory suggests that patent protection for incremental software inventions should be relatively easy to acquire in order to reward incremental improvements, implying a somewhat lower obviousness threshold. It also suggests that the resulting patents should be narrow and, in particular, that they should not generally extend across several product generations for fear of stifling subsequent incremental improvements. This suggests that software patents should be limited in scope.

Second, a higher disclosure requirement and restrictions on the doctrine of equivalents will help reduce patent scope. Additionally, the authors think software patents are the ideal candidate for a new policy lever: reverse engineering. Many commentators have explained the importance of permitting competitors to reverse engineer a product in order to see how it works and to figure out ways to design around it. In the case of copyright, courts have adapted the doctrine of fair use, together sometimes with copyright misuse, to allow competitors to engage in reverse engineering of computer software. Patent law includes no express provision allowing reverse engineering, nor is there any judicially developed exception akin to copyright’s fair use doctrine that might permit it. Indeed, patent law generally lacks provisions akin to fair use or other exceptions that might readily be pressed into the service of reverse engineering, although commentators have suggested that patent law may need such exceptions for precisely this reason.

This does not mean that reverse engineering a patented product is necessarily illegal patent law. Some inventions, such as the paper clip, are readily apparent once embodied in a product. Improvers do not need to reverse engineer the paper clip and figure out how it works in order to improve it; they just need to look at it. Additionally, in many cases, the patentee has done all the work necessary for reverse engineering patented inventions by virtue of disclosing how to make and use the claimed invention in the patent specification. In theory, an express provision authorizing reverse engineering would be superfluous if the enabling disclosures required to secure a patent were sufficiently strong – someone who wanted to learn how a patented device worked would only need to read the patent specification. Patentable inventions in software, however, generally do not have these characteristics. Software devices typically cannot be readily understood by casual inspection, and particularly not without access to human-readable source code or other documentation. Examination of the patent itself is unlikely to yield information equivalent to a reverse engineered inspection because the Federal Circuit does not require would-be patentees of software inventions to disclose the implementing source code or, for that matter, very much at all about their inventions. Accordingly, software patents present unique obstacles to consummation of the patent law’s traditional rights-for-disclosure bargain with the public. The specific reverse engineering techniques commonly used for software, in turn, may raise some infringement problems that are unique to software. The definition of infringement in the patent statute is extremely broad, encompassing anyone who “makes, uses, offers to sell, ... sells..., or imports” a patented product. Reverse engineering a patented computer program by decompiling it likely fits within this broad category of prohibited conduct, at least where the program itself is claimed as an apparatus. Reverse engineering clearly constitutes a “use” of the patented software, though owners of a particular copy of the program surely have the right to use it. More significantly, decompilation may also constitute “making” the patented program by generating a temporary yet functional copy of it in RAM memory and, in certain instances, a longer-term (though still “intermediate”) copy in more permanent memory. Those copies probably constitute patent infringement unless protected by some defense. The result of all of this is that the nominally neutral patent law rule – no defense for reverse engineering – affects software more than other industries.

The need for a reverse engineering exception in patent law militates in favor of adapting the existing doctrines of exhaustion or experimental use to that end. Patent misuse might also be adapted, as it has been in the copyright arena, to prevent patent holders from deterring or prohibiting reverse engineering related to their inventions. The exception might even be created out of whole cloth by reinterpreting the infringement provisions of section 271(a). The resulting patent doctrine would constitute a macro policy lever. As Cohen and Lemley observe, in most industries there is either no need to reverse engineer an invention or reverse engineering can be done without infringing the patent.

The paper concludes by stating, “Only in software is there a need for a particular doctrine to protect the right to reverse engineer —and therefore the ability of improvers to innovate. Thus, a judicially created reverse engineering defense would make sense across the board in software cases but not in other patent cases.”

[1]Samantha Cassar, "App Developers Series: Products-Services Dichotomy & IP (Part I)”, last accessed July 21, 2015

[2]IAMAI, “An inquiry into the impact of India's App economy”, 2015

[3]DoT has set up a 1000 crore app development centre called Application Development Infrastructure and 700 crores under the National E-Governance Plan have been allocated for mobile technology ventures

[4]Supra note 1

[5]Supra note 2

[6]Hippel, Eric von, and Georg von Krogh. "Open source software and the “private-collective” innovation model: Issues for organization science." Organization science 14.2 (2003): 209-223.

[7]Supra note 1

[8]Ibid

[9] Samantha Cassar, “Mobile App Developer Series: Terms of Agreement – Part IV”, last accessed July 21

[10]Ibid

[11]Ibid

[12]Ibid

[13]Ibid

[14]Gartner Data

[15]Supra note 1

[16]Ibid

[17]Samantha Cassar, “Interviews with App Developers: [dis]regard towards IPR vs. Patent Hype – Part II”, last accesed July 21, 2015

[18]Ibid

[19]Ibid

[20]Ibid

[21]Ibid

[22]Ibid

[23]Ibid

[24]Samantha Cassar, “Interviews with App Developers: Name of the Game (Part IV)”, last accessed July 21, 2015

[25]Ibid

[26]"Strategy as Ecology," Harvard Business Review, Vol. 82, No. 3, March 2004.

[27] Evans, D. S., A. Hagiu and R. Schmalensee, 2006, Invisible Engines: How Software Platforms

Drive Innovation and Transform Industries, Cambridge, MA: The MIT Press.

[28]Kouris, Iana and Kleer, Rob, "BUSINESS MODELS IN TWO-SIDED MARKETS: AN ASSESSMENT OF STRATEGIES FOR APP PLATFORMS" (2012). 2012 International Conference on Mobile Business. Paper 22.
http://aisel.aisnet.org/icmb2012/22

[29]Fransman, M. (2014) Models of Innovation in Global ICT Firms: The Emerging Global Innovation Ecosystems. JRC Scientific and Policy Reports –EUR 26774 EN. Seville: JRC-IPTS

[30] Deniz and Kehoe, Factors that attract and retain third party developers in mobile ecosystems, June 2013

[31]Nadea Saad Noori (2009) Managing External Innovation: The case of platform extension, available at http://www3.carleton.ca/tim/theses/2009/Noori2009.pdf

[32]Tsai, Phal & Robert, Industry Platform Construction and Development in a changing environment: Evidence from the ICT Industry, available at http://druid8.sit.aau.dk/acc_papers/6s5aqckmne7ggybu0vfxryrynuog.pdf

[33] Supra note 9

[34] Ibid.

[35]John Baskin, Competitive Regulation of Mobile Software Systems: Promoting Innovation Through Reform of Antitrust and Patent Laws (2013)

[36] Constantinou, 2012b

[37]Ibid.

[38]Luis H Hestres (2013) App Neutrality: Apple’s App Store and Freedom of Expression Online , American University , International Journal of Communication 7 (2013), 1265–1280

[39]Supra note 9

[40]Ibid.

[41] Supra note 9

[42]App Annie Data

[43]Supra note 1

[44]Samantha Cassar, “Interviews with App Developers: Open Source, Community, and Contradictions – Part III”, last accessed July 21

[45]Ibid

[46]Ibid

[47]Ibid

[48]Ibid

[49] William Fisher, INTELLECTUAL PROPERTY AND INNOVATION: THEORETICAL, EMPIRICAL, AND HISTORICAL PERSPECTIVES

[50]Patent Quality and a Two‐Tiered Patent System (Vidya Atal and Talia Brar, 2014)

[51]http://copyrightalliance.org/2014/05/federal_circuit_releases_decision_oracle_v_google

[52]http://copyrightalliance.org/2014/05/federal_circuit_releases_decision_oracle_v_google#.VYf0i9Z5MxB

[53]http://escholarship.org/uc/item/4qr081sg

For more details visit https://cis-india.org/a2k/blogs/pervasive-technologies-project-working-document-series-literature-review-on-ipr-in-mobile-app-development

National IPR Policy Series: RTI Requests by CIS to DIPP + DIPP Responses

nehaa — 2015-04-26T08:47:00Z

In earlier blog posts, we have discussed the development of India’s National IPR Policy (“the Policy”); comments by the Centre for Internet and Society (“CIS”) to the IPR Think Tank before the release of the first draft of the Policy and CIS’ comments to the IPR Think Tank in response to the first draft of the Policy. Continuing our National IPR Policy Series, this article documents our requests to the Department of Industrial Policy and Promotion (“DIPP” / “the Department”) under the Right to Information (“RTI”) Act, 2005 and the responses of the Department.

View the PDF here.

Details of RTI Requests Filed by CIS

In February, 2015, CIS had filed three RTI requests with the DIPP. The first request was four-pronged, seeking information related to first, the process followed by the Department in the creation of the IPR Think Tank; second, details and documents of a meeting held to constitute the Think Tank; third, details and documents of all/multiple meetings held to constitute the Think Tank; fourth, details of a directive/directives received from any other Government Ministry/authority directing the constitution of the Think Tank and fifth, the process of shortlisting the members of the Think Tank by the DIPP.

In our second RTI request, first, we requested details of the process followed by the Think Tank in the formulation of the Policy; second, we requested all documents relating to a meeting held for the formulation of the Policy; third, we requested all documents held for multiple meetings for the creation of the Policy and fourth, we requisitioned all suggestions and comments received by the Think Tank from stakeholders before the release of the Policy, that is, those suggestions/comments received in November, 2014.

In our third RTI request, also filed on also filed in February, 2015, we had asked the DIPP to indicate all suggestions and comments received by the IPR Think Tank from different stakeholders in response to the first draft of the National IPR Policy (to have been submitted on or before January 30, 2015 as per DIPP’s Public Notice).

Responses by DIPP to CIS' RTI Requests

The DIPP replied to our three RTI requests in multiple stages. At first, in a letter dated 12 February, 2015, we were directed to resubmit our application , seemingly because we hadn’t addressed the Postal Money Order to the correct authority, and were directed to do the same. Funnily enough, we received three other responses – one for each of our RTI requests (the first of these is not dated; the second one is dated 19 February, 2015 and then revised to 26 February, 2015; and the third is also dated 26 February, 2015).

The First Response: On the Constitution of the Think Tank

In the first of their responses to these requests, the Department has grouped our queries into five questions and provided a point-wise response to these questions, as under:

Please indicate in detail the process followed by the Department of Industrial Policy and Promotion for the constitution for an IPR Think Tank to draft the National Intellectual Property Rights Policy under Public Notice No. 10 (22)/2013 –IPR-III dated November 13, 2014 (sic).

In its response the Department notes that it convened an interactive meeting on IPR issues which was chaired by the Minister for Commerce and Industry (Independent Charge), i.e., Ms. Nirmala Sitharaman. As per the Department’s response, this meeting was held on 22 September, 2014 (“the Meeting”) and was aimed at discussing issues related to IPRs, including finalization of the Terms of Reference for IPR Think-Tank proposed to be established (sic.) The Department also notes that representatives from various Ministries/Departments, Member of various Expert Committees constituted by the Department, besides IP experts and other Legal Practitioners (sic) were invited to the meeting. The Department then states that the composition of the Think Tank was decided on the basis of the discussions held in the department after the said interactive Meeting (sic).

If there was a meeting held to decide on the same, please include all necessary documents including the minutes of the meeting, records, documents, memos, e-mails, opinion, advices, press releases, circulars, orders etc in which the constitution of the aforesaid mentioned IPR Think Tank was decided (sic).

The Department has attached the Minutes of the Meeting held on 22 September, 2014 (“the Minutes”) and states that there were no documents or papers that were circulated at this meeting and that the participants were asked to present their views on various IP issues at this meeting.

Excerpts from the Minutes

The Secretary of the Department (Shri Amitabh Kant) refers to a (then) recent announcement made by the Minister of State for Commerce and Industry (“the Minister”) on the formulation of the National IPR Policy and the establishment of an IPR Think Tank and states that the meeting had been convened to discuss on various IPR issues with IP experts and legal practitioners so that it would provide essential inputs to the policy needs of the department (sic). The Minutes report that Mr. Kant further stated that the objective of the department was to have a world class IP system and that this included a comprehensive National IPR Policy and which takes care of various issues like IP creation, protection, administration and capacity building (sic). He is also reported to have said that such a stakeholder interaction was important for the government to seek inputs.

The Minister is reported to have said that the purpose of the meeting was to constitute an IP Think Tank that would regularly provide inputs to all IP policy needs of this department as well as advice government in disparate legal aspects (sic). The Minutes also report her to have said that the department would finalize an IP policy within ninety days of the Meeting, based on the inputs of the participants.

According to the Minutes, various issues emerged from the discussion. Inter alia, these include first, that the proposal to constitute the Think Tank was a welcome measure, along the lines of similar initiatives taken by Australia, South Kora, the United Kingdom and the United States of America; second, that in order to remove misconceptions held by foreign stakeholders about IP enforcement in India, there was a need to highlight judgments of Indian courts that were favorable to foreign stakeholders and MNCs; third, that the national policies on telecom, manufacturing and IP ought to be integrated; fourth, that the focus of the Policy should be increase in creation of IP including commercialization of IP and strengthening human capital and IP management and fifth, that empirical studies should be conducted to examine the feasibility of Utility Models protection, that there was a need to revise the law on Geographical Indications and that the Policy should include protection for traditional knowledge and guidelines for publicly funded research.

The Minister is then said to have identified six major areas during the discussion, including IP institution, legislation, implementation, public awareness, international aspects and barriers in IP growth as areas to be covered under the Policy.

Who attended the Meeting?

Attached with the Minutes was also a list of participants who attended the Meeting. Out of the thirty six attendees, I have not been able to locate a single individual or organization representing civil society. Participants include representatives from various government departments and ministries, including inter alia, the DIPP, the Department of Commerce, the Ministry of External Affairs, the Ministry of Information and Broadcasting, the Copyright Division from the Department of Higher Education of the Ministry of Human Resources Development, the Office of the Controller General of Patents, Designs and Trademarks and the Ministry of Culture. The Meeting was also attended by representatives of corporations and industry associations, including FICCI, CII and Cadila Pharmaceuticals; in addition to representatives from law firms including Luthra and Luthra, K&S Partners and Inventure IP and academics including, inter alia, faculty from the Asian School of Business, Trivandrum, Indian Law Institute, Delhi, Tezpur University, Assam, National Law University, Delhi, NALSAR University of Law, Hyderabad, the Indian Institute of Technology, Madras and the National Law School of India University, Bangalore.

If there were multiple meetings held for the same please provide all necessary documents including the minutes of all such meetings, records, documents, memos, e-mails, opinions, advices, press releases, circulars, orders etc. for all such meetings held (sic).

The Department answered, “No”; which I’m taking to mean that there weren’t other meetings held for the formulation of the Think Tank or the Policy. This is interesting, because the Minutes (referred to earlier) speak of another inter-ministerial meeting including IP experts and legal practitioners slated to be held around the 10^th of October, 2014, to discuss the framework of the Policy.

If a directive or directives were received by the Department of Industrial Policy and Promotion from any other government body to constitute such a think tank, please provide a copy of such a directive received by the DIPP from any Government authority, to constitute such a Think Tank (sic).

The Department answered, “No”; which I’m taking to mean that there was no communication received by the Department to constitute this Think Tank.

Please indicate in detail the process of shortlisting the members of the IPR Think Tank by the Department of Industrial Policy and Promotion or any other body that was responsible for the same (sic).

The Department replied that the answer to this was the same as that to the first question.

The Second Response: The Drafting of the Policy

The second of the Department's responses to our requests came in the form of separate responses to each of our four questions, as under:

Please indicate in detail the process followed by the IPR Think Tank constituted by the Department of Industrial Policy and Promotion via Public Notice No. 10 (22)/2013-IPR-III dated November 13, 2014 while framing the first draft of the National IPR Policy dated Dec. 19, 2014 (sic).

The Department stated that the IPR Think Tank conducted its meetings independently without any interference from the Department. The Department then stated that the Think Tank had received comments from stakeholders via a dedicated email id and conducted the interactive meeting with stakeholders while framing the draft on the National IPR Policy.

If there was a meeting held to decide on the same, please include all necessary documents including the minutes of the meeting, records, documents, memos, e-mails, opinion, advices, press releases, circulars, orders, suggestions etc. related to drafting of such National IPR Policy Think Tank chaired by Justice Prabha Sridevan (sic).

The Department replied that since the IPR Think Tank had decided its process by themselves (sic), the Department do not have the minutes of the meeting etc. conducted by the IPR Think Tank (sic). It attached with its reply a copy of the press releases announcing the composition of the Think Tank and asking stakeholders to submit comments to the first draft of the Policy.

If there were multiple meetings held for the same, please provide all necessary documents including the minutes of all such meetings, records, documents, memos, e-mails, opinions, advices, press releases, circulars, order suggestions etc. for all such meetings held (sic).

The Department replied that the response to this was the same as that to the earlier question above.

Please provide all the suggestions and comments received by the IPR Think Tank from stakeholders after the DIPP issued Public Notice No. 10/22/2013-IPR-III dated 13.11.2014 asking for suggestions and comments on or before November 30, 2014 (sic).

The Department replied that the comments and suggestions were received by the Think Tank directly and that therefore, the Department was not in a position to provide the same.

The Third Response: Stakeholder Comments

In its third and final response to our requests, the DIPP replied to our query as under:

Please indicate all the suggestions and comments received by the IPR Think Tank by different stakeholders on or before January 30, 2015 on its first draft of the National Intellectual Property Policy submitted by the IPR Think Tank on December 19, 2014.

The Department said that the suggestions and comments on the draft on National IPR Policy have been received by the IPR Think Tank directly. As such this Department is not in a position to provide the same (sic.).

Observation on the DIPP's Responses

Prima facie, the responses by the Department are rather curious, leading to a range of oddities and unanswered questions.

Who Will Watch the IPR Think Tank

In its response to our first RTI request, the Department quite clearly stated that it decided the composition of the IPR Think Tank based on discussions in a meeting that it convened, which was also chaired by the Minister of State for Commerce and Industry, the parent ministry of the DIPP. In the same response, the Department also stated that it had not received any directive from any other ministry/government department directing the constitution of the IPR Think Tank, leading to the conclusion that this decision was taken by the DIPP/the Ministry of Commerce and Industry itself. Subsequently however, the Department justified its refusal to furnish us with documents leading to the development of the first draft of the National IPR Policy (contained in our second RTI request) by stating that the IPR Think Tank conducted its business without any interference from the Department, and that the Department did not have access to any of the submissions made to the IPR Think Tank or any of the internal minutes of the meetings etc. that were a part of the process of drafting the IPR Policy.

Various press releases by the DIPP have stated that it has constituted the IPR Think Tank, and that the purpose of the IPR Think Tank would be to advise the Department on IPR issues. Visibly, the Department intends for the IPR Think Tank to play an active role in shaping India’s IP law and policy, including suggesting amendments to laws wherever necessary. It is concerning therefore that on the question of accountability of the IPR Think Tank, the DIPP remains silent. It may be argued perhaps, that the IPR Think Tank constitutes a ‘public authority’ under Section 2(h)(d) of the Right to Information Act, 2005 (“RTI Act”). In that case, the IPR Think Tank would have to fulfill, inter alia, all of the obligations under Section 4 of the RTI Act as well as designate a Public Information Officer. Alternatively, given that the IPR Think Tank has been constituted by the DIPP and performs functions for the DIPP, the Public Information Officer of the DIPP would have to furnish all relevant information under the RTI Act (including the information that we sought in our requests, which was not provided to us).

Who are the Stakeholders

Even a preliminary look at the list of participants at the Meeting (based on which the Department constituted the IPR Think Tank) reveals that not all stakeholders have been adequately represented. I haven’t been able to spot any representation from civil society and other organizations that might be interested in a more balanced intellectual property framework that is not rights-heavy. The following chart (based on a total sample size of 36 participants, as stated in the list of participants provided to us by the DIPP) will help put things in perspective.

What Could've Been Done?

Setting aside arguments on its necessity, let us for the moment assume that this drafting of the National IPR Policy is an exercise that needed to have been undertaken. We must now examine what might possibly be the best way to go about this.

In 2014, the World Intellectual Property Organization (“WIPO”) (based on whose approach the Policy seems to have been based- at least in part), produced a detailed Methodology for the Development of National Intellectual Property Strategies, outlining a detailed eight step process before a National IP Policy was implemented in a Member State. While this approach is one to be followed by the WIPO and might not be entirely suited to India’s drafting exercise, specific sections on the national consultation process as well as the drafting and implementation of national intellectual property strategies might prove to be a decent starting point.

(More on this in an upcoming article).d

Where Do We Go From Here?

The DIPP’s responses have left me with more questions, probably the subject of more RTI requests. Is the IPR Think Tank a public authority for the purposes of the Right to Information Act, 2005? To whom should questions of informational accountability of the IPR Think Tank be addressed, if there is no information available on the IPR Think Tank, and the DIPP claims to have no access to it? Do we need to re-examine the draft National IPR Policy given that there has been inadequate representation of all stakeholders? What were the suggestions made by different stakeholders, and (how) have these been reflected in the first draft of the Policy? Was there an evaluation exercise conducted before the first draft of the Policy was released in order to better inform the formulation of the Policy?

We will be looking at these and other questions as they arise, and sending some of these to the DIPP in the form of RTI requests. (Watch the blog for more).

For more details visit https://cis-india.org/a2k/blogs/national-ipr-policy-series-rti-requests-by-cis-to-dipp-dipp-responses