Centre for Internet and Society

Atmanirbhar Bharat Meets Digital India: An Evaluation of COVID-19 Relief for Migrants

ankan — 2021-06-03T12:53:57Z

With the onset of the national lockdown on 24th March 2020 in response to the outbreak of COVID-19, the fate of millions of migrant workers was left uncertain. In addition, lack of enumeration and registration of migrant workers became a major obstacle for all State Governments and the Central Government to channelize relief and welfare measures.

A majority of workers were dependent on relief provided by NGOs, Civil Society Organizations and individuals or credit via kinship networks. With mounting domestic and international pressures, various relief and welfare schemes were rolled out but they were too little, too late and more often than not characterised by poor implementation.

The aim of this report is to qualitatively assess health conditions of migrant workers and access to welfare during the first COVID-19 lockdown. The primary focus is on the host states of Tamil Nadu, Maharashtra and Haryana. 20 in-depth interviews were conducted remotely with migrant workers working in various sectors. Their access to welfare schemes of the Central Government as well as of their host states was ascertained. Emphasis was also laid on their access to healthcare facilities in relation to COVID-19 and non-COVID-19 ailments.

The findings of the report showcase a dismal state of affairs. No one in our sample group received any kind of dry ration or cooked food in a sustained manner and, in the rare occasions when they did, it was woefully inadequate. Of the three states considered, we found that relief distribution was the best in Tamil Nadu followed by Maharashtra and then Haryana. Even the Direct Cash Transfer Scheme of the Central Government under ‘Atmanirbhar Bharat’ did not reach the migrant workers. Moreover, the migrant workers were apprehensive to report any COVID-19 related symptom due to the draconian treatment that followed therein and the crumbling healthcare sector made it impossible to avail facilities in non-COVID-19 related issues. Lastly, a case has been made for the creation of bottom-level infrastructures to further dialogue between various stakeholders, including associations of migrant workers, for the implementation of schemes and policies which can consolidate migrant workers as a relevant political subject. As migrant workers reel from the impact of the second wave, pushing for on-ground infrastructure and supporting community-based organisations becomes even more urgent.

Click here to read the report authored by Ankan Barman and edited by Ayush Rathi. [PDF, 882 kb]

For more details visit https://cis-india.org/raw/migrant-workers-solidarity-network-and-cis-ankan-barman-atmanirbhar-bharat-meets-digital-india-an-evaluation-of-covid-19-relief-for-migrants

World Narrow Web

pranesh — 2012-03-27T16:00:24Z

Censorship and how govt reacts to it may push us to country-specific networks, writes Pranesh Prakash in an article published in the Indian Express on 4 February 2012.

Twitter, a popular micro-blogging service, recently announced that “[today] we give ourselves the ability to reactively withhold content from users in a specific country — while keeping it available in the rest of the world”. In a move a few weeks ago, Blogger, Google’s blogging service, in effect announced something similar, by saying that default they would redirect Blogger users trying to get to Blogspot.com addresses (like http://example.blogspot.com) to their respective country sites (like http://example.blogspot.in). Twitter’s announcement was greeted with much disapproval by many Twitter users, as a move towards censorship, with some talking (on Twitter) about a boycott. Blogger’s move was hidden away, deep within a help page, and is being noticed now, and is causing quite a stir as caving in to censorship. Are these concerns justified? Before answering that question, let’s look at what the platforms’ announcements really say.

Twitter has given itself the ability to withhold specific tweets and users in particular countries where that content is legally required to be removed (generally with a court order). Their earlier option, they inform us, was to block the offending tweets and users in all countries. Apart from this, they will publish a notice for each tweet/ user that is blocked in a country. They will also be proactively publishing every removal request they receive at ChillingEffects.org, which allows us to hold them to account and question their decision to remove tweets.

Google, by redirecting you to the country-specific Blogger, is allowing for country-level removal of both blogs and individual blog posts. However, they also note that you can circumvent this by using a special “no redirect” address. Google currently forwards all search-related removals, but does not do so for Blogger-related requests, and all copyright-related complaints to ChillingEffects.org. Google does publish aggregate data relating to censorship of Blogger, on which free-speech advocates have been asking them to provide more granular information.

There are three problems. First, while Twitter was just as open to repressive governments’ requests last week, by making this change, they are advertising this fact to such governments. Thailand has noted it, and has congratulated Twitter.

Second, as Rob Beschizza, managing editor of the website Boing Boing, pointed out, there have been no instances of political content having been removed by Twitter. Even British courts’ super-injunctions (injunctions on speech, that prevent you from mentioning the fact that there is an injunction) were defeated by Twitter users, which only showed that attempts to censor material results in even more attention being drawn to it (which is popularly known as the “Streisand Effect”). So, does this now mean that Twitter will start applying local laws to judge “valid and applicable legal requests”, instead of American laws? What if the law is as bad as that which exists in India, where they are required to remove content within 36 hours based on any affected person’s complaint — without a court order? Will they still act on it? If they don’t, will the government or courts order Twitter.com to be blocked in India, finding it liable for illegal omissions?

Third, this trend points increasingly to the fact that we are witnessing a Balkanisation of the Web as more countries start asserting their sovereignty online. As Chinese dissident journalist Michael Anti pointed out recently, it seems we now need visas (read “circumvention techniques”) to visit the international Web. But even then, there is no longer a singular “international” Web, but an Indian Web and a Guatemalan Web, and an Angolan Web. And the government’s recent proposal of requiring companies to locate their servers in India is a move towards this (apart from being a move towards killing cloud computing).

That having been said, the reality is that the CEOs of Google, Google India, and Microsoft have been summoned to appear in Indian courts for allowing their users to publish material which they don’t know about, which is in a sealed envelope (and most of the accused companies haven’t been shown yet), and which they weren’t even asked once to remove.

The Intermediary Guidelines Rules passed by the Department of Information Technology in April 2011 do not require the user, whose content it is, to be told that there is a complaint, nor to be given a chance to defend themselves. It does not even require public notice that the content has been removed.

The truth is, the transparency around censorship that Google and Twitter are providing is far better than what most other companies are providing. For instance, Big Rock, an Indian DNS provider, suspended the CartoonsAgainstCorruption.com web address on the basis of a seemingly not legal request by the Cyber Cell of the Mumbai Crime Branch, and did so without any public notice and without even informing the cartoonist whose web address it was. At least Google and Twitter are pushing back against non-legal requests, and refusing to remove content that doesn’t violate local laws. Single-mindedly criticising them will only put off other companies from following in their footsteps.

Instead of criticising those who are actually working towards transparency in censorship, we should encourage them and others, push intermediaries not to cave in to unreasonable censorship requests, prevent them from over-censoring on their own, and push hard for the government to incorporate their best practices as part of the Intermediary Guidelines Rules.

The original article was published in the Indian Express

For more details visit https://cis-india.org/internet-governance/world-narrow-web

Deconstructing Digital Natives: Young People, Technology and the New Literacies

nishant — 2015-04-24T11:51:06Z

Nishant Shah was invited to do a book review of a new anthology 'Deconstructing Digital Natives', edited by Michael Thomas. The review was published in Routledge's Journal of Children and Media on July 18, 2012.

Deconstructing Digital Natives: Young People, Technology and the New Literacies is an anthology that revisits the debates and scholarship that have arisen around youth and technology in the last decade or so. It is a timely intervention that invites some of the most influential scholars who have contributed to and shaped the discourse around “digital natives” to come and revisit their original ideas from the last decade. The term “digital native” probably bears witness to the strident discourses that, more often than not, fall into the trap of exotically glorifying or despairingly vilifying young peoples’ engagement with digital technologies. As Buckingham points out in his foreword to the book, these conversations either take up the language of a “generation gap [that] entails a narrative of transformation and even of rupture, in which fundamental continuities between the past and the future have been destroyed” or they guise themselves in an “almost utopian view of technology—a fabulous story about technology liberating and empowering young people, enabling them to become global citizens, and to learn and communicate and create in free and unfettered ways” (p. ix). The essays seek a point of departure from these tried and tested arguments in order to provide a “balanced view” on the topic. And so we have a distinguished author list from the world of digital natives scholarship, coming together not only to ponder on their own contributions to the field and how those ideas need to be upgraded, but also to provide new contexts, concepts, and frameworks to understand who, or indeed, what, is a “digital native,” often in tension with their earlier work.

In its ambition of revisiting existing debates and providing a “research-based approach by presenting empirical evidence and argument from international researchers in the field,” the book succeeds unevenly (p. xi). Despite its efforts to chart a point of departure, some of the essays end up falling into some usual traps. For example, despite the fact that the oldest digital natives are probably in their thirties, they are thought of as being young. They are defined only as “students” within formal learning institutions without looking at the radical potential of learning outside organized education, embedded in their everyday practices. The digital natives remain an object of research and the peer-to-peer structures that are supposed to shape them, but do not feature in the methodologies of researching them. This notwithstanding, the essays still offer a historical and social perspective on the debates around digital natives in certain developed pockets of the world.

In the first section, “Reflecting on the Myth,” Thomas’ essay “Technology, Education and the Discourse of the Digital Native” introduces a tension between the techno-euphorists and the “digital luddites,” which replays itself through the rest of the contributions. While Thomas places himself between “technoevangelism” and “technoskepticism,” Prensky, who coined the term “Digital Natives” in 2001, then introduces to us a new binary of “digitally wise” and “digitally dumb” (p. 4). Prensky reviews the responses that his opposition of “digital natives” and “digital immigrants” have produced over the last decade and emphasizes that his coinage was at the level of a metaphor, and was not to be taken seriously. Prensky agrees that the earlier opposition might be discarded because it evokes too many simple responses based on skills with technology. Digital wisdom, for Prensky, is in the ways in which digital technologies enhance the human brain “to anticipate second- and third-order effects to which the unaided mind may be blind” as the world becomes too complex for the “unenhanced human brain” to cope with it (p. 23). Typically, Prensky’s argument creates a dichotomy of those who can (and will) and those who will be outside of this web of digital enhancements. His analysis tries to complicate the idea of human wisdom by looking at questions of ethics and agency, but the final formulations appear cliche´d, merely re-creating the older tensions rather than thinking through them. Jones’ following essay on the “Net Generation” is more persuasive, where he argues for dismissing the idea that “nature of certain technologies . . . has affected the outlook of an entire age cohort in advanced economies” and instead should unpack how “new technologies emerging with this generation have particular characteristics that afford certain types of social engagement” (p.42).

In the second section, titled “Perspectives,” the essays take up two different tones.The first is about looking at digital literacy, skill, and fluency in everyday practices of digital natives, and how they shape our contemporary and future sociopolitical and cultural landscapes. Banaji, in exploring the EU Civic Web Project, echoes Jones’ ideas. The presumptions within education about an entire generation as “born with technologies” has consequences in the field of civic action, where programs for citizen action are designed with expectations that the young people will have core digital competencies and literacy. She does not push that argument further, but in her study of the two Scottish e-initiatives, one can see the promise of a radical reconstruction of civic engagement movements, where the young participants are not going to be satisfied as mere participators, and will demand a space for their voice to be heard.

Takahashi’s essay on the oyaubibunka (“thumb culture”) mobile generations in Japan stands alone in its analysis of an Asian context—though many might argue that Japan, with its developed economy, can hardly be counted as a typically “Asian” perspective. Takahashi is rooted, both in practice and discourse, in youth and technology in Japan, where the youth often experience close-knit community experiences through mobile interfaces, in their otherwise alienated modern habitats. Almost as a response to Turkle’s Alone Together (2011), Takahashi shows how collaborative and cocreation cultures ranging from the mobile novels on Mixi to everyday interaction on Social Networking Systems is bringing in new kinds of social spaces of belonging. The essay, however, resists simply celebrating this space and works in complex ideas of freedom, control, risks, and the tensions between traditionalization and modernity in Japan.

Zimic and Dalin, writing from a similar heavily connected Nordic region, pose a different set of questions in their essay, “Actual and Perceived Online Participation Among Young People in Sweden.” For Zimic and Dalin, in a space where connectivity can be taken for granted, the further question to ask is not whether digital natives participate online or not, but whether they participate in ways that are expected of “a digital citizen in the information age” (p. 137). Through empirical data and case studies, the essay shows the different kinds of activities that youth engage with and also concludes that though engaging in civic issues is important to the young people’s sense of belonging to participatory cultures, using the Internet does not provide an “automatic guarantee” toward participation, and “assistance is required in order to engage them in relevant activities” (p. 148).

The second set of essays in this section all cluster around the digital native as a student. Locating the digital native within educational institutions, they look at the ways in which the ideas of learning, pedagogy and engagement with the text are changing with the rise of digital technologies. Levy and Michael look at two case studies involving students in Australian high schools, to “facilitate a deeper understanding of products and processes in multimodal text construction,” which they think is core to interactive communication technology literacy skills (p. 85). The data is rigorous and rich, but the conclusions are a bit of a disappointment: digital natives need to better manage their time and resources and they need to learn traditional skills in order to cope with their educational environment.

The trend of an exciting hypothesis and conclusion, which do not necessarily leave you with anything more than what you already knew, continues in this section. Erstad sets out on a journey to see how digital literacy posits challenges to educating the digital generation and ends by suggesting that the digital divide should address questions of “how to navigate in the information jungle on the Internet, to create, to communicate, and so forth” (p. 114). Similarly, Kennedy and Judd want to unravel the mystery of why “students, who are so clearly familiar and apparently adept with Internet tools, are at times so poor at using the Internet academically” (p. 119). Through empirical research and interaction with students, they end up making an argument against the Googlization of everything (Vaidhyanathan, 2011), suggesting that “satisficing strategies” of information search, defined by a need for instant gratification and not looking beyond the first information sets, has produced “a generation of students that has grown up with Google [who] may over-value expediency when locating and selecting appropriate scholarly information” (p. 132). On similar trends, Levy proposes to question the assumption of whether all “young children are inherently ‘native’ users of digital technology” for implications on our future pedagogy within the new textual landscape (p. 152). The case studies and the frameworks built are interesting, but they reveal nothing more than the claim that the essay begins with by Marsh et al. (2005) and Bearne et al. (2007) that “young children are immersed in ‘digital practices’ from an early age and that they often develop skills in handling screen texts even when they are not exposed directly to computers at their own homes” (Levy, 2011, p. 163). The implication is clear: change our schools to accommodate for these new textual practices and help children capitalize on their digital competence and develop “digital wisdom.” But it is a recommendation that has been around for at least a decade, if not more.

The third and concluding section of the book, “Beyond Digital Natives,” is possibly the most promising part of the book. Bennett and Maton seek to look beyond “nuanced versions of the idea” and move the debate on to firmer grounds of how the rise of the digital natives is going to affect the policies around educational technology” (p. 169). They engage with a body of work that is specifically oriented toward building empirical evidence-based frameworks for understanding the potential role of technology in education. With a fine conceptual tool that makes distinctions between access and usage, they systemically dismiss the “academic moral panic” that characterizes conversations around youth-technology-change.

For Bennett and Maton, the object of inquiry is not the digital native but the body of discourse that surrounds this particular entity—and they make a plea for research rather than imaginings, showing how the influential work in the area has been plagued by unsupported claims, unevidenced observations, and futuristic imaginations, which paint a poetic picture of digital natives but offer very little in terms of furthering the argument. It is also noteworthy that they do not flinch from critiquing the colleagues who also feature in the same book, as an idealizing and homogenizing group that has shown “diversity rather than conformity” (p. 181).

Palfrey and Gasser, whose Born Digital (2008) has been the guide for lay readers to understand the nuances and complexities of the area, in their essay, begin by acknowledging that “digital natives” is an awkward term. However, they argue, it is still a term that resonates deeply with parents and educators, and that this resonance should not be taken lightly by researchers. Their decision was to use this term, albeit with caution and discretion, strategically to refer to a small subset of young people and the gamut of relationships and engagements they have with digital technologies. The suggestion is to use the term and in every usage, look at the unevennesses and awkwardness it creates, thus actually unpacking an otherwise opaque relationship which is reduced to “usage” or “access.” Their concerns are more about the quality of information and access, infrastructure for critical literacy and digital fluency, and making legible these everyday practices to larger implications for a future that they posit is bright and hopeful.

Deconstructing Digital Natives is an interesting revisit of a term that has grown in different ways through the first decade of the new millennium. However, the book still remains located in the same geopolitics in which the early discourse of digital natives were grounded—developed, privileged locations where connectivity, affordability, and ubiquitous digital literacy are taken for granted—reminiscent of the frantic cries one hears in piracy markets in Bangkok, “same, same, but different.” The revisiting does not seem to feel the need to explore other contexts. A few essays talk about factoring in local and contextual information in understanding digital natives, but the scholarship reinforces the idea of how technologies shape and are shaped by identities in some parts of the world, and that these identities can be heralded as universally viable, with a little nuancing.

The questions that have emerged in this discourse in the recent years, remain ignored. What does a digital native look like in the Global South? Can we have new concepts and frameworks which emerge from these contexts? Is it possible to produce accounts in languages and ideas that are embedded in everyday practices rather than forcing them to become legible in existing vocabularies? One would hope that the next book that deconstructs digital natives would also deconstruct the prejudices, presumptions, and methodological processes that are embedded in this field.

References

Bearne, E., Clark, C., Johnson, A., Manford, P., Motteram, M., & Wolsencroft, H. (2007). Reading on screen. Leicester: UKLA.
Marsh, J., Brookes, G., Hughes, J., Ritchie, L, Roberts, S., & Wright, K. (2005). Digital beginnings: Young children’s use of popular culture, media and new technologies. Sheffield: Literacy Research Centre, University of Sheffield.
Palfrey, J., & Gasser, U. (2008). Born digital. New York, NY: Basic Books.
Turkle, S. (2011). Alone together: Why we expect more from technology and less from each other, NY. New York: Basic Books.
Vaidhyanthan, S. (2011). The Googlization of everything: (And why we should worry). Berkeley, CA: University of California Press.

Nishant Shah is the Director-Research at the Bangalore-based Centre for Internet and Society. He is the principal researcher for a Global South inquiry into digital natives and sociopolitical change, and recently edited four-volume book, Digital AlterNatives with a Cause?, which is available as a free download at http://cis-india.org/digital-natives/blog/dnbook. Correspondence to: Nishant Shah, Centre for Internet and Society, Bangalore, India. E-mail: nishant@cis-india.org

Download the file (originally published by Taylor & Francis) here [PDF, 66 Kb]

Read the original published by Taylor & Francis here

For more details visit https://cis-india.org/digital-natives/young-people-technology-new-literacies

Fill The Gap: Global Discussion on Digital Natives

nishant — 2010-01-22T10:54:13Z

More often than not people don't understand the new practices inspired by Internet and digital technologies. As such a series of accusations have been leveled against the Digital Natives. Educators, policy makers, scholars, and parents have all raised their worries without hearing out from the people they are concerned about. Hivos has initiated an online global discussion about Digital Natives. So, to voice your opinion, start tweeting with us now #DigitalNatives.

If you cannot attend Fill The Gap, you can also join us in a global discussion on some of the issues being discussed at #DigitalNatives

1. Are you an apolitical consumer, or do you have ambitions?

http://www.tweetworks.com/groups/view/DigitalNatives

2. Are you a little prince or princess, who only wants to talk to like minded people or are you different?

http://www.tweetworks.com/groups/view/DigitalNativesPrincess

3. Is Wikipedia your bible or do you really know something?

http://www.tweetworks.com/groups/view/DigitalNativesWiki

4. Are you a digital dinosaur? They say you don’t know anything about ICT!

http://www.tweetworks.com/groups/view/DigitalDinosaur

5. Why use the Internet, why don’t you march the streets?

http://www.tweetworks.com/groups/view/DigitalNativesProtest

6. Plans to change the world? What do you need?

http://www.tweetworks.com/groups/view/DigitalNativesChanceTheWorld

If you are in Amsterdam, here is the information you will need to attend the event:

Fill the Gap! - 7

R U Online?

Date: 15 January 2010

Time: 12.30 until 17.00 hour

Location: Het Sieraad, Postjesweg 1, Amsterdam

The seventh edition of Fill the Gap! is all about the power of youth and IT in developing countries. How can their skills be strengthened and put to use for a better world? Hivos, apart from cohosting the event, will be involving digital natives to hear their stories about ICT and engagement.

An Open Space event on the potential of new (mobile) media and youth in developing countries. For everyone in politics, the profit and the non-profit sectors who is interested in ICT and international development cooperation.

The use of new (mobile) technology is the most natural thing in the world for the youth of today.

Shaped by the digital era and at ease with creativeity, these innovators use new media to change the world. Just think of the Twitter revolution in Iran. What can the international development sector learn from this? How could international development cooperation use the potential power of youth to tackle development problems?

The seventh edition of Fill the Gap! is all about the power of youth and IT in developing countries. How can their skills be strengthened and put to use for a better world? The kick-off will be hosted by Jennifer Corriero, co-founder of Taking IT Global: the international platform for youth and the use of new media for a better world. Then the floor is open to discuss your own ideas with people from new media, the business world and the international development sector during the Open Space sessions. Join in: come to Amsterdam on Friday January 15th and be inspired during Fill the Gap!

Registration is free. The programme is in English.

» Fill the Gap

For more details visit https://cis-india.org/research/grants/digital-natives-with-a-cause/dntweet

Open Data Hackathons are Great, but Address Privacy and License Concerns

sumandro — 2016-02-05T20:37:18Z

This is to cross-publish a blog post from DataMeet website regarding a letter shared with the organisers of Urban Hack 2015, Bangalore, in response to a set of privacy and license concerns identified and voiced during the hackathon by DataMeet members. Sumandro Chattapadhyay co-authored and co-signed the letter. The blog post is written by Nisha Thompson.

Hackathons are a source of confusion and frustration for us. DataMeet actively does not do them unless there is a very specific outcome the community wants like freeing a whole dataset or introducing open data to a new audience. We feel that they cause burn out, are not productive, and in general don't help create a healthy community of civic tech and open data enthusiasts.

That is not to say we feel others shouldn't do them, they are very good opportunities to spark discussion and introduce new audiences to problems in the social sector. DataKind and RHOK and numerous others host hackathons or variations of them regularly to stir the pot, bring new people into civic tech and they can be successful starts to long term connections and experiments. A lot of people in the DataMeet community participate and enjoy hackathons.

However, with great data access comes great responsibility. We always want to make sure that even if no output is achieved when a dataset is opened at least no harm should be done.

Last October an open data hackathon, Urban Hack, run by Hacker Earth, NASSCOM, XEROX, IBM and World Resource Institute India wanted to bring out open data and spark innovation in the transport and crime space by making datasets from Bangalore Metropolitan Transport Corporation (BMTC) and the Bangalore City Police available to work with. A DataMeet member (Srinivas Kodali) was participating, he is a huge transport data enthusiast and wanted to take a look at what is being made available.

In the morning shortly after it started I received a call from him that there is a dataset that was made available that seems to be violating privacy and data security. We contacted the organizers and they took it down, later we realized it was quite a sensitive dataset and a few hundred people had already downloaded it. We were also distressed that they had not clarified ownership of data, license of data, and had linked to sources like Open Bangalore without specifying licensing, which violated the license.

The organizers were quite noted and had been involved with hackathons before so it was a little distressing to see these mistakes being made. We were concerned that the government partners (who had not participated in these types of events before) were also being exposed to poor practices. As smart cities initiatives take over the Indian urban space, we began to realize that this is a mistake that shouldn't happen again.

Along with Centre for Internet and Society and Random Hacks of Kindness we sent the organizers, Bangalore City Police and BMTC a letter about the breach in protocol. We wanted to make sure everyone was aware of the issues and that measures were taken to not repeat these mistakes.

You can see the letter here:

We are very proud of the DataMeet community and Srinivas for bringing this violation to the attention of the organizers. As people who participate in hackathons and other data events it is imperative that privacy and security are kept in mind at all times. In a space like India where a lot of these concepts are new to institutions, like the Government, it is essential that we are always using opportunities not only to showcase the power of open data but also good practices for protecting privacy and ensuring security.

Originally posted on DataMeet website: http://datameet.org/2016/02/02/to-hack-or-not-to-hack/.

For more details visit https://cis-india.org/openness/open-data-hackathons-are-great-but-address-privacy-and-license-concerns

Invisible Censorship: How the Government Censors Without Being Seen

pranesh — 2012-01-04T08:59:14Z

The Indian government wants to censor the Internet without being seen to be censoring the Internet. This article by Pranesh Prakash shows how the government has been able to achieve this through the Information Technology Act and the Intermediary Guidelines Rules it passed in April 2011. It now wants methods of censorship that leave even fewer traces, which is why Mr. Kapil Sibal, Union Minister for Communications and Information Technology talks of Internet 'self-regulation', and has brought about an amendment of the Copyright Act that requires instant removal of content.

Power of the Internet and Freedom of Expression

The Internet, as anyone who has ever experienced the wonder of going online would know, is a very different communications platform from any that has existed before. It is the one medium where anybody can directly share their thoughts with billions of other people in an instant. People who would never have any chance of being published in a newspaper now have the opportunity to have a blog and provide their thoughts to the world. This also means that thoughts that many newspapers would decide not to publish can be published online since the Web does not, and more importantly cannot, have any editors to filter content. For many dictatorships, the right of people to freely express their thoughts is something that must be heavily regulated. Unfortunately, we are now faced with the situation where some democratic countries are also trying to do so by censoring the Internet.

Intermediary Guidelines Rules

In India, the new 'Intermediary Guidelines' Rules and the Cyber Cafe Rules that have been in effect since April 2011 give not only the government, but all citizens of India, great powers to censor the Internet. These rules, which were made by the Department of Information Technology and not by the Parliament, require that all intermediaries remove content that is 'disparaging', 'relating to... gambling', 'harm minors in any way', to which the user 'does not have rights'. When was the last time you checked wither you had 'rights' to a joke before forwarding it? Did you share a Twitter message containing the term "#IdiotKapilSibal", as thousands of people did a few days ago? Well, that is 'disparaging', and Twitter is required by the new law to block all such content. The government of Sikkim can run advertisements for its PlayWin lottery in newspapers, but under the new law it cannot do so online. As you can see, through these ridiculous examples, the Intermediary Guidelines are very badly thought-out and their drafting is even worse. Worst of all, they are unconstitutional, as they put limits on freedom of speech that contravene Article 19(1)(a) and 19(2) of the Constitution, and do so in a manner that lacks any semblance of due process and fairness.

Excessive Censoring by Internet Companies

We, at the Centre for Internet and Society in Bangalore, decided to test the censorship powers of the new rules by sending frivolous complaints to a number of intermediaries. Six out of seven intermediaries removed content, including search results listings, on the basis of the most ridiculous complaints. The people whose content was removed were not told, nor was the general public informed that the content was removed. If we hadn't kept track, it would be as though that content never existed. Such censorship existed during Stalin's rule in the Soviet Union. Not even during the Emergency has such censorship ever existed in India. Yet, not only was what the Internet companies did legal under the Intermediary Guideline Rules, but if they had not, they could have been punished for content put up by someone else. That is like punishing the post office for the harmful letters that people may send over post.

Government Has Powers to Censor and Already Censors

Currently, the government can either block content by using section 69A of the Information Technology Act (which can be revealed using RTI), or it has to send requests to the Internet companies to get content removed. Google has released statistics of government request for content removal as part of its Transparency Report. While Mr. Sibal uses the examples of communally sensitive material as a reason to force censorship of the Internet, out of the 358 items requested to be removed from January 2011 to June 2011 from Google service by the Indian government (including state governments), only 8 were for hate speech and only 1 was for national security. Instead, 255 items (71 per cent of all requests) were asked to be removed for 'government criticism'. Google, despite the government in India not having the powers to ban government criticism due to the Constitution, complied in 51 per cent of all requests. That means they removed many instances of government criticism as well.

'Self-Regulation': Undetectable Censorship

Mr. Sibal's more recent efforts at forcing major Internet companies such as Indiatimes, Facebook, Google, Yahoo, and Microsoft, to 'self-regulate' reveals a desire to gain ever greater powers to bypass the IT Act when censoring Internet content that is 'objectionable' (to the government). Mr. Sibal also wants to avoid embarrassing statistics such as that revealed by Google's Transparency Report. He wants Internet companies to 'self-regulate' user-uploaded content, so that the government would never have to send these requests for removal in the first place, nor block sites officially using the IT Act. If the government was indeed sincere about its motives, it would not be talking about 'transparency' and 'dialogue' only after it was exposed in the press that the Department of Information Technology was holding secret talks with Internet companies. Given the clandestine manner in which it sought to bring about these new censorship measures, the motives of the government are suspect. Yet, both Mr. Sibal and Mr. Sachin Pilot have been insisting that the government has no plans of Internet censorship, and Mr. Pilot has made that statement officially in the Lok Sabha. This, thus seems to be an instance of censoring without censorship.

Backdoor Censorship through Copyright Act

Further, since the government cannot bring about censorship laws in a straightforward manner, they are trying to do so surreptitiously, through the back door. Mr. Sibal's latest proposed amendment to the Copyright Act, which is before the Rajya Sabha right now, has a provision called section 52(1)(c) by which anyone can send a notice complaining about infringement of his copyright. The Internet company will have to remove the content immediately without question, even if the notice is false or malicious. The sender of false or malicious notices is not penalized. But the Internet company will be penalized if it doesn't remove the content that has been complained about. The complaint need not even be shown to be true before the content is removed. Indeed, anyone can complain about any content, without even having to show that they own the rights to that content. The government seems to be keen to have the power to remove content from the Internet without following any 'due process' or fair procedure. Indeed, it not only wants to give itself this power, but it is keen on giving all individuals this power.

It's ultimate effect will be the death of the Internet as we know it. Bid adieu to it while there is still time.

The article was translated to Marathi and featured in Lokmat

For more details visit https://cis-india.org/internet-governance/invisible-censorship

Citizen Activism the Past Decade

Nilofar Ansher — 2015-04-24T11:52:44Z

Call for Contributions to the ‘Digital Natives with a Cause?’ newsletter, ‘Citizen Activism the Past Decade’. Deadline: August 15, 2012.

The past decade (2001 – 2011) has been marked by unprecedented democratic protests across the globe. Not only have citizens risen against autocratic regimes or systemic corruption, which is not unprecedented in itself, but also, a spark in one region inflamed solidarity among neighbouring nations to pick up the placards and march for change. Plenty has been written about the strategic deployment of social media, Web 2.0 platforms and Smart-gadgets by the digital natives (the youth and the old alike) to rewrite the rules of citizen activism.

In this issue of the newsletter, we explore the mechanics of activism aided by media: web, social, digital, and traditional. What do we understand by a cause and how does it find resonance at the local and global platforms? Is the digital native a community player or a global citizen? How do digital natives connect, collaborate, mobilize and bring about their visions of change? The aim is to not establish or reinforce these dichotomies, if indeed they exist, but to understand the dimensions of the stage the digital natives operate on and if that stage is a synecdoche for global youth-led civic action. A case in point: ‘Slut Walk’ moved from being a one-off march in Toronto to becoming a global movement and came full circle when small towns and cities across the world organized protest marches with a local ‘twist’.

Topics that contributors can explore:

What do we understand by citizen activism? How has citizen activism changed over the last 10 years with the advent of new media tools?
Youth as 'change agents'. Are protest movements youth oriented today? How are civil rights movements of the past decade different from the wave of movements that marked the 60s? (women's lib, LGBT rights, civil rights, disability rights). Explore the mechanics of organizing, mobilizing and measuring the success of a campaign in both the cases.
Participatory Politics and Web 2.0 | Value and power of the Network in effecting change | Mobilizing support and consensus within the network |studies on politically active youth using social media | digital natives as apathetic citizens | Is Slacktivism still a misunderstood term?
Kony 2012 video campaign | interviews | what went wrong and what did they do right? | Rise of DIY activism | mechanics of digital activism | resources, tools and strategies
Rise of the ‘Glocal’ (global with local resonance) cause | Slut Walk and Co – global protests inspiring local campaigns | Children of globalization with global stakes supporting local causes – how does this work?
Role of new media as a vehicle for civic engagement | Are new media and traditional media mutually exclusive in influencing citizen action? | How are new media strategies deployed by citizens in comparison with traditional media engagement?
Learning from past campaigns: citizen activism initiates and strategies in history that inspire modern campaigns (The ‘Walk to Work’ protest in Uganda protesting against fuel price hike and removal of subsidies is similar to Mahatma Gandhi’s Dandi March in pre-independence India to protest against Salt Tax).
Finding commonalities in citizen activism across Asia, Africa and Middle East | Explore the citizen action campaigns that have shaped political discourse in the past decade | Explore some of the most successful youth action campaigns of the past decade
How do we measure value, quality and success of campaigns? When does a protest officially end? Studies that explore the life-cycle of a protest or movement
The future of activism: new technologies, new demography, new forms of engagement | art and activism | Gamification
Role of non-governmental organizations and civil society networks in fostering political change | collaboration between NGOs and social media activists / independent protesters
State and the empowered citizen | State response to protest | surveillance and censorship
Technologies of protest
Studying citizen activism | digital native research methodology to study citizen activism

To know more about the topics you can write about, please write to: nilofar.ansh@gmail.com (Nilofar Ansher, Community Manager). Contributions can be in the form of essays, notes, commentaries, reviews (book or paper), dialogues and chat transcript, poems, sketches / graphics. Essay word count between 800-1,600 words. Send your entries along with a brief bio and a profile picture by August 15, 2012.

View previous issues of the 'Digital Natives with a Cause?' newsletter here: http://cis-india.org/digital-natives/newsletter

For more details visit https://cis-india.org/digital-natives/citizen-activism-the-past-decade

Intellectual Property Rights — Open Access for Researchers

nehaa — 2015-03-24T01:22:20Z

In the year 2013, Nehaa Chaudhari had worked on a module on Intellectual Property Rights for United Nations Educational, Scientific and Cultural Organization (UNESCO)'s Open Access Curriculum (Curriculum for Researchers) as part of a project for the Commonwealth Educational Media Centre for Asia. UNESCO published the module this year. Nehaa Chaudhari and Varun Baliga were among the Module preparation team. Nehaa Chaudhari was the writer for Units 1, 2 and 3: Understanding Intellectual Property Rights, Copyright and Alternative to a Strict Copyright Regime.

This publication is available in Open Access under the Attribution - ShareAlike 3.0 IGO (CC-BY-SA 3.0 IGO) license (http://creativecommons.org/licenses/by-sa/3.0/igo/). By using the content of this publication, the users accept to be bound by the terms of use of the UNESCO Open Access Repository (http://www.unesco.org/open-access/terms-use-ccbysa-en).

Module Introduction

Intellectual Property Rights (IPR) are set of rights associated with creations of the human mind. An output of the human mind may be attributed with intellectual property rights. These are like any other property, and the law allows the owner to use the same to economically profit from the intellectual work. Broadly IPR covers laws related to copyrights, patents and trademarks. While laws for these are different in different countries, they follow the international legal instruments. The establishment of the Wold Intellectual Property Organization (WIPO) has established the significance of IPR for the economic growth of nations in the knowledge economy.

This module has three units, and while the Unit 1 covers the basics of IPR, Unit 2 expands in detail the components of copyright and explains the origins and conventions associated with it. Unit 3 discusses the emergence of liberal licensing of copyrighted work to share human creation in the commons. In the last unit, we discuss the Creative Commons approach to licensing of creative works within the structures of the copyright regime that permits the authors to exercise their rights to share in the way they intend to. Creative Commons provides six different types of licenses, of which the Creative Commons Attribution license is the most widely used in research journals part of the Open Access framework.

At the end of this module, you are expected to be able to:

Understand intellectual property rights and related issues
Explain copyright, authors’ rights, licensing and retention of rights; and
Use the Creative Commons licensing system

Acknowledgements

Nehaa would like to thank Varun Baliga and Anirudh Sridhar for their research and writing support in Unit 1, and Samantha Cassar for Unit 2.

Click to download the PDF containing the Modules. Also read UNESCO’s Open Access (OA) Curriculum is now online

For more details visit https://cis-india.org/a2k/blogs/unesco-nehaa-chaudhari-march-19-2015-communication-and-information-resources-news-and-in-focus-articles-unesco-open-access-curriculum-is-now-online

No more 66A!

geetha — 2015-03-26T02:01:31Z

In a landmark decision, the Supreme Court has struck down Section 66A. Today was a great day for freedom of speech on the Internet! When Section 66A was in operation, if you made a statement that led to offence, you could be prosecuted. We are an offence-friendly nation, judging by media reports in the last year. It was a year of book-bans, website blocking and takedown requests. Facebook’s Transparency Report showed that next to the US, India made the most requests for information about user accounts. A complaint under Section 66A would be a ground for such requests.

Section 66A hung like a sword in the middle: Shaheen Dhada was arrested in Maharashtra for observing that Bal Thackeray’s funeral shut down the city, Devu Chodankar in Goa and Syed Waqar in Karnataka were arrested for making posts about Narendra Modi, and a Puducherry man was arrested for criticizing P. Chidambaram’s son. The law was vague and so widely worded that it was prone to misuse, and was in fact being misused.

Today, the Supreme Court struck down Section 66A in its judgment on a set of petitions heard together last year and earlier this year. Stating that the law is vague, the bench comprising Chelameshwar and Nariman, JJ. held that while restrictions on free speech are constitutional insofar as they are in line with Article 19(2) of the Constitution. Section 66A, they held, does not meet this test: The central protection of free speech is the freedom to make statements that “offend, shock or disturb”, and Section 66A is an unconstitutional curtailment of these freedoms. To cross the threshold of constitutional limitation, the impugned speech must be of such a nature that it incites violence or is an exhortation to violence. Section 66A, by being extremely vague and broad, does not meet this threshold. These are, of course, drawn from news reports of the judgment; the judgment is not available yet.

Reports also say that Section 79(3)(b) has been read down. Previously, any private individual or entity, and the government and its departments could request intermediaries to take down a website, without a court order. If the intermediaries did not comply, they would lose immunity under Section 79. The Supreme Court judgment states that both in Rule 3(4) of the Intermediaries Guidelines and in Section 79(3)(b), the "actual knowledge of the court order or government notification" is necessary before website takedowns can be effected. In effect, this mean that intermediaries need not act upon private notices under Section 79, while they can act upon them if they choose. This stops intermediaries from standing judge over what constitutes an unlawful act. If they choose not to take down content after receiving a private notice, they will not lose immunity under Section 79.

Section 69A, the website blocking procedure, has been left intact by the Court, despite infirmities such as a lack of judicial review and non-transparent operation. More updates when the judgment is made available.

For more details visit https://cis-india.org/internet-governance/blog/no-more-66a

Civil Society Organisations and Internet Governance in Asia and India – Section Outlines

sumandro — 2015-11-13T05:40:49Z

The Centre for Internet and Society has been invited to contribute two sections to the Asia Internet History - Third Decade (2001-2010) book edited by Dr. Kilnam Chon. The sections will discuss the activities and experiences of civil society organisations in Asia and India, respectively, in national, regional, and global Internet governance processes. The draft outlines of the sections are shared here. Comments and suggestions are invited.

In the (draft) Foreword to the Asia Internet History – Third Decade (2001-2010), Prof. David J. Farber writes:

One of the early attempts to extend the reach of the Internet to Asia was via the “Johnny Appleseed” approach. That is a set of people responded to queries by people in Asian countries asking how they could connect with the growing Internet by offering to supply tapes to key people in the requesting countries, often by physically going with the tapes, as well as providing access points to the USA Internet. The people that we, I was one of the seeders, worked, with became the leaders in their nation and founded the initial national networks that blossomed with time and often formed the basis of commercial Internets. The traditions that these network frontier pioneers established lead to the eventual spread of the benefits of Internet access to not only their nations but became models for the spread to the rest of Asia…

I am honoured to contribute to the pioneering series titled Asia Internet History, edited by Dr. Kilnam Chon, by foregrounding a range of other individuals and organisations that often worked outside but in engagement with the national governments, and technical and academic institutions that govern the connecting tapes of the Internet, to ensure mass access to and effective usages of Internet in Asia.

The two sections, to be authored me, provides an overview of ‘civil society organisations’ working across Asian countries that have played a critical role in the shaping of policy-making and discourse around Internet governance during 2000-2010, and then undertakes a closer look at the organisations working in India and their interventions at national, regional, and global levels.

Please read the draft outlines of the overview section and the section on Indian organisations, and share your comments. The comments can be posted on the GitHub page where the outlines are hosted, on this page, or over email: sumandro[at]cis-india[dot]org.

The outlines can also be directly downloaded as markdown files: the overview and the India section.

Asian Civil Society Organisations and Internet Governance

Here is a tentative list of key civil society organisations from Asia that have participated and intervened in Internet governance processes during 2001-2010. Please suggest organisations missing from the list.

Bangladesh

Cambodia

China

Indonesia

EngageMedia, Australia and Indonesia
ICT Laboratory for Social Change (iLab)
Indonesian CSOs Network for Internet Governance
Indonesian ICT Partnership Association (ICT Watch)
Internet Society Indonesia Chapter [website is under construction]

India

Iran

Iranian Civil Society Organizations Training and Research Centre (ICTRC) [URL is not working]

Japan

Centre for Global Communications (GLOCOM) [Academia?]
Internet Society Japan Chapter
Japan Computer Access for Empowerment (JCAFE) [URL is not working]
Japan Computer Access Network (JCA-NET)

Kuwait

iJMA3 - Kuwait Information Technology Society (KITS)

Lebanon

Lebanese Center for Civic Education (LCCE)

Malaysia

Internet Society Malaysia Chapter

Myanmar

Myanmar ICT for Development Organization (MIDO)

Nepal

Internet Society Nepal Chapter

Pakistan

Philippines

Democracy.Net.PH
Foundation for Media Alternatives (FMA) [URL not working
Internet Society Philippines Chapter

Regional

Singapore

Internet Society Singapore Chapter

South Korea

Sri Lanka

Internet Society Sri Lanka Chapter

Thailand

For more details visit https://cis-india.org/raw/civil-society-organisations-and-internet-governance-in-asia-and-india-outlines

National IPR Policy Series: RTI Requests by CIS to DIPP + DIPP Responses

nehaa — 2015-04-26T08:47:00Z

In earlier blog posts, we have discussed the development of India’s National IPR Policy (“the Policy”); comments by the Centre for Internet and Society (“CIS”) to the IPR Think Tank before the release of the first draft of the Policy and CIS’ comments to the IPR Think Tank in response to the first draft of the Policy. Continuing our National IPR Policy Series, this article documents our requests to the Department of Industrial Policy and Promotion (“DIPP” / “the Department”) under the Right to Information (“RTI”) Act, 2005 and the responses of the Department.

View the PDF here.

Details of RTI Requests Filed by CIS

In February, 2015, CIS had filed three RTI requests with the DIPP. The first request was four-pronged, seeking information related to first, the process followed by the Department in the creation of the IPR Think Tank; second, details and documents of a meeting held to constitute the Think Tank; third, details and documents of all/multiple meetings held to constitute the Think Tank; fourth, details of a directive/directives received from any other Government Ministry/authority directing the constitution of the Think Tank and fifth, the process of shortlisting the members of the Think Tank by the DIPP.

In our second RTI request, first, we requested details of the process followed by the Think Tank in the formulation of the Policy; second, we requested all documents relating to a meeting held for the formulation of the Policy; third, we requested all documents held for multiple meetings for the creation of the Policy and fourth, we requisitioned all suggestions and comments received by the Think Tank from stakeholders before the release of the Policy, that is, those suggestions/comments received in November, 2014.

In our third RTI request, also filed on also filed in February, 2015, we had asked the DIPP to indicate all suggestions and comments received by the IPR Think Tank from different stakeholders in response to the first draft of the National IPR Policy (to have been submitted on or before January 30, 2015 as per DIPP’s Public Notice).

Responses by DIPP to CIS' RTI Requests

The DIPP replied to our three RTI requests in multiple stages. At first, in a letter dated 12 February, 2015, we were directed to resubmit our application , seemingly because we hadn’t addressed the Postal Money Order to the correct authority, and were directed to do the same. Funnily enough, we received three other responses – one for each of our RTI requests (the first of these is not dated; the second one is dated 19 February, 2015 and then revised to 26 February, 2015; and the third is also dated 26 February, 2015).

The First Response: On the Constitution of the Think Tank

In the first of their responses to these requests, the Department has grouped our queries into five questions and provided a point-wise response to these questions, as under:

Please indicate in detail the process followed by the Department of Industrial Policy and Promotion for the constitution for an IPR Think Tank to draft the National Intellectual Property Rights Policy under Public Notice No. 10 (22)/2013 –IPR-III dated November 13, 2014 (sic).

In its response the Department notes that it convened an interactive meeting on IPR issues which was chaired by the Minister for Commerce and Industry (Independent Charge), i.e., Ms. Nirmala Sitharaman. As per the Department’s response, this meeting was held on 22 September, 2014 (“the Meeting”) and was aimed at discussing issues related to IPRs, including finalization of the Terms of Reference for IPR Think-Tank proposed to be established (sic.) The Department also notes that representatives from various Ministries/Departments, Member of various Expert Committees constituted by the Department, besides IP experts and other Legal Practitioners (sic) were invited to the meeting. The Department then states that the composition of the Think Tank was decided on the basis of the discussions held in the department after the said interactive Meeting (sic).

If there was a meeting held to decide on the same, please include all necessary documents including the minutes of the meeting, records, documents, memos, e-mails, opinion, advices, press releases, circulars, orders etc in which the constitution of the aforesaid mentioned IPR Think Tank was decided (sic).

The Department has attached the Minutes of the Meeting held on 22 September, 2014 (“the Minutes”) and states that there were no documents or papers that were circulated at this meeting and that the participants were asked to present their views on various IP issues at this meeting.

Excerpts from the Minutes

The Secretary of the Department (Shri Amitabh Kant) refers to a (then) recent announcement made by the Minister of State for Commerce and Industry (“the Minister”) on the formulation of the National IPR Policy and the establishment of an IPR Think Tank and states that the meeting had been convened to discuss on various IPR issues with IP experts and legal practitioners so that it would provide essential inputs to the policy needs of the department (sic). The Minutes report that Mr. Kant further stated that the objective of the department was to have a world class IP system and that this included a comprehensive National IPR Policy and which takes care of various issues like IP creation, protection, administration and capacity building (sic). He is also reported to have said that such a stakeholder interaction was important for the government to seek inputs.

The Minister is reported to have said that the purpose of the meeting was to constitute an IP Think Tank that would regularly provide inputs to all IP policy needs of this department as well as advice government in disparate legal aspects (sic). The Minutes also report her to have said that the department would finalize an IP policy within ninety days of the Meeting, based on the inputs of the participants.

According to the Minutes, various issues emerged from the discussion. Inter alia, these include first, that the proposal to constitute the Think Tank was a welcome measure, along the lines of similar initiatives taken by Australia, South Kora, the United Kingdom and the United States of America; second, that in order to remove misconceptions held by foreign stakeholders about IP enforcement in India, there was a need to highlight judgments of Indian courts that were favorable to foreign stakeholders and MNCs; third, that the national policies on telecom, manufacturing and IP ought to be integrated; fourth, that the focus of the Policy should be increase in creation of IP including commercialization of IP and strengthening human capital and IP management and fifth, that empirical studies should be conducted to examine the feasibility of Utility Models protection, that there was a need to revise the law on Geographical Indications and that the Policy should include protection for traditional knowledge and guidelines for publicly funded research.

The Minister is then said to have identified six major areas during the discussion, including IP institution, legislation, implementation, public awareness, international aspects and barriers in IP growth as areas to be covered under the Policy.

Who attended the Meeting?

Attached with the Minutes was also a list of participants who attended the Meeting. Out of the thirty six attendees, I have not been able to locate a single individual or organization representing civil society. Participants include representatives from various government departments and ministries, including inter alia, the DIPP, the Department of Commerce, the Ministry of External Affairs, the Ministry of Information and Broadcasting, the Copyright Division from the Department of Higher Education of the Ministry of Human Resources Development, the Office of the Controller General of Patents, Designs and Trademarks and the Ministry of Culture. The Meeting was also attended by representatives of corporations and industry associations, including FICCI, CII and Cadila Pharmaceuticals; in addition to representatives from law firms including Luthra and Luthra, K&S Partners and Inventure IP and academics including, inter alia, faculty from the Asian School of Business, Trivandrum, Indian Law Institute, Delhi, Tezpur University, Assam, National Law University, Delhi, NALSAR University of Law, Hyderabad, the Indian Institute of Technology, Madras and the National Law School of India University, Bangalore.

If there were multiple meetings held for the same please provide all necessary documents including the minutes of all such meetings, records, documents, memos, e-mails, opinions, advices, press releases, circulars, orders etc. for all such meetings held (sic).

The Department answered, “No”; which I’m taking to mean that there weren’t other meetings held for the formulation of the Think Tank or the Policy. This is interesting, because the Minutes (referred to earlier) speak of another inter-ministerial meeting including IP experts and legal practitioners slated to be held around the 10^th of October, 2014, to discuss the framework of the Policy.

If a directive or directives were received by the Department of Industrial Policy and Promotion from any other government body to constitute such a think tank, please provide a copy of such a directive received by the DIPP from any Government authority, to constitute such a Think Tank (sic).

The Department answered, “No”; which I’m taking to mean that there was no communication received by the Department to constitute this Think Tank.

Please indicate in detail the process of shortlisting the members of the IPR Think Tank by the Department of Industrial Policy and Promotion or any other body that was responsible for the same (sic).

The Department replied that the answer to this was the same as that to the first question.

The Second Response: The Drafting of the Policy

The second of the Department's responses to our requests came in the form of separate responses to each of our four questions, as under:

Please indicate in detail the process followed by the IPR Think Tank constituted by the Department of Industrial Policy and Promotion via Public Notice No. 10 (22)/2013-IPR-III dated November 13, 2014 while framing the first draft of the National IPR Policy dated Dec. 19, 2014 (sic).

The Department stated that the IPR Think Tank conducted its meetings independently without any interference from the Department. The Department then stated that the Think Tank had received comments from stakeholders via a dedicated email id and conducted the interactive meeting with stakeholders while framing the draft on the National IPR Policy.

If there was a meeting held to decide on the same, please include all necessary documents including the minutes of the meeting, records, documents, memos, e-mails, opinion, advices, press releases, circulars, orders, suggestions etc. related to drafting of such National IPR Policy Think Tank chaired by Justice Prabha Sridevan (sic).

The Department replied that since the IPR Think Tank had decided its process by themselves (sic), the Department do not have the minutes of the meeting etc. conducted by the IPR Think Tank (sic). It attached with its reply a copy of the press releases announcing the composition of the Think Tank and asking stakeholders to submit comments to the first draft of the Policy.

If there were multiple meetings held for the same, please provide all necessary documents including the minutes of all such meetings, records, documents, memos, e-mails, opinions, advices, press releases, circulars, order suggestions etc. for all such meetings held (sic).

The Department replied that the response to this was the same as that to the earlier question above.

Please provide all the suggestions and comments received by the IPR Think Tank from stakeholders after the DIPP issued Public Notice No. 10/22/2013-IPR-III dated 13.11.2014 asking for suggestions and comments on or before November 30, 2014 (sic).

The Department replied that the comments and suggestions were received by the Think Tank directly and that therefore, the Department was not in a position to provide the same.

The Third Response: Stakeholder Comments

In its third and final response to our requests, the DIPP replied to our query as under:

Please indicate all the suggestions and comments received by the IPR Think Tank by different stakeholders on or before January 30, 2015 on its first draft of the National Intellectual Property Policy submitted by the IPR Think Tank on December 19, 2014.

The Department said that the suggestions and comments on the draft on National IPR Policy have been received by the IPR Think Tank directly. As such this Department is not in a position to provide the same (sic.).

Observation on the DIPP's Responses

Prima facie, the responses by the Department are rather curious, leading to a range of oddities and unanswered questions.

Who Will Watch the IPR Think Tank

In its response to our first RTI request, the Department quite clearly stated that it decided the composition of the IPR Think Tank based on discussions in a meeting that it convened, which was also chaired by the Minister of State for Commerce and Industry, the parent ministry of the DIPP. In the same response, the Department also stated that it had not received any directive from any other ministry/government department directing the constitution of the IPR Think Tank, leading to the conclusion that this decision was taken by the DIPP/the Ministry of Commerce and Industry itself. Subsequently however, the Department justified its refusal to furnish us with documents leading to the development of the first draft of the National IPR Policy (contained in our second RTI request) by stating that the IPR Think Tank conducted its business without any interference from the Department, and that the Department did not have access to any of the submissions made to the IPR Think Tank or any of the internal minutes of the meetings etc. that were a part of the process of drafting the IPR Policy.

Various press releases by the DIPP have stated that it has constituted the IPR Think Tank, and that the purpose of the IPR Think Tank would be to advise the Department on IPR issues. Visibly, the Department intends for the IPR Think Tank to play an active role in shaping India’s IP law and policy, including suggesting amendments to laws wherever necessary. It is concerning therefore that on the question of accountability of the IPR Think Tank, the DIPP remains silent. It may be argued perhaps, that the IPR Think Tank constitutes a ‘public authority’ under Section 2(h)(d) of the Right to Information Act, 2005 (“RTI Act”). In that case, the IPR Think Tank would have to fulfill, inter alia, all of the obligations under Section 4 of the RTI Act as well as designate a Public Information Officer. Alternatively, given that the IPR Think Tank has been constituted by the DIPP and performs functions for the DIPP, the Public Information Officer of the DIPP would have to furnish all relevant information under the RTI Act (including the information that we sought in our requests, which was not provided to us).

Who are the Stakeholders

Even a preliminary look at the list of participants at the Meeting (based on which the Department constituted the IPR Think Tank) reveals that not all stakeholders have been adequately represented. I haven’t been able to spot any representation from civil society and other organizations that might be interested in a more balanced intellectual property framework that is not rights-heavy. The following chart (based on a total sample size of 36 participants, as stated in the list of participants provided to us by the DIPP) will help put things in perspective.

What Could've Been Done?

Setting aside arguments on its necessity, let us for the moment assume that this drafting of the National IPR Policy is an exercise that needed to have been undertaken. We must now examine what might possibly be the best way to go about this.

In 2014, the World Intellectual Property Organization (“WIPO”) (based on whose approach the Policy seems to have been based- at least in part), produced a detailed Methodology for the Development of National Intellectual Property Strategies, outlining a detailed eight step process before a National IP Policy was implemented in a Member State. While this approach is one to be followed by the WIPO and might not be entirely suited to India’s drafting exercise, specific sections on the national consultation process as well as the drafting and implementation of national intellectual property strategies might prove to be a decent starting point.

(More on this in an upcoming article).d

Where Do We Go From Here?

The DIPP’s responses have left me with more questions, probably the subject of more RTI requests. Is the IPR Think Tank a public authority for the purposes of the Right to Information Act, 2005? To whom should questions of informational accountability of the IPR Think Tank be addressed, if there is no information available on the IPR Think Tank, and the DIPP claims to have no access to it? Do we need to re-examine the draft National IPR Policy given that there has been inadequate representation of all stakeholders? What were the suggestions made by different stakeholders, and (how) have these been reflected in the first draft of the Policy? Was there an evaluation exercise conducted before the first draft of the Policy was released in order to better inform the formulation of the Policy?

We will be looking at these and other questions as they arise, and sending some of these to the DIPP in the form of RTI requests. (Watch the blog for more).

For more details visit https://cis-india.org/a2k/blogs/national-ipr-policy-series-rti-requests-by-cis-to-dipp-dipp-responses

Open Call for Comments: The Privacy Protection Bill 2013 drafted by the Centre for Internet and Society

bhairav — 2014-02-25T05:38:27Z

The Centre for Internet and Society is announcing an Open Call for Comments to the CIS Privacy Protection Bill 2013.

In early 2013 the Centre for Internet and Society drafted the Privacy (Protection) Bill 2013 as a citizen’s version of privacy legislation for India. The Privacy (Protection) Bill, 2013 seeks to protect privacy by regulating (i) the manner in which personal data is collected, processed, stored, transferred and destroyed — both by private persons for commercial gain and by the state for the purpose of governance; (ii) the conditions upon which, and procedure for, interceptions of communications — both voice and data communications, including both data-in-motion and data-at-rest — may be conducted and the authorities permitted to exercise those powers; and, (iii) the manner in which forms of surveillance not amounting to interceptions of communications — including the collection of intelligence from humans, signals, geospatial sources, measurements and signatures, and financial sources — may be conducted.

The Centre for Internet and Society has been collecting comments to the Privacy Protection Bill since April 2013 with the intention of submitting the Bill to the Department of Personnel and Training as a citizen’s version of a privacy legislation for India. If you would like to submit comments on the Privacy Protection Bill to be included as part of the Centre for Internet and Society’s submission to the Department of Personnel and Training, please email comments to bhairav@cis-india.org.

Download the latest version of the Privacy Protection Bill (February 2014)

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-open-call-for-comments

Submitted Comments on the 'Government Open Data Use License - India'

sinha — 2016-07-26T09:23:48Z

The public consultation process of the draft open data license to be used by Government of India has ended yesterday. Here we share the text of the submission by CIS. It was drafted by Anubha Sinha, Pranesh Prakash, and Sumandro Chattapadhyay.

The following comments on the 'Government Open Data Use License - India' was drafted by Anubha Sinha, Pranesh Prakash, and Sumandro Chattapadhyay, and submitted through the MyGov portal on July 25, 2016. The original submission can be found here.

I. Preliminary

This submission presents comments by the Centre for Internet and Society (“CIS”) [1] on the draft Government Open Data Use License - India (“the draft licence”) [2] by the Department of Legal Affairs.
This submission is based on the draft licence released on the MyGov portal on June 27, 2016 [3].
CIS commends the Department of Ministry of Law and Justice, Government of India for its efforts at seeking inputs from various stakeholders prior to finalising its open data licence. CIS is thankful for the opportunity to have been a part of the discussion during the framing of the licence; and to provide this submission, in furtherance of the feedback process continuing from the draft licence.

II. Overview

The Centre for Internet and Society is a non-governmental organisation engaged in research and policy work in the areas of, inter alia, access to knowledge and openness. This clause-by-clause submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved. Accordingly, the comments in this submission aim to further these principles and are limited to those clauses that most directly have an impact on them.

III. Comments and Recommendations

Name of the Licence: CIS recommends naming the licence “Open Data Licence - India” to reflect the nomenclature already established for similar licences in other nations like the UK and Canada. More importantly, the inclusion of the word ‘use’ in the original name “Government Open Data Use License” is misleading, since the licence permits use, sharing, modification and redistribution of open data.
Change Language on Permissible Use of Data: The draft licence uses the terms “Access, use, adapt, and redistribute,” which are used in UNESCO’s definition of open educational resources, whereas, under the Indian Copyright Act [4], it should cover “reproduction, issuing of copies,” etc. To resolve this difference, we suggest the following language be used: “Subject to the provisions of section 7, all users are provided a worldwide, royalty-free, non-exclusive licence to all rights covered by copyright and allied rights, for the duration of existence of such copyright and allied rights over the data or information.”
Add Section on the Scope of Applicability of the Licence: It will be useful to inform the user of the licence on its applicability. The section may be drafted as: “This licence is meant for public use, and especially by all Ministries, Departments, Organizations, Agencies, and autonomous bodies of Government of India, when publicly disclosing, either proactively or reactively, data and information created, generated, collected, and managed using public funds provided by Government of India directly or through authorized agencies.”
Add Sub-Clause Specifying that the Licence is Agnostic of Mode of Access: As part of the section 4 of the draft licence, titled ‘Terms and Conditions of Use of Data,’ a sub-clause should be added that specifies that users may enjoy all the freedom granted under this licence irrespective of their preferred mode of access of the data concerned, say manually downloaded from the website, automatically accessed via an API, collected from a third party involved in re-sharing of this data, accessed in physical/printed form, etc.
Add Sub-Clause on Non-Repudiability and Integrity of the Published Data: To complement the sub-clause 6.e. that notes that data published under this licence should be published permanently and with appropriate versioning (in case of the published data being updated and/or modified), another sub-clause should be added that states that non-repudiability and integrity of published data must be ensured through application of real/digital signature, as applicable, and checksum, as applicable. This is to ensure that an user who has obtained the data, either in physical or digital form, can effectively identify and verify the the agency that has published the data, and if any parts of the data have been lost/modified in the process of distribution and/or transmission (through technological corruption of data, or otherwise).
Combine Section 6 on Exemptions and Section 7 on Termination: Given that the licence cannot reasonably proscribe access to data that has already been published online, it is suggested that it would be better to simply terminate the application of the licence to that data or information that ought not to have been published for grounds provided under section 8 of the RTI Act, or have been inadvertently published. It should also be noted that section 8 of the RTI Act cannot be “violated” (as stated in Section 6.g. of the draft licence), since it only provides permission for the public authority to withhold information, and does not impose an obligation on them (or anyone else) to do so. The combined clause can read: “Upon determination by the data provider that specific data or information should not have been publicly disclosed for the grounds provided under Section 8 of the Right to Information Act, 2005, the data provider may terminate the applicability of the licence for that data or information, and this termination will have the effect of revocation of all rights provided under Section 3 of this licence.”
It will be our pleasure to discuss these submissions with the Department of Legal Affairs in greater detail, supplement these with further submissions if necessary, and offer any other assistance towards the efforts at developing a national open data licence.

[1] See: http://cis-india.org/.

[2] See: https://www.mygov.in/sites/default/files/mygov_1466767582190667.pdf.

[3] See: https://www.mygov.in/group-issue/public-consultation-government-open-data-use-license-india/.

[4] See: http://www.copyright.gov.in/Documents/CopyrightRules1957.pdf.

For more details visit https://cis-india.org/openness/submitted-comments-on-the-government-open-data-use-license-india

Analysis of the Report of the Group of Experts on Developments in the Field of Information and Telecommunications in the Context of International Security and Implications for India

Elonnai Hickok and Vipul Kharbanda — 2016-08-11T09:58:59Z

This paper analyses the report of the Group of Experts and and India’s compliance with its recommendations based on existing laws and policies. Given the global nature of these challenges and the need for nations to holistically address such challenges from a human rights and security perspective, CIS believes that the Group of Experts and similar international forums are useful and important forums for India to actively engage with.

The United Nations Group of Experts on ICT issued their report on Developments in the Field of Information and Telecommunications in the Context of International Security in June, 2015. This paper analyses the report of the Group of Experts and and India’s compliance with its recommendations based on existing laws and policies. CIS believes that the report of the Group of Experts provides important minimum standards that countries could adhere to in light of challenges to international security posed by ICT developments. Given the global nature of these challenges and the need for nations to holistically address such challenges from a human rights and security perspective, CIS believes that the Group of Experts and similar international forums are useful and important forums for India to actively engage with.

Download: PDF (627 kb)

1. Introduction

2. Analysis of the Recommendations

2a. Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security

2b. In case of ICT incidents, States should consider all relevant information, including the larger context of the event, the challenges of attribution in the ICT environment and the nature and extent of the consequences

2c. States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs; of the Recommendations

2d. States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats. States may need to consider whether new measures need to be developed in this respect

2e. States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression

2f. A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public

2g. States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions

2h. States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts. States should also respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another State emanating from their territory, taking into account due regard for sovereignty

2i. States should take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products. States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions

2j. States should encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities to limit and possibly eliminate potential threats to ICTs and ICT-dependent infrastructure

2k. States should not conduct or knowingly support activity to harm the information systems of the authorized emergency response teams (sometimes known as computer emergency response teams or cyber security incident response teams) of another State. A State should not use authorized emergency response teams to engage in malicious international activity

3. Conclusion

1. Introduction

Cyberspace[1] touches every aspect of our lives, has enormous benefits, but is also accompanied by a number of risks. The international community at large has realized that cyberspace can be made stable and secure only through international cooperation. Traditionally, though there are a number of bilateral agreements and forms of cooperation the foundation of this cooperation has been the international law and the principles of the Charter of the United Nations.

To this end, on December 27, 2013 the United Nations General Assembly adopted Resolution No. 68/243 requesting the" Secretary General, with the assistance of a group of governmental experts,…… to continue to study, with a view to promoting common understandings, existing and potential threats in the sphere of information security and possible cooperative measures to address them, including norms, rules or principles of responsible behaviour of States and confidence-building measures, the issues of the use of information and communications technologies in conflicts and how international law applies to the use of information and communications technologies by States……. and to submit to the General Assembly at its seventieth session a report on the results of the study. "In pursuance of this resolution the Secretary General established a Group of Experts on Developments in the Field of Information and Telecommunications in the Context of International Security; the report was agreed upon by the Group of Experts in June, 2015. On 23 December 2015, the UN General Assembly unanimously adopted resolution 70/237[2] which welcomed the outcome of the Group of Experts and requested the Secretary-General to establish a new GGE that would report to the General Assembly in 2017.

The report developed by governmental experts from 20 States addresses existing and emerging threats from uses of ICTs, by States and non-State actors alike. These threats have the potential to jeopardize international peace and security. The experts gave recommendations which have built on consensus reports issued in 2010 and 2013, and offer ideas on norm-setting, confidence-building, capacity-building and the application of international law for the use of ICTs by States. Among other recommendations, the Report lays down recommendations for States for voluntary, non-binding norms, rules or principles of responsible behaviour to promote an open, secure, stable, accessible and peaceful ICT environment.

As larger international dialogues around cross border sharing of information and cooperation for cyber security purposes take place between the US and EU, it is critical that India begin to participate in these discussions.[3] It is also necessary to take cognizance of the importance of implementing internal practices and policies that are recognized and set strong standards at the international level.

This paper marks the beginning of a series of questions we will be asking and processes we will be analysing with the aim of understanding the role of international cooperation for cyber security and the interplay between privacy and security. The report analyses the existing norms in India in the backdrop of the recommendations in the Report of Experts to discover how interoperable Indian law and policy is vis-à-vis the recommendations made in this report as well as making recommendations towards ways India can enhance national policies, practices, and approaches to enable greater collaboration at the international level with respect to issues concerning ICTs and security.

2. Analysis of the Recommendations

The Group of Experts took into account existing and emerging threats, risks and vulnerabilities, in the field of ICT and offered the following recommendations for consideration by States for voluntary, non-binding norms, rules or principles of responsible behaviour.

2a. Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security

1. India has been working with a number of countries such as Belarus, Canada, China, Egypt, and France on a number of ICT-related isues thereby increasing international cooperation in the ICT sector, such as:

(i) setting up the India-Belarus Digital Learning Centre (DLC-ICT) to promote

development of ICT in Belarus;

(ii) sending an official business delegation to Canada to attend the 2^ndJoint Working Group meeting in ICTE;

(iii) holding Joint Working Groups on ICT with China.[4]

As can be seen from this, most of the cooperation with other countries is currently government to government (or government institution to government institution) cooperation. However, it must be noted that the entire digital revolution, including ICT necessarily involves ICT companies, and thus the role of the private sector in participating in these negotiations as well as the responsibilities of private sector ICT companies in cross border cooperation. Furthermore, the above examples are a few of the many agreements, Memoranda of Understanding (MOU), and negotiations that India has with other countries on cross border cooperation. It is important that, to the extent possible, these negotiations and transparent and easily publicly available.

2. The primary legislation governing ICT in India is the Information Technology Act, 2000 ("IT Act") which was passed to provide legal recognition for the transactions carried out by means of electronic data interchange and other means of electronic communication. The IT Act contains a number of provisions that declare illegal activities that threatenICT infrastructure, data, and individuals as illegal and provide for penalties for the same. These activities are:

Section 43 - Penalty and Compensation for damage to computer, computer system, etc.: If any person without permission: (i) accesses a computer, computer system or network; (ii) downloads, copies or extracts any data from such computer, computer system or network; (iii) introduces any computer contaminant or computer virus into, destroys, deletes or alters any information on, damages or disrupts any computer, computer system or network; (iv) denies or causes the denial of access to any computer, computer system or network by any means; (v) helps any person to access a computer, computer system or network in contravention of the Act; (vi) charges the services availed of by a person to the account of another person through manipulation; or (vii) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage, he shall be liable to pay damages by way of compensation to the person so affected.

Section 66 - Computer Related Offences: If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to two three years or with fine which may extend to Rs. 5,00,000/- or with both.

Section 66B - Punishment for dishonestly receiving stolen computer resource or communication device: Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to Rs. 1,00,000/- or with both.

Section 66C - Punishment for identity theft: Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.

Section 66D - Punishment for cheating by personation by using computer resource: Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to Rs. 1,00,000/-.

Section 66E - Punishment for violation of privacy: Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding Rs. 2,00,000 or with both.

Section 66F - Punishment for cyber terrorism: (1) Whoever,- (A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by -

Denying or cause the denial of access to computer resource; or
Attempting to penetrate a computer resource; or
Introducing or causing to introduce any computer contaminant and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure, or

(B) knowingly or intentionally penetrates a computer resource and by by doing so obtains access to information that is restricted for reasons of the security of the State or foreign relations; or any restricted information with reasons to believe that such information may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.

Section 67 - Publishing of information which is obscene in electronic form: Whoever publishes or transmits in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons, shall be punished on first conviction with a maximum imprisonment upto 2 years and a maximum fine upto Rs. 5,00,000 and for a second or subsequent conviction with a maximum imprisonment upto 5 years and also a maximum with fine upto Rs. 10,00,000.

Section 67A - Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form: Whoever publishes or transmits in the electronic form any material which contains sexually explicit act or conduct shall be punished on 1st conviction with a maximum imprisonment for 5 years and a maximum fine of upto Rs. 10,00,000 and for a 2nd or subsequent conviction with a maximum imprisonment of 7 years and a maximum fine upto Rs. 10,00,000.

Section 67B - Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form: Whoever,- (a) publishes or transmits material in any electronic form which depicts children engaged in sexually explicit act or conduct; or (b) creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner; or (c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource; or (d) facilitates abusing children online; or (e) records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with a maximum imprisonment upto 5 years and a maximum fine upto Rs. 10,00,000 and in the event of a 2nd or subsequent conviction with a maximum imprisonment upto 7 years and also a maximum fine upto Rs. 10,00,000.[5]

Section 72 - Breach of confidentiality and privacy: Any person who, in pursuance of any of the powers conferred under this Act, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses the same to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to Rs. 1,00,000 or with both.

Section 72-A - Punishment for Disclosure of information in breach of lawful contract: Any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to Rs. 5,00,000 or with both.

3. The broad language and wide terminology used IT Act seems to cover most of the cyber crimes faced in India as of now, though the technical abilities to prevent the crimes still leave a lot to be desired. The prevention of cyber crime is not the domain of the IT Act and is rather the responsibility of the law enforcement authorities (note: there is no specific authority created under the IT Act, the Act is enforced by the police and other law enforcement authorities). That said, it may be a useful exercise to briefly compare these provisions with the crimes mentioned in the Convention on Cybercrime, 2001 (Budapest Convention), an international treaty that seeks to addresses threats in cyber space by promoting the harmonization of national laws and cooperation across jurisdictions, to examine if there are any that are not covered by the IT Act. A comparison of the principles in Budapest Convention and the IT Act is below:

S. No.	Article of the Budapest Convention	Provisions of the IT Act which cover the same
1	Article 2 - Illegal Access	Section 43(a) read with Section 66
2	Article 3 - Illegal Interception	Section 69 of the IT Act read with section 45 as well as Section 24 of the Telegraph Act, 1885
3	Article 4 - Data interference	Sections 43(d) and 43(f) read with section 66
4	Article 5 - System interference	Sections 43(d), (e) and (f) read with section 66
5	Article 6 - Misuse of devices	Not specifically covered
6	Article 7 - Computer related forgery	Computer related forgery is not specifically covered, but it is possible that when such a case comes to light, the provisions of Section 43 read with section 66 as well as provisions of the Indian Penal Code, 1860 would be pressed into service to cover such crimes
7	Article 8 - Computer related fraud	While not specifically covered by the IT Act, it is possible that when such a case comes to light, the provisions of Section 43 read with section 66 as well as provisions of the Indian Penal Code, 1860 would be pressed into service to cover such crimes
8	Article 9 - Offences relating to child pornography	Section 67B

As can be seen from the above discussion, most of the criminal acts elucidated in the Budapest Convention are covered under the IT Act except for the provision on misuse of devices, which requires the production, dealing, trading, etc. in devices whose sole objective is to violate the provisions of the IT Act, though it is possible that provisions of the Indian Penal Code, 1860 dealing with conspiracy and aiding and abetment may be pressed into service to cover such incidents.

4. Further, there are a number of laws which deal with critical infrastructure in India, however since these are mostly sectoral laws dealing with specific infrastructure sectors, the one most relevant to ICT is the Telegraph Act, 1885, which makes it illegal to interfere with or damage critical telegraph infrastructure. The specific penal provisions are listed below:

Section 23 - Intrusion into signal-room, trespass in telegraph office or obstruction: If any person - (a) without permission of competent authority, enters the signal room of a telegraph office of the Government, or of a person licensed under this Act, or (b) enters a fenced enclosure round such a telegraph office in contravention of any rule or notice not to do so, or (c) refuses to quit such room or enclosure on being requested to do so by any officer or servant employed therein, or (d) wilfully obstructs or impedes any such officer or servant in the performance of his duty, he shall be punished with fine which may extend to Rs. 500.

Section 24 - Unlawfully attempting to learn the contents of messages: If any person does any of the acts mentioned in section 23 with the intention of unlawfully learning the contents of any message, or of committing any offence punishable under this Act, he may (in addition to the fine with which he is punishable under section 23) be punished with imprisonment for a term which may extend to one year.

Section 25 - Intentionally damaging or tampering with telegraphs: If any person, intending - (a) to prevent or obstruct the transmission or delivery of any message, or (b) to intercept or to acquaint himself with the contents of any message, or (c) to commit mischief, damages, removes, tampers with or touches any battery, machinery, telegraph line, post or other thing whatever, being part of or used in or about any telegraph or in the working thereof, he shall be punished with imprisonment for a term which may extend to three years, or with fine or with both.

Section 25A - Injury to or interference with a telegraph line or post: If, in any case not provided for by section 25, any person deals with any property and thereby wilfully or negligently damages any telegraph line or post duly placed on such property in accordance with the provisions of this Act, he shall be liable to pay the telegraph authority such expenses (if any) as may be incurred in making good such damage, and shall also, if the telegraphic communication is by reason of the damage so caused interrupted, be punishable with a fine which may extend to Rs. 1000:

5. The telecom service providers in India have to sign a license agreement with the Department of Telecommunications for the right to provide telecom services in various parts of India. The telecom regulatory regime in India has gone through a lot of turmoil and evolution and currently any service provider wanting to provide telecom services is issued a Unified License (UL) and has to abide by the terms of the UL. Whilst most of the prohibited activities under the UL refer to specific terms under the UL itself such as non payment of fees and not fulfilling obligations under the UL, section 38 provides for certain specific prohibited activities which may be relevant for the ICT sector. These prohibited activities include:

(i) Carrying objectionable, obscene, unauthorized or any other content, messages or communications infringing copyright and intellectual property right etc., which may be prohibited by the laws of India;

(ii) Provide tracing facilities to trace nuisance, obnoxious or malicious calls, messages or communications transported through his equipment and network, to the authorised government agencies;

(iii) Ensuring that the Telecommunication infrastructure or installation thereof, carried out by it, should not become a safety or health hazard and is not in contravention of any statute, rule, regulation or public policy;

(iv) not permit any telecom service provider whose license has been revoked to use its services. Where such services are already provided, i.e. connectivity already exists, the license is required to immediately sever connectivity immediately.

2b. In case of ICT incidents, States should consider all relevant information, including the larger context of the event, the challenges of attribution in the ICT environment and the nature and extent of the consequences

The Department of Electronics and Information Technology (DEITY) has released the XIIth Five Year Plan on the information technology sector and the report of the Sub-Group on Cyber Security in the plan recognizes that cyber security threats emanate from a wide variety of sources and manifest themselves in disruptive activities that target individuals, businesses, national infrastructure and Governments alike. [6] The primary objectives of the plan for securing the country's cyber space are preventing cyber attacks, reducing national vulnerability to cyber attacks, and minimizing damage and recovery time from cyber attacks. The plan takes into account a number of focus areas to achieve its stated objectives, which are described briefly below:

Enabling Legal Framework - Setting up think tanks in Public-Private mode to identify gaps in the existing policy and frameworks and take action to address them including addressing the privacy concerns of online users.
Security Policy, Compliance and Assurance - Enhancement of IT product security assurance mechanism (Common Criteria security test/evaluation, ISO 15408 & Crypto Module Validation Program), establishing a mechanism for national cyber security index leading to national risk management framework.
Security Resarch&Development (R&D) - Creation of Centres of Excellence in identified areas of advanced Cyber Security R&D and Centre for Technology Transfer to facilitate transition of R&D prototypes to production, supporting R&D projects in thrust areas.
Security Incident - Early Warning and Response - Comprehensive threat assessment and attack mitigation by means of net traffic analysis and deployment of honey pots, development of vulnerability database.
Security awareness, skill development and training - Launching formal security education, skill building and awareness programs.
Collaboration - Establishing a collaborative platform/ think-tank for cyber security policy inputs, discussion and deliberations, operationalisation of security cooperation arrangements with overseas CERTs and industry, and seeking legal cooperation of international agencies on cyber crimes and cyber security.

2c. States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs

As mentioned in response to (a) above, the primary legislation in India that deals with information technology and hence ICT as well is the Information Technology Act, 2000. The IT Act contains a number of penal provisions which make it illegal to indulge in a number of practices such as hacking, online fraud, etc. which have been recognised internationally as wrongful acts using ICT ( Please refer to answer under section (a) above for details of the penal provisions). Further section 1(2) of the IT Act provides that it also applies to any offence or contravention hereunder committed outside India by any person. This means that the IT Act also covers internationally wrongful acts using ICTs.

2d. States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats. States may need to consider whether new measures need to be developed in this respect

There are a number of ways in which states can share information by using widely accepted formal processes precisely for this purpose. Some of the most common methods of international exchange used by India are given below.

MLATs

Although the exact process by which intelligence agencies in India share information with other agencies internationally is unclear, India is a member of Interpol and the Central Bureau of Investigation, which is a Federal/Central investigating agency functioning under the Central Government, Department of Personnel & Training and is designated as the National Central Bureau of India. A very useful tool in the effort to establish cross-border cooperation is Mutual Legal Assistance Treaties (MLATs). MLATs are extremely important for law enforcement agencies, governments and the private sector, since they act as formal mechanisms for access to data which falls under different jurisdictions. India currently has MLATs with the following 39 countries [7]

Although MLATs are considered to be a useful mechanism to ensure international cooperation, there are certain criticisms of the MLAT mechanism, such as:

The Lack of Clear Time Tables: Although MLATs do provide for broad time frames, they do not provide for more specific time tables and usually do not have any provision for an expedited process, for eg. it is believed that for requests to the U.S., processing can take from six weeks (for requests with minimal issues complying with U.S. legal standards) to 10 months.[8] Such a long time frame is clearly a burden on the investigation process and has been criticised for being ineffectual as they may not provide information fast enough;
Variation in Legal Standards: The legal standards for requesting information, for eg. the circumstances under which information can be requested or what information can be requested, differ from jurisdiction to jurisdiction. These differences are often not understood by requesting nations thus causing problems in accessing information;[9]
Inefficient Legal Process: The legal process to carry out requests through the MLAT process is often considered too cumbersome and inefficient.
Non-incorporation of Technological Challenges: MLATs have not been updated to meet the challenges brought about by technology, especially with the advent of networked infrastructure and ICT which raise issues of attribution and cross-jurisdictional access to information. [10]

Extradition

Extradition generally refers to the surrender of an alleged or convicted criminal by one State to another. More precisely, it may be defined as the process by which one State upon the request of another surrenders to the latter a person found within its jurisdiction for trial ~~and punishment~~ or, if he has been already convicted, only for punishment, on account of a crime punishable by the laws of the requesting State and committed outside the territory of the requested State. Extradition plays an important role in the international battle against crime and owes its existence to the so-called principle of territoriality of criminal law, according to which a State will not apply its penal statutes to acts committed outside its own boundaries except where the protection of special national interests is at stake. India currently has extradition treaties with 37 countries and extradition arrangements with an additional 8 countries.[11]

Letters Rogatory

A Letter Rogatory is a formal communication in writing sent by the Court in which an action is pending to a foreign court or Judge requesting that the testimony of a witness residing within the jurisdiction of that foreign court be formally taken under its direction and transmitted to the issuing court making the request for use in a pending legal contest or action. This request entirely depends upon the comity of courts towards each other and usages of the court of another nation.

Apart from the above methods, India also regularly signs Bilateral MoUs with various countries on law enforcement and information sharing specially in cases related to terrorism. India also regularly helps and gets helps from Interpol, the International Criminal Police Organisation for purposes of investigation, arrests and sharing of information.[12]

Other than these formal methods states sometimes share information on an informal basis, where the parties help each other purely on the basis of goodwill, or sometimes even coercion. A recent example of informal cooperation between the security agencies of India and Nepal, although not in the realm of cyber space, was the arrest of YasinBhatkal, leader of the banned organisation Indian Mujahideen (IM) where the Indian security agencies allegedly sought informal help from their Neapaelese counterparts to arrest a person who was wantedhad long been wanted by the Indian security agencies for a long time. [13]

In the current environment of growing ICT and increased cross-border information sharing between individuals, the role of private companies who carry this information has become much more pronounced. This changed dynamic raises new problems, especially because manyin light of thesefact that a number of these companies do not have a physical presence in all the countries where they offer services over the internet. This leads to problems for states in terms of law enforcement, speciallyespecially if they want information from these companies who do not have an incentive or desire to provide itagainst their will. These circumstances lead to a number of prickly situations where states are often frustrated in using legal and formal means and often resort to informal pressure to get the companies to agree to data localization requests, encryption/decryption standards and keys, back doors, and other requests. etc., Tthe most famous of these in the Indian context being the disagreement/ heated exchange between the Indian government and Canada based Blackberry Limited (formerly Research in Motion) for data requests on their Blackberry enterprise platform.

2e. States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression

Right to Privacy

The right to privacy has been recognised as a constitutionally protected fundamental right in India through judicial interpretation of the right to life which is specifically guaranteed under the Constitution of India. Since the right to privacy was read into the constitution by judicial pronouncements, it could be said that the right to privacy in India is a creature of the courts at least in the Indian context. For this reason it may be useful to list out some of the major cases which deal with the right to privacy in India:

i. Kharak Singh v. Union of India¸[14] (1962)

a. For the first time, the courts recognized the right to privacy as a fundamental right, although in a minority opinion.

b. The decision lLocated the right to privacy under both the right to personal liberty as well as freedom of movement.

ii. Govind v. State of M.P.,[15] (1975)

a. Adopted the minority opinion of Kharak Singh as the opinion of the Supreme Court and held that the right to privacy is a fundamental right.

b. An individual deDerivesd the right to privacy from both the right to life and personal liberty as well as freedom of speech and movement.

c. The right to privacy was said to encompass and protect the personal intimacies of the home, the family marriage, motherhood, procreation and child rearing.

d. The court established that the rRight to privacy can be violated in the following circumstances (i) important countervailing interest which is superior, (ii) compelling state interest test, and (iii) compelling public interest.

iii. R. Rajagopal v. Union of India,[16] (1994)

a. Recognised that the rRight to privacy is a part of the right to personal liberty guaranteed under the constitution.

b. Recognizeds that the right to privacy can be both a tort (actionable claim) as well as a fundamental right.

c. Established that aA citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, child-bearing and education among other matters and nobody can publish anything regarding the same unless (i) he consents or voluntarily thrusts himself into controversy, (ii) the publication is made using material which is in public records (except for cases of rape, kidnapping and abduction), or (iii) he is a public servant and the matter relates to their discharge of official duties.

iv. People's Union for Civil Liberties v. Union of India,[17] (1996)

a. Extended the right to privacy to include communications privacy..

b. Laid down guidelines which form the backbone for checks and balances in interception provisions.

v. District Registrar and Collector, Hyderabad and another v. Canara Bank and another, [18] (2004)

a. Refers to personal liberty, freedom of expression and freedom of movement as the fundamental rights which give rise to the right to privacy.

b. The rRight to privacy deals with persons and not places.

c. Intrusion into privacy may be by - (1) legislative provisions, (2) administrative/executive orders and (3) judicial orders.

vi. Selvi and others v. State of Karnataka and others,[19] (2010)

a. The Court acknowledged the distinction between bodily/physical privacy and mental privacy

b. Subjecting a person to techniques such as narcoanalysis, polygraph examination and the Brain Electrical Activation Profile (BEAP) test without consent violates the subject's mental privacy
Although the judgements in the above cases (except for the case of People's Union for Civil Liberties v. Union of India) were pronounced given in a non telecomnot delivered in a telecommunications context, however the ease with which these principles were applied in the case of People's Union for Civil Liberties v. Union of India, suggests that these principles, where applicable, would be applied even in the context of ICT and are not limited to only the non-digital world.
It must however be noted that dueDue to some incongruities in the interpretation of the earlier judgments, the Supreme Court has recently referred the matter regarding the existence and scope of the right to privacy in India to a larger bench so as to bring clarity regarding the exact scope of the right to privacy in Indian law. The very concept that the Constitution of India guarantees a right to privacy was challenged due to an "unresolved contradiction" in judicial pronouncements. This "unresolved contradiction" arose because in the cases of M.P. Sharma & Others v. Satish Chandra & Others,[20] and Kharak Singh v. State of U.P. & Others, [21](decided byEigheighttandsixSixJudges respectively) the majority judgment of the Supreme Court had categorically denied the existence of a right to privacy under the Indian Constitution.

However somehow the later case of Gobind v. State of M.P. and another,[22] (which was decided by a two Judge Bench of the Supreme Court) relied upon the opinion given by the minority of two judges in Kharak Singh to hold that a right to privacy does exist and is guaranteed as a fundamental right under the Constitution of India without addressing the fact that this was a minority opinion and that the majority opinion had denied the existeance of the right to privacy. Thereafter a large number of cases have held the right to privacy to be a fundamental right, the most important of which are R. Rajagopal& Another v. State of Tamil Nadu & Others,[23] (popularly known as Auto Shanker's case) and People's Union for Civil Liberties (PUCL) v. Union of India & Another.[24] However, as was noticed by the Supreme Court in its August 11, 2015 order, all these judgments were decided by two or three Judges only which could not have overturned the judgments given by larger benches.[25] It was to resolve this judicial incongruity that the Supreme Court referred this issue to a larger bench to decide on the existence and scope of the right to privacy in India.

Freedom of Expression

Freedom of expression is one of the most important fundamental rights guaranteed under the constitution and has been vehemently protected by the judiciary on a number of occasions whenever it has been threatened. With the advent of social media, the entire dynamics of the freedom of speech and expression have changed in that it is now possible for every individual, with an internet connection and a Facebook/Twitter/Whatsapp account to reach millions of people without spending any extra money. This ability to reach a much larger and wider audience also led to greater friction between people holding different opinions. As the ease of the internet removed the otherwise filtering effects of geography and made it easier for people to communicate with each other, the advent of social media made it easier for them to communicate with a larger number of people at the same time. This ability to communicate within a group also gave rise to "debates" which often turngot ugly, highlighting giving way to concerns of how easy it is to harass people on social media.
This concern over of harassment led a number of people to call for greater censorship of social media and it was perhaps this concern which gave rise to the biggest challenge to the freedom of speech and expression in the online world, in the form of section 66A of the Information Technology Act, 2000 which made it an offense to send information which was "grossly offensive" (s.66A(a)) or caused "annoyance" or "inconvenience" while being known to be false (s.66A(c)). This section was used widely seen by Oonline activists, including the Centre for Internet and Society, widely considered this section as a tool for the government to silence those who criticised it. In fact, statistics compiled by the National Crime Records Bureau from 2014 revealed that 2,402 people, including 29 women, were arrested in 4,192 cases under section 66A which accounted for nearly 60% of all arrests under the IT Act, and 40% of arrests for cyber crimes in 2014. [26]
The section was finally struck down by the Supreme Court in 2015 in the case of Shreya Singhalv. Union of India, [27] on the ground of being too vague. This decision was seen as a huge victory for the campaign for freedom of speech and expression in the virtual world since this section was frequently used by the state (or rather government in power) to muzzle free speech against the incumbent government or political leaders. The offending section 66A made it an offence to send any information that was "grossly offensive or has menacing character" or "which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by makinguse of such computer resource or a communication device,". These terms quoted above were held by the Court to be too vague and wide and falling foul of the limited restrictions constitutionally imposed on the freedom of expression. The Supreme Court therefore, and were therefore struck down section 66A by the Supreme Court.

2f. A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public

The researchers of this report could not locate any norms in India which address this issue. To the best of their knowledge, India does not support any ICT activity that intentionally damages critical infrastructure or impairs the use and operation of critical infrastructure.

2g. States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions

1. Section 70 of the IT Act gives the government the authority to declare any computer system which directly affects any critical information infrastructure to be a protected system. The term "critical information infrastructure" (CII) is defined in the IT Act "the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety." Once the government declares any computer resource as a protected system it gets the authority to prescribe information security practices for such as system as well as identify the persons who are authorised to access such systems. Any person who accesses a protected system in contravention of the provision of Section 70 of the IT Act shall be liable to be imprisoned for a maximum period of 10 years and also pay a fine. Further, section 70A of the IT Act gives the government the power to name a national nodal agency in respect of CII and also prescribe the manner for such agency to perform its duties. In pursuance of the powers under sections 70A the government has designated the National Critical Information Infrastructure Protection Centre (NCIIPC) situated in the JNU campus as the nodal agency [28]. This agency is a part of and under the administrative control of the National Technical Research Organisation (NTRO) [29].

2. The functions and manner of performing such functions by the NCIIPC has been prescribed in the Information Technology (National Critical Information Infrastructure Protection Centre and Manner of Performing Functions and Duties) Rules, 2013.[30] According to these Rules the functions of the NCIIPC include, inter alia, (i) the protecting and giving advice to reduce the vulnerabilities of CII against cyber terrorism, cyber warfare and other threats; (ii) identification of all critical infrastructure elements so that they can be notified by the government; (iii) providing strategic leadership and coherence across the government to respond to cyber security threats against CII; (iv) coordinating, sharing, monitoring, analysing and forecasting national level threats to CII for policy guidance, expertiese sharing and situational awareness for early warning alerts; (v) assisting in the development of appropriate plans, adoption of standards, sharing best practices and refinining procurement processes for CII; (vi) undertaking and funding research and development to innovate future technologies and collaborate with PSUs, academia and international partners for protection of CII; (vii) organising training and awareness programmes and development of audit and certification agencies for protection of CII; (viii) developing and executing national and international cooperation strategies for protection of CII; (ix) issuing guidelines, advisories and vulnerability notes relating to CII and practices, procedures, prevention and responses in consultation with CERT-In and other organisations; (x) exchanging information with CERT-In, especially in relation to cyber incidents; and (xi) calling for information and giving directions to critical sectors or persons having a critical impact on CII, in the event of any threat to CII.[31]

3. The NCIIPC had in the year 2013 released (non publicly) Guidelines for the Protection of National Critical Information Infrastructure [32] (CII Guidelines) which presented 40forty controls and respective guiding principles for the protection of CII. It is expected that these controls and guiding principles will help critical sectors to draw a CII protection roadmap to achieve safe, secure and resilient CII for India. The 'Guidelines for forty Critical Controls' is considered by the NCIIPC to be a significant milestone in its efforts for the protection of nation's critical information assets. These fort controls can be found in Section 6 (Best Practices, Controls and Guidelines) of the CII Guidelines. It must be noted that the CII Guidelines were drafted after taking inputs from a number of stakeholders such as the national Stock Exchange, the Airports Authority of India, National Thermal Power Corporation, Reserve Bank of India, Indian Railways, Telecom Regulatory Authority of India, Bharat Sanchar Nigam Limited, etc. This exercise of taking inputs from different stakeholders as well as developing a standard of as many as 40forty aspects of security seems to suggest that the NCIIPC is taking steps in the right direction.

4. The Recommendations on Telecommunication Infrastructure Policy issued by the Telecom Regulatory Authority of India in April, 2011 are silent on the issue of security of critical information infrastructure.s. However, the National Policy on Information Technology, 2012 (NPIT) does address the issue of security of cyber space by saying that the government should make efforts to do the following:

"9.1 To undertake policy, promotion and enabling actions for compliance to international security best practices and conformity assessment (product, process, technology & people) and incentives for compliance.

9.2 To promote indigenous development of suitable security techniques & technology through frontier technology research, solution oriented research, proof of concept, pilot development etc. and deployment of secure IT products/processes

9.3 To create a culture of cyber security for responsible user behavior & actions including building capacities and awareness campaigns.

9.4 To create, establish and operate an 'Information Security Assurance Framework'."

5. The Department of Information and Technology has formed the Computer Emergency Response Term of India (CERT-In) to enhance the security of India's Communications and Information Infrastructure through proactive action and effective collaboration. The Information Security Policy on Protection of Critical Infrastructure released by the CERT-In considers information recorded, processed or stored in electronic medium as a valuable asset and is geared towards protection of such "valuable asset". The policy recognises the importance of critical information infrastructure network and says that any disruption of the operation of such networks is likely to have devastating effects. The policy prescribes that personnel with program delivery responsibilities should also recognise the importance of security of information resources and their management. Thus Ddue to this recognition of the growing networked nature of government as well as critical organisations and the need to have a proper vulnerability analysis as well as effective management of information security risks, the Department of Technology prescribes the following information security policy:

"In order to reduce the risk of cyber attacks and improve upon the security posture of critical information infrastructure, Government and critical sector organizations are required to do the following on priority:

Identify a member of senior management, as Chief Information Security Officer (CISO), knowledgeable in the nature of information security & related issues and designate him/her as a 'Point of contact', responsible for coordinating security policy compliance efforts and to regularly interact with the Indian Computer Emergency Response Team (CERT-In), Department of Information Technology (DIT), which is the nodal agency for coordinating all actions pertaining to cyber security;
Prepare information security plan and implement the security control measures as per ISI/ISO/IEC 27001: 2005 and other guidelines/standards, as appropriate;
Carry out periodic IT security risk assessments and determine acceptable level of risks, consistent with criticality of business/functional requirements, likely impact on business/ functions and achievement of organisational goals/objectives;
Periodically test and evaluate the adequacy and effectiveness of technical security control measures implemented for IT systems and networks. Especially, Test and evaluation may become necessary after each significant change to the IT applications/systems/networks and can include, as appropriate the following:

➢ Penetration Testing (both announced as well as unannounced)

➢ Vulnerability Assessment

➢ Application Security Testing

➢ Web Security Testing

Carry out Audit of Information infrastructure on an annual basis and when there is major upgradation/change in the Information Technology Infrastructure, by an independent IT Security Auditing organization;..........

Report to CERT-In the cyber security incidents, as and when they occur and the status of cyber security, periodically."

6. The Department of Electronics and Information Technology (DEITY) released the National Policy on Electronics in 2012 which contained the government's take on the electronics industry in India. Section 5 of the said policy talks about cCyber sSecurity and states that to create a complete secure cyber eco-system in the country, careful and due attention is required for creation of well-d defined technology and systems, use of appropriate technology and more importantly development of appropriate products and& solutions. The priorities for action should be suitable design and development of indigenous appropriate products through frontier technology/product oriented research, testing and& validation of security of products meeting the protection profile requirements needed to secure the ICT infrastructure and cyber space of the country.

7. In addition the CERT-In has issued an Information Security Management Implementation Guide for Government Organisations. [33] CERT-In has also prescribed progressive steps for implementation of Information Security Management System in Government & Critical Sectors as per ISO 27001. The steps prescribed are as follows:

Identification of a Point-of-Contact (POC) / Chief Information Security Officer (CISO) for coordinating information security policy implementation efforts and communication with CERT-In
Information Security Awareness Programme
Determination of general Risk environment of the organization (low / medium / hHigh) depending on the nature of web and& networking environment, criticality of business functions and impact of information security incidents on the organization, business activities, assets / resources and individuals
Status appraisal and gap analysis against ISO 27001 based best information security practices
Risk assessment covering evaluation of threat perception and technical and &operational vulnerabilities
Comprehensive risk mitigation plan including selection of appropriate information security controls as per ISO 27001 based best information security practices
Documentation of agreed information security control measures in the form of information security policy manual, procedure manual and work instructions
Implementation of information security control measures (Managerial, Technical and& operational)
Testing & evaluation of technical information security control measures for their adequacy & effectiveness and audit of IT applications/systems/networks by an independent information security auditing organization (penetration testing, vulnerability assessment, application security testing, web security testing, LAN audits, etc)
Information Security Management assessment and certification against ISO 27001 standard, preferably by an independent & accredited organization

8. The Unified License for providing various telecommunication services also discusses contains certain terms which talk about how to engagedeal with telecommunication infrastructure in light of national security, which include the following recommendations:

Providing necessary facilities to the Government to counteract espionage, subversive act, sabotage or any other unlawful activity;
Giving full access to its network and equipment to the authorised persons for technical scrutiny and inspection;
Obtaininggettting security clearance for all foreign nationals deployed on for installation, operation and maintenance of the network;
Being completely responsible for the security of its network and having organizational policy on security and security management of its network including Network forensics, Network Hardening, Network penetration test, Risk assessment;
Auditing its network or getting the network audited from security point of view once in a financial year from a network audit and certification agency;
Inducting only those network elements into its telecommunications network, which have been got tested according tos per relevant contemporary Indian or International Security Standards;
Including all contemporary security related features (including communication security) as prescribed under relevant security standards while procuring the equipment and implementing all such contemporary features into the network;
Keeping requisite records of operations in the network;
Monitoring of all intrusions, attacks and frauds on his technical facilities and provide reports on the same to the Licensor.

Further statutory restrictions on tampering critical infrastructure are already contained in the Telegraph Act and have been discussed above, though the penalties provided may need to be increased if they are to act as a deterrent in this age where the stakes are much higher.

2h. States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts. States should also respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another State emanating from their territory, taking into account due regard for sovereignty

There is yet to be a publicly acknowledged request from a foreign government asking the Indian government to take steps to prevent malicious ICT acts originating from its territory.

2i. States should take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products. States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions;

Section 4 of the National Electronics Policy, 2012 talks about "Developing and Mandating Standards" and says that in order to curb the inflow of sub-standard and unsafe electronic products the government should mandate technical and safety standards which conform to international standards and do the following:

Develop Indian standards to meet specific Indian conditions including climatic, power supply, and handling and other conditions etc., by suitably reviewing existing standards.

Mandate technical standards in the interest of public health and safety.

Set up an institutional mechanism within Department of Information Technology for mandating compliance to standards for electronics products.

Develop a National Policy Framework for enforcement and use of Standards and Quality Management Processes.

Strengthen the lab infrastructure for testing of electronic products and encouraging development of conformity assessment infrastructure by private participation.

Create awareness amongst consumers against sub-standard and spurious electronic products.

Build capacity within the Government and public sector for developing and mandating standards.

Actively participate in the international development of standards in the Electronic System Design and Manufacturing sector.

2j. States should encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities to limit and possibly eliminate potential threats to ICTs and ICT-dependent infrastructure

Under section 70B of the IT Act, India has established a Computer Emergency Response Team (CERT-In) to serve as the national agency for incident responses. The functions mandated to be performed by CERT-In as per the IT Act are:

Collection, analysis and dissemination of information on cyber incidents;
Forecasting and alerts of cyber security incidents;
Emergency measures for handling cyber security incidents;
Coordination of cyber incidents response activities;
Issuing ofe guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents;
Such other functions relating to cyber security as may be prescribed.

CERT-In also publishes information regarding various cyber threats on its websites so as to keep internet users aware of the latest threats in the online world. Such information can be accessed both on the main page of the CERT-In website or under the Advisories section on the website. [34]

2k. States should not conduct or knowingly support activity to harm the information systems of the authorized emergency response teams (sometimes known as computer emergency response teams or cyber security incident response teams) of another State. A State should not use authorized emergency response teams to engage in malicious international activity.

There are no official or public reports of India using its CERT-In to harm the information systems of another state, although it is highly unlikely that any state would publicly acknowledge such activities even if it was indulging in them.

3. Conclusion

As can be seen from the discussion above, the statutory, regulatory and policy regime in India does seem to address most of the cyber security norms in some manner or the other, but these efforts almost always fall short of meeting some of the norms. While the Information Technology Act along with the Rules thereunder, as being the umbrella legislation for digital transactions in India, does address some of the issues mentioned above, it does not address some of the problems that arise out of a greater reliance on the internet such as spamming, trolling, and, online harassment, etc. Although some of these acts may be addressed by regular legislation by applying them in the online world however this does not always take into account the unique features and complexities of committing these acts/crimes in the online world.

In the area of exchange of information between states, India has entered into a number of MLATs and extradition treaties, and frequently issues Letters of Rogatory. Yet however these mechanisms may not be adequate to address the needs of crime prevention of crimes in the age of ICT, as crime prevention it often requires exchange of information inon r a real time basis which is not possible with the bureaucratic procedures involved in the MLAT process. There also needsd to be stronger standards which are applicable to ICT equipment, including imported equipment especially in light of the fact that security concerns related to Chinese ICT equipment that from China have been raised quite frequently in the past. There also needs to be a better system of reporting ICT vulnerabilities to CERT-In or other authorized agencies so that mitigation measure can be implemented in time.

It should be noted that the work of the Group of Experts is not complete since the General Assembly has asked the Secretary General to form a new Group of Experts which would report back to the Secretary General in 2017. It is imperative that the Government of India realise the importance of the work being done by the Group of Experts and take measures to ensure that a representative from India is included in or atleast the comments and concerns of India are included and addressed by the Group of Experts. Meanwhile, India can begin by strengthening domestic privacy safeguards, improving transparency and efficiency of relevant policies and processes, and looking towards solutions that respect rights and strengthen security. Brutent force solutions such as demands for back doors, unfair and unreasonable encryption regulation, and data localization requirements will not help propel India forward in international discussions, dialogues, or agreements on cross-border sharing of information. Though the recommendations from the Group of Experts are welcome, beyond a preliminary mention of privacy and freedom of expression, the rights of individuals - and the ways in which these can be protected, various components that go into supporting those rights including redress, transparency, and due process measures - was inadequately addressed.

[1] The terms "cyberspace" has been defined in the Oxford English Dictionary as the notional environment in which communication over computer networks occurs. Although the scope of this paper is not to discuss the meaning of this term, it was felt that a simple definition of the term would be useful to better define the parameters of the discussion.

[2] https://s3.amazonaws.com/unoda-web/wp-content/uploads/2016/01/A-RES-70-237-Information-Security.pdf

[3] https://www.justsecurity.org/29203/british-searches-america-tremendous-opportunity/

[4] http://deity.gov.in/content/country-wise-status

[5] Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form-

(i) The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or

(ii) which is kept or used for bona fide heritage or religious purposes

Explanation: For the purposes of this section, "children" means a person who has not completed the age of 18 years.

[6] http://deity.gov.in/sites/upload_files/dit/files/Plan_Report_on_Cyber_Security.pdf

[7] List of the countries is available at http://cbi.nic.in/interpol/mlats.php

[8] https://www.lawfareblog.com/mlat-reform-some-thoughts-civil-society

[9] Peter Swire& Justin D. Hemmings, "Re-Engineering the Mutual Legal Assistance Treaty Process", http://www.heinz.cmu.edu/~acquisti/SHB2015/Swire.docx, cf. https://www.lawfareblog.com/mlat-reform-some-thoughts-civil-society .

[10] MLATS and International Cooperation for Law Enforcement Purposes, available at http://cis-india.org/internet-governance/blog/presentation-on-mlats.pdf

[11] The full list of the countries with which India has agreed an MLAT is available at http://cbi.nic.in/interpol/extradition.php

[12] http://cbi.nic.in/interpol/assist.php

[13] http://www.firstpost.com/india/how-the-police-tracked-and-arrested-im-founder-yasin-bhatkal-1071755.html

[14] http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=3641

[15] http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=6014

[16] http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=11212

[17] http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=14584

[18] http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=26571

[19] http://dspace.judis.nic.in/bitstream/123456789/26592/1/36303.pdf

[20] AIR 1954 SC 300. In para 18 of the Judgment it was held: "A power of search and seizure is in any system of jurisprudence an overriding power of the State for the protection of social security and that power is necessarily regulated by law. When the Constitution makers have thought fit not to subject such regulation to constitutional limitations by recognition of a fundamental right to privacy, analogous to the American Fourth Amendment, we have no justification to import it, into a totally different fundamental right, by some process of strained construction."

[21] AIR 1963 SC 1295. In para 20 of the judgment it was held: "… Nor do we consider that Art. 21 has any relevance in the context as was sought to be suggested by learned counsel for the petitioner. As already pointed out, the right of privacy is not a guaranteed right under our Constitution and therefore the attempt to ascertain the movement of an individual which is merely a manner in which privacy is invaded is not an infringement of a fundamental right guaranteed by Part III."

[22] (1975) 2 SCC 148.

[23] (1994) 6 SCC 632.

[24] (1997) 1 SCC 301.

[25] http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril

[26] http://cis-india.org/internet-governance/news/hindustan-times-august-20-2015-aloke-tikku-stats-from-2014-reveal-horror-of-scrapped-section-66-a-of-it-act

[27] http://supremecourtofindia.nic.in/FileServer/2015-03-24_1427183283.pdf

[28] http://deity.gov.in/sites/upload_files/dit/files/S_O_18(E).pdf

[29]

[30] http://deity.gov.in/sites/upload_files/dit/files/GSR_19(E).pdf

[31] Rule 4 of the Information Technology (National Critical Information Infrastructure Protection Centre and Manner of Performing Functions and Duties) Rules, 2013.

[32] Since these Guidelines were not publicly released they are not available on any government website. In this paper we have relied on a version available on a private website at http://perry4law.org/cecsrdi/wp-content/uploads/2013/12/Guidelines-For-Protection-Of-National-Critical-Information-Infrastructure.pdf

[33] Available at http://www.cert-in.org.in/

[34] http://www.cert-in.org.in/

List of Acronyms

ICTs – Information Communication Technologies
GGE – Group of Experts
EU – European Union
DLC-ICT – India-Belarus Digital Learning Center
IT Act – Information Technology Act, 2000
UL - Unified License
DEITY – Department of Electronics and Information Technology
IT – Information Technology
ISO – International Organization for Standardisation
CERT – Computer Emergency Response Team
CERT-In - Computer Emergency Response Team, India
MLAT – Mutual Legal Assistance Treaty
CII – Critical Information Infrastructure
NCIIPC - National Critical Information Infrastructure Protection Centre
NTRO - National Technical Research Organisation
NPIT - National Policy on Information Technology
CISO - Chief Information Security Officer

For more details visit https://cis-india.org/internet-governance/blog/analysis-report-experts-information-telecommunications-security-implications-india

Submitted Comments on the Telangana State Open Data Policy 2016

sumandro — 2016-09-01T05:49:51Z

Last month, the Information Technology, Electronics & Communications Department of the Government of Telangana released the first public draft of the Telangana State Open Data Policy 2016, and sought comments from various stakeholders in the state and outside. The draft policy not only aims to facilitate and provide a framework for proactive disclosure of data created by the state government agencies, but also identify the need for integrating such a mandate within the information systems operated by these agencies as well. CIS is grateful to be invited to submit its detailed comments on the same. The submission was drafted by Anubha Sinha and Sumandro Chattapadhyay.

Download the submitted document: PDF.

1. Preliminary

1.1. This submission presents comments and recommendations by the Centre for Internet and Society (“CIS”) [1] on the proposed draft of the Telangana Open Data Policy 2016 (“the draft policy”). This submission is based on Version 1 of the draft policy shared by the Information Technology, Electronics & Communications Department, Government of Telangana (“the ITE&C Department”).

1.2. CIS commends the ITE&C Department for its generous efforts at seeking inputs from various stakeholders to draft an open data policy for the state of Telangana. CIS is thankful for this opportunity to provide a clause-by-clause submission.

2. The Centre for Internet and Society

2.1. The Centre for Internet and Society, CIS, is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa.

2.2. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved. The comments in this submission aim to further the principle of citizens’ right to information, instituting openness-by-default in governmental activities, and to realise the various kinds of public goods that can emerge from greater availability of open (government) data. The submission is limited to those clauses that most directly have an impact on these principles.

3. Comments and Recommendations

This section presents comments and recommendations directed at the draft policy as a whole, and in certain places, directed at specific clauses of the draft policy.

3.1. Defining the Scope of the Policy in the Preamble

3.1.1. CIS observes and appreciates that the ITE&C Department has identified the open data policy as a catalyst for, and as dependent upon, a larger transformation of the information systems implemented in the state, to specifically ensure that these information systems.

3.1.2. CIS commends the endeavour of the draft policy to share data in open and machine-readable standards. To further this, it will be useful for the preamble to explicitly mandate proactive disclosure in both human-readable and machine-readable formats, using open standards, and under open license(s).

3.1.3. CIS recommends that the draft policy state the scope of the policy at the outset, i.e. in the Preamble section of the document. This will provide greater clarity to the stakeholders who are trying to ascertain applicability of the draft policy to their data.

3.1.4. CIS commends the crucial mandate of creating data inventory within every state government ministry / department. We further recommend that the draft policy also expressly states the need to make these inventories publicly accessible.

3.1.5. CIS commends the draft policy’s aim to build a process to engage with data users for better outcomes. We suggest that the draft policy also enumerates the “outcomes” of such engagement, in order to provide more clarity. We recommend that these “outcomes” include greater public supply of open government data in an effective, well-documented, timely, and responsible manner.

3.1.6. Further, CIS suggests that the draft policy define “information centric and customer centric data” to provide more clarity to the document, as well as its scope and objectives.

3.2. Provide Legal and Policy References

3.2.1. Strengthening transparency, predictability, and legal certainty of rules benefits all stakeholders. Thus, as far as possible, terms in the draft policy should use pre-existing legal definitions. In case of ambiguities arising after the implementation of the policy, consistency in definitions will also lead to greater interpretive certainty. It must be noted that good quality public policies which promote legal certainty, lead to better implementation.

3.2.2. CIS observes that the draft policy re-defines various terms in Section 4 that have already been defined in National Data Sharing and Accessibility Policy (“NDSAP”) 2012 [2], the Right to Information 2005 (“RTI Act”) [3], and IT (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 [4]. We strongly recommend that the draft policy uses the pre-existing definitions in these acts, rules, and policies.

3.2.3. Further, CIS observes that while certain sections accurately reflect definitions and parts from other acts, rules and policies, such sections are not referenced back to the latter. These sections include, but are not limited to: Sections 3, 7, 8, 4 (definitions of Data set, Data Archive, Negative list, Sensitive Personal data). We strongly recommend that accurate legal references be added to the draft policy after careful study of the language used.

3.3. Need for More Focused Objective Statement

3.3.1. While the draft policy has a very comprehensive statement of its objectives, including "all issues related to data in terms of the available scope of sharing and accessing spatial and non-spatial data under broad frameworks of standards and interoperability," it may consider offering a more focused statement of its key objective, which is to provide a policy framework for proactive disclosure of government data by the various agencies of the Government of Telangana.

3.3.2. Further, the objective statement must clearly state that the policy enables publication of data created by the agencies of the Government of Telangana, and/or by private agencies working in partnership with public agencies, using public funds as open data (that is, using open standards, and under open license). The present version of the objective statement mentions "sharing" and "accessing" the data concerned under "broad frameworks of standards and interoperability" but does not make it clear if such shared data will be available in open standards, under open licenses, and for royalty-free adaptation and redistribution by the users concerned.

3.4. Suggestions related to the Definitions

3.4.1. The term “Data” has not been defined in accordance with NDSAP 2012. We suggest that the definition provided in NDSAP is followed so as to ensure legal compatibility.

3.4.2. The term “Sensitive Personal Data” seems to have been defined on the basis of the definition provided in the IT (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011. Please add direct reference so as to make this clear. We further suggest that the term “Personal Information”, also defined in the same IT Rules, is also included and referred to in the draft policy, so that not only Sensitive Personal Data is barred from disclosure under this policy, but also Personal Information (that is "any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person") [5].

3.4.3. The term “Negative List” is defined in a manner that allows the state government ministries and agencies to identify which data are to be considered as non-shareable without any reference to an existing policy framework that list acceptable grounds for such identification. The term must be defined more restrictively, as this definition can allow an agency to avoid disclosure of data that may not be legally justifiable as non-shareable or sensitive. Thus, we recommend a more limited definition which may draw upon the RTI Act 2005, and specifically consider the factors mentioned in Sections 8 and 9 of the Act as the (only) set of acceptable reasons for non-disclosure of government data.

3.4.4. The terms “Shareable Data” and “Sensitive Data” are used in several places in the draft policy but are not defined in Section 4. Both these terms are defined in NDSAP 2012. We suggest that both these terms be listed in Section 4, in accordance with the respective definitions provided in NDSAP 2012.

3.4.5. The terms “Data Archive”, “Data Acquisition”, “Raw Data”, “Standards-Compliant Applications”, and “Unique Data” are defined in Section 4, but none of these terms appear elsewhere in the draft policy. We suggest that these terms are either better integrated into the document, or may not be defined at all.

3.5. Rename Section 6 to Focus on Implementation of the Policy

3.5.1. Though the Section 6 is named as “Shareable Data”, it instead categorically lists down how the policy is to be implemented. This is a very welcome step, but the Section title should reflect this purpose of the Section.

3.5.2. The decision proposed in the draft policy to make it mandatory for "each funding organization" to "highlight data sharing policy as preamble in its RFPs as well as Project proposal formats" is much appreciated and commendable. For a clearer and wider applicability of this measure, we recommend that this responsibility should apply to all state government agencies, including agencies where the state government enjoys significant stake, and all public-private partnerships entered into by the state government agencies, and not only to "funding organizations" (a term that has also not been defined in the draft policy).

3.5.3. While the Section details out various measures and steps of implementation of the policy, it does not clarify which agency and/or committee would have the authority and responsibility to coordinate, monitor, facilitate, and ensure these measures and steps. Not only governmental representatives but also non-governmental representatives may be considered for such a committee.

3.6. Host All Open Government Data in the State Portal

3.6.1. We observe that the Section 6 indicates that , the designated domain for the open government data portal for the state of Telangana, will only store metadata related to the proactive disclosed data sets but not the data sets themselves. This is further clarified in Section 10. We strongly urge the ITE&C Department to reconsider this decision to not to store the actual open data sets in the state open government data portal itself but in the departmental portals. A central archive of the open data assets, hosted by the state open government data portal, will allow for more effective and streamlined management of the open data assets concerned, including their systematic backing-up, better security and integrity, permanent and unique disclosure, and rule-driven updation. This would also reduce the burden upon all the government agencies, especially those that do not have a substantial IT team, to run independent department-specific open data portals.

3.7. Reconsider the Section on Data Classification

3.7.1. While it is clear that the Section 7 on Data Classification follows the classification of various data sets created, managed, and/or hosted by government agencies offered in the NDSAP 2012, it is not very clear what role this classification plays in functioning and implementation of the draft policy. While Open Access and Registered Access data may both be considered as open government data that is to be proactively disclosed by the state government agencies via the state open government data portal, the Restricted Access data overlaps with the kinds of data already included in the Negative List defined in the draft policy (and elsewhere, like the RTI Act 2005). Further, the final sentence in this Section ensures that all data users provide appropriate attribution of the source(s) of the data set concerned, which (though is an important statement) should not be part of this Section on Data Classification. We suggest reconsideration of inclusion of this Section.

3.8. Reconsider the Section on Technology for Sharing and Access

3.8.1. While it is clear that the Section 8 on Technology for Sharing and Access is adapted from the Section 9 of the NDSAP 2012, the text in this Section seems to be not fully compatible with other statements in this draft policy. For example, the Section states that "[t]his integrated repository will hold data of current and historical nature and this repository over a period of time will also encompass data generated by various State Government departments." However, the draft policy states in Section 10 that "data.telangana.gov.in will only have the metadata and data itself will be accessed from the portals of the departments."

3.8.2. We strongly urge the ITE&C Department to revise this Section through close discussion with the NDSAP Project Management Unit, National Informatics Centre, which is the technical team responsible for developing and managing the portal, since the present version of this Section lists the original feature set of the portal as envisioned in 2012 but does not reflect the most recent feature set that has been already implemented in the portal concerned.

3.9. Current Legal Framework (Section 9) should List to Relevant Acts, Rules, Policies, and Guidelines

3.9.1. CIS observes that the draft policy attempts to lay out the applicable legal framework in Section 2 and 9 of the draft policy, and submits that the legal framework is incomplete and recommends that the draft policy lists all the following relevant acts, rules, policies and guidelines:

National Data Sharing and Accessibility Policy, 2012
Right to Information Act, 2005
Information Technology Act, 2002
Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

3.9.2. CIS submits that apart from the policies mentioned above, the implementation of the draft policy is intricately linked to concepts of "open standards," "open source software," "open API," and "right to information." These concepts are governed by specific acts and policies, and are applicable to government owned data, as follows:

Adoption of Open Standards: CIS observes that the draft policy draws on the importance of building information systems for interoperability and greater information accessibility. Interoperability is achieved by appropriate implementation of open standards. Thus, CIS submits that the Policy on Open Standards for e-Governance [6] which establishes the guidelines for usage of open standards to ensure seamless interoperability, and the Implementation Guidelines of the National Data Sharing and Accessibility Policy, 2012 [7] should be mentioned in the draft policy.
Adoption of Open Source Software: The Policy on Adoption of Open Source Software for Government of India states that the "Government of India shall endeavour to adopt Open Source Software in all e-Governance systems implemented by various Government organizations, as a preferred option in comparison to Closed Source Software [8]." As the draft policy proposed to guide the development of information systems to share open data is being developed and implemented both by the Government of Telangana and by other agencies (academic, commercial, and otherwise), it must include an explicit reference and embracing of this mandate for adoption of Open Source Software, for reasons of reducing expenses, avoiding vendor lock-ins, re-usability of software components, enabling public accountability, and greater security of software systems.
Implementation of Open APIs: CIS observes that the draft policy refers to Standard compliant applications in Section 4. CIS suggests that final version of the policy refer to and operationalise the Policy on Open Application Programming Interfaces (APIs) for Government of India [9]. This will ensure that the openly available data is available to the public, as well as to all the government agencies, in a structured digital format that is easy to consume and use on one hand, and is available for various forms of value addition and innovation on the other. Refer to Official Secrets Act, 1923: The Official Secrets Act penalises a person if he/she "obtains, collects, records or publishes or communicates to other person any secret official code or password, or any sketch, plan, model, article or note or other document or information which is calculated to be or might be or is intended to be, directly or indirectly, useful to an enemy for which relates to a matter the disclosure of which is likely to affect the sovereignty and integrity of India, the security of the State or friendly relations with foreign States [10]." CIS submits that this Act should be referred to in this context of ensuring non-publication of the aforementioned data.

3.10. Mandate a Participatory Process for Developing the Implementation Guidelines

3.10.1. We highly appreciate and welcome the fact that the draft policy emphasises rapid operationalisation of the policy by mandating that the ITE&C Department will prepare a detailed implementation guideline within 6 months of the notification of this policy, and all state government departments will publish at least 5 high value datasets within the next three months. Just as an addition to this mandate, we would like to propose that it can be suggested that the ITE&C Department undertakes a participatory process, with contributions from both government agencies and non-government actors, to develop this implementation guideline document. We believe that opening up government data in an effective and sustainable manner, for most government agencies, involves a systematic change in how the agency undertakes day-to-day data management practices. Hence, to develop productive and practical implementation guidelines, the ITE&C Department needs to gather insights from the other state government agencies regarding their existing data (and metadata) management practices [11]. Further, participation of the non-government actors in this process is crucial to ensure that the implementation guidelines appropriately identify the high value data sets, that is data sets that should be published on a priority basis.

3.11. Defer the Decision about Roles of Data Owners, Generators, and Controllers

3.11.1. As the draft policy does not specifically define the terms “Data Owners”, “Data Generators”, and “Data Controllers”, and the Section 11 only briefly describes some of the roles of these types of actors, we suggest removal of this discussion and the decision regarding the specific roles and functions of the Data Owners / Generators / Controllers from the draft policy itself. It will be perhaps more appropriate and effective to define these terms, as well as their roles and functions, in the implementation guidelines to be prepared by the ITE&C Department after the notification of the open data policy, since these terms relate directly to the final designing of the implementation process.

3.12. CIS is grateful to the ITE&C Department for this opportunity to provide comments, and would be honoured to provide further assistance on the matter.

Endnotes

[1] See: http://cis-india.org/.

[2] See: http://data.gov.in/sites/default/files/NDSAP.pdf.

[3] See: http://rti.gov.in/webactrti.htm.

[4] See: http://meity.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf.

[5] See Section 2 (1) (i) of IT (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011.

[6] See: https://egovstandards.gov.in/sites/default/files/Published%20Documents/Policy_on_Open_Standards_for_e-Governance.pdf.

[7] See: https://data.gov.in/sites/default/files/NDSAP_Implementation_Guidelines_2.2.pdf.

[8] See: http://deity.gov.in/sites/upload_files/dit/files/policy_on_adoption_of_oss.pdf.

[9] See: http://deity.gov.in/sites/upload_files/dit/files/Open_APIs_19May2015.pdf.

[10] See: http://www.archive.india.gov.in/allimpfrms/allacts/3314.pdf, Sections 2 (2) and 3 (1) (c).

[11] A similar process was undertaken by the IT Department of the Government of Sikkim when developing the implementation guideline document. The ITE&C Department may consider discussing the matter with the said department to exchange relevant learnings.

For more details visit https://cis-india.org/openness/comments-on-the-telangana-state-open-data-policy-2016