Centre for Internet and Society

On World Water Day - Open Data for Water Resources

sumandro — 2019-01-28T14:41:51Z

Lack of open data for researchers and activists is a key barrier against ensuring access to water and planning for sustainable management of water resources. In a collaboration between DataMeet and CIS, supported by Arghyam, we are exploring the early steps for making open data and tools to plan for water resources accessible to all. To celebrate the World Water Day 2018, we are sharing what we have been working on in the past few months - a paper on open data for water studies in India, and a web app to make open water data easily explorable and usable. Craig Dsouza led this collaboration, and authored this post.

Project Blog: Open Water Data for Integrated Water Science (External)

Open Water Data Paper - Datasets for Water Studies in India Blog - Summary: Read (External)

Open Water Data Paper - Datasets for Water Studies in India Blog - Full Paper: Read (PDF)

Open Water Data Web App: View (External)

Open Water Data Web App - Tech Stack: Read (External)

Open Water Data Web App - Precipitation Data: Read (External)

The 22nd of March is celebrated internationally as World Water Day. Water is so tightly intertwined in every aspect of our lives that one can only scratch the surface in understanding this resource. Besides directly giving us life, it is a key non-renewable shared resource that dictates whether and how societies can grow and prosper. It has shaped the way civilization arose - on riverbanks and coastal lands. Adequate water of good quality can make or break a child’s early growth. Water available at the right time in the monsoon could shape a family’s fortunes for an entire year.

Unfortunately given the development trajectory of the last century, we have struggled to strike a balance and use water in a sustainable manner. Far too many face the ill effects of this misuse. The challenge with water lies in its nature as a common pool resource, which means that it belongs to everyone. Water is for everyone to benefit from and conversely it is no individual’s responsibility to manage and to ensure its sustainability. While some laws and policies exist to ensure sustainable use of water its fluid (pun intended) and ephemeral nature make those laws very hard to enforce. No one knows for sure how much water lies under the ground and above the surface, we only have estimates. Moreover even these estimates lie in the hands of a few. The Government of India is by far the largest entity that collects data on water across the country. Management of this resource however requires that these data points and the capacity to monitor should be decentralized. The 73rd amendment recognises this by placing the authority to plan and implement local works such as watershed management and drinking water provision under the purview of Panchayats.

To address this shortcoming Datameet and CIS in collaboration have taken first steps with a project to ensure that data and tools to plan for water resources are accessible to all. The strategy within this project has been to seek alternative data sources for water, other than government data much of which still isn’t open data. Two alternatives that have emerged are remote sensing open data and crowdsourced community data. A paper put together by the team highlights the numerous sources available for datasets such as rainfall, soil moisture, groundwater levels, reservoir storages, river flows, and water demand including domestic and agricultural water. Besides the paper the team has also put together a first iteration of a web app which seeks to provide these datasets in an easy to use intuitive and interactive format to users in the area of water planning and management. The first dataset available here is CHIRPS: a high resolution daily rainfall dataset for the whole of India.

The plans for this project in the future include making available more datasets (crop maps and Evapotranspiration) and features to access them. In addition to this the goal is also to improve our understanding of the usability of remote sensing water data with efforts to calibrate it with ground observations. A key element of these plans is to develop these resources in collaboration with end users of the data so that the tools are developed with their concerns in mind. We welcome ideas, queries, feedback, and partnerships - do contact us at pune@datameet.org.

For more details visit https://cis-india.org/openness/on-world-water-day-open-data-for-water-resources

The Fundamental Right to Privacy - A Visual Guide

amber — 2018-02-16T05:31:37Z

Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. This visual guide to the story of privacy law in India and the recent judgement of the Puttaswamy v. Union of India case is developed by Amber Sinha (research and content) and Pooja Saxena (design and conceptualisation).

The Fundamental Right to Privacy - A Visual Guide: Download (PDF)

For more details visit https://cis-india.org/internet-governance/blog/the-fundamental-right-to-privacy-a-visual-guide

CIS Comments on TRAI Consultation Paper on Promoting Local Telecom Equipment Manufacturing

sinha — 2017-11-26T02:56:15Z

The Centre for Internet & Society (CIS) sent comments to the TRAI Consultation Paper on promoting telecom equipment manufacturing. CIS submission drew primarily from the research done in the Pervasive Technologies project.

Read TRAI's Consultation Paper on Promoting Local Telecom Equipment Manufacturing

Preliminary

This submission presents comments by the Centre for Internet and Society, India ("CIS") on the Consultation Paper on Promoting Local Telecom Equipment Manufacturing dated 18.09. 2017, released by the Telecom Regulatory Authority of India (TRAI), under Department of Telecom, Ministry of Communications and Information Technologies (“the TRAI Consultation Paper”).
We commend TRAI for its efforts at seeking inputs from various stakeholders on this important and timely issue and are thankful for the opportunity to put forth our views.
We have addressed questions 3 and 5 of the TRAI Consultation Paper. Question numbers referred to in our submission correspond to those in the TRAI Consultation Paper.
Further, the Department of Industrial Planning and Promotion (DIPP) invited comments on SEPs and their availability on FRAND terms on 01. 03. 2016.[1] CIS submitted a detailed response to the consultation, and our present submission will draw significantly from our earlier response[2], as well as new empirical research concluded in the since the time of the consultation.

About CIS

CIS[3] is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. Our areas of focus include IP rights, openness, internet governance, telecommunication reform, free speech, intermediary liability, digital privacy, cyber-security, and accessibility for persons with diverse abilities.
We strive to maximise public benefit, useful innovation, vibrant competition and consumer welfare. This submission is consistent with our commitment to the domestic goals (as enumerated in Make in India and Digital India), and the protection of India's national interest at the international level.

Submission on the Issues for Resolution

“Q.3 Are the existing patent laws in India sufficient to address the issues of local manufacturers? If No, then suggest the measures to be adopted and amendments that need to be incorporated for supporting the local telecom manufacturing industry.”

We submit that amendments to the Patents Act, 1970 may not be preferred, presently. It may be noted that there have been no judgments concluded by Indian courts on disputes relating to licensing of SEPs, yet. Justice Bakhru’s landmark order in Telefonaktiebolaget LM Ericsson (Publ) v. Competition Commission of India (2016) provided valuable clarity on the issue of conflict between remedies under Patents Act, 1970 and Competition Act, 1970. As various other matters are yet to be conclusively decided, and given the complex legal questions involved around the interpretation of Patents Act, 1970 and Competition Act, 2002, and constitutional issues around the jurisdiction of regulators and the power of judicial review of the courts, we believe that it would be prudent to examine the ruling of the courts on these issues in some detail, before considering amendments.

However, to support the local telecom manufacturing industry the Government of India may adopt and implement the following measures:

Develop Model Guidelines to improve the working of Indian Standard Setting Organisations (SSOs): Given the increasing complexity and time-consuming nature of SEP litigation in India, there is a tangible threat of the abuse of the FRAND process, it might be useful for the government to make suggestions on the working of Indian SSOs. The functioning of Indian SSOs has not been satisfactory and it is suggested that the government develop Model Guidelines that may be adopted by Indian SSOs, taking into account India specific requirements. The India specific requirements include a large and exponentially growing mobile device market which has made it possible for manufacturers, patent owners and implementers alike to achieve financial gains even with a low margin. We believe that this measure will also enable the fulfillment of the objectives of the Make in India and Digital India initiatives.

We recommend that various stakeholders, including IP holders, potential licensees and users of IP, civil society organizations, academics, and, government bodies, including the Indian Patent Office, the Department of Telecommunications, the DIPP, TRAI, and, the CCI be consulted in the creation of these Model Guidelines.

In our opinion, the Model Guidelines may cover (a) the composition of the SSO; (b) the process of admitting members; (c) the process of the determination of a standard or technical specification; (d) the process of declassification of a standard or technical specification; (e) the IPR Policy; (f) resolution of disputes; (g) applicable law.
Initiate the formation of a patent pool of critical mobile technologies and cap royalty payments: In light of the observed inadequacies in the IPR policies of various SSOs in India, as well the spate of ongoing patent infringement lawsuits around mobile technologies, we recommend that the government intervene in the setting of royalties and FRAND terms by setting up a patent pool of critical mobile technologies and apply a compulsory license with a five per cent royalty. Further, patent pools should be required to offer FRAND licenses on the same terms to both members and nonmembers of the pool.

Our motivations for this proposal are manifold. In our opinion, it is nearly impossible for potential licensees to avoid inadvertent patent infringement. As a part of our research on technical standards applicable to mobile phones sold in India, we have found nearly 322 standards so far.[4] It is submitted that carrying out patent searches for all the standards would be extremely expensive for potential licensees. Further, even if such searches were to be carried out, different patent owners, SSOs and potential licensees disagree on valuation, essentiality, enforceability, validity, and coverage of patents. In addition, some patent owners are non-practising entities and may not be members of SSOs. The patents held by them are not likely to be disclosed. More importantly, homegrown manufacturers that have no patents to leverage and may be new entrants in the market would be especially disadvantaged by such a scenario. Budget phone manufacturers, standing to incur losses either as a result of heavy licensing fees, or, potential litigation, may close down. Alternatively, they may pass on their losses to consumers, driving the now affordable phones out of their financial reach. With the objectives of Make in India and Digital India in sight, it is essential that Indian consumers continue to have access to devices within their purchasing power.

Further, how did we arrive at a cap of 5 percent? The rationale for this figure is the royalty cap imposed by India in the early 1990s. As part of regulating foreign technology agreements, the (former) Department of Industrial Development (later merged with DIPP) capped royalty rates in the early 1990s. Payment of royalties was capped at either a lump sum payment of $2 million, or, 5 percent on the royalty rates charged for domestic sale, and, 8 percent for export of goods pertaining to “high priority industries”.[5] Royalties higher than 5 percent or 8 percent, as the case may be, required securing approval from the government. While the early 1990s (specifically, 1991) was too early for the mobile device manufacturing industry to be listed among high priority industries, the public announcement by the government covered computer software, consumer electronics, and electrical and electronic appliances for home use. The cap on royalty rates was lifted by the DIPP in 2009.[6] It is submitted in the case of mobile device technology, we are witnessing a situation similar to that of the 1990s. In this sphere, most of the patent holders are multinational corporations which results in large royalty amounts leaving India. At the same time, litigation over patent infringement in India has limited the manufacture and sale of mobile devices of homegrown brands. While SEP litigation in India is indeed comparable to international SEP litigation on broader issues raised, specifically competition law concerns, but differs crucially where the parties are concerned. International SEP litigation is largely between multinational corporations with substantial patent portfolios, capable of engaging in long drawn out litigations, or engaging in other strategies including setting off against each other’s patent portfolios. Dynamics in the Indian market differ – with a larger SEP holder litigating against smaller manufacturers, many of whom are indigenous, homegrown.

In June, 2013, we had recommended to the erstwhile Hon’ble Minister for Human Resource Development[7] that a patent pool of essential technologies be established, with the compulsory licensing mechanism. Subsequently, in February, 2015, we reiterated this request to the Hon’ble Prime Minister.[8] We propose that the Government of India initiate the formation of a patent pool of critical mobile technologies and mandate a five percent compulsory license.[9] As we have stated in our request to the Hon’ble Prime Minister, we believe that such a pool would “possibly avert patent disputes by ensuring that the owners' rights are not infringed on, that budget manufacturers are not put out of business owing to patent feuds, and that consumers continue to get access to inexpensive mobile devices. Several countries including the United States issue compulsory licenses on patents in the pharmaceutical, medical, defence, software, and engineering domains for reasons of public policy, or to thwart or correct anticompetitive practices.”[10] We believe that such a measure will not be in breach of our international obligations under the TRIPS Agreement.
Increase transparency in the patent system by making patentees comply with the law: The Patents Act, 1970 requires patentees and licensees to submit a statement on commercial working of the invention to the Controller every year.[11] Form 27 under section 146(2) of the Act lists the details necessary to be disclosed for compliance of the requirement of “working”. A jurisprudential analysis reveals the rationale and objective behind this mandatory requirement. Undeniably, the scheme of the Indian patent regime makes it amply clear that “working” is a very important requirement, and the public as well as competitors have a right to access this information in a timely manner, without undue hurdles. Indeed, as the decision[12] in Natco Pharma v. Bayer Corporation[13] reveals, the disclosures in Form 27 were crucial to determining the imposition of a compulsory license on the patentee. Thus, broadly, Form 27 disclosures can critically enable willing licensees to access patent “working” information in a timely manner.

However, there has been little compliance of this requirement by the patentees, despite the Indian Patent Office (IPO) reiterating the importance of compliance through the issuance of multiple public notices[14] (suo motu and in response to a public interest litigation filed in 2011[15]), and, reminding the patentees that noncompliance is punishable with a heavy fine.[16] Findings of research submitted by one of the parties[17] in the writ of the 2011 public interest litigation Shamnad Basheer v. Union of India and others[18] reveal as follows. First, a large number of Form 27s are unavailable for download from the website of the IPO. This possibly indicates that the forms have either not been filed by the patentees with the IPO, or have not been uploaded (yet) by the IPO. Second, a large number of filings in the telecom sector remain incomplete.

In 2015, CIS queried the IPO website for Form 27s of mobile device patents to arrive at a similar conclusion. We obtained 4,916 valid Form 27s, corresponding to 3,126 mobile device patents from public online records. These represented only 20.1% of all Forms 27 that should have been filed and corresponded to only 72.5% of all mobile device patents for which Forms 27 should have been filed. Forms 27 were missing for almost all patentees, and even among Forms 27 that were obtained, almost none contained useful information regarding the working of the subject patents or fully complying with the informational requirements of the Indian Patent Rules.[19]

Further, in our study, we observed that patentees adopted drastically different positions regarding the definition of patent working, some arguing that importation of products into India or licensing of Indian suppliers constituted working, while others even went so far as to argue that the granting of a worldwide license to a non-Indian firm constituted working in India. Several significant patentees claimed that they or their patent portfolios were simply too large to enable the provision of information relating to individual patents, and instead provided gross revenue and product sale figures, together with historical anecdotes about their long histories in India.

The Indian government has made little or no effort to monitor or police compliance with Form 27 filings, undoubtedly leading to significant non-compliance. We also propose the alteration of the Form 27 template[20] to include more disclosures.[21] Presently, patentees are required to declare number of licensees and sub-licensees. We specifically propose that the format of Form 27 filings be modified to include patent pool licenses, with an explicit declaration of the names of the licensees and not just the number.
Require royalty rates to be decided on the basis of the Smallest Saleable Patent Practicing Component: Most modern telecommunication and IT devices are complex with numerous technologies working in tandem. Different studies indicate that the number of patents in the US applicable to smartphones is between 200,000 and 250,000.[22] A comprehensive patent landscape of mobile device technologies conducted by CIS reveals that nearly 4,000 patents are applicable to mobile phones sold in India.[23] It is thus extremely difficult to quantify the exact extent of interaction and interdependence between technologies in any device, in such a way that the exact contribution of the patented technology to the entire device can be determined. Thus, we submit that royalty rates for SEPs should be based on the smallest saleable patent practising component, and not on the net price of the downstream product.

The net cost of the device is almost always several times that of the chipset that implements the patented technology. Armstrong et al[24] have found that the cost of a 4G baseband chip costs up to $20 including royalties in a hypothetical $400 phone sold in the US. One of the litigating parties in the ongoing patent infringement lawsuits in India has stated that one of the reasons for preferring to leverage its patents as downstream as possible in the value chain is that it will earn the company more royalties.[25] In instances where patent exhaustion occurs much earlier in the value chain, such as in the case of the company’s cross-licenses with Qualcomm (another company that owns patents to chip technologies), the company does not try to obtain royalties from the selling prices of devices for the cross-licensed technologies. It is submitted that such market practices could be detrimental to the government’s objectives such as providing a mobile handset to every Indian by 2020 as a part of the Digital India programme.[26] It is also worth noting in this context that the mobile device is the first and only medium of access to the Internet and telecom services for a large number of Indians, and, consequently, the only gateway to access to knowledge, information and critical services, including banking.[27]

“Q.5 Please suggest a dispute resolution mechanism for determination of royalty distribution on FRAND (Fair Reasonable and Non Discriminatory) basis.”

The licensing of SEPs on FRAND terms requires the parties to negotiate “reasonable” royalty rates in good faith, and apply the terms uniformly to all willing licensees. It is our submission that if the parties cannot agree to FRAND terms, they may enter into binding arbitration. Further, if all efforts fail, there exist remedies under the Patents Act and the Competition Act, 2002 to address the issues.

Section 115 of the Patents Act empowers the court to appoint an independent scientific adviser “to assist the court or to inquire and report upon any such question of fact or of opinion (not involving a question of interpretation of law) as it may formulate for the purpose.”[28] Such an independent adviser may inform the court on the technical nuances of the matter.

Further, under the Patents Act, pending the decision of infringement proceedings the Court may provide interim relief, if the plaintiff proves first, a prima facie case of infringement; second, that the balance of convenience tilts in plaintiff’s favour; and, third, that if an injunction is not granted the plaintiff shall suffer irreparable damage. However, it is our suggestion that courts adopt a more cautious stance towards granting injunctions in the field of SEP litigation. First, in our opinion, injunctions may prove to be a deterrent to arrive at a FRAND commitment, in particular, egregiously harming the willing licensee. Second, especially in the Indian scenario, where litigating parties operate in vastly different price segments (thereby targeting consumers with different purchasing power), it is difficult to establish that “irreparable damage” has been caused to the patent owner on account of infringement. Third, we note the approach of the European Court of Justice, which prohibited the patent holder from enforcing an injunction provided a willing licensee makes an offer for the price it wishes to pay to use a patent under the condition that it deposited an amount in the bank as a security for the patent holder.[29] Fourth, we also note the approach of the Federal Trade Commission in the USA, which only authorizes patent holders to seek injunctive relief against potential licensees who have either stated that they will not license a patent on any terms, or refuse to enter into a license agreement on terms that have been set in the final ruling of a court or arbitrator.[30] Further, as Contreras (2015)[31] observes, that the precise boundaries of what constitutes as an unwilling licensee remains to be seen. We observe a similar ambiguity in Indian jurisprudence, and accordingly submit that courts should carefully examine the conduct of the licensee to injunct them from the alleged infringement.

Concluding Remarks

We are thankful to TRAI for the opportunity to make these submissions. It would be our pleasure and privilege to discuss these comments with the TRAI; and, supplement these with further submissions if necessary. We also offer our assistance on other matters aimed at developing a suitable policy framework for SEPs and FRAND in India, and, working towards the sustained innovation, manufacture and availability of mobile technologies in India.

[1] Department of Industrial Policy and Promotion Discussion Paper on Standard Essential Patents and their Availability on Frand Terms, available at https://cis-india.org/a2k/blogs/discussion-paper-on-standard-essential-patents-and-their-availability-on-frand-terms (last accessed November 13, 2017)

[2] Anubha Sinha, Nehaa Chaudhari and Rohini Lakshane, “CIS’ Comments on Department of Industrial Policy and Promotion Discussion Paper on Standard Essential Patents and their Availability on Frand Terms” (April 23, 2016); available at https://cis-india.org/a2k/blogs/comments-on-department-of-industrial-policy-and-promotion-discussion-paper-on-standard-essential-patents-and-their-availability-on-frand-terms

[3] www.cis-india.org

[4] Rohini Lakshané, CIS, List of Technical Standards and IP Types (Working document), available at https://drive.google.com/file/d/0B8SgjShAjhbtaml5eW50bS01d2s/view?usp=sharing (last accessed 13 November, 2017).

[5] Kumkum Sen, News on Royalty Payments Brings Cheer in New Year, available at http://www.businessstandard.com/article/economypolicy/newsonroyaltypaymentbringscheerinnewyear11001 0400044_1.html (last accessed 13 November, 2017).

[6] See Sanjana Govil, Putting a Lid on Royalty Outflows How the RBI Can Help Reduce India’s IP Costs , available at http://cisindia.org/a2k/blogs/lidonroyaltyoutflows (last accessed 13 November, 2017) for a discussion on the introduction of royalty caps in the early 1990s, and its success in reducing the flow of money out of India.

[7] Nehaa Chaudhari, Letter for Establishment of Patent Pool for Low cost Access Devices through Compulsory

Licenses, available at http://cisindia.org/a2k/blogs/letterforestablishmentofpatentpoolforlowcostaccessdevices (last accessed 13 November, 2017).

[8] See Rohini Lakshané, Open Letter to PM Modi, available at http://cisindia.org/a2k/blogs/openlettertoprimeministermodi (last accessed 13 November, 2017) for further details of CIS’ proposal.

[9] Rohini Lakshané, FAQ: CIS’ proposal to form a patent pool of critical mobile technology, September 2015, available at http://cisindia.org/a2k/blogs/faqcisproposalforcompulsorylicensingofcriticalmobiletechnologies (last accessed 13 November, 2017).

[10] Id.

[11] Section 146(2) of the Patents Act, 1970.

[12] Sai Vinod, Patent Office Finally Takes Form 27s Seriously, available at http://spicyip.com/2013/02/patentofficefinallytakesform27s.html (last accessed 13 November, 2017).

[13] Order No. 45/2013 (Intellectual Property Appellate Board, Chennai), available at http://www.ipab.tn.nic.in/0452013.htm (last accessed 13 November, 2017).

[14] Intellectual Property India, Public Notice, available at

http://www.ipindia.nic.in/iponew/publicNotice_Form27_12Feb2013.pdf ((last accessed 13 November, 2017) and Intellectual Property India, Public Notice, available at http://ipindia.nic.in/iponew/publicNotice_24December2009.pdf (last accessed 13 November, 2017).

[15] Supra note 11.

[16] Id.

[17] See research findings available at http://spicyip.com/wpcontent/uploads/2015/05/FORM27WP1Rcopy.pdf (last accessed 13 November, 2017).

[18] In the High Court of Delhi, W.P.(C) 5590/2015. This litigation is currently ongoing. See, illustratively, Mathews P. George, Patent Working in India: Delhi HC issues notice in Shamnad Basheer v. Union of India & Ors. – I , available at http://spicyip.com/2015/09/patentworkinginindiadelhihcissuesnoticeinshamnadbasheervunionofindiaorsi.html (last accessed 13 November, 2017).

[19] Contreras, Jorge L. and Lakshané, Rohini and Lewis, Paxton, Patent Working Requirements and Complex Products (October 1, 2017). NYU Journal of Intellectual Property & Entertainment Law, Forthcoming. Available at SSRN: https://ssrn.com/abstract=3004283

[20] Form 27, The Patents Act, available at http://ipindia.nic.in/ipr/patent/manual/HTML%20AND%20PDF/Manual%20of%20Patent%20Office%20Practice%20and%20Procedure%20%20html/Forms/Form27.pdf (last accessed November 13, 10`7).

[21] However, we came across some complaints raised by patentees and industry observers regarding the structure of the Form 27 requirement - namely, patents covering complex, multi-component products that embody dozens of technical standards and thousands of patents are not necessarily amenable to the individual-level data requested by Form 27. See Contreras, Jorge L. and Lakshané, Rohini and Lewis, Paxton, Patent Working Requirements and Complex Products (October 1, 2017). NYU Journal of Intellectual Property & Entertainment Law, Forthcoming. Available at SSRN: https://ssrn.com/abstract=3004283

[22] Mark Lemley and Carl Shapiro, Patent Holdup and Royalty Stacking, 85 Tex. L. Rev. at 2015 ; See also, for e.g.,

RPX Corporation, Amendment No. 3 to Form Sl,11 Apr. 2011, at 59, available at http://www.sec.gov/Archives/edgar/data/1509432/000119312511101007/ds1a.htm (last accessed 22 April, 2016), quoting “Based on our research, we believe there are more than 250,000 active patents relevant to today’s

smartphones…” .; See further Steve Lohr, Apple Samsung Case Shows Smartphone as Legal Magnet, New York Times, 25 Aug. 2012, available at http://www.nytimes.com/2012/08/26/technology/applesamsungcaseshowssmartphoneaslawsuitmagnet.html (last accessed November13, 2017).

[23] Jorge L. Contreras and Rohini Lakshané, Patents and Mobile Devices in India: An Empirical Survey, available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2756486 (last accessed 13 November, 2017).

[24] Ann Armstrong, Joseph J. Mueller and Timothy D. Syrett, The SmartphoneRoyalty Stack:Surveying Royalty Demands for the Components Within Modern Smartphones, available at https://www.wilmerhale.com/uploadedFiles/Shared_Content/Editorial/Publications/Documents/TheSmartphoneRoyaltyStackArmstrongMuellerSyrett.pdf (last accessed 13 November, 2017)

[25] Florian Mueller, Ericsson Explained Publicly why it Collects Patent Royalties from Device (Not Chipset) Makers, available at http://www.fosspatents.com/2014/01/ericssonexplainedpubliclywhyits.Html (last accessed 13 November, 2017).

[26] Romit Guha and Anandita Singh Masinkotia, PM Modi’s Digital India Project:Government to Ensure that Every Indian has a Smartphone by 2019, available at http://articles.economictimes.indiatimes.com/20140825/news/53205445_1_digitalindiaindiatodayfinancialservices (last accessed 13 November, 2017).

[27] Nehaa Chaudhari, Standard Essential Patents on Low Cost Mobile Phones in India: A Case to Strengthen Competition Regulation? available at http://www.manupatra.co.in/newsline/articles/Upload/08483340C1B94BA4B6A9D6B6494391B8.pdf (last accessed 13 November, 2017).

[28] Section 115 of the Patents Act, 1970.

[29] Huawei Technologies Co. Ltd v. ZTE Corp. and ZTE Deutschland , Judgment of the Court (Fifth Chamber) of 16 July 2015 in GmbH C170/13.

[30] Third Party United States Fed. Trade Commission’s Statement on the Public Interest, In re Certain Wireless Communication Devices, Portable Music and Data Processing Devices, Computers and Components Thereof, U.S. Int’l Trade Comm’n, Inv. No. 337TA745 (Jun. 6, 2012).

[31] Jorge L. Contreras, A Brief History of FRAND: Analyzing Current Debates in Standard Setting and Antitrust Through a Historical Lens , 80 Antitrust Law Journal 39 (2015), available at h ttp://ssrn.com/abstract=2374983 or http://dx.doi.org/10.2139/ssrn.2374983 (last accessed 13 November, 2017).

For more details visit https://cis-india.org/telecom/blog/cis-comments-on-promoting-local-telecom-equipment-manufacturing

The Fundamental Right to Privacy: An Analysis

amber — 2017-10-04T11:19:46Z

Last month’s judgment by the nine judge referral bench was an emphatic endorsement of the the constitutional right to privacy. In the course of a 547 page judgment, the bench affirmed the fundamental nature of the right to privacy reading it into the values of dignity and liberty. In the course of a few short papers, we will dissect the various aspects of the right to privacy as put forth by the nine judge constitutional bench in the Puttaswamy matter. The papers will focus on the sources, structure, scope, breadth, and future of privacy. Here are the first three papers, authored by Amber Sinha and edited by Elonnai Hickok.

The Fundamental Right to Privacy - Part I: Sources

Much of the debate and discussion in the hearings before the constitutional bench was regarding where in the Constitution a right to privacy may be located. In this paper, we analyse the different provisions and tools of interpretations use by the bench to read a right to privacy in Part III of the Constitution.

Download: PDF

The Fundamental Right to Privacy - Part II: Structure

In the previous paper, we delved into the sources in the Constitution and the interpretive tools used to locate the right to privacy as a constitutional right. This paper follows it up with an analysis of the structure of the right to privacy as articulated by the bench. We will look at the various facets of privacy which form a part of the fundamental right, the basis for such dimensions and what their implications may be.

Download: PDF

The Fundamental Right to Privacy - Part III: Scope

While the previous papers dealt with the sources in the Constitution and the interpretive tools used by the bench to locate the right to privacy as a constitutional right, as well as the structure of the right with its various dimensions, this paper will look at the judgment for guidance on principles to determine what the scope of the right of privacy may be.

Download: PDF

For more details visit https://cis-india.org/internet-governance/blog/the-fundamental-right-to-privacy-an-analysis

CIS Statement on Right to Privacy Judgment

amber — 2017-08-31T18:13:14Z

In an emphatic endorsement of the right to privacy, a nine judge constitutional bench unanimously upheld a fundamental right to privacy. The events leading to this bench began during the hearings in the ongoing Aadhaar case, when in August 2015, Mukul Rohatgi, the then Attorney General stated that there is no constitutionally guaranteed right to privacy.

reliance was on two Supreme Court judgments in MP Sharma v Satish Chandra (1954) and Kharak Singh v State of Uttar Pradesh (1962): both cases, decided by eight- and six-judge benches respectively, denied the existence of a constitutional right to privacy. As the subsequent judgments which upheld the right to privacy were by smaller benches, he claimed that MP Sharma and Kharak Singh still prevailed over them, until they were overruled by a larger bench. This landmark judgment was in response to a referral order to clear the confusion over the status of privacy as a right.

We, at the Centre for Internet and Society (CIS) welcome this judgement and applaud the depth and scope of the Supreme Court’s reasoning. CIS has been producing research on the different aspects of the right to privacy and its implications for the last seven years and had the privilege of serving on the Justice AP Shah Committee and contributing to the Report of the Group of Experts on Privacy.[1] We are honoured that some of our research has also been cited by the judgment.[2] Such judicial recognition is evidence of the impact sound research can have on policymaking.

In the course of a 547 page judgment, the bench affirmed the fundamental nature of the right to privacy reading it into the values of dignity and liberty. The judgment is instructive in its reference to scholarly works and jurisprudence not only in India but other legal systems such as USA, South Africa, EU and UK, while recognising a broad right to privacy with various dimensions across spatial, informational and decisional spheres. We note with special appreciation that women’s bodily integrity and citizens’ sexual orientation are among those aspects of privacy that were clearly recognised in the judgment. For researchers studying privacy and its importance, this judgment is of great value as it provides clear reasoning to reject oft-quoted arguments which are used to deny privacy’s significance. The judgement is also cognizant of the implications of the digital age and emphasise the need for a robust data protection framework.

The right to privacy has been read into into Article 21 (Right to life and liberty), and Part III (Chapter on Fundamental Rights) of the Constitution. This means that any limitation on the right in the form of reasonable restrictions must not only satisfy the tests evolved under Article 21, but where loss of privacy leads to infringement on other rights, such as chilling effects of surveillance on free speech, the tests for constitutionality under those provisions for also be satisfied by the limiting action. This provides a broad protection to citizens’ privacy which may not be easily restricted. We expect that this judgment will have far reaching impacts, not just with respect to the immediate Aadhaar case, but also to in a score of other matters such as protection of sexual choice by decriminalising Section 377 of the Indian Penal Code, oversight of statutory search and seizure provisions such as Section 132 of the Income Tax Act, personal data collection and processing practices by both state and private actors and mass surveillance programmes in the interest of national security.

As this judgment comes in response to a referral order, the judges were not dealing with any questions of fact to ground the legal principles in. Subsequent judgments which deal with privacy will apply these principles and further evolve the contours of this right on a case-by-case basis. For now, we welcome this judgment and look forward to its consistent application in the future.

[1]. http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[2]. CIS was quoted in the judgement on footnote 46, page 33 and 34: http://supremecourtofindia.nic.in/pdf/LU/ALL%20WP(C)%20No.494%20of%202012%20Right%20to%20Privacy.pdf The quote is " Illustratively, the Centre for Internet and Society has two interesting articles tracing the origin of privacy within Classical Hindu Law and Islamic Law. See Ashna Ashesh and Bhairav Acharya ,“Locating Constructs of Privacy within Classical Hindu Law”, The Centre for Internet and Society, available at https://cis-india.org/internet-governance/blog/loading-constructs-of-privacy-within-classical-hindu-law. See also Vidushi Marda and Bhairav Acharya, “Identifying Aspects of Privacy in Islamic Law”, The Centre for Internet and Society, available at https://cis-india.org/internet-governance/blog/identifying-aspects-of-privacy-in-islamic-law " Further, research commissioned by CIS cited in the judgment includes a reference in page 201 footnote 319, "Bhairav Acharya, “The Four Parts of Privacy in India”, Economic & Political Weekly (2015), Vol. 50 Issue 22, at page 32."

For more details visit https://cis-india.org/internet-governance/blog/cis-statement-on-right-to-privacy-judgment

High Level Comparison and Analysis of the Use and Regulation of DNA Based Technology Bill 2017

elonnai — 2017-08-11T02:16:52Z

This blog post seeks to provide a high level comparison of the 2017 and 2015 DNA Profiling Bill - calling out positive changes, remaining issues, and missing provisions.

In July 2017 the Law Commission published a report on DNA profiling and the “Draft Use and Regulation of DNA Based Technology Bill 2017”. India has been contemplating a draft DNA Profiling Bill since 2007. There have been two publicly available versions of the bill, 2012, and 2015, and one version in 2016. In 2013, the Department of Biotechnology formulated an Expert Committee to discuss different aspects and issues raised regarding the Bill towards finalizing the text. The Centre for Internet and Society was a member of the Expert Committee, and in its conclusion, issued a note of dissent to the Expert Committee for DNA Profiling.

This post provides a high level overview of the Use and Regulation of DNA Based Technology Bill 2017 and calls out positive changes from the 2015 Bill, remaining issues, and missing provisions. The post also calls out if, and where, CIS's recommendations to the Expert Committee have been incorporated.

If enacted, the 2017 Bill will establish national and regional DNA data banks that will maintain five different types of indices: a crime scene index, missing persons, offenders, suspects, and unknown deceased persons. The data banks will be led by a Director, responsible for communicating information with requesting entities, foreign states, and international organizations. Information relating to DNA profiles, DNA samples, and records maintained in a DNA laboratory can be made available in six instances: to law enforcement and investigating agencies, in judicial proceedings, for facilitating prosecution and adjudication of criminal cases, for taking defence of an accused, for investigation of civil disputes, and other cases which might be specified by regulations. Offences related to unauthorized disclosure of information in the DNA data bank, obtaining information from DNA data banks without authorization, unlawful access to information in the DNA Data Bank, using DNA sample or result without authorization, and destroying, altering, contaminating, or tampering with biological evidence.

Below are some key positive changes from the 2015 Bill, remaining issues, and missing safeguards from the 2017 Bill:

Positive Changes: The Bill contains a number of positive changes from the 2015 draft. Key ones include:

Consent: Section 21 prohibits the taking of samples from arrested persons without consent, except in the case of a specified offence - a specified offence being any offence punishable with death or imprisonment for a term exceeding seven years. If consent is refused, a magistrate can order the taking of the sample. This can be in the case of any matter listed in the Schedule of the Act. Section 22 provides for consent from volunteers. It is important to note that despite being an improvement from the 2015 Bill, which did not address instances of collection with our without consent, this provision is still broad as the list of offences under the Schedule is expansive and can be further expanded by the Central Government. Furthermore, the Magistrate can overrule a refusal of consent of the parent or guardian of a voluneet who is a minor, which does not provide adequate protection to childrens' rights.
Deletion: Section 31 defines instances for deletion of suspect profiles, under trial profiles, and all other profiles. Though a step in the right direction, as the 2015 Bill only addressed retention and deletion of the offenders index, this provision does not address the automatic removal of innocents.
Purpose limitation: Section 33 limits the purpose of profiles in the DNA Data Bank to that of facilitating identification. This is a positive step from the 2015 Bill - which enabled use of DNA profiles for the creation and maintenance of a population statistics data bank. Section 34 also limits the purposes for which information relating to DNA profiles, samples, and records can be made available.
Destruction of samples: Section 20 defines instances for destruction of DNA samples. Destruction of samples was not address in the 2015 Bill, and is an important protection as it prevents samples from being re-analyzed.
Comparison of profiles: Section 29 clarifies that if the individual is not an offender or a suspect, their information will not be compared with DNA profiles in the offenders’ or suspects index. This creates an important distinction between types of indices held in the data bank and the purpose for the same i.e missing persons are not treated as potential offenders. In the 2015 Bill, profiles entered in the offenders or crime scene index could be compared by the DNA Data Bank Manger against all profiles contained in the DNA Data Bank.
Re-testing: Section 24 allows for an accused person to request for a re-examination of fresh bodily substances if it is believed the sample has been contaminated. The closest provision to this in the 2015 was the creation a post - conviction right for DNA profiling - which is now deleted. It is important to note that fresh samples can easily be obtained from individuals, but if contamination happens at a crime scene, it is much more difficult to obtain a fresh sample.
Limiting Indices and including a crime scene index: The 2017 Bill limits the number of indices to five - a crime scene index, missing persons, offenders, suspects, and unknown deceased persons. This is an improvement from the 2015 Bill which provides for the maintenance of indices in the DNA Bank and includes a missing person’s index, an unknown deceased person’s index, a volunteers’ index, and such other DNA indices as may be specified by regulation.

Remaining Issues: There are some remaining issues in the 2017 Bill. Some of these include:

Delegating and Expanding through Regulation: The Bill delegates a number of procedures to regulation - many which should be in the text of the Bill. For example: the format for receiving and storing DNA profiles, and additional criteria for entry, retention, and deletion of DNA profiles. Furthermore, a number of provisions allow for expansion through regulation. For example, the sources from which DNA can be collected from to be expanded as specified by regulations. Further purposes for making DNA profiles available can be defined by regulation. Important procedures such as privacy and security safeguards are also left to regulation.
Broad Powers and Composition of the Board: The Bill designates twenty one responsibilities to the Board. As pointed out in 1, many of these should be detailed in the text of the legislation.

While serving on the Expert Committee,CIS recommended that the functions of the DNA Profiling Board should be limited to licensing, developing standards and norms, safeguarding privacy and other rights, ensuring public transparency, promoting information and debate and a few other limited functions necessary for a regulatory authority. This recommendation has not been incorporated.

Ideally, the Board should also include privacy experts, an expert in ethics, as well as civil society. Towards this, the Board should be comprised of separate Committees to address these different functions. There should be a Committee addressing regulatory issues pertaining to the functioning of Data Banks and Laboratories and an Ethics Committee to provide independent scrutiny of ethical issues.

As a positive note, the reduction of the size of the Board was agreed upon by the Expert Committee from 16 members (2012 Bill) to 11 members. This reccomendation has been incorporated.

CIS also provided language regarding how the Board could consult with the public:The Board, in carrying out its functions and activities, shall be required to consult with all persons and groups of persons whose rights and related interests may be affected or impacted by any DNA collection, storage, or profiling activity. The Board shall, while considering any matter under its purview, co-opt or include any person, group of persons, or organisation, in its meetings and activities if it is satisfied that that person, group of persons, or organisation, has a substantial interest in the matter and that it is necessary in the public interest to allow such participation. The Board shall, while consulting or co-opting persons, ensure that meetings, workshops, and events are conducted at different places in India to ensure equal regional participation and activities. This language has not been fully incorporated

Lack of Authorization Procedure: Though the Bill defines instances of when DNA information can be made available, it fails to establish or refer to an authorization process for making information available and the decision currently seems to rest with the DNA Bank Director.
Expansive Schedule: The Bill creates a schedule containing a list of matters for DNA testing which includes whole acts and a range of civil disputes and matters that are broad and do not relate to criminal cases - most notably “issues relating to immigration or emigration and issues relating to establishment of individual identity.”
Unclear Data Stored: Though the Bill clarifies the circumstance that the identity of the individual will be associated with a profile, it allows for ‘information of data based on DNA testing and records relating thereto” to be stored, yet it is unclear what information this would entail.
Lack of procedures for chain of custody: Presently, the Bill defines quality assurance procedures for a sample that is already at the lab. There are no provisions defining a process for the examination of a crime scene and laying down standards for the chain of custody of a sample from the crime scene to a DNA laboratory.

Missing Safeguards:

There are some safeguards that, if added, would strengthen the Bill and ensure rights to the individual:

Notification to the individual: There are no provisions that ensure that notification is given to an individual if his/her information is accessed or made available.
Right to challenge: There are no provisions that give the individual the right to challenge the storage of their DNA.
Established profiling standard: Though the Law Commission report refers to the 13 CODIS standard, the Bill does not mandate the use of the 13 CODIS profiling standard.
Reporting standard: There are no standards for how matches or other information should be communicated from the DNA director to the authority or receiving entity including instances of partial matches.
Right to access and review: There are no provisions that allow an individual to review his/her information contained in the regional or the national database.
Lack of costing: There is no cost estimate in the report or a requirement for one to be carried out.
Study for the potential for false matches: This must consider the size of the population and large family size, i.e. relatively large numbers of closely related people and is particularly necessary given the the size over population as large as India's.

Importantly, in the DNA Expert Committee, CIS requested the Expert Committee that the Bill be brought in line with the nine national principles defined in the Report of Experts on Privacy led by Justice AP Shah. These include the principles of notice, choice and consent, collection limitation, purpose limitation, access and correction, disclosure of information, security, openness, and accountability. These principles have not been fully incorporated.

For more details visit https://cis-india.org/internet-governance/blog/high-level-comparison-and-analysis-of-the-use-and-regulation-of-dna-based-technology-bill-2017

Global Accessibility Awareness Day 2017

praskrishna — 2017-05-16T05:51:45Z

The Centre for Internet & Society along with Prakat Solutions and Mitra Jyothi is co-hosting the Global Accessibility Awareness Day in Bengaluru on May 18, 2017.

Global Accessibility Awareness Day is celebrated across the world on the 3rd Thursday in May every year to create an awareness in making technology accessible and usable by persons with disabilities. While people may be interested in the topic of making technology accessible and inclusive, the reality is that they often do not know how or where to start, Awareness comes first.

The purpose of GAAD is to get everyone talking, thinking and learning about digital (web, software, mobile, etc.) access/inclusion and people with different disabilities.

To mark this day, Prakat Solutions will be hosting an event filled with lightning talks, workshops and a lot of other activities. You can also view a series of short videos about why accessibility is important with contributions from some of the greatest minds in accessibility today.For us as a company, Global Accessibility Awareness Day is quite special. Other awareness days that we participate in focus on a specific group of people. Today, is not about a specific group of people, today is about each and every one of us.

Watch the Video on What is GAAD

For more details visit https://cis-india.org/accessibility/events/global-accessibility-awareness-day-2017

(Updated) Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information

Amber Sinha and Srinivas Kodali — 2019-03-13T00:29:01Z

Since its inception in 2009, the Aadhaar project has been shrouded in controversy due to various questions raised about privacy, technological issues, welfare exclusion, and security concerns. In this study, we document numerous instances of publicly available Aadhaar Numbers along with other personally identifiable information (PII) of individuals on government websites. This report highlights four government projects run by various government departments that have made sensitive personal financial information and Aadhaar numbers public on the project websites.

Read the updated report: Download (pdf)

Read the first statement of clarification (May 16, 2017): Download (pdf)

Read the second statement of clarification (November 05, 2018): Link to page (html)

We are grateful to Yesha Paul and VG Shreeram for research support.

In the last month, there have been various reports pointing out instances of the public disclosure of Aadhaar number through various databases, accessible easily on Twitter under the hashtag #AadhaarLeaks. Most of these public disclosures reported contain personally identifiable information of beneficiaries or subjects of the non UIDAI databases containing Aadhaar numbers of individuals along with other personal identifiers. All of these public disclosures are symptomatic of a significant and potentially irreversible privacy harm, however we wanted to point out another large fallout of such events, those that create a ripe opportunity for financial fraud. For this purpose, we identified benefits disbursement schemes which would require its databases to store financial information about its subjects. During our research, we encountered numerous instances of publicly available Aadhaar Numbers along with other PII of individuals on government websites. In this paper, we highlight four government projects run by various government departments with publicly available financial data and Aadhaar numbers. Our research is focussed largely on the data published by or pertaining to where Aadhaar data is linked with banking information. We chose major government programmes using Aadhaar for payments and banking transactions. We found sensitive and personal data and information very easily accessible on these portals.

For more details visit https://cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof-a-documentation-of-public-availability-of-aadhaar-numbers-with-sensitive-personal-financial-information-1

Economic, Social and Cultural Rights in India: Opportunities for Advocacy in Intellectual Property

Sunil Abraham and Vidushi Marda — 2017-04-23T05:22:01Z

Centre for Internet & Society worked on a three part case study. The first case study on digital protection of traditional knowledge was published by GIS Watch in December 2016. The other two case studies along with the synthesis overview has also been published.

The rights established in the International Covenant on Economic, Social and Cultural Rights (ICESCR) are socioeconomic rights and are easily mapped onto rights to education, work, science and culture. These rights, however, are not as easily mapped onto intellectual property rights. This three-part case study contemplates the ICESCR through aspects of intellectual property in India, namely, mobile patents, free and open source software (FOSS), and India’s Traditional Knowledge Digital Library. Through these, it demonstrates the potential of these technologies in realising ESCRs.

A distinguishing factor of the ICESCR is the emphasis on the progressive realisation of rights within the Covenant, which indicates the necessity of parties to take steps for the realisation of ESCRs to the best of their ability given the resources available, with a view to fully realising these rights in the long term. This is particularly relevant in India, where the large population and scarcity of resources require gradual realisation and sustained planning. This case study advocates for the progressive realisation of the rights outlined below, and sheds light on the current state of progress in India, as well as providing an overview of the framework within which these rights will be realised.

Although these three case studies focus on distinct areas – mobile patents, FOSS and open standards, and traditional knowledge – they can also be understood as tied together through the central theme of a mobile phone. The first case study on mobile patents deals with the hardware of the phone, the second deals with the software in discussing open software and standards, and the third case study on traditional knowledge focuses on the person holding the phone who consumes information-embedded products such as traditional foods and medicines.

The report on digital protection of traditional knowledge was published by GIS Watch earlier and the rest of the reports have been published by the Association for Progressive Communications.

For more details visit https://cis-india.org/openness/apc-april-23-2017-sunil-abraham-and-vidushi-marda-economic-social-and-cultural-rights-in-india

Exploring Big Data for Development: An Electricity Sector Case Study from India

sumandro — 2019-03-16T04:33:15Z

This working paper by Ritam Sengupta, Dr. Richard Heeks, Sumandro Chattapadhyay, and Dr. Christopher Foster draws from the field study undertaken by Ritam Sengupta, and is published by the Global Development Institute, University of Manchester. The field study was commissioned by the CIS, with support from the University of Manchester and the University of Sheffield.

Download the working paper: PDF

Abstract

This paper presents exploratory research into “data-intensive development” that seeks to inductively identify issues and conceptual frameworks of relevance to big data in developing countries. It presents a case study of big data innovations in “Stelcorp”; a state electricity corporation in India. In an attempt to address losses in electricity distribution, Stelcorp has introduced new digital meters throughout the distribution network to capture big data, and organisation-wide information systems that store and process and disseminate big data.

Emergent issues are identified across three domains: implementation, value and outcome. Implementation of big data has worked relatively well but technical and human challenges remain. The advent of big data has enabled some – albeit constrained – value addition in all areas of organisational operation: customer billing, fault and loss detection, performance measurement, and planning. Yet US$ tens of millions of investment in big data has brought no aggregate improvement in distribution losses or revenue collection. This can be explained by the wider outcome, with big data faltering in the face of external politics; in this case the electoral politics of electrification. Alongside this reproduction of power, the paper also reflects on the way in which big data has enabled shifts in the locus of power: from public to private sector; from labour to management; and from lower to higher levels of management.

A number of conceptual frameworks emerge as having analytical power in studying big data and global development. The information value chain model helps track both implementation and value-creation of big data projects. The design-reality gap model can be used to analyse the nature and extent of barriers facing big data projects in developing countries. And models of power – resource dependency, epistemic models, and wider frameworks – are all shown as helping understand the politics of big data.

Cross-posted from University of Manchester.

For more details visit https://cis-india.org/raw/exploring-big-data-for-development-an-electricity-sector-case-study-from-india

Net Neutrality Resources

praskrishna — 2017-04-22T09:11:21Z

Submissions by the Centre for Internet and Society to TRAI and DoT, 2015-2017.

Submission for TRAI Consultation on Regulatory Framework for Over-the-Top Services (June 29, 2015)
Submission to TRAI Consultation on Differential Pricing (January 7, 2016)
Counter Comments to TRAI on Differential Pricing (January 14, 2016)
TRAI Consultation on Differential Pricing for Data Services: Post-Open House Discussion Submission (January 25, 2016)
Submission to TRAI Consultation on Free Data (June 30, 2016)
Submission to TRAI Consultation on Proliferation of Broadband through Public WiFi Networks (August 28, 2016)
Submission to TRAI Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks (December 12, 2016)
Submission to TRAI Consultation on Net Neutrality (April 18, 2017)

For more details visit https://cis-india.org/internet-governance/resources/net-neutrality-resources

Survey on Data Protection Regime

Aditi Chaturvedi and Elonnai Hickok — 2017-02-10T10:47:00Z

We request you to take part in this survey aimed at understanding how various organisations view the changes in the Data Protection Regime in the European Union. Recently the General Data Protection Regulation (EU) 2016/679 was passed, which shall replace the present Data Protection Directive DPD 95/46/EC. This step is likely to impact the way of working for many organisations. We are grateful for your voluntary contribution to our research, and all information shared by you will be used for the purpose of research only. Questions that personally identify you are not mandatory and will be kept strictly confidential.

The survey form below can also be accessed here.

For more details visit https://cis-india.org/internet-governance/blog/survey-on-data-protection-regime

Internet Researchers' Conference 2017 (IRC17)

sumandro — 2018-07-02T18:29:55Z

With great pleasure we announce the second edition of the Internet Researchers' Conference (IRC), an annual conference series initiated by the Researchers at Work (RAW) programme at CIS to gather researchers, academic or otherwise, studying internet in/from India to congregate, share insights and tensions, and chart the ways forward. The Internet Researchers' Conference 2017 (IRC17) will be held at the International Institute of Information Technology Bangalore (IIIT-B) campus on March 03-05, 2017. It is being organised by the Centre for Information Technology and Public Policy (CITAPP) at IIIT-B and the CIS.

Registration is closed now.

Propose open sessions here.

Agenda (final): Download (PDF)

Programme: Download (PDF)

Poster (high resolution): Download (JPG)

IRC17: Key Provocations

Two critical questions that emerged from the conversations at the previous edition of the Conference (IRC16) were about the digital objects of research, and the digital/internet experiences in Indic languages. As we discussed various aspects and challenges of 'studying internet in India', it was noted that we have not sufficiently explored how ongoing research methods, assumptions, and analytical frames are being challenged (if at all) by the becoming-digital of the objects of research across disciplines: from various artifacts and traces of human and machinic interactions, to archival entries and sites of ethnography, to practices and necessities of collaboration.

We found that the analyses of such digital objects of research often tend to assume either an aesthetic and functional uniqueness or sameness vis-à-vis the pre-/proto-digital objects of research, while neither of these positions are discussed in detail. Further, we tend to universalise the English-speaking user's/researcher's experience of working with such digital objects, without sufficiently considering their lives and functions in other (especially, Indic) languages.

These we take as the key provocations of the 2017 edition of IRC:

How does the becoming-digital of the research objects challenge our current research practices, concerns, and assumptions?
How do we appreciate, study, and theorise the functioning of and meaning-making by digital objects in Indic languages?
What research tools and infrastructures are needed to study, document, annotate, analyse, archive, cite, and work with (in general) digital objects, especially those in Indic languages?

This conference series is specifically driven by the following interests: 1) creating discussion spaces for researchers studying internet in India and in other comparable regions, 2) foregrounding the multiplicity, hierarchies, tensions, and urgencies of the digital sites and users in India, 3) accounting for the various layers, conceptual and material, of experiences and usages of internet and networked digital media in India, and 4) exploring and practicing new modes of research and documentation necessitated by new (digital) forms of objects of power/knowledge.

Dates and Venue

The conference is being hosted by the International Institute of Information Technology Bangalore (IIIT-B) during March 03-05, 2017.

Address: 26/C, Electronics City, Hosur Road, Bangalore, 560100, location on Google Map.

Session Details and Notes

Day 01, Friday, March 03

#DigitalIdentities: Details and Etherpad

#IndicLanguagesAndInternetCohabitation: Details and Etherpad

#SelfiesFromTheField: Details and Etherpad

#HookingUp: Details and Etherpad

Day 02, Saturday, March 04

#DotBharatAdoption: Details and Etherpad

#DigitalPedagogies: Details and Etherpad

#MaterializingWriting: Details and Etherpad

#RenarrationWeb: Details and Etherpad

Day 03, Sunday, March 05

#ArchivesForStorytelling: Details and Etherpad

#ObjectsOfDigitalGovernance: Details and Etherpad

#OpenAccessScholarlyPublishing: Details and Etherpad

Session Selection Process

Call for sessions: http://cis-india.org/raw/irc17-call.

Selected sessions: http://cis-india.org/raw/irc17-selected-sessions.

Please join the researchers@cis-india mailing list to take part in pre- and post-conference conversations.

About the IRC Series

The Researchers at Work (RAW) programme at the Centre for Internet and Society (CIS) initiated the Internet Researchers' Conference (IRC) series to address these concerns, and to create an annual temporary space in India, for internet researchers to gather and share experiences.

The IRC series is driven by the following interests:

creating discussion spaces for researchers and practitioners studying internet in India and in other comparable regions,
foregrounding the multiplicity, hierarchies, tensions, and urgencies of the digital sites and users in India, accounting for the various layers, conceptual and material, of experiences and usages of internet and networked digital media in India, and
exploring and practicing new modes of research and documentation necessitated by new (digital) objects of power/knowledge.

The first edition of the Internet Researchers' Conference series was held in February 2016. It was hosted by the Centre for Political Studies at Jawaharlal Nehru University, and was supported by the CSCS Digital Innovation Fund. The Conference was constituted by eleven discussion sessions (majority of which were organised around presentation of several papers), four workshop sessions (which involved group discussions, activities, and learnings), a book sprint over three sessions to develop an outline of a (re)sourcebook for internet researchers in India, and a concluding round table. The audio recordings and notes from IRC16 are now being compiled into an online Reader. A detailed reflection note on IRC16 has been published.

For more details visit https://cis-india.org/raw/irc17

Comments on the Report of the Committee on Digital Payments (December 2016)

Sumandro Chattapadhyay and Amber Sinha — 2017-01-12T12:32:22Z

The Committee on Digital Payments constituted by the Ministry of Finance and chaired by Ratan P. Watal, Principal Advisor, NITI Aayog, submitted its report on the "Medium Term Recommendations to Strengthen Digital Payments Ecosystem" on December 09, 2016. The report was made public on December 27, and comments were sought from the general public. Here are the comments submitted by the Centre for Internet and Society.

1. Preliminary

1.1. This submission presents comments by the Centre for Internet and Society (“CIS”) [1] in response to the report of the Committee on Digital Payments, chaired by Mr. Ratan P. Watal, Principal Advisor, NITI Aayog, and constituted by the Ministry of Finance, Government of India (“the report”) [2].

2. The Centre for Internet and Society

2.1. The Centre for Internet and Society, CIS, is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, and cyber-security.

2.2. CIS is not an expert organisation in the domain of banking in general and payments in particular. Our expertise is in matters of internet and communication governance, data privacy and security, and technology regulation. We deeply appreciate and are most inspired by the Ministry of Finance’s decision to invite entities from both the sectors of finance and information technology. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved, especially the citizens and the users. CIS is thankful to the Ministry of Finance for this opportunity to provide a general response on the report.

3. Comments

3.1. CIS observes that the decision by the Government of India to withdraw the legal tender character of the old high denomination banknotes (that is, Rs. 500 Rs. 1,000 notes), declared on November 08, 2016 [3], have generated unprecedented data about the user base and transaction patterns of digital payments systems in India, when pushed to its extreme use due to the circumstances. The majority of this data is available with the National Payments Corporation of India and the Reserve Bank of India. CIS requests the authorities concerned to consider opening up this data for analysis and discussion by public at large and experts in particular, before any specific policy and regulatory decisions are taken towards advancing digital payments proliferation in India. This is a crucial opportunity for the Ministry of Finance to embrace (open) data-driven regulation and policy-making.

3.2. While the report makes a reference to the European General Data Protection Directive, it does not make a reference to any substantive provisions in the Directive which may be relevant to digital payments. Aside from the recommendation that privacy protections around the purpose limitation principle be relaxed to ensure that payment service providers be allowed to process data to improve fraud monitoring and anti-money laundering services, the report is silent on significant privacy and data protection concerns posed by digital payments services. CIS strongly warns that the existing data protection and security regulations under Information Technology (Reasonable security practices and procedures and sensitive personal data or information), Rules are woefully inadequate in their scope and application to effectively deal with potential privacy concerns posed by digital payments applications and services. Some key privacy issues that must be addressed either under a comprehensive data protection legislation or a sector specific financial regulation are listed below. The process of obtaining consent must be specific, informed and unambiguous and through a clear affirmative action by the data subject based upon a genuine choice provided along with an option to opt out at any stage. The data subjects should have clear and easily enforceable right to access and correct their data. Further, data subjects should have the right to restrict the usage of their data in circumstances such as inaccuracy of data, unlawful purpose and data no longer required in order to fulfill the original purpose.

3.3. The initial recommendation of the report is to “[m]ake regulation of payments independent from the function of central banking” (page 22). This involves a fundamental transformation of the payment and settlement system in India and its regulation. We submit that a decision regarding transformation of such scale and implications is taken after a more comprehensive policy discussion, especially involving a wider range of stakeholders. The report itself notes that “[d]igital payments also have the potential of becoming a gateway to other financial services such as credit facilities for small businesses and low-income households” (page 32). Thus, a clear functional, and hence regulatory, separation between the (digital) payments industry and the lending/borrowing industry may be either effective or desirable. Global experience tells us that digital transactions data, along with other alternative data, are fast becoming the basis of provision of financial and other services, by both banking and non-banking (payments) companies. We appeal to the Ministry of Finance to adopt a comprehensive and concerted approach to regulating, enabling competition, and upholding consumers’ rights in the banking sector at large.

3.4. The report recognises “banking as an activity is separate from payments, which is more of a technology business” (page 154). Contemporary banking and payment businesses are both are primarily technology businesses where information technology particularly is deployed intimately to extract, process, and drive asset management decisions using financial transaction data. Further, with payment businesses (such as, pre-paid instruments) offering return on deposited money via other means (such as, cashbacks), and potentially competing and/or collaborating with established banks to use financial transaction data to drive lending decisions, including but not limited to micro-loans, it appears unproductive to create a separation between banking as an activity and payments as an activity merely in terms of the respective technology intensity of these sectors. CIS firmly recommends that regulation of these financial services and activities be undertaken in a technology-agnostic manner, and similar regulatory regimes be deployed on those entities offering similar services irrespective of their technology intensity or choice.

3.5. The report highlights two major shortcomings of the current regulatory regime for payments. Firstly “the law does not impose any obligation on the regulator to promote competition and innovation in the payments market” (page 153). It appears to us that the regulator’s role should not be to promote market expansion and innovation but to ensure and oversee competition. We believe that the current regulator should focus on regulating the existing market, and the work of the expansion of the digital payments market in particular and the digital financial services market in general be carried out by another government agency, as it creates conflict of interest for the regulator otherwise. Secondly, the report mentions that Payment and Settlement Systems Act does not “focus the regulatory attention on the need for consumer protection in digital payments” and then it notes that a “provision was inserted to protect funds collected from customers” in 2015 (page 153). This indicates that the regulator already has the responsibility to ensure consumer protection in digital payments. The purview and modalities of how this function of course needs discussion and changes with the growth in digital payments.

3.6. The report identifies the high cost of cash as a key reason for the government’s policy push towards digital payments. Further, it mentions that a “sample survey conducted in 2014 across urban and rural neighbourhoods in Delhi and Meerut, shows that despite being keenly aware of the costs associated with transacting in cash, most consumers see three main benefits of cash, viz. freedom of negotiations, faster settlements, and ensuring exact payments” (page 30). It further notes that “[d]igital payments have significant dependencies upon power and telecommunications infrastructure. Therefore, the roll out of robust and user friendly digital payments solutions to unelectrified areas/areas without telecommunications network coverage, remains a challenge.” CIS much appreciates the discussion of the barriers to universal adoption and rollout of digital payments in the report, and appeals to the Ministry of Finance to undertake a more comprehensive study of the key investments required by the Government of India to ensure that digital payments become ubiquitously viable as well as satisfy the demands of a vast range of consumers that India has. The estimates about investment required to create a robust digital payment infrastructure, cited in the report, provide a great basis for undertaking studies such as these.

3.7. CIS is very encouraged to see the report highlighting that “[w]ith the rising number of users of digital payment services, it is absolutely necessary to develop consumer confidence on digital payments. Therefore, it is essential to have legislative safeguards to protect such consumers in-built into the primary law.” We second this recommendation and would like to add further that financial transaction data is governed under a common data protection and privacy regime, without making any differences between data collected by banking and non-banking entities.

3.8. We are, however, very discouraged to see the overtly incorrect use of the word “Open Access” in this report in the context of a payment system disallowing service when the client wants to transact money with a specific entity [4]. This is not an uncommon anti-competitive measure adopted by various platform players and services providers so as to disallow users from using competing products (such as, not allowing competing apps in the app store controlled by one software company). The term “Open Access” is not only the appropriate word to describe the negation of such anti-competitive behaviour, its usage in this context undermines its accepted meaning and creates confusion regarding the recommendation being proposed by the report. The closest analogy to the recommendation of the report would perhaps be with the principle of “network neutrality” that stands for the network provider not discriminating between data packets being processed by them, either in terms of price or speed.

3.9. A major recommendation by the report involves creation of “a fund from savings generated from cash-less transactions … by the Central Government,” which will use “the trinity of JAM (Jan Dhan, Adhaar, Mobile) [to] link financial inclusion with social protection, contributing to improved Social and Financial Security and Inclusion of vulnerable groups/ communities” (page 160-161). This amounts to making Aadhaar a mandatory ID for financial inclusion of citizens, especially the marginal and vulnerable ones, and is in direct contradiction to the government’s statements regarding the optional nature of the Aadhaar ID, as well as the orders by the Supreme Court on this topic.

3.10. The report recommends that “Aadhaar should be made the primary identification for KYC with the option of using other IDs for people who have not yet obtained Aadhaar” (page 163) and further that “Aadhaar eKYC and eSign should be a replacement for paper based, costly, and shared central KYC registries” (page 162). Not only these measures would imply making Aadhaar a mandatory ID for undertaking any legal activity in the country, they assume that the UIDAI has verified and audited the personal documents submitted by Aadhaar number holders during enrollment. A mandate for replacement of the paper-based central KYC agencies will only remove a much needed redundancy in the the identity verification infrastructure of the government.

3.11. The report suggests that “[t]ransactions which are permitted in cash without KYC should also be permitted on prepaid wallets without KYC” (page 164-165). This seems to negate the reality that physical verification of a person remains one of the most authoritative identity verification process for a natural person, apart from DNA testing perhaps. Thus, establishing full equivalency of procedure between a presence-less transaction and one involving a physically present person making the payment will only amount to removal of relatively greater security precautions for the former, and will lead to possibilities of fraud.

3.12. In continuation with the previous point, the report recommends promotion of “Aadhaar based KYC where PAN has not been obtained” and making of “quoting Aadhaar compulsory in income tax return for natural persons” (page 163). Both these measures imply a replacement of the PAN by Aadhaar in the long term, and a sharp reduction in growth of new PAN holders in the short term. We appeal for this recommendation to be reconsidered as integration of all functionally separate national critical information infrastructures (such as PAN and Aadhaar) into a single unified and centralised system (such as Aadhaar) engenders massive national and personal security threats.

3.13. The report suggest the establishment of “a ranking and reward framework” to recognise and encourage for the best performing state/district/agency in the proliferation of digital payments. It appears to us that creation of such a framework will only lead to making of an environment of competition among these entities concerned, which apart from its benefits may also have its costs. For example, the incentivisation of quick rollout of digital payment avenues by state government and various government agencies may lead to implementation without sufficient planning, coordination with stakeholders, and precautions regarding data security and privacy. The provision of central support for digital payments should be carried out in an environment of cooperation and not competition.

3.14. CIS welcomes the recommendation by the report to generate greater awareness about cost of cash, including by ensuring that “large merchants including government agencies should account and disclose the cost of cash collection and cash payments incurred by them periodically” (page 164). It, however, is not clear to whom such periodic disclosures should be made. We would like to add here that the awareness building must simultaneously focus on making public how different entities shoulder these costs. Further, for reasons of comparison and evidence-driven policy making, it is necessary that data for equivalent variables are also made open for digital payments - the total and disaggregate cost, and what proportion of these costs are shouldered by which entities.

3.15. The report acknowledges that “[t]oday, most merchants do not accept digital payments” and it goes on to recommend “that the Government should seize the initiative and require all government agencies and merchants where contracts are awarded by the government to provide at-least one suitable digital payment option to its consumers and vendors” (page 165). This requirement for offering digital payment option will only introduce an additional economic barrier for merchants bidding for government contracts. We appeal to the Ministry of Finance to reconsider this approach of raising the costs of non-digital payments to incentivise proliferation of digital payments, and instead lower the existing economic and other barriers to digital payments that keep the merchants away. The adoption of digital payments must not lead to increasing costs for merchants and end-users, but must decrease the same instead.

3.16. As the report was submitted on December 09, 2016, and was made public only on December 27, 2016, it would have been much appreciated if at least a month-long window was provided to study and comment on the report, instead of fifteen days. This is especially crucial as the recently implemented demonetisation and the subsequent banking and fiscal policy decisions taken by the government have rapidly transformed the state and dynamics of the payments system landscape in India in general, and digital payments in particular.

Endnotes

[1] See: http://cis-india.org/.

[2] See: http://finmin.nic.in/reports/Note-watal-report.pdf and http://finmin.nic.in/reports/watal_report271216.pdf.

[3] See: http://finmin.nic.in/cancellation_high_denomination_notes.pdf.

[4] Open Access refers to “free and unrestricted online availability” of scientific and non-scientific literature. See: http://www.budapestopenaccessinitiative.org/read.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016

CIS Submission to TRAI Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks

2016-12-12T13:59:00Z

This submission presents responses by the CIS on the Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks published by the TRAI on November 15, 2016. Our analysis of the solution proposed in the Note, in brief, is that there is no need of a solution for non-existing interoperability problem for authentication and payment services for accessing public Wi-Fi networks. The proposed solution in this Note only adds to over-regulation in this sector, and does not incentivise new investment in the sector, but only establishes UIDAI and NPCI as the monopoly service providers for authentication and payment services.

The comments were authored by Japreet Grewal, Pranesh Prakash, Sharath Chandra, Sumandro Chattapadhyay, Sunil Abraham, and Udbhav Tiwari, with expert comments from Amelia Andersdotter.

1. Preliminary

1.1. This submission presents responses by the Centre for Internet and Society (“CIS”) [1] on the Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks (“the Note”) published by the Telecom Regulatory Authority of India (“TRAI”) on November 15, 2016 [2].

1.2. The CIS welcomes the effort undertaken by TRAI to map regulatory and other barriers to deployment of public Wi-Fi in India. We especially appreciate that TRAI has recognised [3] two key barriers to provision of public Wi-Fi networks identified and highlighted in our earlier response to the Consultation Paper on Proliferation of Broadband through Public WiFi [4]: 1) over regulation (including, licensing requirements, data retention, and Know Your Customer policy), and 2) paucity of spectrum [5].

2. General Responses

2.1. Before responding to the specific questions posed by the Note, we would like to make the following observations.

2.2. There is no need of a solution for non-existing interoperability problem for authentication and payment services for accessing public Wi-Fi networks. The proposed solution in this Note only adds to over-regulation in this sector. The proposed solution does not incentivise new investment in the sector, but only establishes UIDAI and NPCI as the monopoly service providers for authentication and payment services.

2.3. As the TRAI has consulted widely with industry and other stakeholders before it settled on the list of priority issues contained in Section C.6 of the Note, we are surprised to find that this Note aims to address only the problem of lack of “seamless interoperable payment system for Wi-Fi networks” (Section C.6.d. Of the Note), and does not discuss and propose solutions for any other key barriers identified by the Note.

2.4. The Note fails to clarify the “interoperability” problem in the payment system for usage of public Wi-Fi networks that it is attempting to solve. The Note identifies that lack of “single standard” for “authentication and payment mechanisms” for accessing public Wi-Fi networks as a key impediment to provide scalable and interoperable public Wi-Fi networks across the country [6]. By conceptualising the problem in this manner, TRAI has bundled together two completely different concerns - authentication and payment - into one and this is at the root of the problems emanating from the proposed solution in this Note.

2.5. Lack of standard process for authentication is created by over-regulation via Know Your Customer (“KYC”) policies, and selection of eKYC service provided by UIDAI as the only acceptable authentication mechanism for all users of public Wi-Fi networks across India, creating further economic and legal challenges for smaller would-be providers of public Wi-Fi networks as they assess their liabilities and start-up costs. Additionally, since this would amount to making UID/Aadhaar enrolment mandatory for any user of public wi-fi networks, it seems to create a contradiction with previously communicated policy from the UIDAI and the Government that no such obligation should arise. Supreme Court has also mandated over successive Orders that enrolment for UID/Aadhaar number should remain optional for the citizens and residents.

2.6. As was observed by the respondents to the TRAI Consultation concluded earlier this year, there is no interoperability problem that needs to be solved regarding payments for accessing public Wi-Fi networks. Payment services continue to be evolved and payment aggregator services provided by existing companies may be expected to resolve many of the outstanding issues of service proliferation in the upcoming years, at least in the absence of additional mandatory technical measures imposed by the government. Bundling of payment with authentication will only undermine the already existing independent market for payment aggregators, and further enforce mandatoriness of UID/Aadhaar number.

2.7. Further, the payment mechanism proposed would seem to worsen difficulties for tourists and foreigners in accessing public Wi-Fi in India, as well adds an additional layer of authentication in a system already identified (even in the Note itself) to be overburdened by regulations regarding KYC and data retention. Section C.6.b of the Note highlights the problems faced by foreigners and tourists when the authentication mechanism is premised upon use of One Time Password (OTP) that requires a functioning local mobile phone number. It contradicts itself later by proposing an authentication method that requires the user to not only download an application onto their mobile/desktop device, but also to enrol for UID/Aadhaar number and/or to use their existing UID/Aadhaar number. Instead of reducing the existing barriers to provision of and access to public Wi-Fi, which the Note is supposed to achieve, it creates significant new barriers.

2.8. The technological architecture advanced by the Note upholds support of governance and surveillance projects that, in addition to being costly in their implementation and thereby slowing down the objective of getting India connected, are also of questionable value to the security of the Indian polity. UID, UPI, and related projects risk undermining cyber-security through their reliance on centralised architectures and interfere with healthy competitive market dynamics between commercial and non-commercial actors.

2.9. The Note continues to only consider and enable commercial models for the provision of public Wi-Fi networks. We have identified this as a problematic assumption in our last submission [7]. It is most crucial that TRAI does not ignore and fail to promote and facilitate the possibility of not-for-profit models that involve grassroot communities, academia, and civil society.

2.10. Last but not the least, the term “Wi-Fi” refers to a particular technology for establishing wireless local area networks. Further, the term is a trademark of the Wi-Fi Alliance [8]. It is this not a neutral term, and it must not be used as a general and universal synonym for wireless local area networks. We recommend that TRAI may consider using a technology-neutral term, say “public wireless services” or “public networking services”, to describe the sector. Following the terminology used in the Note, we have decided to continue using the term “Wi-Fi” in this response. This does not reflect our agreement about the appropriateness of this term. Important: The recommendation for technology-neutral regulation also comes with the qualification that safeguards like regulations on Listen Before Talk and Cycle Time are required to prevent technologies like LTE-U from squatting on spectrum and interfering with connections based on other standards.

3. Specific Responses

Q1. Is the architecture suggested in the consultation note for creating unified authentication and payment infrastructure will enable nationwide standard for authentication and payment interoperability?

3.1. No. The proposed infrastructure is likely to be costly for a large number of actors to implement and undermine some of the ongoing innovation in the Indian digital payment services industry. Rather than being helpful, it risks introducing additional requirements on an industry that TRAI has already identified as facing a number of large challenges.

3.2. There is no need for a unified architecture that provides nationwide standard for authentication and payment interoperability. It does not offer any incentive towards provision of public Wi-Fi networks. Neither is there an interoperability problem at the physical or data link layers that has been pointed out, nor is government mandated interoperability required at the payment or ID layer since there are private entities that provide such interoperability (like, payment aggregators). Additionally, we believe it is inappropriate that the TRAI is trying to predict the most suitable business/technological model for digital payments to be used for accessing commercial Wi-Fi networks. India has a booming online payments industry, and it must be allowed to evolve in an enabling regulatory environment that allow for competition and ensures responsible practices.

3.3. The Note identifies several structural impediments to expansion of public Wi-Fi networks in India, namely paucity of backhaul connectivity infrastructure (Section C.6.a), Inadequate associated infrastructure to offer carrier grade Wi-Fi network (Section C.6.c), dependency of authentication mechanism on pre-existing (Indian) mobile phone connection (Section C.6.b), and limited availability of spectrum to be used for public Wi-Fi networks (Section C.6.e). All these are crucial concerns and none of them have been addressed by the architecture suggested in the Note.

Q2. Would you like to suggest any alternate model?

3.4. Yes. The model proposed in the Note is likely to exclude several types of potential users (say, foreigners and tourists), and impose a single authentication and payment service provider for accessing public Wi-Fi networks, which may undermine both competition and security in the market for these services.

3.5. Internationally, there are cities and regions (say, the city of Barcelona and the Catalonia region in Spain) where public Wi-Fi networks have been provided in a pervasive and efficient manner by taking a light regulatory approach that enables opportunities for potential providers to set up their own infrastructures and additionally have access to backhaul. Further, reducing legal requirements on authentication should be considered in place of government mandated technical architectures for authentication and payment. In particular, allowing for anonymous access to Public Wi-Fi or wireless connectivity would reduce both the administrative and the technical burden on potential providers at the hyper-local level, especially for providers whose main activity it is not, and cannot be, to provide internet services (say, event venues, malls, and shops).

3.6. The CIS suggests the following steps towards conceptualising an “alternative model”:

remove existing regulatory disincentives,
urgently explore policies to promote deployment of wired infrastructures in general, and to enable a larger range of actors, including local authorities, to invest in and deploy local infrastructures by reducing licensing requirements in particular,
examine spectrum requirements for provision of public Wi-Fi, and
provide incentives, such as allowing telecom service providers to share backhaul traffic over public Wi-Fi, and ways for telecom service providers to lower their costs if they also make Internet access available for free.

Q3. Can Public Wi-Fi access providers resell capacity and bandwidth to retail users? Is “light touch regulation” using methods such as “registration” instead of “licensing” preferred for them?

3.7. CIS holds that capacity and bandwidth are neither comparable to tangible goods nor to digital currency. They are a utility, and the provider of the utility has to accept that their customers use the utility in the way they see fit, even if that use entails sharing said capacity and bandwidth with downstream private persons or customers. Wi-Fi capabilities are currently a built-in standardised feature of all consumer routers. Any individual, community, or store with access to an internet connection and a consumer router could become a public Wi-Fi access provider at no additional cost to themselves, furthering the goals of the Indian government in its Digital India strategy to ensure public and universal access to the internet.

3.8. In order to exploit the opportunities awarded by a large amount of entities in the Indian society potentially becoming Public Wi-Fi providers, TRAI should require neither registration nor licensing of these actors. Imposing administrative burdens on potential public Wi-Fi access providers creates legal uncertainty and will cause a lot of actors, who may otherwise contribute to the goals of Digital India, not to do so. This is particularly true for community organisers and citizens, who may not have access to legal assistance and therefore may avoid contributing to the goals of the government.

3.9. Light touch regulation when it comes to both granting license to public Wi-Fi access providers as well as authentication of retail users, however, are needed not only as an exceptional practice for such instances but as a general practice in case of entities offering public Wi-Fi services, either commercially or otherwise. Further, additional laxity in administrative responsibilities is needed to incentivise provision of free, that is non-commercial, public Wi-Fi networks.

Q4. What should be the regulatory guidelines on “unbundling” Wi-Fi at access and backhaul level?

3.10. The Note refers to unbundling of activities related to provision of Wi-Fi but it does not define the term. It is neither explained which specific activities at access and backhaul levels must be considered for unbundling.

3.11. While unbundling should clearly be allowed and any regulatory hurdles to unbundling should be removed, any such decision must be taken with a focus on urgently addressing the stagnated growth in landline and backhaul, as identified in Section C.6.a of the Note. Relying only on spectrum intensive infrastructures, such as mobile base stations, for providing connectivity, creates a heavy regulatory burden for the TRAI, while simultaneously not ensuring optimal connectivity for business and private users. The CIS is concerned that the focus of the Note on standardising a government-mediated authentication and payment mechanism detracts attention from this urgent obstacle to the fulfillment of the Digital India plans of accelerated provision of broadband highways, universal access, and public, especially free, access to internet services.

3.12. From the example of European telecommunications legislations, implementation of policy measures to ensure that vertical integration between infrastructure (say, cables, switches, and hubs) providers and service (say, providing a subscriber with a household modem or a SIM card) providers in the telecommunications sector does not become a barrier to new market entrants has yielded much success in countries that have pursued it, like Sweden and Great Britain.

3.13. Further, there should be no default assumption of bundling by the TRAI. In particular, the TRAI should consider reviewing all regulations that may cause bundling to occur when this is not necessary, and put in place in a monitoring mechanism for ensuring that bundled practises (especially in electronic networks, base station infrastructures, backhaul and similar) do not cause competitive problems or raise market entry barriers [9]. In most EU countries, especially where the corporate structure of incumbent(s) is not highly vertically integrated, interconnection requirements for electronic network providers of wired networks in the backhaul or backbone (effectively price regulated interconnection), and a conscious effort to ensure that new market players can enter the field, have ensured a competitive telecommunications environment. TRAI may consider reviewing the European regulation on local loop unbundling (1999) and discussions on functional separation (especially by the British regulatory authority Ofcom), within an Indian context.

Q5. Whether reselling of bandwidth should be allowed to venue owners such as shop keepers through Wi-Fi at premise? In such a scenario please suggest the mechanism for security compliance.

3.14. Yes. Venue owners should be allowed to provide public Wi-Fi service both on a commercial and non-commercial basis.

3.15. It is not clear from the Note and the question what type of security concerns the TRAI is seeking to address. In terms of payment security, the payment industry already has a large range of verification and testing mechanisms. The CIS objects to the mandatory introduction of the proposed payment system so as to ensure greater security for Wi-Fi access providers and the users.

3.16. As far as hardware-related security issues are concerned, it is again unclear why consumer equipment compliant with existing Wi-Fi standards would not be sufficiently secure in the Indian context. Wi-Fi has proven to be a sturdy technical standard, its adoption is high in multiple jurisdictions around the world, and it also enjoys great technical stability. Similar security assessments could easily be made for alternative wireless technologies, such as WiMaX.

3.17. The CIS foresees problems is in the allocation of risk and liability by law. The already existing legal obligation to verify the identity of each user, for instance, is likely to introduce a large administrative burden on potential Public Wi-Fi providers, which may lead to such potential providers abstaining from entering the market. Should the identification requirement be removed, however, other concerns pertaining to legal obligations may arise. These include liability for user activities on the web or on the internet (cf. copyright infringement, libel, hate speech). We propose a “safe harbour” mechanism in these cases, limiting the liability of the potential public Wi-Fi provider.

Q6. What should be the guidelines regarding sharing of costs and revenue across all entities in the public Wi-Fi value chain? Is regulatory intervention required or it should be left to forbearance and individual contracting?

3.18. The market segments identified by the TRAI in Section F.18 of the Note should normally all be competitive markets themselves, and so do not require regulatory assistance in sharing of costs and revenues. The more elaborate the requirements imposed on each actor of each market segment identified by the TRAI in Section F.18, the more costly the roll-out of public Wi-Fi is going to be for the market actors. Such a cost is not avoided by price regulation.

3.19. The TRAI may instead consider introducing public funding for backhaul roll-out in remote areas, where the market is unlikely to engage in such roll-out on its own. Presently, some Indian states (such as Karnataka) are committing to public funding for wireless access in remote areas. The Union Government can assist such endeavours.

Endnotes

[1] See: http://cis-india.org/.

[2] See: http://trai.gov.in/Content/ConDis/20801_0.aspx.

[3] See Section C.6 of the Note.

[4] See: http://trai.gov.in/Content/ConDis/20782_0.aspx.

[5] See: http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks.

[6] See Section E.11. of the Note.

[7] See: http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks.

[8] See: https://www.wi-fi.org/.

[9] See: Monitoring bundled products in the telecommunications sector is also recommended by the OECD: http://oecdinsights.org/2015/06/22/triple-and-quadruple-play-bundles-of-communication-services-towards-all-in-one-packages/.

For more details visit https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi

Centre for Internet and Society

On World Water Day - Open Data for Water Resources

Project Blog: Open Water Data for Integrated Water Science (External)

Open Water Data Paper - Datasets for Water Studies in India Blog - Summary: Read (External)

Open Water Data Paper - Datasets for Water Studies in India Blog - Full Paper: Read (PDF)

Open Water Data Web App: View (External)

Open Water Data Web App - Tech Stack: Read (External)

Open Water Data Web App - Precipitation Data: Read (External)

The Fundamental Right to Privacy - A Visual Guide

The Fundamental Right to Privacy - A Visual Guide: Download (PDF)

CIS Comments on TRAI Consultation Paper on Promoting Local Telecom Equipment Manufacturing

The Fundamental Right to Privacy: An Analysis

The​ ​Fundamental​ ​Right​ ​to​ ​Privacy - Part​ ​I:​ ​Sources

Download: PDF

The​ ​Fundamental​ ​Right​ ​to​ ​Privacy - ​Part​ ​II:​ Structure

Download: PDF

The​ ​Fundamental​ ​Right​ ​to​ ​Privacy - Part​ ​III:​ Scope

Download: PDF

CIS Statement on Right to Privacy Judgment

High Level Comparison and Analysis of the Use and Regulation of DNA Based Technology Bill 2017

Global Accessibility Awareness Day 2017

Watch the Video on What is GAAD

(Updated) Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information

Read the updated report: Download (pdf)

Read the first statement of clarification (May 16, 2017): Download (pdf)

Read the second statement of clarification (November 05, 2018): Link to page (html)

Economic, Social and Cultural Rights in India: Opportunities for Advocacy in Intellectual Property

Exploring Big Data for Development: An Electricity Sector Case Study from India

Download the working paper: PDF

Abstract

Net Neutrality Resources

Survey on Data Protection Regime

The survey form below can also be accessed here.

Internet Researchers' Conference 2017 (IRC17)

Registration is closed now.

Propose open sessions here.

Agenda (final): Download (PDF)

Programme: Download (PDF)

Poster (high resolution): Download (JPG)

IRC17: Key Provocations

Dates and Venue

Session Details and Notes

Session Selection Process

About the IRC Series

Comments on the Report of the Committee on Digital Payments (December 2016)

1. Preliminary

2. The Centre for Internet and Society

3. Comments

Endnotes

CIS Submission to TRAI Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks

1. Preliminary

2. General Responses

3. Specific Responses

Q1. Is the architecture suggested in the consultation note for creating unified authentication and payment infrastructure will enable nationwide standard for authentication and payment interoperability?

Q2. Would you like to suggest any alternate model?

Q3. Can Public Wi-Fi access providers resell capacity and bandwidth to retail users? Is “light touch regulation” using methods such as “registration” instead of “licensing” preferred for them?

Q4. What should be the regulatory guidelines on “unbundling” Wi-Fi at access and backhaul level?

Q5. Whether reselling of bandwidth should be allowed to venue owners such as shop keepers through Wi-Fi at premise? In such a scenario please suggest the mechanism for security compliance.

Q6. What should be the guidelines regarding sharing of costs and revenue across all entities in the public Wi-Fi value chain? Is regulatory intervention required or it should be left to forbearance and individual contracting?

Endnotes

The Fundamental Right to Privacy - Part I: Sources

The Fundamental Right to Privacy - Part II: Structure

The Fundamental Right to Privacy - Part III: Scope