Centre for Internet and Society

Pre-Budget Consultation 2016 - Submission to the IT Group of the Ministry of Finance

sumandro — 2016-01-12T13:34:41Z

The Ministry of Finance has recently held pre-budget consultations with different stakeholder groups in connection with the Union Budget 2016-17. We were invited to take part in the consultation for the IT (hardware and software) group organised on January 07, 2016, and submit a suggestion note. We are sharing the note below. It was prepared and presented by Sumandro Chattapadhyay, with contributions from Rohini Lakshané, Anubha Sinha, and other members of CIS.

It is our distinct honour to be invited to submit this note for consideration by the IT Group of the Ministry of Finance, Government of India, as part of the pre-budget consultation for 2016-17.

The Centre for Internet and Society is (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. We receive financial support from Kusuma Trust, Wikimedia Foundation, MacArthur Foundation, IDRC, and other donors.

We have divided our suggestions into the different topics that our organisation has been researching in the recent years.

Free/Libre and Open Source Software (FLOSS) is the Basis for Digital India

We congratulate the policies introduced by the government to promote use of free/libre and open source software and that of open APIs for all e-governance projects and systems. This is not only crucial for the government to avoid vendor lock-in when it comes to critical software systems for governance, but also to ensure that the source code of such systems is available for public scrutiny and do not contain any security flaws.

We request the government to empower the implementation of these policies by making open sharing of source code a necessity for all software vendors hired by government agencies a necessary condition for awarding of tenders. The 2016-17 budget should include special support to make all government agencies aware and capable of implementing these policies, as well as to build and operate agency-level software repositories (with version controlling system) to host the source codes. These repositories may function to manage the development and maintenance of software used in e-governance projects, as well as to seek comments from the public regarding the quality of the software.

Use of FLOSS is not only important from the security or the cost-saving perspectives, it is also crucial to develop a robust industry of software development firms that specialise in FLOSS-based solutions, as opposed to being restricted to doing local implementation of global software vendors. A holistic support for FLOSS, especially with the government functioning as the dominant client, will immensely help creation of domestic jobs in the software industry, as well as encouraging Indian programmers to contribute to development of FLOSS projects.

An effective compliance monitoring and enforcement system needs to be created to ensure that all government agencies are Strong enforcement of the 2011 policy to use open source software in governance, including an enforcement task force that checks whether government departments have complied with this or not.

Open Data is a Key Instrument for Transparent Decision Making

With a wider set of governance activities being carried out using information systems, the government is increasingly acquiring a substantial amount of data about governance processes and status of projects that needs to be effectively fed back into the decision making process for the same projects. Opening up such data not only allows for public transparency, but also for easier sharing of data across government agencies, which reduces process delays and possibilities of duplication of data collection efforts.

We request the 2016-17 budget to foreground the National Data Sharing and Accessibility Policy and the Open Government Data Platform of India as two key enablers of the Digital India agenda, and accordingly budget for modernisation and reconfiguration of data collection and management processes across government agencies, so that those processes are made automatic and open-by-default. Automatic data management processes minimise the possibility of data loss by directly archiving the collected data, which is increasingly becoming digital in nature. Open-by-default processes of data management means that all data collected by an agency, once pre-recognised as shareable data (that is non-sensitive and anonymised), will be proactively disclosed as a rule.

Implementation of the National Data Sharing and Accessibility Policy has been hindered, so far, by the lack of preparation of a public inventory of data assets, along with the information of their collection cycles, modes of collection and storage, etc., by each union government agency. Specific budgetary allocation to develop these inventories will be crucial not only for the implementation of the Policy, but also for the government to get an extensive sense of data collected and maintained currently by various government agencies. Decisions to proactively publish, or otherwise, such data can then be taken based on established rules.

Availability of such open data, as mentioned above, creates a wider possibility for the public to know, learn, and understand the activities of the government, and is a cornerstone of transparent governance in the digital era. But making this a reality requires a systemic implementation of open government data practices, and various agencies would require targeted budget to undertake the required capacity development and work process re-engineering. Expenditure of such kind should not be seen as producing government data as a product, but as producing data as an infrastructure, which will be of continuous value for the years to come.

As being discussed globally, open government data has the potential to kickstart a vast market of data derivatives, analytics companies, and data-driven innovation. Encouraging civic innovations, empowered by open government data - from climate data to transport data - can also be one of the unique initiatives of budget 2016-17.

For maximising impact of opened up government data, we request the government to publish data that either has a high demand already (such as, geospatial data, and transport data), or is related to high-net-worth activities of the government (such as, data related to monitoring of major programmes, and budget and expenditure data for union and state governments).

Promotion of Start-ups and MSMEs in Electronics and IT Hardware Manufacturing

In line with the Make in India and Digital India initiatives, to enable India to be one of the global hubs of design, manufacturing, and exporting of electronics and IT hardware, we request that the budget 2016-17 focus on increasing flow of fund to start-ups and Medium and Small-Scale Manufacturing Enterprises (MSMEs) in the form of research and development grants (ideally connected to government, especially defense-related, spending on IT hardware innovation), seed capital, and venture capital.

Generation of awareness and industry-specific strategies to develop intellectual property regimes and practices favourable for manufacturers of electronics and IT hardware in India is an absolutely crucial part of promotion of the same, especially in the current global scenario. Start-ups and MSMEs must be made thoroughly aware of intellectual property concerns and possibilities, including limitations and exceptions, flexibilities, and alternative models such as open innovation.

We request the budget 2016-17 to give special emphasis to facilitation of technology licensing and transfer, through voluntary mechanisms as well as government intervention, such as compulsory licensing and government enforced patent pools.

Applied Mathematics Research is Fundamental for Cybersecurity

Recent global reports have revealed that some national governments have been actively involved in sponsoring distortion in applied mathematics research so as to introduce weaknesses in encryption standards used in for online communication. Instead of trying to regulate key-length or mandating pre-registration of devices using encryption, as suggested by the withdrawn National Encryption Policy draft, would not be able to address this core emerging problem of weak cybersecurity standards.

For effective and sustainable cybersecurity strategy, we must develop significant expertise in applied mathematical research, which is the very basis of cybersecurity standards development. We request the budget 2016-17 to give this topic the much-needed focus, especially in the context of the Digital India initiative and the upcoming National Encryption Policy.

Along with developing domestic research capacity, a more immediately important step for the government is to ensure high quality Indian participation in global standard setting organisations, and hence to contribute to global standards making processes. We humbly suggest that categorical support for such participation and contribution is provided through the budget 2016-17, perhaps by partially channeling the revenues obtained from spectrum auctions.

For more details visit https://cis-india.org/openness/pre-budget-consultation-2016-submission-to-the-ministry-of-finance

PDF Format

admin — 2011-08-23T03:06:23Z

For more details visit https://cis-india.org/openness/publications/standards/uploads/response-to-indian-open-standards-policy-09-sept-2008.pdf

Openness, Videos, Impressions

nishant — 2011-09-22T12:23:13Z

The one day Open Video Summit organised by the Centre for Internet & Society, iCommons, Open Video Alliance, and Magic Lantern, to bring together a range of stakeholders to discuss the possibilities, potentials, mechanics and politics of Open Video. Nishant Shah, who participated in the conversations, was invited to summarise the impressions and ideas that ensued in the day.

The notion of free and open is under great debate even under that, and I think even when you side with a camp, there are going to be further splinters. There are many ways of defining the free and open, and I think that the tension, rather than being resolved, needs to be sustained and creatively perpetrated to keep an internal checks and balances on not getting carried away with it. All the groups did indeed circle around this in different, often tangential ways – that there is need to define, variously and almost endlessly, in defining the context of the free that we are dealing with.

Open video, in that matter, has gone through different iterations, and I think it is nice that different stakeholders have defined it variously, and also looked at the problems that it might lead to. However, for the sake of synthesis, I am going to let you have your own idea of free and open but instead look at five key words which have emerged, in my selective hearing, through the day: Access, Archive, Share, Remix, Repurpose. And it is these five that we need to now imbricate these concepts across different thematic that emerged in the groups today.

Access has been one primary question that almost everybody dealt with; Access has its legacies in the Open and Free culture movements, where technological access, dealing with questions of open standards and content, of bandwidth and infrastructure. More interestingly, in an emerging information society like India, there are other concerns of language, access, privilege, bandwidth, education etc. To contextualise access and to put it into different perspectives is something that different participants have voiced the need for.

Archive is a preoccupation with most people because archiving has close relationships with knowledge and subsequently retrieval and usage. If knowledge is being digitised so that it is made accessible to different people, there are older questions of representation, voice, empowerment, participation, ethics, privacy, ownership etc. Crop up. In education archiving has to do with the curricula building and knowledge production. In networking, collaboration and film making, it is the kind of issues that pad.ma is trying to tackle with. It also leads to notions of access, distribution etc.

Sharing is what is almost defining the spirit of the Open and Free culture movements. There is a need to understand and explore what sharing means. When does it infringe laws and what kind of regulation needs to be advocated so that sharing becomes possible. How does one overcome questions of piracy, stealing, IPR etc? More interestingly, what do we share and who do we share it with? Tools by which sharing leads to innovation? How does it lead to new participation and learning practices and pedagogies? What kind of open distribution models and networks can be built up?

Remix has been of great value because it means that you are being converted into some sort of a stakeholder or a contributor to the process. Networking and nodes, network-actor, collaborator , peer 2 peer – the possibility of looking at questions of internet and digital traces is interesting. Or imagine that the act of sharing is also a remix. Sometimes just putting it into new contexts, making it available to newer constituencies, etc. can also be looked upon as remixing. Remix as a knowledge production aesthetic and mechanics seems to have emerged.

Repurpose is my additional reading of something that perhaps needs no mention to this group, but nonetheless needs flagging. The fact remains, that the technology is not a solution in itself. It is a tool that enables the solutions which one is seeking for. The processes, paradigms, protocols and practices are indeed shaped and mediated by technologies and there are new solution possibilities which are produced. However, there still seem to be anxieties, concerns, questions and problems which are cropping up and need to be addressed outside of technology but within technology ecologies.

For more details visit https://cis-india.org/openness/blog-old/OVSreport

Open Standards Workshop at IGF '09

pranesh — 2011-08-23T02:54:03Z

The Centre for Internet and Society co-organized a workshop on 'Open Standards: A Rights-Based Framework' at the fourth Internet Governance Forum, at Sharm el-Sheikh. The panel was chaired by Aslam Raffee of Sun Microsystems and the panellists were Sir Tim Berners-Lee of W3C, Renu Budhiraja of India's DIT, Sunil Abraham of CIS, Steve Mutkoski of Microsoft, and Rishab Ghosh of UNU-MERIT.

Sir Tim Berners-Lee started the session with an address on various rights. Rights, he noted can range from being things like the rights to air and water to the right not to have the data carrier you use determine which movie you watch. Then, there are tensions between rights: the right to anonymity can clash with the right to know who posted information on making a bomb. Berners-Lee stated that for 2009, he has chosen to pursue one particular right: the right to government-held data. This data can include everything from where schools are to emergency services such as locations of hospitals. Today, we are talking about standards.

The World Wide Web Consortium (W3C) is a fifteen-year old body in which all kinds of people come together for purposes of setting standards around the World Wide Web. Thus, everything from HTML, which is used to write Web pages to WCAG, which are guidelines to enable people with disabilities access websites through assistive technologies. W3C conducts its discussions openly: anybody who has a good idea has a right to participate in its discussions -- it does not matter who one works for, who one represents -- what does matter are the ideas one brings to the table. The kinds of standards that W3C deals with are of interest to an immensely wide-ranging group of people. Even ten-year olds have actually expressed their opinions about standards like HTML. All this openness of participation must be guaranteed while ensuring that the processes move forward.

Next spoke Renu Budhiraja of the Department of Information and Technology, which is a part of the Indian government. She started off by hoping that this workshop would be not only a platform to share knowledge, but also to reach consensus on a few matters. Next, she laid out why open standards are extremely important for the Indian government. What citizens want in their interactions with the government are ease of interaction and efficiency. For them it is immaterial whether a certain service is provided by Department A or Department B. Thus we need to move towards a single-window government service for citizens, enabling them to interact easily with the government's various departments. While such an initiative must be centralized for it to be effective, it is crucial that its implementation be decentralized and suited to each district or localities' needs.

There is, understandably, a huge institutional mechanism behind ensuring that these systems are based on open standards. We have expert committees, consisting of academics and knowledgeable bureaucrats, and working groups, which include industry groups. Through these, we have evolved a National Policy on Open Standards, which is currently in a draft stage, but shall be notified soon. This policy outlines the principles based on which particular standards required for governmental functioning are to be chosen or evolved. This document will ensure long-term accessibility to public documents and information, and seamless interoperability of various governmental services and departments. It will also reduce the risk of vendor lock-in and reduce costs, and thus ensure long-term, sustainable, scalable and cost-effective solutions.

Ms. Budhiraja noted that there are a few aspects of the policy that bear discussion in a forum such as the IGF. First is the issue of whether royalty-free is the only choice for innovation. All other things equal, between royalty-free and reasonable and non-discriminatory (RAND) standards, of course royalty-free is to be preferred. But what if a superior technology (JPEG200 vs. JPEG) is RAND? What should the government's position be in such a case? Further, what should the government's position be when in a particular domain a RAND standard is the only option?

Next is the issue of single vs. multiple open standards. When interoperability is what we are aiming at, can multiple standards be recommended as some in the industry are asking us to do? And then is the issue of market maturity. The government sometimes finds itself in a situation where a standard is available, but well-developed products around that standard aren't and there aren't sufficient vendors using that standard. All these issues are of great practical importance when a government works on a policy document on standards.

Next up was Sunil Abraham, Executive Director of the Centre for Internet and Society. His presentation was on open standards as citizens' and consumers' rights. He started off by citing the example of the Smart Card Operating System for Transport Application (SCOSTA) standard, and the implications that the SCOSTA story has on large-scale projects such as the National Unique ID project currently under way in India. SCOSTA, an open standard, was being written off as unimplementable by all the MNC smart card vendors who wished to push RAND standards. IIT Kanpur helped the government develop a working implementation. Within twenty days, the card manufacturers submitted modified cards for compliance testing by NIC. Because of SCOSTA being an open standard, local companies also joined the tender. The cost went down from Rs. 600 per card to Rs. 30 per card. This shows the benefits of open standards as a means of curbing oligopolistic pricing, and working for the benefit of consumers.

From a rights-based perspective, access to the state machinery is a primary right. Citizens should not be required to pirate or purchase software to interact with the state. If e-governance solutions are based on proprietary standards, not all citizens would be equal. The South African example or requiring a particular browser to access the election commission's website shows that in a rather drastic fashion. When intellectual property interferes with governmental needs, governments have not been shy of issuing compulsory licences. This was seen when during the Great War the United States government pooled various flight-related patents and compulsorily licensed them, as well as what we are currently seeing with many Aids-related drugs being compulsorily licensed in developing countries. Thus, there are precedents for such licensing, and governments should explore them in the realm of e-governance. Many countries now have statutes that guarantee the right to government-held information. Government Interoperability Frameworks should take these into account, and mandate all government-to-citizen (G2C) information be transacted via open standards. This must be backed up by a strong accessibility policy to ensure that the governments don't discriminate between their citizens.

Proprietary standards act like pseudo-intellectual property rights, just as DRMs do. They add a layer on top of rights such as copyright, and can prevent the exercise of fair use and fair dealing rights because of an inability to legally negotiate the standards in which the content is encoded in a cost-free manner. In guaranteeing this balance between copyrights and fair dealing rights, free software and alternative IP models play a crucial role. Because of software patents being recognized in a few countries, development of free software which allows citizens to exercise their fair use rights is harmed in all countries.

Steve Mutkoski of Microsoft spoke next and placed the standards debate in a large context. He noted that standards are a technicality that are only a small part of the large issue which is interoperability in e-governance and delivery to citizens. The real challenges are organizational and semantic interoperability. Frequently interoperability is not harmed by technical issues, but by legal and organizational issues. Governments used to work on paper; during the shift to electronic data, they didn't engage in any organizational changes. Thus they continue to function with electronic data the same way that they did with paper-based data. Governments often lack strong privacy policies regarding the data that each of their departments holds. This harms governmental functioning. Additionally, legacy hardware and software have to be catered to by the standards we are talking about: sometimes an open standard just will not work.

Standards don't guarantee interoperability, and there is significant work done on this by noted academics ("Why Standards Are Not Enough To Guarantee End-to-End Interoperability" Lewis et al.; "Difficulties Implementing Standards" Egyedi & Dahanayake; "Standards Compliant, But Incompatible?" Egyedi et al.). Mandated standards lists will not help address interoperability issues between different implementations of the same standard. What would help? Transparency of implementations; collaboration with community; active participation in maintenance of standards, etc., would help. There is a need for continued public sector reform, with a focus on citizen-centric e-governance, and a need to engage with the question of whether government-mandated standards lists lead the market or follow the market.

Rishab Aiyer Ghosh, a senior researcher at UN University, Maastricht, spoke next. He started by noting that technical standards are left to technical experts. That needs to change, which is why discussing open standards at the IGF is important. He next set off a hypothetical: imagine you go to the city council office in Sharm el Sheik, and at the parking lot there it says that your car has to be a Ford if you are to park there; or if the Dutch government insists that you have a Philips TV if you are to receive the national broadcaster's signal. While these might seem absurd, situations like this arise all the time when it comes to the realm of software. Thus, the social effects of open standards are of utmost importance, and not just their technical qualities. Analysing the social effects of open standards takes us back to the economics of technology and technological standards. Technological standards exhibit network externalities: their inherent value is less than the value of others using them. Being the only person in the world with a telephone won't be very useful. Technological standards also exhibit path dependence: once you go with one technological format, it is difficult to change over to another even if that other format is superior to the first. Thus, clearly, standards benefit when there is a 'natural monopoly'. The challenge really arises when faced with the question of how to ensure a monopoly in a technology without the supplier of that technology exhibiting monopolistic tendencies. This can only be done when the technology is open and developed openly, of which the web standards and the W3C are excellent examples. If the technology or the process are semi-open, then because of the few intellectual property rights attached to the technology, some would be better off than others. Just as governments cannot insist on driving a particular make of cars as a prerequisite for access to them, they cannot insist on using a particular proprietary standard as a means of accessing them.

Many interesting questions arose when the floor was thrown open to the audience. "Should governments only mandate a particular standard when it is certain that market maturity exists?" Not really, since governmental decisions also give signals to the market and help direct attention to those standards. It would be best if roadmaps were provided, with particular under-mature standards being designated as "preferred standards", thus helping push industry in a particular direction. Examples where this strategy has borne fruit abound. This is also the strategy found in the Australian GIF. On the issue of multiplicity of standards, Sir Tim was very clear that they have to be avoided at all costs. He gave the example of XSLT and CSS, which are both stylesheet formats. He noted that their domain of operation was very different (with one being for servers and the other for clients), so having two standards with similar functions but different domains of operation does not make them multiple standards. Multiple standards defeat the purpose of the standardization process.

It was noted that governmental choices are of practical importance to citizens. During the Hurricane Katrina emergency, the federal emergency website only worked properly if Internet Explorer was used. How do we move forward? We must move forward by having policies that strike a balance between allowing for the natural evolution of standards and stability. The Government Interoperability Frameworks must be dynamic documents, allowing for categorization between standards and having clear roadmaps to enable industry to provide solutions to the government in a timely fashion. Governments must be strong in order to push industry towards openness, for the sake of its citizens, and not let industry dictate proprietary standards as the solution. Some opined that since there are dozens of domains that governments function in, maintaining lists of standards is a time-consuming process that is not justified, but others rebutted that by noting that for enterprise architectures to work, governments have to maintain such lists internally. Opening up that list to citizens and service providers would not entail greater overheads.

Sunil Abraham talking Open Standards at IGF09

(Video added on December 30, 2009)

For more details visit https://cis-india.org/openness/blog-old/dcos-workshop-09

Oo.org Format

admin — 2011-08-23T03:06:49Z

For more details visit https://cis-india.org/openness/publications/standards/uploads/response-to-indian-open-standards-policy-10-sept-2008.odt

MS Format

admin — 2011-08-23T03:07:11Z

For more details visit https://cis-india.org/openness/publications/standards/uploads/response-to-indian-open-standards-policy-10-sept-2008.doc

Letter on South Africa's IPRs from Publicly Financed R&D Regulations

pranesh — 2011-08-04T04:42:15Z

Being interested in legislations in developing nations styled after the United States' Bayh-Dole Act, CIS responded to the call issued by the South African Department of Science and Technology for comments to the Intellectual Property Rights from Publicly Financed Research and Development Regulations.

For more details visit https://cis-india.org/a2k/blogs/letter-on-south-africas-iprs-from-publicly-financed-r-d-regulations

It's September, and That Means It's Time for Software Freedom Day

subha — 2016-09-17T15:42:46Z

Software Freedom Day (SFD), which celebrates the use of free and open software, is just around the corner on September 17. When the day first started in 2004, only 12 teams from different places joined, but it has since grown to include hundreds registered events around the world, depending on the year.

The article was published by Global Voices on September 17, 2016.

Supported by several global organizations like Google, Canonical, Free Software Foundation, Joomla, Creative Commons and Linux Journal, Software Freedom Day draws its inspiration from the philosophy promoted by people like Richard Stallman who argue that free software is all about the freedom and not necessarily free of cost but provides the liberty to users from proprietary software developers’ power and influence. SFD encourages everyone to gather in their own cities (here's a map of places where SFD is organized this year), educate people around them about free software, and promote the cause on social media (with the hashtag #SFD2016 this year). There's also hackathons (hacking free software to modify the code and create what one wants to have in it), running free software installation camps, and even going creative with flying a drone running free software.	What are FOSS, free software, open source, and FLOSS? Free and open source software (FOSS or F/OSS), and free/libre and open-source software (FLOSS) are umbrella terms that are used to include both free software and open source software. Adopted by noted software freedom advocate Richard Stallman in 1983, free software has many names — libre software, freedom-respecting software and software libre are some of them. As defined by the Free Software Foundation, one of the early advocates of software freedom, free software allows users not just to use the software with complete freedom, but to study, modify, and distribute the software and any adapted versions, in both commercial and noncommercial form. The distribution of the software for commercial and noncommercial form, however, depends on the particular license the software is released under. “Open source” was coined as an alternative to free software in 1998 by educational-advocacy organization Open Source Initiative. Open source software is generally created collaboratively, made available with its source code, and it provides the user rights to study, change, and distribute the software to anyone and for any purpose.

From South Asia, there are 13 celebratory events in India, eight in Nepal, one in Bangladesh and four in Sri Lanka.

South Asian countries have seen adoption of both free software and open source software by individuals, organizations and the government. The Free Software Movement of India was founded in Bengaluru, India, in 2010 to act as a national coalition of several regional chapters working to promote and grow the free software movement in India.

The Indian government has launched an open data portal at data.gov.in portal for sharing large datasets like the census data under free licenses. The government's new policy emphasizes on adopting open source software. Moreover government's Ministry of Communication and Information Technology asked vendors to include open source software applications while making requests for proposals.

Similarly, there are several free and open source communities and organizations operating from the subcontinent, like Mozilla India, Wikimedia India, the Centre for Internet and Society, Open Knowledge India, Mozilla Bangladesh, Wikimedia Bangladesh, Bangladesh Open Source Network, Open Knowledge Bangladesh, Mozilla Nepal, Wikimedians of Nepal, Open Knowledge Nepal, Wikimedia Community User Group Pakistan, and the Lanka Software Foundation in Sri Lanka.

Mohammad Jahangir Alam, a lecturer from Southern University Bangladesh, argues in a research paper that the use of open source software can help the government save a enormous amount of money that are spent in purchasing proprietary software:

A Large amount of money of government can be saved if the government uses open source software in different IT sectors of government offices and others sectors, Because government is providing computer to all educational institute from school to university level and they are using proprietary software. For this reason government is to expend a large amount of many for buying proprietary software to run the computers. Another one is government paying significant amount of money to the different vendors for buying different types of software to implement e-Governance project. So, the Government can use open source software for implanting projects to minimize cost of the projects.

For more details visit https://cis-india.org/openness/global-voices-september-17-2016-subhashish-panigrahi-it-is-september-and-that-means-it-is-time-for-software-freedom-day

How we celebrated Software Freedom Day

subha — 2016-10-07T02:02:18Z

A small group of 6 FOSS contributors from communities such as Mozilla, Wikimedia, Mediawiki, Open Street Map and users of FOSS solutions gathered in Bengaluru to celebrate Software Freedom Day. Subhashish Panigrahi who was a part of the event, reports the developments.

What are FOSS, Free Software, Open Source, and FLOSS?

Adopted by noted software freedom advocate Richard Stallman in 1983, free software has many names — free and open source software (FOSS or F/OSS), and Free/Libre and Open-Source Software (FLOSS) are umbrella terms that are used to include both free software and open source software. As defined by the Free Software Foundation — one of the early advocates of software freedom — free software allows users to not only use the software with complete freedom, but also study, modify, and distribute the software and any adapted versions, in both commercial and noncommercial form. The distribution of the software for commercial and noncommercial form however depends on the particular license the software is released under. The Creative Commons licenses have recommendations for a wide array of free licenses that one can choose for the software-related documentations and any creative work they create. Similarly, there are several different open licenses for software and many other works that are related to software development. “Open Source” was coined as an alternative to free software in 1998 by an educational-advocacy organization Open Source Initiative. Open source software is generally created collaboratively, made available with its source code, and it provides the user rights to study, change, and distribute the software to anyone and for any purpose.

Supported by several global organizations like Google, Canonical, Free Software Foundation, Joomla, Creative Commons and Linux Journal, Software Freedom Day draws its inspiration from the philosophy that was grown by people like Richard Stallman who argues that free software is all about the freedom and not necessarily free of cost but provides the liberty to users from [proprietary software developers’] unjust power. SFD encouraged everyone to gather in their own cities (map of places where SFD was organized this year) to: educate people around them about free software, promote it on social media (with the hashtag #SFD2016 this year), hacking with free software, organizing hackathons, running free software installation camps, and even going creative with flying a drone running free software!

In South Asia, there were 13 celebratory events in India, 8 in Nepal, 1 in Bangladesh and 4 in Sri Lanka.

South Asian countries have seen adoption of both free software and open source software, in both individual and organizational level and by the government. The Free Software Movement of India was founded in Bengaluru, India in 2010 to act as a national coalition of several regional chapters working for promoting and growing the free software movement in India. The Indian government has launched the open data portal at data.gov.in, initiated a new policy to adopt open source software, and asked vendors to include open source software applications while making requests for proposals. Similarly, there are many free and open source communities and organizations that are operating from the subcontinent also promote free and open source software like Mozilla India, Wikimedia India, Centre for Internet and Society, Open Knowledge India in India, Mozilla Bangladesh, Wikimedia Bangladesh, Bangladesh Open Source Network, Open Knowledge Bangladesh in Bangladesh, Mozilla Nepal, Wikimedians of Nepal and Open Knowledge Nepal in Nepal, Wikimedia Community User Group Pakistan in Pakistan, Lanka Software Foundation in Sri Lanka.

We promote open source and open web technologies in the country. We are open to associate/work with existing open source or other community-run, public benefit organizations.

“Internet By The People, Internet For The People” (from Mozilla India wiki)

Mohammad Jahangir Alam, a lecturer from Southern University Bangladesh argues in a research paper that the use of open source software can help the government save enormous amount of money that are spent in purchasing proprietary software,

A Large amount of money of government can be saved if the government uses open source software in different IT sectors of government offices and others sectors, Because government is providing computer to all educational institute from school to university level and they are using proprietary software. For this reason government is to expend a large amount of many* for buying proprietary software to run the computers. Another one is government paying significant amount of money to the different vendors for buying different types of software to implement e-Governance project. So, the Government can use open source software for implanting projects to minimize cost of the projects.

This year, a small group of six of us gathered to celebrate SFD in Bengaluru. The group consisted of FOSS contributors from communities such as Mozilla, Wikimedia, Mediawiki, Open Street Map (OSM), and users of FOSS solutions. Each participant shared their own stories of how they got connected with FOSS and what component it plays in their day-to-day life — from how a father tries to introduce his son to open source software while migrating from proprietary to open source back and forth as his job demands so, to an OSM contributor who truly believes that large scale contributions to open source can make the software as robust as proprietary ones and even better because of the freedom that lie in it. The participants bounced both technical and philosophical questions to each other to gauge the actual usage of FOSS in real life, and how as a society we are moving towards adopting openness. There is a great disconnect in communicating widely about the work that many Indian FOSS and other free knowledge communities are doing, agreed all the participants. So they planned to meet more regularly and try to connect more people using social media and chat groups so that these interactions shape into an annual event to bring all open communities under one roof.

The blog post which was originally published by Mozilla Open Mic on October 6 can be accessed here.

For more details visit https://cis-india.org/openness/subhashish-panigrahi-mozilla-open-mic-october-6-2016-how-we-celebrated-software-freedom-day

Hits and Misses With the Draft Encryption Policy

sunil — 2015-09-26T16:46:53Z

Most encryption standards are open standards. They are developed by open participation in a publicly scrutable process by industry, academia and governments in standard setting organisations (SSOs) using the principles of “rough consensus” – sometimes established by the number of participants humming in unison – and “running code” – a working implementation of the standard. The open model of standards development is based on the Free and Open Source Software (FOSS) philosophy that “many eyes make all bugs shallow”.

The article was published in the Wire on September 26, 2015.

This model has largely been a success but as Edward Snowden in his revelations has told us, the US with its large army of mathematicians has managed to compromise some of the standards that have been developed under public and peer scrutiny. Once a standard is developed, its success or failure depends on voluntary adoption by various sections of the market – the private sector, government (since in most markets the scale of public procurement can shape the market) and end-users. This process of voluntary adoption usually results in the best standards rising to the top. Mandates on high quality encryption standards and minimum key-sizes are an excellent idea within the government context to ensure that state, military, intelligence and law enforcement agencies are protected from foreign surveillance and traitors from within. In other words, these mandates are based on a national security imperative.

However, similar mandates for corporations and ordinary citizens are based on a diametrically opposite imperative – surveillance. Therefore these mandates usually require the use of standards that governments can compromise usually via a brute force method (wherein supercomputers generate and attempt every possible key) and smaller key-lengths for it is generally the case that the smaller the key-length the quicker it is for the supercomputers to break in. These mandates, unlike the ones for state, military, intelligence and law enforcement agencies, interfere with the market-based voluntary adoption of standards and therefore are examples of inappropriate regulation that will undermine the security and stability of information societies.

Plain-text storage requirement

First, the draft policy mandates that Business to Business (B2B) users and Consumer to Consumer (C2C) users store equivalent plain text (decrypted versions) of their encrypted communications and storage data for 90 days from the date of transaction. This requirement is impossible to comply with for three reasons. Foremost, encryption for web sessions are based on dynamically generated keys and users are not even aware that their interaction with web servers (including webmail such as Gmail and Yahoo Mail) are encrypted. Next, from a usability perspective, this would require additional manual steps which no one has the time for as part of their daily usage of technologies. Finally, the plain text storage will become a honey pot for attackers. In effect this requirement is as good as saying “don’t use encryption”.

Second, the policy mandates that B2C and “service providers located within and outside India, using encryption” shall provide readable plain-text along with the corresponding encrypted information using the same software/hardware used to produce the encrypted information when demanded in line with the provisions of the laws of the country. From the perspective of lawful interception and targeted surveillance, it is indeed important that corporations cooperate with Indian intelligence and law enforcement agencies in a manner that is compliant with international and domestic human rights law. However, there are three circumstances where this is unworkable: 1) when the service providers are FOSS communities like the TOR project which don’t retain any user data and as far as we know don’t cooperate with any government; 2) when the service provider provides consumers with solutions based on end-to-end encryption and therefore do not hold the private keys that are required for decryption; and 3) when the Indian market is too small for a foreign provider to take requests from the Indian government seriously.

Where it is technically possible for the service provider to cooperate with Indian law enforcement and intelligence, greater compliance can be ensured by Indian participation in multilateral and multi-stakeholder internet governance policy development to ensure greater harmonisation of substantive and procedural law across jurisdictions. Options here for India include reform of the Mutual Legal Assistance Treaty (MLAT) process and standardisation of user data request formats via the Internet Jurisdiction Project.

Regulatory design

Governments don’t have unlimited regulatory capability or capacity. They have to be conservative when designing regulation so that a high degree of compliance can be ensured. The draft policy mandates that citizens only use “encryption algorithms and key sizes will be prescribed by the government through notification from time to time.” This would be near impossible to enforce given the burgeoning multiplicity of encryption technologies available and the number of citizens that will get online in the coming years. Similarly the mandate that “service providers located within and outside India…must enter into an agreement with the government”, “vendors of encryption products shall register their products with the designated agency of the government” and “vendors shall submit working copies of the encryption software / hardware to the government along with professional quality documentation, test suites and execution platform environments” would be impossible for two reasons: that cloud based providers will not submit their software since they would want to protect their intellectual property from competitors, and that smaller and non-profit service providers may not comply since they can’t be threatened with bans or block orders.

This approach to regulation is inspired by license raj thinking where enforcement requires enforcement capability and capacity that we don’t have. It would be more appropriate to have a “harms”-based approach wherein the government targets only those corporations that don’t comply with legitimate law enforcement and intelligence requests for user data and interception of communication.

Also, while the “Technical Advisory Committee” is the appropriate mechanism to ensure that policies remain technologically neutral, it does not appear that the annexure of the draft policy, i.e. “Draft Notification on modes and methods of Encryption prescribed under Section 84A of Information Technology Act 2000”, has been properly debated by technical experts. According to my colleague Pranesh Prakash, “of the three symmetric cryptographic primitives that are listed – AES, 3DES, and RC4 – one, RC4, has been shown to be a broken cipher.”

The draft policy also doesn’t take into account the security requirements of the IT, ITES, BPO and KPO industries that handle foreign intellectual property and personal information that is protected under European or American data protection law. If clients of these Indian companies feel that the Indian government would be able to access their confidential information, they will take their business to competing countries such as the Philippines.

And the good news is…

On the other hand, the second objective of the policy, which encourages “wider usage of digital Signature by all entities including Government for trusted communication, transactions and authentication” is laudable but should have ideally been a mandate for all government officials as this will ensure non-repudiation. Government officials would not be able to deny authorship for their communications or approvals that they grant for various applications and files that they process.

Second, the setting up of “testing and evaluation infrastructure for encryption products” is also long overdue. The initiation of “research and development programs … for the development of indigenous algorithms and manufacture of indigenous products” is slightly utopian because it will be a long time before indigenous standards are as good as the global state of the art but also notable as an important start.

The more important step for the government is to ensure high quality Indian participation in global SSOs and contributions to global standards. This has to be done through competition and market-based mechanisms wherein at least a billion dollars from the last spectrum auction should be immediately spent on funding existing government organisations, research organisations, independent research scholars and private sector organisations. These decisions should be made by peer-based committees and based on publicly verifiable measures of scientific rigour such as number of publications in peer-reviewed academic journals and acceptance of “running code” by SSOs.

Additionally the government needs to start making mathematics a viable career in India by either employing mathematicians directly or funding academic and independent research organisations who employ mathematicians. The basis of all encryptions standards is mathematics and we urgently need the tribe of Indian mathematicians to increase dramatically in this country.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-26-09-2015-sunil-abraham-hits-and-misses-with-draft-encryption-policy

Google, Apple and Microsoft may need licence for satellite mapping in India

praskrishna — 2016-05-10T15:20:39Z

Cold response from MNCs like Google to India's security concerns is seen as a prime reason for the proposed legislation to regulate mapping of the country, a move that critics call "return of the Licence Raj" and "digital nationalism".

The article by Aman Sharma and Neha Alawadhi was published in Economic Times on May 9, 2016. Sumandro Chattapadhyay was quoted.

A draft of Geospatial Information Regulation Bill, released last week seeking public comments, says anyone mapping India by a satellite or aerial platform will need a licence from a government "security vetting authority". "India as a responsible power must have established guidelines," Kiren Rijiju, MoS for Home, told ET, reacting to the criticism to the move.

"We won't create hurdles for business and technological development, but national security considerations must not be compromised either," said Rijiju. Non-compliance could land you in jail for seven years. On the top of that would be a fine of up to Rs 100 crore. BJP MP Tarun Vijay, who has long been campaigning for such a law, said "patriotic Indians" should use the country's own 'Bhuvan' software application for maps.

"Why do we need Google? We should stop becoming Google's instruments," he told ET. "The patriotic government of Narendra Modi has taken a right step in a big relief to the security establishment. UPA did not take any action despite my pleas to the then Defence Minister AK Antony. I congratulate the Modi government for showing spine in face of arrogance of these IT giants," he said, adding: Google has been "behaving as if it were above Indian law".

A top government official involved in the move said maps of India's sensitive installations were available on Google Maps, increasing the security risk of those sites. Demand to mask those were never complied to. "Pathankot air base, which was recently attacked, can be seen on Google Maps. Terrorists plot strikes on sensitive targets studying Google Maps," he told ET.

"Our plea to black out sensitive installations do not yield results. This Bill is now sending a strong message that US companies cannot be running roughshod over Indian security interests." Companies such as Google, Microsoft and Apple, which have millions of Indians using their maps, would be hit directly by the legislation if it is pushed through. Firms that depend on these maps to provide their services, such as Uber, Zomato and Ola, too would be affected. Google, Apple and Microsoft didn't respond to emails seeking comment.

Mishi Choudhary, legal director at Software Freedom Law Centre, said almost all online businesses today depend on geo-location and provide maps for the use of their services, and that all of them will be forced to seek a licence under the proposed law. "This kind of digital nationalism is a way to create a government-controlled monopoly on all geographical information about the country, conveniently transforming Digital India to Licence India, digitally this time," said Choudhary, who was part of the successful legal fight to scrap Section 66A of the IT Act to ensure freedom of expression on the Internet. An executive at one of the big tech companies said the draft Bill raised far too many questions.

"On the face of it, the Bill will kill any and every use of the maps. It is also unclear if you get a licence for maps, only you can use it or others can use it, too," he said. "Also, whether every time you update a map, does one have to get a security clearance? Maps have to be live and dynamic, so getting it approved from government each time may not be feasible."

Those working on mapping and geospatial technology said services such as Google Maps are popular because they are faster and easier to use compared to government-prescribed process. "According to Indian law...if I have to buy certain data, I will have to go to the concerned department, like ISRO's National Remote Sensing Agency, or the Survey of India. In the case of NRSC (for satellite data), they will purchase the data for me, and then I will have to pay. That's a long process and hence people went to services like Google Maps, which are easier," said Devdatta Tengshe, a freelance geospatial information systems consultant.

The agency removes sensitive zones from the data and takes about two-three months or even more to respond, which is an unrealistic timeline for people working with digital data, he said. There is also apprehension that the Bill will undermine rescue and humanitarian efforts, such as during disasters like the Nepal earthquake.

"It was user-generated geospatial data that was used by the humanitarian response teams. This situation of lack of openly usable geospatial data holds true for large parts of India, and especially Himalayan India," said Sumandro Chattapadhyay, research director at Centre for Internet and Society. Also of concern is the lack of court's jurisdiction in matters related to the proposed legislation, said SFLC's Choudhary.

A senior government official, however, said companies should not have a problem to come under regulations on security considerations and that the Bill was up for public comments where the companies can lodge their apprehensions. "We are not banning anyone from mapping India — only that the mapping has to be in line with Indian security considerations regarding sensitive installations and correct boundaries being depicted like not showing PoK and Arunachal Pradesh as out of India," this official said.

A group of techies have, meanwhile, got together to create a website called savethemap.in, which aims to educate people and make them send out responses to the draft Bill. It will likely come up with a template response, along the lines as the savetheinternet. in campaign that was instrumental in taking the net neutrality debate to the people.

For more details visit https://cis-india.org/openness/news/economic-times-aman-sharma-neha-alawadhi-may-9-2016-google-apple-and-microsoft-may-need-licence-for-satellite-mapping-in-india

Event Report: Community Discussion on Open Standards

Karan Saini, Prem Sylvester and Anishka Vaishnav — 2019-08-02T06:51:00Z

This community discussion organised by HasGeek was held at the office of the Centre for Internet and Society in Bangalore, India on June 20, 2019.

Open standards are important for the growth and evolution of technology and practices for consumers and industries. They provide a range of tangible benefits, including, for instance, a reduction in cost of development for small businesses and organizations, facilitation of interoperability across different technologies in certain cases, and encouragement of competitiveness in the software and services market. Open standardization also encourages innovation, expansion in market access, transparency — along with a decrease in regulatory rigidity, as well as volatility in the market, and subsequently the surrounding economy, as well.

The importance of open standards is perhaps most strikingly evident when considering the ardent growth and impact the Internet — and the World Wide Web in particular — have been able to enjoy. The modern Internet has arguably been governed, at least for the most part, by the continuous development and maintenance of an array of inventive protocols and technical standards. Open standards are usually developed in a public-consultancy process, where the standards development organizations (“SDOs”) involved follow a multi-stakeholder model of decision-making. Multi-stakeholder models like this ensure equity to groups with varying interests, and also ensures that any resulting technology, protocol or standard which is developed is in accordance with the general consensus of those involved.

This event report highlights a community discussion on the state of open standardization in the age where immediately accessible cloud computing services are readily available to consumers — along with an imagined roadmap for the future; one which ensures steady ground for users as well as the open standards and open source software communities. Participants in the discussion focused on what they believed to be the key areas of open standardization, establishing a requirement for regulatory action in the open standards domain, while also touching upon the effects of market forces on stakeholders within the ecosystem, which ultimately guide the actions of software companies, service providers, users, and other consumers.

The event report can be accessed here.

For more details visit https://cis-india.org/internet-governance/blog/event-report-community-discussion-on-open-standards

Discussion on Open Standards with Bernd Erk and Jiten Vaidya

Admin — 2019-07-04T16:53:37Z

Rootconf organised a discussion on open standards at CIS Bangalore office. Zainab Bawa, Karan Saini and Anwesha Das coordinated and organised the event.

The discussions created awareness on:

Consequences of building your applications around non-open standards.
Risks associated with non-open standards.
How to build your applications around open standards.

Open standards are important for:

Business
Application development
Communications
Open internet

The event kicked off with Bernd Erk talking about how the convenience of availing services from a few 'cloud' providers is killing open standards in the space. Jiten Vaidya then discussed his experience running a successful open source product and business, and the future of open standards in the space. Kiran Jonnalagadda and Gurshabad Grover contributed to and moderated the subsequent discussion.

For more details visit https://cis-india.org/openness/events/discussion-on-open-standards-with-bernd-erk-and-jiten-vaidya

DCOS Agreement on Procurement

pranesh — 2011-08-23T02:58:35Z

On December 6, 2008, at the closing of the third Internet Governance Forum in Hyderabad, India, the Dynamic Coalition on Open Standards (DCOS), of which the Centre for Internet and Society is a member, released an agreement entitled the "Dynamic Coalition on Open Standards (DCOS) Agreement on Procurement in Support of Interoperability and Open Standards".

For more details visit https://cis-india.org/openness/blog-old/dcos-agreement-on-procurement

CPOV : Wikipedia Research Initiative

nishant — 2011-08-23T02:52:25Z

The Second event, towards building the Critical Point of View Reader on Wikipedia, brings a range of scholars, practitioners, theorists and activists to critically reflect on the state of Wikipedia in our contemporary Information Societies. Organised in Amsterdam, Netherlands, by the Institute of Network Cultures, in collaboration with the Centre for Internet and Society, Bangalore, the event builds on the debates and discussions initiated at the WikiWars that launched off the knowledge network in Bangalore in January 2010. Follow the Live Tweets at #CPOV

Second international conference of the CPOV Wikipedia Research Initiative :: March 26-27, 2010 :: OBA (Public Library Amsterdam, next to Amsterdam central station), Oosterdokskade 143, Amsterdam.

Wikipedia is at the brink of becoming the de facto global reference of dynamic knowledge. The heated debates over its accuracy, anonymity, trust, vandalism and expertise only seem to fuel further growth of Wikipedia and its user base. Apart from leaving its modern counterparts Britannica and Encarta in the dust, such scale and breadth places Wikipedia on par with such historical milestones as Pliny the Elder’s Naturalis Historia, the Ming Dynasty’s Wen-hsien ta- ch’ eng, and the key work of French Enlightenment, the Encyclopedie. The multilingual Wikipedia as digital collaborative and fluid knowledge production platform might be said to be the most visible and successful example of the migration of FLOSS (Free/ Libre/ Open Source Software) principles into mainstream culture. However, such celebration should contain critical insights, informed by the changing realities of the Internet at large and the Wikipedia project in particular.

The CPOV Research Initiative was founded from the urge to stimulate critical Wikipedia research: quantitative and qualitative research that could benefit both the wide user-base and the active Wikipedia community itself. On top of this, Wikipedia offers critical insights into the contemporary status of knowledge, its organizing principles, function, and impact; its production styles, mechanisms for conflict resolution and power (re-)constitution. The overarching research agenda is at once a philosophical, epistemological and theoretical investigation of knowledge artifacts, cultural production and social relations, and an empirical investigation of the specific phenomenon of the Wikipedia.

Conference Themes: Wiki Theory, Encyclopedia Histories, Wiki Art, Wikipedia Analytics, Designing Debate and Global Issues and Outlooks.

Follow the live tweets on http://twitter.com/#search?q=%23CPOV

Confirmed speakers: Florian Cramer (DE/NL), Andrew Famiglietti (UK), Stuart Geiger (USA), Hendrik-Jan Grievink (NL), Charles van den Heuvel (NL), Jeanette Hofmann (DE), Athina Karatzogianni (UK), Scott Kildall (USA), Patrick Lichty (USA), Hans Varghese Mathews (IN), Teemu Mikkonen (FI), Mayo Fuster Morell (IT), Mathieu O’Neil (AU), Felipe Ortega (ES), Dan O’Sullivan (UK), Joseph Reagle (USA), Ramón Reichert (AU), Richard Rogers (USA/NL), Alan Shapiro (USA/DE), Maja van der Velden (NL/NO), Gérard Wormser (FR).

Editorial team: Sabine Niederer and Geert Lovink (Amsterdam), Nishant Shah and Sunil Abraham (Bangalore), Johanna Niesyto (Siegen), Nathaniel Tkacz (Melbourne). Project manager CPOV Amsterdam: Margreet Riphagen. Research intern: Juliana Brunello. Production intern: Serena Westra.

The CPOV conference in Amsterdam will be the second conference of the CPOV Wikipedia Research Initiative. The launch of the initiative took place in Bangalore India, with the conference WikiWars in January 2010. After the first two events, the CPOV organization will work on producing a reader, to be launched early 2011. For more information or submitting a reader contribution.

Buy your ticket online (with iDeal), or register by sending an email to: info (at) networkcultures.org. One day ticket: €25, students and OBA members: €12,50. Full conference pass (2 days): €40, students and OBA members: 25.

Organized by the Institute of Network Cultures Amsterdam, in cooperation with the Centre for Internet and Society in Bangalore, India.

For more details visit https://cis-india.org/research/conferences/conference-blogs/cpov