Centre for Internet and Society

Design and the Open Knowledge Movement

saumyaa — 2019-04-01T12:13:00Z

With the objective of connecting the open knowledge movement with design, the Access to Knowledge team at the Centre for Internet and Society co-organised the Wikigraphists Bootcamp India 2018 with the Wikimedia Foundation during September 28-30, 2018 in New Delhi. The event was held at the School of Design at Ambedkar University Delhi. As part of the bootcamp, a panel discussion was held in order to bring together design practitioners, educators, open knowledge contributors, and design students to explore how design and open knowledge communities can engage with each other. In this post, Saumyaa Naidu shares the learnings from the panel discussion aimed at exploring the potential collaborations between design and the open knowledge movement.

Introduction

Exchange between Design Academics and Open Knowledge

Potential Means of Engagement with Open Knowledge in Design Practice

Applications of Open Knowledge in Design Education

Conclusion

Introduction

Design has historically been functioning in a closed paradigm, both with regard to practice and education. The design process, resources, and products are largely proprietary and limit who can access them. On the other hand, increased use of digital technology offers the potential for greater access and knowledge sharing. In this setting, a dialogue on design and openness becomes essential. There is a need to build sensitivity among designers towards open knowledge and open access practices. Such an exchange can not only allow for design resources and products to be available in the open domain, but also help designers build an extensive shared knowledge base.

With the objective of connecting the open knowledge movement with design, the Access to Knowledge team at the Centre for Internet and Society co-organised the Wikigraphists Bootcamp India 2018 with the Wikimedia Foundation from 28th to 30th September, 2018 in New Delhi. The event was held at the School of Design at Ambedkar University Delhi. As part of the bootcamp, a panel discussion was held in order to bring together design practitioners, educators, open knowledge contributors, and design students to explore how design and open knowledge communities can engage with each other.

The discussion was preceded by an introduction to the open knowledge movement and its potential in creating access and inclusion, by Satdeep Gill. Satdeep is a community outreach coordinator for India at the Wikimedia Foundation. He is also one of the founding members of Punjabi Wikimedians User Group. Satdeep was the programme leader for the Wikiconference India in 2016. The introduction provided a brief history of copyrights and the beginning of the copyleft movement. It discussed creative commons licensing and the role of Wikipedia in the open knowledge movement.

The panel included Suchitra Balasubrahmanyan, Pooja Saxena, and Shyamal. Suchitra Balasubrahmanyan is the dean at the School of Design in Ambedkar University Delhi (AUD). Her research has been on multiple areas such as history of craft and design, and design education in India. Her practice focuses on social communication design. Pooja Saxena is a typeface and graphic designer whose work centres on multi-script design. She has designed an Ol Chiki typeface for Santali language which is available for free and open use. Pooja also teaches typography at several design schools including Pearl Academy, National Institute of Design, and Srishti school of Art, Design, and Technology. Shyamal is an independent researcher and an ornithologist. He has been contributing to Wikipedia for over fifteen years now. In addition to his contributions about the biodiversity of birds, he has also created several illustrations relating to the same. The panel was moderated by Saumyaa Naidu, a designer and researcher at the Centre for Internet and Society (CIS).

The discussion was aimed at addressing three primary questions around design and the open knowledge movement; how academic materials in design inform unstructured or open knowledge spaces and in what ways do these unstructured spaces come back into design education?, what are the potential means of engagement with open knowledge in design practice?, and in what ways can it be applied in design education?

Exchange between Design Academics and Open Knowledge

The discussion began with an enquiry into the challenges faced in the design of knowledge production and the knowledge production of design. It was directed at understanding the various ways in which design education and academia interact with open knowledge. Prof. Suchitra responded by saying that it is still early days for such an interaction to take place as the discipline of design itself is very proprietary in its approach. The work created in different areas of design is often guarded. Locating the discussion at the School of Design in AUD, she suggested that the Social Design course, which looks at the social application of design, believes in socially produced knowledge and contributing to it. However, the university is constrained by the academic environment which does not facilitate the open exchange of knowledge. There is a culture of copyright and protection of work in academia, and heavy funding is required for journal subscriptions. There is an imbalanced gatekeeping of knowledge as countries like India, which have weaker currencies, cannot access this knowledge or contribute to it. The social design community, a small community yet, is interested in making this knowledge freely accessible, in community participation, in co-designing, and in challenge the idea of one ‘super-designer’ who gets all the credit.

Open knowledge spaces such as Wikipedia often make their way into classrooms when students use these resources for assignments. It was pointed out by Prof. Suchitra that there is a lack of regard among students for giving due attribution to material taken from such platforms. Social Sciences universities also consider Wikipedia as an unreliable source, and discourage its use. There is a need to build the culture of knowledge sharing, borrowing, and contribution. She believes that this should be initiated at the level of school education, and not just design schools, so it is internalised at an early stage. She also shared an epistemological concern regarding such a cultural shift in design as it is commonly believed that the knowledge designers produce belongs to them and their livelihoods are connected to it. Hence, open knowledge and open source are antithetical to the profession. This means that the profession itself has to be imagined differently. The social design programme, in this regard, is trying to ensure that when students create work based on interactions with a community, also go back and present it to the community. This is to say that the work produced cannot be exclusively owned by the designers.

The open knowledge movement in India is closely tied to accessibility of information in Indian languages. The availability of a design knowledge base in Indian languages was discussed in this context. Prof. Suchitra explained that most design education in India is in English and is borrowed from another cultural and geographical setting. Design is a discipline of making, and making has its own language. In that sense, the act and content of design transcends language. But, it is the pedagogy which is held by language. The act of making, which is ubiquitous, and is done naturally by everybody, gets held back when it comes to the transmission in different languages. There can be sanskritised words for design terminology, but the vocabulary of everyday use should be applied to represent this knowledge. The School of Design is looking for ways in which important and more provocative texts in design can be made available in other Indian languages. When students are exploring a career in design and they want to learn about it, the information about courses, programmes, and universities should also be available in their language.

The students at AUD recently demanded that education at the university be provided in multiple languages. Since AUD is funded by the Delhi state government, the students want the medium of instruction to include languages of the state (Hindi, Urdu, and Punjabi) apart from English. However, in order to accomplish this, the university would require multilingual teachers. At a personal level, Prof. Suchitra feels that the medium of instruction cannot be monolingual, and that it is good to be multilingual. There is also the conflict that it doesn’t do justice to either languages, and there is no neat answer yet. She believes that technology provides some answers in the sense that students can access the material through translations in whichever language they prefer. Being located in Delhi, the university attracts students from all parts of the country, so it needs to be multilingual in different ways. Technology can intervene and provide a layer by which access can be given in the language of one’s choice. She inferred that this is not a question of one or two languages, but of languages everywhere.

Potential Means of Engagement with Open Knowledge in Design Practice

Presently, there is limited participation from design practitioners on open knowledge platforms. From the perspective of a design practitioner and educator, Pooja Saxena explained that apart from Wikipedia, designers use The Noun Project, which offers both free and paid ways to use icons. She mentioned how students also use this platform but it appears that they are not as interested in contributing to it. They are guarded about the work they create but are fine with using someone else’s work that is available for free. Pooja suggested a much needed change in the understanding that open knowledge simply means that it is open for use. It must be seen as a community which one needs to engage with in whichever capacity and give back to. Agreeing with Prof. Suchitra, Pooja also observed that students fail to give fair attribution when any work is available for free. There is a lack of training and communication around attribution among designers. Regarding open source softwares meant for image making and creating illustrations, Pooja said that despite her several attempts of using them, she has always gone back to proprietary softwares. She believes that there are not enough people contributing to making these open source applications better to work with. A middle path she recommended for designers is creating work in formats which can be edited across applications, so that the work created can be built upon in any application, and is not bound by a proprietary software.

As an experienced Wikipedian, Shyamal also stressed upon the idea of finding ways to productively give back to the open knowledge community. He talked about the opportunities that design students have in terms of creating quality images and graphics, and making them available for public use. An example of such an opportunity could be creating clipart or icons that can be used for roadside signages or other such public resources. Another possibility he proposed was publishing rough drafts or discarded work on platforms like Wikipedia, so it can be refined and used by others. It is not well known that aside from the textual part of Wikipedia, there exists a larger environment which includes projects like Wikidata, which is a semantic database, and Wikimedia Commons, which is meant for a variety of media such as images, video, audio, and even 3D models now. This offers a variety of options to designers to make their work available for open use. Another aspect that Shyamal brought attention to in this regard is to make the work available in a way that it can be easily found by others, by effectively using metadata and writing appropriate descriptions.

A relevant example of engagement of design with the open knowledge community was shared by Pooja through her type design project. This included designing a typeface family for the Ol Chiki script, which is used to write in the Santhali language. The project was initiated by Subhashish Panigrahi at CIS in order to set up the Santhali Wikipedia. But, at the time there were no unicode compliant fonts available for Ol Chiki. This was a clear example of how a design intervention in the form of a typeface could lead to knowledge being shared and possibly even created in the future. The project was then funded by the Access to Knowledge programme at CIS. Pooja described the process of designing the typeface. She mentioned that even though the Santhali language is spoken by over 6 million people, Ol Chiki is not a commonly used script. The script itself was invented less than a hundred years ago, which meant that there is little documentation available of the script to look at. The team then engaged with the community to understand how they would like the letters to look like, and whether the letters in the font were correct. This was done through comprehensive feedback forms to test the letters and ask specific questions around their form and placement. The exercise was repeated a number of times to get accurate letters.

Through this process, Pooja made a key observation on perfection. Designers are often trained to share or show their work only when they think it is perfect. But, in the case of the typeface, it was impossible to achieve something even close to being finished without showing it and seeking help from the community. The project also led to inspiring a design student from the National Institute of Design, who belongs to the Santhal community, to create letters in Ol Chiki script as part of the ‘36 days of type’ challenge on Instagram. The typeface thus, can contribute towards such projects as well. Pooja concluded that the typeface being available for free can also lead to students making a version of it that serves their purpose better.

Further on open typefaces for Indian languages, Shyamal spoke about the several issues regarding the use of Indian languages, specific to Wikipedia and in general as well. He correlated the lack of academic disciplines in Indian languages with the lack of vocabulary of technical terms. Several people also oppose borrowing words from other languages. In an example of needing to translate the labels of an illustration of a four-stroke engine into an Indian language, the engineer would not know the terms in that language, and the language expert will not know enough about engineering. Shyamal suggested transliterating English words as a first step, so that somebody who doesn’t know English can understand what the word sounds like. Another technical concern is the use of open source fonts of Indian languages for better compatibility on Wikimedia Commons. The platform replaces proprietary fonts with equivalent open source ones during the process of uploading. This changes the typesetting in the illustration in terms of spacing between the letters and sentences, and the resulting design can end up looking different from the intended one. Hence, it is important to include identification and use of open source fonts as part of the learning process in design.

Shyamal further talked about the need to create more awareness about copyright. He explained that the fact that anything we create is automatically copyrighted is not really understood by most people. People posting images on Facebook and Instagram would allow others to use their work when asked, but would hesitate to give a written permission. It would be useful to license out the work. This lack of copyright awareness hinders the creation of a vast visual database on Wikimedia Commons. There is little visual information available online about objects, monuments, maps, places, etc. in India. The advantage of using systems like Wikipedia is that you can geotag places, you can semantically describe them so that people who speak other languages can find that content. The value of availability of such content online for an outsider is not well understood yet. As a practice, when learning something new, Shyamal himself tries to add it on Wikipedia or on related projects, so that it can be of use to anyone else looking for it as well.

On encouraging designers to contribute to open knowledge, Pooja advised that designers can contribute through side projects or self-initiated projects as they are not looking to make any money from them to begin with, and would be able to share the work for free. These side projects can take the form of resources or tools that other people can use to build something else. She also pointed out that it is not necessary that designers cannot get paid to do open work, and shared the example of the Ol Chiki typeface, which was paid for by a patron. There are also organisations that commission projects which are supposed to be available for free use because those organisations need that product to be available for free. Google fonts for example, commissions the typefaces to designers which are eventually available as free and open fonts. It is important for designers to be aware that such opportunities exist, and that they need to be sought.

Applications of Open Knowledge in Design Education

The discussion led to several suggestions on involving design students in the open knowledge movement. Pooja recommended that students can be encouraged to make their assignments available on Wikimedia Commons. Design students are often expected to work on projects that address problems that exist in the real world. In most cases, these projects remain with the students and not get implemented in the real world. If such projects were available on open platforms like Wikimedia Commons, they can be taken forward by others who are tackling the same concerns. It is also something that design students would benefit from because their work will be publicly available.

In order to address the disregard for attributions pointed out earlier, Prof. Suchitra stressed upon the need to build a culture among design students to attribute fairly. This would allow for acceptable acknowledgement to someone who has produced work and contributed it to the open domain. She added that this is being initiated in other design spaces such as the Decolonise Design group, which some design faculties are a part of. The group looks at ways of finding different cultural anchors for design. One such project is where design faculties have gotten together to share design assignments, in order to see what kind of assignments we set in the classroom for teaching various kinds of concepts in design. The faculties are trying to form an international platform where teaching methods can be shared and a bank of design assignments can be created. These methods and assignments are otherwise considered proprietary.

Prof. Suchitra also talked about the onus on public funded educational institutions to make their work available on open platforms, at least in projects which have a larger use. The Industrial Design Centre (IDC), Powai already has a portal on which design related educational material is available for anyone who is interested. They offer an online course in design which anyone can register for and attend. It is only for the certification at the end of the course, that one needs to pay to take an exam. Design courses otherwise tend to be quite expensive. She mentioned that the School of Design at AUD has been contemplating sharing the thesis work that students produce on Academia, a platform for academics to share research papers, where it can be downloaded for free. This allows for the work to be viewed by people outside the school, which is a significant step for young designers. Design as a profession fundamentally does not allow sharing, and this certainly needs to change. She gave the example of textiles, where the traditional artworks and motifs are picked up from different sources and placed on fabrics. Such reuse borders on unethical practice. Therefore, we need to identify the boundaries of open source. The ethical aspects of it need to be opened up and discussed, otherwise it can lead to asymmetrical knowledge practices. The attribution or acknowledgement that the work individually or culturally belongs to somebody, needs to be recognised.

On the learning by doing approach in design education, Pooja raised the concern that there is a lack of attention towards ‘learning by reading’. Design related reading materials are not available on open platforms and in different languages. She suggested that even if the readings are available in English, it is also useful for them to be available in a vocabulary that is more acceptable for someone for whom it is not their first language. Further, the ‘doing’ is also framed by a certain perspective, and often that perspective is quite closed. It does not take into account where the students is coming from. For example, a branding assignment for a product for new mothers does not consider how eighteen year old students would understand the product without any interaction with the users. It doesn’t ask why does it have to be branding to begin with. It also limits the objective to ‘selling something’ while there are other ways in which design can intervene. In the assignments where students engage with a community, there is often a clear asymmetry between the students and the people they are designing for. There is a vast gap in the knowledge and experience shared by the two. Consequently, students are forced to either assert themselves in this community or misrepresent themselves. This also takes away from students wanting to share their work on open platforms. Pooja recommended that they would be more willing to put the work out in the open when they are working with their own community because they can then see how it affects people in a much more direct way.

Conclusion

The discussion brought forward various intersections in design and open knowledge, and the possible ways in which the two can lend to each other. Broader interventions such as a cultural shift in design around sharing work and discussing its ethical aspects, availability of academic material in design on open platforms and in different Indian languages, sensitivity around fair attribution and copyrights among designers, and designers seeking out or self initiating projects that contribute to the open domain were discussed. In terms of specific steps, ideas including design practitioners creating works in formats which are editable on open applications, adding more visual content on platforms like Wikimedia Commons, creating and using more open typefaces in Indian languages, and students sharing their assignments on open platforms were considered. Other ways of engagement with design education could be through internships and workshops that demonstrate the need for open knowledge systems.

During the interaction with the audience, another key concern was brought up by Govind Sivan, a student at the School of Design at AUD. He spoke about the prevalent approach in design schools of giving primary importance to originality. Students work towards thinking of unique ideas and any similarity between their own and a classmate’s assignment is seen as a failure of creativity. Such an approach goes on to curb shared knowledge and collaborative working, and needs to be changed in order to make way for openness in design. Prof. Suchitra also advised that there is more value to design in thinking of it as a collaborative project.

Design is also gradually opening up its process to include the people being designed for through open research methods such as co-design and participatory design. All aspects of a design process such as need identification, data gathering, and the end product can be conceptualised for openness. These directions can be explored by both designers and the open knowledge community for the creation of a greater and more accessible knowledge base.

For more details visit https://cis-india.org/a2k/blogs/saumyaa-naidu-design-and-the-open-knowledge-movement

Rejuvenating India’s Rivers the Wiki Way

subodh — 2019-04-01T13:18:33Z

Tarun Bharat Sangh (TBS), an organisation working on rejuvenation of rivers in India, has began documentation of rivers on Wiki, especially to draw attention to and mitigate the crisis of toxic deposits facing more than 40 rivers in India. The work was started by Jal Biradari, TBS’s Maharashtra based group, in Sangli district with the help of the Access to Knowledge (CIS-A2K) team of CIS. Here is the report from the first pilot workshop conducted by CIS-A2K during 22-25 December 2018 at Tarun Bharat Sangh Ashram, in Alwar, Rajasthan.

Events details on Wikimedia meta page

The Workshop

As per a Government of India report 42 rivers in India are polluted with toxic heavy metal deposits in them. To mitigate this crisis Tarun Bharat Sangh (TBS), an organization working on rejuvenation of rivers in India began documentation of rivers on Wiki. The work was started by TBS’s Maharashtra based group Jal Biradari in Sangli district with the help of the Access to Knowledge team of CIS (CIS-A2K).

Realizing the potential of the project TBS decided to integrate this as training module in their capacity building workshops conducted at Bhikampura in Rajasthan. The first pilot workshop was conducted by CIS-A2K during 22-25 December 2018 at Tarun Bharat Sangh Ashram, Bhikampura, Alwar in Rajasthan for 34 participants from eight states of India. Dr. Rajendra Singh, Maulik Sisodiya and Subodh Kulkarni, CIS-A2K were the facilitators. The objectives behind organizing the workshop was to build an open knowledge resource on water related issues in all Indian languages, document the river basins of India, train volunteers working in the sector to work in Wikimedia projects, open street mapping exercises and photo walks along the river and post free content on Commons and Wikisource projects.

The documentation structure for river basin was decided through participatory process. The participants were divided into 6 groups for working on 6 river basins of Arvari district. The resource material available with TBS in the form of maps, reports, training booklets was used to prepare the schematic maps of each river basin. The water bodies such as ponds, manmade structures like dams were also listed.


Activists during the workshop conducted by TBS in Alwar, Rajasthan in December 2018

After this pre-work, the training on Wikipedia editing started. The participants worked in sandboxes first on their articles. The manual of style, giving offline and online references and categorisation were discussed and practiced on sandboxes. The Commons session started with elaborate discussion on copyrights, licenses and encyclopedic content. The images were uploaded on Commons and used in the articles. The articles in the sandboxes were presented by each working group. Taking into consideration various suggestions, appropriate modifications were done. The finished new articles and the additional content into existing articles were then moved in the main namespace of respective language Wikipedia. TBS has decided to re-license 30 books and training material on river in CC-BY-SA. Participants who attended the workshop have started contributing in various languages.

Participants' Feedback

“Rivers are essential for existence of life in land. Keeping its sanctity and health is very important. The Wikimedia workshop gave an insight on river pollution issues and the importance of reviving them. As Wikipedia is an open platform it can create a larger impact by reaching out to the society.” - Mrityunjay1010

“The wiki-workshop on "Rivers on Wiki" has been my maiden experience in the context of generalizing the knowledge for common good. The workshop gave me a lens to see the usage of Wikipedia in regional languages as a medium for environmental consciousness building as well as conservation. Wikipedia as a means for social audit was also another enriching experience in that workshop.” - Simantabharati

For more details visit https://cis-india.org/a2k/blogs/subodh-kulkarni-rejuvenating-indias-rivers-the-wiki-way

Indic Wikisource Speak: Dr. Hrishikes Sen

jayanta — 2019-04-26T06:42:48Z

There are plenty of people engaged in digitising Bengali books. Plenty of pirated digitised books are available online. We need to tap into that catchment area. I think, if we can prepare high-grade pdf versions of our completed works and spread those to various online non-wiki reader communities, we are likely to get good contributors. -- User:Hrishikes from English and Bengali Wikisource community, share his journey.

CIS : Tell us about yourself, When did you join Wikimedia movement? And What are the projects you are involved in?

Hrishikes: Joined in March, 2007. In Wikisource since 2012.

CIS : What are the methods or workflow you follow to contribute to your language Wikisource?

Hrishikes: Method: I work slowly; try to give meticulous attention. Don't skip pages usually. Work page-by-page upto the last, even if a page is problematic. Come back to previously worked pages time and again, and correct any mistake.

CIS : How is the awareness about Wikisource in your language Wikimedia community?

Hrishikes: Awareness is present in the community, but there is disinclination to work in Wikisource, because of templates and other formatting issues.

CIS : We see there’s a growth in Indic Wikisource movement (showing Amir’s stats), what kind of help does the community need to grow?

Hrishikes: There are plenty of people engaged in digitising Bengali books. Plenty of pirated digitised books are available online. We need to tap into that catchment area. I think, if we can prepare high-grade pdf versions of our completed works and spread those to various online non-wiki reader communities, we are likely to get good contributors.

CIS : What are the challenges do you face while contributing to the project? Or social challenges while reaching out to authors or publishers.

Hrishikes: I like this project. Main issue is getting the time: extracting time from real life commitments. I have not been active in author/publisher liaison.

CIS : How would you describe the future of Wikisource? What are your personal goals for it?

Hrishikes:The main problem is: everybody wants to download books and read them offline. Hardly anyone wants to read online. That attitude is going to stay. So we need to concentrate on giving this to the customers. Books downloaded from our site (transcribed books, not scans) should be of very high quality. If we can achieve this, the future may be good.

CIS : Please share one remarkable work which is available at your domain and you had contributed.

Hrishikes: There are many more ,

For more details visit https://cis-india.org/Indic%20Wikisource%20Speak%20Dr%20Hrishikes%20Sen

Privacy Protection Bill, 2013 (With Amendments based on Public Feedback)

elonnai — 2013-07-12T10:50:22Z

In 2013 CIS drafted the Privacy Protection Bill as a citizens' version of a privacy legislation for India. Since April 2013, CIS has been holding Privacy Roundtables in collaboration with FICCI and DSCI, with the objective of gaining public feedback to the Privacy Protection Bill and other possible frameworks for privacy in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

As a part of this process, CIS has been amending the Privacy Protection Bill based on public feedback. Below is the text of the Bill as amended according to feedback gained from the New Delhi, Bangalore, and Chennai Roundtables.

Click to download the Privacy Protection Bill, 2013 with latest amendments (PDF, 196 Kb).

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-with-amendments-based-on-public-feedback

Framing the Digital AlterNatives

Nilofar Ansher — 2015-05-08T12:28:03Z

They effect social change through social media, place their communities on the global map, and share spiritual connections with the digital world - meet the everyday digital native.

The Everyday Digital Native video contest has got its pulse on what makes youths from diverse socio-cultural backgrounds connect with one another in the global community – it’s an affinity for digital technologies and Web 2.0-mediated platforms coupled with a drive to spearhead social change. The contest invited people from around the world to make a video that would answer the question, ‘Who is the Everyday Digital Native’? The final videos received more than ~~20,000~~ 3,000 votes from the public and our top five winners emerged from across three continents!

The Digital AlterNatives Featurette (PDF, 2847 KB) is a peek into the minds of digital natives as citizen activists. The 10 featured interviews of the Digital Natives video contest finalists don't fit the stereotype of the Globalized Digital Native: Young Geeks apathetic to 'Saving the Planet'. Rather, these are affirmative citizens, young, middle aged and senior, who consider digital technology as second nature for use in personal, professional or socio-political capacities.

The 'Digital Natives with a Cause?' is a collaborative research-inquiry between The Centre for Internet & Society, India and HIVOS Knowledge Programme, the Netherlands into the field of youth, change and technology in the context of the Global South. The three-year research project has resulted in the four-book collective, 'Digital AlterNatives with a Cause?' published in 2011. Read more about the project here

For more details visit https://cis-india.org/digital-natives/framing-the-digital-alternatives

Smart Cities in India: An Overview

vanya — 2016-01-11T01:30:07Z

The Government of India is in the process of developing 100 smart cities in India which it sees as the key to the country's economic and social growth. This blog post gives an overview of the Smart Cities project currently underway in India. The smart cities mission in India is at a nascent stage and an evolving area for research. The Centre for Internet and Society will continue work in this area.

Overview of the 100 Smart Cities Mission

The Government of India announced its flagship programme- the 100 Smart Cities mission in the year 2014 and was launched in June 2015 to achieve urban transformation, drive economic growth and improve the quality of life of people by enabling local area development and harnessing technology. Initially, the Mission aims to cover 100 cities across the countries (which have been shortlisted on the basis of a Smart Cities Proposal prepared by every city) and its duration will be five years (FY 2015-16 to FY 2019-20). The Mission may be continued thereafter in the light of an evaluation to be done by the Ministry of Urban Development (MoUD) and incorporation of the learnings into the Mission. The Mission aims to focus on area-based development in the form of redevelopment of existing spaces, or the development of new areas (Greenfield) to accommodate the growing urban population and ensure comprehensive planning to improve quality of life, create employment and enhance incomes for all - especially the poor and the disadvantaged. ^{^[1]} On 27th August 2015 the Centre unveiled 98 smart cities across India which were selected for this Project. Across the selected cities, 13 crore population ( 35% of the urban population will be included in the development plans. ^{^[2]} The mission has been developed for the purpose of achieving urban transformation. The vision is to preserve India's traditional architecture, culture & ethnicity while implementing modern technology to make cities livable, use resources in a sustainable manner and create an inclusive environment. ^{^[3]}

The promises of the Smart City mission include reduction of carbon footprint, adequate water and electricity supply, proper sanitation, including solid waste management, efficient urban mobility and public transport, affordable housing, robust IT connectivity and digitalization, good governance, citizen participation, security of citizens, health and education.

Questions unanswered

Why and How was the Smart Cities project conceptualized in India? What was the need for such a project in India?
What was the role of the public/citizens at the ideation and conceptualization stage of the project?
Which actors from the Government, Private industry and the civil society are involved in this mission? Though the smart cities mission has been initiated by the Government of India under the Ministry of Urban Development, there is no clarity about the involvement of the associated offices and departments of the Ministry.

How are the Smart Cities being selected?

The 100 cities were supposed to be selected on the basis of Smart cities challenge^{^[4]} involving two stages. Stage I of the challenge involved Intra-State city selection on objective criteria to identify cities to compete in stage-II. In August 2015, The Ministry of Urban Development, Government of India announced 100 smart cities ^{^[5]} evaluated on parameters such as service levels, financial and institutional capacity, past track record, called as the 'shortlisted cities' for this purpose. The selected cities are now competing for selection in the Second stage of the challenge, which is an All India competition. For this crucial stage, the potential 100 smart cities are required to prepare a Smart City Proposal (SCP) stating the model chosen (retrofitting, redevelopment, Greenfield development or a mix), along with a Pan-City dimension with Smart Solutions. The proposal must also include suggestions collected by way of consultations held with city residents and other stakeholders, along with the proposal for financing of the smart city plan including the revenue model to attract private participation. The country saw wide participation from the citizens to voice their aspirations and concerns regarding the smart city. 15th December 2015 has been declared as the deadline for submission of the SCP, which must be in consonance with evaluation criteria set by The MoUD, set on the basis of professional advice. ^{^[6]} On the basis of this, 20 cities will be selected for the first year. According to the latest reports, the Centre is planning to fund only 10 cities for the first phase in case the proposals sent by the states do not match the expected quality standards and are unable to submit complete area-development plans by the deadline, i.e. 15th December, 2015. ^{^[7]}

Questions unanswered

Who would be undertaking the task of evaluating and selecting the cities for this project?
What are the criteria for selection of a city to qualify in the first 20 (or 10, depending on the Central Government) for the first phase of implementation?

How are the smart cities going to be Funded?

The Smart City Mission will be operated as a Centrally Sponsored Scheme (CSS) and the Central Government proposes to give financial support to the Mission to the extent of Rs. 48,000 crores over five years i.e. on an average Rs. 100 crore per city per year. ^{^[8]} The additional resources will have to be mobilized by the State/ ULBs from external/internal sources. According to the scheme, once list of shortlisted Smart Cities is finalized, Rs. 2 crore would have been disbursed to each city for proposal preparation.^{^[9]}

According to estimates of the Central Government, around Rs 4 lakh crore of funds will be infused mainly through private investments and loans from multilateral institutions among other sources, which accounts to 80% of the total spending on the mission. ^{^[10]} For this purpose, the Government will approach the World Bank and the Asian Development Bank (ADB) for a loan costing £500 million and £1 billion each for 2015-20. If ADB approves the loan, it would be it will be the bank's highest funding to India's urban sector so far.^{^[11]} Foreign Direct Investment regulations have been relaxed to invite foreign capital and help into the Smart City Mission. ^{^[12]}

Questions unanswered

The Government notes on Financing of the project mentions PPPs for private funding and leveraging of resources from internal and external resources. There is lack of clarity on the external resources the Government has/will approach and the varied PPP agreements the Government is or is planning to enter into for the purpose of private investment in the smart cities.

How is the scheme being implemented?

Under this scheme, each city is required to establish a Special Purpose Vehicle (SPV) having flexibility regarding planning, implementation, management and operations. The body will be headed by a full-time CEO, with nominees of Central Government, State Government and ULB on its Board. The SPV will be a limited company incorporated under the Companies Act, 2013 at the city-level, in which the State/UT and the Urban Local Body (ULB) will be the promoters having equity shareholding in the ratio 50:50. The private sector or financial institutions could be considered for taking equity stake in the SPV, provided the shareholding pattern of 50:50 of the State/UT and the ULB is maintained and the State/UT and the ULB together have majority shareholding and control of the SPV. Funds provided by the Government of India in the Smart Cities Mission to the SPV will be in the form of tied grant and kept in a separate Grant Fund.^{^[13]}

For the purpose of implementation and monitoring of the projects, the MoUD has also established an Apex Committee and National Mission Directorate for National Level Monitoring^{^[14]}, a State Level High Powered Steering Committee (HPSC) for State Level Monitoring^{^[15]} and a Smart City Advisory Forum at the City Level ^{^[16]}.

Also, several consulting firms^{^[17]} have been assigned to the 100 cities to help them prepare action plans.^{^[18]} Some of them include CRISIL, KPMG, McKinsey, etc. ^{^[19]}

Questions unanswered

What policies and regulations have been put in place to account for the smart cities, apart from policies looking at issues of security, privacy, etc.?
What international/national standards will be adopted while development of the smart cities? Though the Bureau of Indian Standards is in the process of formulating standardized guidelines for the smart cities in India^{^[20]}, yet there is lack of clarity on adoption of these national standards, along with the role of international standards like the ones formulated by ISO.

What is the role of Foreign Governments and bodies in the Smart cities mission?

Ever since the government's ambitious project has been announced and cities have been shortlisted, many countries across the globe have shown keen interest to help specific shortlisted cities in building the smart cities and are willing to invest financially. Countries like Sweden, Malaysia, UAE, USA, etc. have agreed to partner with India for the mission.^{^[21]} For example, UK has partnered with the Government to develop three India cities-Pune, Amravati and Indore.^{^[22]} Israel's start-up city Tel Aviv also entered into an agreement to help with urban transformation in the Indian cities of Pune, Nagpur and Nashik to foster innovation and share its technical know-how.^{^[23]} France has piqued interest for Nagpur and Puducherry, while the United States is interested in Ajmer, Vizag and Allahabad. Also, Spain's Barcelona Regional Agency has expressed interest in exchanging technology with the Delhi. Apart from foreign government, many organizations and multilateral agencies are also keen to partner with the Indian government and have offered financial assistance by way of loans. Some of them include the UK government-owned Department for International Development, German government KfW development bank, Japan International Cooperation Agency, the US Trade and Development Agency, United Nations Industrial Development Organization and United Nations Human Settlements Programme. ^{^[24]}

Questions unanswered

Do these governments or organization have influence on any other component of the Smart cities?
How much are the foreign governments and multilateral bodies spending on the respective cities?
What kind of technical know-how is being shared with the Indian government and cities?

What is the way ahead?

On the basis of the SCP, the MoUD will evaluate, assess the credibility and select 20 smart cities out of the short-listed ones for execution of the plan in the first phase. The selected city will set up a SPV and receive funding from the Government.

Questions unanswered

Will the deadline of submission of the Smart Cities Proposal be pushed back?
After the SCP is submitted on the basis of consultation with the citizens and public, will they be further involved in the implementation of the project and what will be their role?
How will the MoUD and other associated organizations as well as actors consider the implementation realities of the project, like consideration of land displacement, rehabilitation of the slum people, etc.
How are ICT based systems going to be utilized to make the cities and the infrastructure "smart"?
How is the MoUD going to respond to the concerns and criticism emerging from various sections of the society, as being reflected in the news items?
How will the smart cities impact and integrate the existing laws, regulations and policies? Does the Government intend to use the existing legislations in entirety, or update and amend the laws for implementation of the Smart Cities Mission?

^{^[1]} Smart Cities, Mission Statement and Guidelines, Ministry of Urban Development, Government of India, June 2015, Available at : http://smartcities.gov.in/writereaddata/SmartCityGuidelines.pdf

^{^[2]} http://articles.economictimes.indiatimes.com/2015-08-27/news/65929187_1_jammu-and-kashmir-12-cities-urban-development-venkaiah-naidu

^{^[3]} http://india.gov.in/spotlight/smart-cities-mission-step-towards-smart-india

^{^[4]} http://smartcities.gov.in/writereaddata/Process%20of%20Selection.pdf

^{^[5]} Full list : http://www.scribd.com/doc/276467963/Smart-Cities-Full-List

^{^[6]} http://smartcities.gov.in/writereaddata/Process%20of%20Selection.pdf

^{^[7]} http://www.ibtimes.co.in/modi-govt-select-only-10-cities-under-smart-city-project-this-year-report-658888

^{^[8]} http://smartcities.gov.in/writereaddata/Financing%20of%20Smart%20Cities.pdf

^{^[9]} Smart Cities presentation by MoUD : http://smartcities.gov.in/writereaddata/Presentation%20on%20Smart%20Cities%20Mission.pdf

^{^[10]} http://indianexpress.com/article/india/india-others/smart-cities-projectfrom-france-to-us-a-rush-to-offer-assistance-funds/

^{^[11]} http://indianexpress.com/article/india/india-others/funding-for-smart-cities-key-to-coffer-lies-outside-india/#sthash.5lnW9Jsq.dpuf

^{^[12]} http://india.gov.in/spotlight/smart-cities-mission-step-towards-smart-india

^{^[13]} http://smartcities.gov.in/writereaddata/SPVs.pdf

^{^[14]} http://smartcities.gov.in/writereaddata/National%20Level%20Monitoring.pdf

^{^[15]} http://smartcities.gov.in/writereaddata/State%20Level%20Monitoring.pdf

^{^[16]} http://smartcities.gov.in/writereaddata/City%20Level%20Monitoring.pdf

^{^[17]} http://smartcities.gov.in/writereaddata/List_of_Consulting_Firms.pdf

^{^[18]} http://pib.nic.in/newsite/PrintRelease.aspx?relid=128457

^{^[19]} http://economictimes.indiatimes.com/articleshow/49242050.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

^{^[20]} http://www.business-standard.com/article/economy-policy/in-a-first-bis-to-come-up-with-standards-for-smart-cities-115060400931_1.html

^{^[21]} http://accommodationtimes.com/foreign-countries-have-keen-interest-in-development-of-smart-cities/

^{^[22]} http://articles.economictimes.indiatimes.com/2015-11-20/news/68440402_1_uk-trade-three-smart-cities-british-deputy-high-commissioner

^{^[23]} http://www.jpost.com/Business-and-Innovation/Tech/Tel-Aviv-to-help-India-build-smart-cities-435161?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

^{^[24]} http://indianexpress.com/article/india/india-others/smart-cities-projectfrom-france-to-us-a-rush-to-offer-assistance-funds/#sthash.nCMxEKkc.dpuf

For more details visit https://cis-india.org/internet-governance/blog/smart-cities-in-india-an-overview

National Compendium of Laws, Policies, Programmes for Persons with Disabilities

nirmita — 2016-02-05T02:16:36Z

This compendium was compiled by the Centre for Internet & Society in collaboration with the Office of the Chief Commissioner for Persons with Disabilities, Department of Disability Affairs, Ministry of Social Justice & Empowerment, Government of India. Prasanna Kumar Pincha, Chief Commissioner for Persons with Disabilities, has written the Foreword.

Preface

India, one of the longest continuous civilizations in the world is also home to one of the largest populations of persons with disabilities. According to the 2011 census, around 2.21% of its population or around 26.8 million people have disabilities of some form or the other. While the country is developing rapidly, persons with disabilities are often left out of the process. Sometimes they are completely neglected from consideration and measures do not take into account their needs by virtue of being non inclusive. On other occasions, there may be special measures for some disadvantaged groups, but persons with disabilities may not be recognised as a separate group, with distinctive needs.

Overall, there is a clichéd understanding about the needs and abilities of persons with disabilities, limiting efforts made towards their progress. Even in cases where some effort has been made, information about these measures is not available to persons with disabilities and their family members, who are consequently unable to avail of them. Additionally, the insensitivity of rules/ schemes/ procedures/ persons makes it difficult for persons with disabilities to benefit from them. However, regardless of the reason, the fact remains that there is a huge gap in the communication of information from policy makers, administrators and law makers to persons with disabilities as well as their family members, organisations and other concerned groups and institutions.

It is extremely important to bridge this information gap in order to enable persons with disabilities to participate equally in development. Better access to information will enable them to avail of schemes/provisions for their benefit and will consequently enable governments to assess whether they have made adequate provision in various domains as well as identify gaps which need to be addressed.
Finally, accessibility of information will also facilitate the participation of government and persons with disabilities in implementation of measures and increase transparency and accountability

With this aim in mind, The Hans Foundation decided to engage with Centre for Internet and Society (CIS) to put together a comprehensive resource on disability related policies across India. It gives us great pleasure to publish this resource and we hope that it be of great help to the community.

Ms. Sweta Rawat
Chairperson
The Hans Foundation

Click to download the PDF version of the book here. (File size 1.72 Mb approx.)

For more details visit https://cis-india.org/accessibility/blog/national-compendium-of-laws-policies-programmes-for-persons-with-disabilities

Making in the Humanities – Some Questions and Conflicts

sneha-pp — 2015-11-13T05:46:32Z

The following is an abstract for a proposed chapter on 'making' in the humanities, which has been accepted for publication in a volume titled 'Making Humanities Matter'. This is part of a new book series titled 'Debates in the Digital Humanities 2015' to be published by University of Minnesota Press (http://dhdebates.gc.cuny.edu/cfps/cfp_2015_mhm). The first draft of the chapter will be shared by mid-August 2015.

The object of enquiry in the humanities has traditionally been defined in the form of text, audio-visual or other kinds of ‘objects’ or cultural artifacts. With the growth of information and communication technologies, and the advent of the digital, the emergence of a ‘digital object’, as ambiguous as the term may sound, in the last couple of decades, has led to a rethinking of the conventional notion of research objects as well as modes of questioning, with larger consequences for the production and dissemination of knowledge. The rise of fields like ‘humanities computing’, ‘digital humanities’ and ‘cultural analytics’, suggest a combining of two separate domains, or polarized binaries (such as old and new media), and point to the availability of new objects of study, and therefore the need for new methods to study them. A large part of the discourse around these objects however, in trying to read them closely, obfuscates the processes by which they are constituted, which are often as novel and innovative as the artifacts themselves.

This paper will attempt to explore the processes of ‘making’ of these digital objects in the context of several sites of recent humanities scholarship in India that mobilise digital techniques as key methods. These will include two online video archival initiatives (Indiancine.ma and Pad.ma), a digital variorum of Rabindranath Tagore's literary works (Bichitra) developed at the University of Jadavpur, Kolkata, and curatorial work undertaken by the Centre for Public History, Srishti School of Art, Design and Technology, Bengaluru. Film, text and archival objects acquire several nuances as they are ‘made’ into digital objects, which are also reflected in the methods of working with and studying them. At the same time, problems of authorship, authenticity, accessibility, and a lack of adequate methods to study these objects are some challenges faced across disciplines. The objective of the study is to outline some of the questions related to form and methods that emerge with the digital object, and in the process undertake a critical reading of the politics of making in the humanities. What is the role of ‘making’ in the humanities? Where does humanities research using digital technologies intersect with art and creative practices? How is this research manifested in new forms or objects and methods, and to what effects on the humanities? The paper will aim to respond to some of these questions through a discussion of the initiatives mentioned above.

For more details visit https://cis-india.org/raw/making-in-the-humanities-2013-some-questions-and-conflicts

Joining the Dots in India's Big-Ticket Mobile Phone Patent Litigation (Updated)

rohini — 2018-05-06T03:51:49Z

An analysis of the significant commonalities and differences in various big-ticket lawsuits in India over the alleged infringement of mobile device patents.

This blog post has been merged with another on the same topic and published as a paper. The paper was last updated in October 2017.

View paper on SSRN.

For more details visit https://cis-india.org/a2k/blogs/joining-the-dots-in-indias-big-ticket-mobile-phone-patent-litigation

Studying the Emerging Database State in India: Notes for Critical Data Studies (Accepted Abstract)

sumandro — 2015-11-13T05:54:53Z

"Critical Data Studies (CDS) is a growing field of research that focuses on the unique theoretical, ethical, and epistemological challenges posed by 'Big Data.' Rather than treat Big Data as a scientifically empirical, and therefore largely neutral phenomena, CDS advocates the view that data should be seen as always-already constituted within wider data assemblages." The Big Data and Society journal has provisionally accepted a paper abstract of mine for its upcoming special issue on Critical Data Studies.

Introduction

Through the last decade, the Government of India has given shape to an digital identification infrastructure, developed and operated by the Unique Identification Authority of India (UIDAI). The infrastructure combines the task of assigning unique identification numbers, called Aadhaar numbers, to individuals submitting their biometric and demographic details, and the task of authenticating their identity when provided with an Aadhaar number and associated data (biometric data, One Time Pin sent to the pre-declared mobile number, etc.). The aim of UIDAI is to provide universal authentication-as-a-service for all residents of India who approach any public or private agencies for any kind of service or transaction. Simultaneously, the Aadhaar numbers will function as unique identifiers for joining up databases of different government agencies, and hence allow the Indian government to undertake big data analytics at a governmental scale, and not only at a departmental one.

In this paper, I am primarily motivated by the challenge of finding points and objects to enter into a critical study of such an in-progress data infrastructure. As I proceed with an understanding that data is produced within its specific social and material context, the question then is to read through the data to reflect on its possible social and material context. This is complicated when approaching a big data infrastructure that is meant to produce data for explicitly intra-governmental consumption and circulation. The problem then is not one of reading through available big data, but one of reading through the assemblage and imaginaries of big data to reflect on the kind of data it will give rise to, and thus on the politics of the data assemblage and the database state it enables.

Logic of the Database State

Application of data to inform governmental acts have taken place at least since government has been understood as responsible for the welfare of the population and the territory. The measurement of the population and the territory – the number of people, their demographic features, amounts and locations of natural resources, and so on – have always been integral to the functioning of the modern nation-state. Database state is used in this paper to identify a particular mode of mobilisation of data within governmental acts, which is fundamentally shaped by the possibilities of big data extraction, appropriation, and analytics pioneered by a range of companies since late 1990s. The reason for not using big data state but database dtate is that big data refers to a body of technologies emerging in response to a set of data management and analysis challenges situated in a certain moment of development of information technologies, whereas database refers to a symbolic form (Manovich 1999): a form in which not only the population is made visible to the government (as a collection of visual, textual, numeric, and other forms of records), but also how the acts of government are made visible to the population (as a collection of performance indicators, budget allocation and utilisation tables, and other data visualised through dashboards, analog and digital).

The data production and management logic of this database state is specifically inspired by the notion of platform introduced by the so-called Web 2.0 companies: providing a common service layer upon which various other applications may also run, but under specific arrangements (including distribution of generated user data) with the original common layer provider. Data assemblages of the database state are expected to enable the government to function as a platform, as an intensely data-driven layer that widely gathers data about population individuals and feeds it back selectively to various providers of public and private services. This transforms the data assemblage from one vertical of governmental activities to a horizontal critical infrastructure for modularisation of governmental activities.

Studying the Emerging Database State in India

Government of India is presently debating the legal and technical validity of the digital identity infrastructure programme in the Supreme Court, while simultaneously carrying out the enrollment drive for the same, linking up assignment of unique identity numbers with a national drive for population registration, and rolling out citizen-facing services and applications that implement the Aadhaar number as a necessary key to access them. With the enrollment process going on and the integration with various governmental processes (termed seeding by Aadhaar policy literature) just beginning, I enter this study through two key sets of objects reflecting the imaginaries and the technical specifications of the emerging database state in India. The first entry point is through the various official documents of vision, intentions, plans, and reconsiderations, and the second entry point is through the Application Programming Interface (API) documentations published by UIDAI to specify how its identity authentication platform will collaborate with various public and private services.

The first section of the paper provides a brief survey of pre-UIDAI attempts by the Government of India to deploy unique identification numbers and Smart Cards for specific population groups, so as to understand the initial conceptualisation of this data assemblage of a digital identification platform. The second section foregrounds how this platform undertakes a transformation of the components and relations of the pre-existing data assemblage of the Government of India, as articulated in various official documents of promised utility and proposed collaborations. The third section studies the API documentations to track how such imaginaries are materially interpreted and operationalised through the design of protocols of data interactions with various public and private agencies offering services utilising the identity authentication platform.

Notes for Critical Data Studies

Expanding the early agenda note on Critical Data Studies by Craig Dalton and Jim Thatcher (2014), Rob Kitchin and Tracey P. Lauriault have taken steps towards emphasising the responsibility of this nebulous research strategy to chart and unpack the data assemblages (2014). This is exactly what I propose to do in this paper. While Kitchin and Lauriault provide a detailed list of the components of the apparatus of a data assemblage (2014: 7), I find the concepts of infrastructural components and infrastructural relations very useful in thinking through the emerging infrastructure of authentication. Thus, my approach to these tasks of charting and unpacking is focused on the infrastructural relations that the digital identity infrastructure re-configures, instead of the infrastructural components it mobilises (Bowker et al 2010). This tactical choice of focusing on the infrastructural relations is also necessitated by the practical difficulty in having comprehensive access to the individual components of the data assemblage concerned. Addressing questions of causality and quality becomes difficult when studying the assemblage sans the produced data, and rigorously analysing concerns of security and uncertainty pre-requires an actually existing data assemblage, with a public interface to investigating its leakages, breakages, and internal functioning. In the absence of such points of entry into the data assemblage, which I fear may not be an exceptional case, I attempt an inverted reading. Turning the data infrastructure inside out, in this paper I describe how the digital identity platform is critically reshaping the basis of governmental acts in India, through a specific model of production, extraction and application of big data.

Bibliography

Bowker, Geoffrey C., Karen Baker, Florence Millerand, & David Ribes. 2010. Toward Information Infrastructure Studies: Ways of Knowing in a Networked Environment. Jeremy Hunsinger, Lisbeth Klastrup, & Matthew Allen (Eds.) International Handbook of Internet Research. Springer Dordrecht Heidelberg London New York. Pp. 97-117.

Dalton, Craig, & Jim Thatcher. 2014. What does a Critical Data Studies Look Like, and Why do We Care? Seven Points for a Critical Approach to ‘Big Data.’ Society and Space. May 19. Accessed on July 08, 2015, from http://societyandspace.com/material/commentaries/craig-dalton-and-jim-thatcher-what-does-a-critical-data-studies-look-like-and-why-do-we-care-seven-points-for-a-critical-approach-to-big-data/.

Kitchin, Rob, & Tracey P. Lauriault. 2014. Towards Critical Data Studies: Charting and Unpacking Data Assemblages and their Work. The Programmable City Working Paper 2. July 29. National University of Ireland Maynooth, Ireland. Accessed on July 08, 2015 from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2474112.

Manovich, Lev. 1999. Database as Symbolic Form. Convergence. Volume 5, Number 2. Pp. 80-99.

Note: Call for Papers for the special issue can found here: http://bigdatasoc.blogspot.in/2015/06/call-for-proposals-special-theme-on.html.

For more details visit https://cis-india.org/raw/studying-the-emerging-database-state-in-india-accepted-abstract

Security: Privacy, Transparency and Technology

sunil — 2015-09-15T10:53:52Z

The Centre for Internet and Society (CIS) has been involved in privacy and data protection research for the last five years. It has participated as a member of the Justice A.P. Shah Committee, which has influenced the draft Privacy Bill being authored by the Department of Personnel and Training. It has organised 11 multistakeholder roundtables across India over the last two years to discuss a shadow Privacy Bill drafted by CIS with the participation of privacy commissioners and data protection authorities from Europe and Canada.

The article was co-authored by Sunil Abraham, Elonnai Hickok and Tarun Krishnakumar. It was published by Observer Research Foundation, Digital Debates 2015: CyFy Journal Volume 2.

Our centre’s work on privacy was considered incomplete by some stakeholders because of a lack of focus in the area of cyber security and therefore we have initiated research on it from this year onwards. In this article, we have undertaken a preliminary examination of the theoretical relationships between the national security imperative and privacy, transparency and technology.

Security and Privacy

Daniel J. Solove has identified the tension between security and privacy as a false dichotomy: "Security and privacy often clash, but there need not be a zero-sum tradeoff." [1] Further unpacking this false dichotomy, Bruce Schneier says, "There is no security without privacy. And liberty requires both security and privacy." [2] Effectively, it could be said that privacy is a precondition for security, just as security is a precondition for privacy. A secure information system cannot be designed without guaranteeing the privacy of its authentication factors, and it is not possible to guarantee privacy of authentication factors without having confidence in the security of the system. Often policymakers talk about a balance between the privacy and security imperatives—in other words a zero-sum game. Balancing these imperatives is a foolhardy approach, as it simultaneously undermines both imperatives. Balancing privacy and security should instead be framed as an optimisation problem. Indeed, during a time when oversight mechanisms have failed even in so-called democratic states, the regulatory power of technology [3] should be seen as an increasingly key ingredient to the solution of that optimisation problem.

Data retention is required in most jurisdictions for law enforcement, intelligence and military purposes. Here are three examples of how security and privacy can be optimised when it comes to Internet Service Provider (ISP) or telecom operator logs:

Data Retention: We propose that the office of the Privacy Commissioner generate a cryptographic key pair for each internet user and give one key to the ISP / telecom operator. This key would be used to encrypt logs, thereby preventing unauthorised access. Once there is executive or judicial authorisation, the Privacy Commissioner could hand over the second key to the authorised agency. There could even be an emergency procedure and the keys could be automatically collected by concerned agencies from the Privacy Commissioner. This will need to be accompanied by a policy that criminalises the possession of unencrypted logs by ISP and telecom operators.
Privacy-Protective Surveillance: Ann Cavoukian and Khaled El Emam [4] have proposed combining intelligent agents, homomorphic encryption and probabilistic graphical models to provide “a positive-sum, ‘win–win’ alternative to current counter-terrorism surveillance systems.” They propose limiting collection of data to “significant” transactions or events that could be associated with terrorist-related activities, limiting analysis to wholly encrypted data, which then does not just result in “discovering more patterns and relationships without an understanding of their context” but rather “intelligent information—information selectively gathered and placed into an appropriate context to produce actual knowledge.” Since fully homomorphic encryption may be unfeasible in real-world systems, they have proposed use of partially homomorphic encryption. But experts such as Prof. John Mallery from MIT are also working on solutions based on fully homomorphic encryption.
Fishing Expedition Design: Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal have proposed a standard [5] that could be adopted by authorised agencies, telecom operators and ISPs. Instead of giving authorised agencies complete access to logs, they propose a format for database queries, which could be sent to the telecom operator or ISP by authorised agencies. The telecom operator or ISP would then process the query, and anonymise/obfuscate the result-set in an automated fashion based on applicable privacypolicies/regulation. Authorised agencies would then hone in on a subset of the result-set that they would like with personal identifiers intact; this smaller result set would then be shared with the authorised agencies.

An optimisation approach to resolving the false dichotomy between privacy and security will not allow for a total surveillance regime as pursued by the US administration. Total surveillance brings with it the ‘honey pot’ problem: If all the meta-data and payload data of citizens is being harvested and stored, then the data store will become a single point of failure and will become another target for attack. The next Snowden may not have honourable intentions and might decamp with this ‘honey pot’ itself, which would have disastrous consequences.

If total surveillance will completely undermine the national security imperative, what then should be the optimal level of surveillance in a population? The answer depends upon the existing security situation. If this is represented on a graph with security on the y-axis and the proportion of the population under surveillance on the x-axis, the benefits of surveillance could be represented by an inverted hockey-stick curve. To begin with, there would already be some degree of security. As a small subset of the population is brought under surveillance, security would increase till an optimum level is reached, after which, enhancing the number of people under surveillance would not result in any security pay-off. Instead, unnecessary surveillance would diminish security as it would introduce all sorts of new vulnerabilities. Depending on the existing security situation, the head of the hockey-stick curve might be bigger or smaller. To use a gastronomic analogy, optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.

In India the designers of surveillance projects have fortunately rejected the total surveillance paradigm. For example, the objective of the National Intelligence Grid (NATGRID) is to streamline and automate targeted surveillance; it is introducing technological safeguards that will allow express combinations of result-sets from 22 databases to be made available to 12 authorised agencies. This is not to say that the design of the NATGRID cannot be improved.

Security and Transparency

There are two views on security and transparency: One, security via obscurity as advocated by vendors of proprietary software, and two, security via transparency as advocated by free/open source software (FOSS) advocates and entrepreneurs. Over the last two decades, public and industry opinion has swung towards security via transparency. This is based on the Linus rule that “given enough eyeballs, all bugs are shallow.” But does this mean that transparency is a necessary and sufficient condition? Unfortunately not, and therefore it is not necessarily true that FOSS and open standards will be more secure than proprietary software and proprietary standards.

Optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.

The recent detection of the Heartbleed [6] security bug in Open SSL, [7] causing situations where more data can be read than should be allowed, and Snowden’s revelations about the compromise of some open cryptographic standards (which depend on elliptic curves), developed by the US National Institute of Standards and Technology, are stark examples. [8]

At the same time, however, open standards and FOSS are crucial to maintaining the balance of power in information societies, as civil society and the general public are able to resist the powers of authoritarian governments and rogue corporations using cryptographic technology. These technologies allow for anonymous speech, pseudonymous speech, private communication, online anonymity and circumvention of surveillance and censorship. For the media, these technologies enable anonymity of sources and the protection of whistle-blowers—all phenomena that are critical to the functioning of a robust and open democratic society. But these very same technologies are also required by states and by the private sector for a variety of purposes—national security, e-commerce, e-banking, protection of all forms of intellectual property, and services that depend on confidentiality, such as legal or medical services.

In order words, all governments, with the exception of the US government, have common cause with civil society, media and the general public when it comes to increasing the security of open standards and FOSS. Unfortunately, this can be quite an expensive task because the re-securing of open cryptographic standards depends on mathematicians. Of late, mathematical research outputs that can be militarised are no longer available in the public domain because the biggest employers of mathematicians worldwide today are the US military and intelligence agencies. If other governments invest a few billion dollars through mechanisms like Knowledge Ecology International’s proposed World Trade Organization agreement on the supply of knowledge as a public good, we would be able to internationalise participation in standard-setting organisations and provide market incentives for greater scrutiny of cryptographic standards and patching of vulnerabilities of FOSS. This would go a long way in addressing the trust deficit that exists on the internet today.

Security and Technology

A techno-utopian understanding of security assumes that more technology, more recent technology and more complex technology will necessarily lead to better security outcomes.

This is because the security discourse is dominated by vendors with sales targets who do not present a balanced or accurate picture of the technologies that they are selling. This has resulted in state agencies and the general public having an exaggerated understanding of the capabilities of surveillance technologies that is more aligned with Hollywood movies than everyday reality.

More Technology

Increasing the number of x-ray machines or full-body scanners at airports by a factor of ten or hundred will make the airport less secure unless human oversight is similarly increased. Even with increased human oversight, all that has been accomplished is an increase in the potential locations that can be compromised. The process of hardening a server usually involves stopping non-essential services and removing non-essential software. This reduces the software that should be subject to audit, continuously monitored for vulnerabilities and patched as soon as possible. Audits, ongoing monitoring and patching all cost time and money and therefore, for governments with limited budgets, any additional unnecessary technology should be seen as a drain on the security budget. Like with the airport example, even when it comes to a single server on the internet, it is clear that, from a security perspective, more technology without a proper functionality and security justification is counter-productive. To reiterate, throwing increasingly more technology at a problem does not make things more secure; rather, it results in a proliferation of vulnerabilities.

Latest Technology

Reports that a number of state security agencies are contemplating returning to typewriters for sensitive communications in the wake of Snowden’s revelations makes it clear that some older technologies are harder to compromise in comparison to modern technology. [9] Between iris- and fingerprint-based biometric authentication, logically, it would be easier for a criminal to harvest images of irises or authentication factors in bulk fashion using a high resolution camera fitted with a zoom lens in a public location, in comparison to mass lifting of fingerprints.

Complex Technology

Fifteen years ago, Bruce Schneier said, "The worst enemy of security is complexity. This has been true since the beginning of computers, and it’s likely to be true for the foreseeable future." [10] This is because complexity increases fragility; every feature is also a potential source of vulnerabilities and failures. The simpler Indian electronic machines used until the 2014 elections are far more secure than the Diebold voting machines used in the 2004 US presidential elections. Similarly when it comes to authentication, a pin number is harder to beat without user-conscious cooperation in comparison to iris- or fingerprint-based biometric authentication.

In the following section of the paper we have identified five threat scenarios [11] relevant to India and identified solutions based on our theoretical framing above.

Threat Scenarios and Possible Solutions

Hacking the NIC Certifying Authority
One of the critical functions served by the National Informatics Centre (NIC) is as a Certifying Authority (CA). [12] In this capacity, the NIC issues digital certificates that authenticate web services and allow for the secure exchange of information online. [13] Operating systems and browsers maintain lists of trusted CA root certificates as a means of easily verifying authentic certificates. India’s Controller of Certifying Authority’s certificates issued are included in the Microsoft Root list and recognised by the majority of programmes running on Windows, including Internet Explorer and Chrome. [14] In 2014, the NIC CA’s infrastructure was compromised, and digital certificates were issued in NIC’s name without its knowledge. [15] Reports indicate that NIC did not "have an appropriate monitoring and tracking system in place to detect such intrusions immediately." [16] The implication is that websites could masquerade as another domain using the fake certificates. Personal data of users can be intercepted or accessed by third parties by the masquerading website. The breach also rendered web servers and websites of government bodies vulnerable to attack, and end users were no longer sure that data on these websites was accurate and had not been tampered with. [17] The NIC CA was forced to revoke all 250,000 SSL Server Certificates issued until that date [18] and is no longer issuing digital certificates for the time being. [19]Public key pinning is a means through which websites can specify which certifying authorities have issued certificates for that site. Public key pinning can prevent man-in-the-middle attacks due to fake digital certificates. [20] Certificate Transparency allows anyone to check whether a certificate has been properly issued, seeing as certifying authorities must publicly publish information about the digital certificates that they have issued. Though this approach does not prevent fake digital certificates from being issued, it can allow for quick detection of misuse. [21]

‘Logic Bomb’ against Airports
Passenger operations in New Delhi’s Indira Gandhi International Airport depend on a centralised operating system known as the Common User Passenger Processing System (CUPPS). The system integrates numerous critical functions such as the arrival and departure times of flights, and manages the reservation system and check-in schedules. [22] In 2011, a logic bomb attack was remotely launched against the system to introduce malicious code into the CUPPS software. The attack disabled the CUPPS operating system, forcing a number of check-in counters to shut down completely, while others reverted to manual check-in, resulting in over 50 delayed flights. Investigations revealed that the attack was launched by three disgruntled employees who had assisted in the installation of the CUPPS system at the New Delhi Airport. [23] Although in this case the impact of the attack was limited to flight delay, experts speculate that the attack was meant to take down the entire system. The disruption and damage resulting from the shutdown of an entire airport would be extensive.

Adoption of open hardware and FOSS is one strategy to avoid and mitigate the risk of such vulnerabilities. The use of devices that embrace the concept of open hardware and software specifications must be encouraged, as this helps the FOSS community to be vigilant in detecting and reporting design deviations and investigate into probable vulnerabilities.

Attack on Critical Infrastructure
The Nuclear Power Corporation of India encounters and prevents numerous cyber attacks every day. [24] The best known example of a successful nuclear plant hack is the Stuxnet worm that thwarted the operation of an Iranian nuclear enrichment complex and set back the country’s nuclear programme. [25]

The worm had the ability to spread over the network and would activate when a specific configuration of systems was encountered [26] and connected to one or more Siemens programmable logic controllers. [27] The worm was suspected to have been initially introduced through an infected USB drive into one of the controller computers by an insider, thus crossing the air gap. [28] The worm used information that it gathered to take control of normal industrial processes (to discreetly speed up centrifuges, in the present case), leaving the operators of the plant unaware that they were being attacked. This incident demonstrates how an attack vector introduced into the general internet can be used to target specific system configurations. When the target of a successful attack is a sector as critical and secured as a nuclear complex, the implications for a country’s security and infrastructure are potentially grave.

Security audits and other transparency measures to identify vulnerabilities are critical in sensitive sectors. Incentive schemes such as prizes, contracts and grants may be evolved for the private sector and academia to identify vulnerabilities in the infrastructure of critical resources to enable/promote security auditing of infrastructure.

Micro Level: Chip Attacks
Semiconductor devices are ubiquitous in electronic devices. The US, Japan, Taiwan, Singapore, Korea and China are the primary countries hosting manufacturing hubs of these devices. India currently does not produce semiconductors, and depends on imported chips. This dependence on foreign semiconductor technology can result in the import and use of compromised or fraudulent chips by critical sectors in India. For example, hardware Trojans, which may be used to access personal information and content on a device, may be inserted into the chip. Such breaches/transgressions can render equipment in critical sectors vulnerable to attack and threaten national security. [29]

Indigenous production of critical technologies and the development of manpower and infrastructure to support these activities are needed. The Government of India has taken a number of steps towards this. For example, in 2013, the Government of India approved the building of two Semiconductor Wafer Fabrication (FAB) manufacturing facilities [30] and as of January 2014, India was seeking to establish its first semiconductor characterisation lab in Bangalore. [31]

Macro Level: Telecom and Network Switches

The possibility of foreign equipment containing vulnerabilities and backdoors that are built into its software and hardware gives rise to concerns that India’s telecom and network infrastructure is vulnerable to being hacked and accessed by foreign governments (or non-state actors) through the use of spyware and malware that exploit such vulnerabilities. In 2013, some firms, including ZTE and Huawei, were barred by the Indian government from participating in a bid to supply technology for the development of its National Optic Network project due to security concerns. [32] Similar concerns have resulted in the Indian government holding back the conferment of ‘domestic manufacturer’ status on both these firms. [33]

Following reports that Chinese firms were responsible for transnational cyber attacks designed to steal confidential data from overseas targets, there have been moves to establish laboratories to test imported telecom equipment in India. [34] Despite these steps, in a February 2014 incident the state-owned telecommunication company Bharat Sanchar Nigam Ltd’s network was hacked, allegedly by Huawei. [35]

Security practitioners and policymakers need to avoid the zero-sum framing prevalent in popular discourse regarding security VIS-A-VIS privacy, transparency and technology.

A successful hack of the telecom infrastructure could result in massive disruption in internet and telecommunications services. Large-scale surveillance and espionage by foreign actors would also become possible, placing, among others, both governmental secrets and individuals personal information at risk.

While India cannot afford to impose a general ban on the import of foreign telecommunications equipment, a number of steps can be taken to address the risk of inbuilt security vulnerabilities. Common International Criteria for security audits could be evolved by states to ensure compliance of products with international norms and practices. While India has already established common criteria evaluation centres, [36] the government monopoly over the testing function has resulted in only three products being tested so far. A Code Escrow Regime could be set up where manufacturers would be asked to deposit source code with the Government of India for security audits and verification. The source code could be compared with the shipped software to detect inbuilt vulnerabilities.

Conclusion

Cyber security cannot be enhanced without a proper understanding of the relationship between security and other national imperatives such as privacy, transparency and technology. This paper has provided an initial sketch of those relationships, but sustained theoretical and empirical research is required in India so that security practitioners and policymakers avoid the zero-sum framing prevalent in popular discourse and take on the hard task of solving the optimisation problem by shifting policy, market and technological levers simultaneously. These solutions must then be applied in multiple contexts or scenarios to determine how they should be customised to provide maximum security bang for the buck.

[1]. Daniel J. Solove, Chapter 1 in Nothing to Hide: The False Tradeoff between Privacy and Security (Yale University Press: 2011), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1827982.

[2]. Bruce Schneier, “What our Top Spy doesn’t get: Security and Privacy aren’t Opposites,” Wired, January 24, 2008, http://archive.wired.com/politics/security commentary/security matters/2008/01/securitymatters_0124 and Bruce Schneier, “Security vs. Privacy,” Schneier on Security, January 29, 2008, https://www.schneier.com/blog/archives/2008/01/security_vs_pri.html.

[3]. There are four sources of power in internet governance: Market power exerted by private sector organisations; regulatory power exerted by states; technical power exerted by anyone who has access to certain categories of technology, such as cryptography; and finally, the power of public pressure sporadically mobilised by civil society. A technically sound encryption standard, if employed by an ordinary citizen, cannot be compromised using the power of the market or the regulatory power of states or public pressure by civil society. In that sense, technology can be used to regulate state and market behaviour.

[4]. Ann Cavoukian and Khaled El Emam, “Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism,” Information & Privacy Commisioner, September 2013, Ontario, Canada, http://www.privacybydesign.ca/content/uploads/2013/12/pps.pdf.

[5]. Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal, “Information Integration and Analysis: A Semantic Approach to Privacy”(presented at the third IEEE International Conference on Information Privacy, Security, Risk and Trust, Boston, USA, October 2011), ebiquity.umbc.edu/_file_directory_/papers/578.pdf.

[6]. Bruce Byfield, “Does Heartbleed disprove ‘Open Source is Safer’?,” Datamation, April 14, 2014, http://www.datamation.com/open-source/does-heartbleed-disprove-open-source-is-safer-1.html.

[7]. “Cybersecurity Program should be more transparent, protect privacy,” Centre for Democracy and Technology Insights, March 20, 2009, https://cdt.org/insight/cybersecurity-program-should-be-more-transparent-protect-privacy/#1.

[8]. “Cracked Credibility,” The Economist, September 14, 2013, http://www.economist.com/news/international/21586296-be-safe-internet-needs-reliable-encryption-standards-software-and.

[9]. Miriam Elder, “Russian guard service reverts to typewriters after NSA leaks,” The Guardian, July 11, 2013, www.theguardian.com/world/2013/jul/11/russia-reverts-paper-nsa-leaks and Philip Oltermann, “Germany ‘may revert to typewriters’ to counter hi-tech espionage,” The Guardian, July 15, 2014, www.theguardian.com/world/2014/jul/15/germany-typewriters-espionage-nsa-spying-surveillance.

[10]. Bruce Schneier, “A Plea for Simplicity,” Schneier on Security, November 19, 1999, https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html.

[11]. With inputs from Pranesh Prakash of the Centre for Internet and Society and Sharathchandra Ramakrishnan of Srishti School of Art, Technology and Design.

[12]. “Frequently Asked Questions,” Controller of Certifying Authorities, Department of Electronics and Information Technology, Government of India, http://cca.gov.in/cca/index.php?q=faq-page#n41.

[13]. National Informatics Centre Homepage, Government of India, http://www.nic.in/node/41.

[14]. Adam Langley, “Maintaining Digital Certificate Security,” Google Security Blog, July 8, 2014, http://googleonlinesecurity.blogspot.in/2014/07/maintaining-digital-certificate-security.html.

[15]. This is similar to the kind of attack carried out against DigiNotar, a Dutch certificate authority. See: http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1246&context=jss.

[16]. R. Ramachandran, “Digital Disaster,” Frontline, August 22, 2014, http://www.frontline.in/the-nation/digital-disaster/article6275366.ece.

[17]. Ibid.

[18]. “NIC’s digital certification unit hacked,” Deccan Herald, July 16, 2014, http://www.deccanherald.com/content/420148/archives.php.

[19]. National Informatics Centre Certifying Authority Homepage, Government of India, http://nicca.nic.in//.

[20]. Mozilla Wiki, “Public Key Pinning,” https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning.

[21]. “Certificate Transparency - The quick detection of fraudulent digital certificates,” Ascertia, August 11, 2014, http://www.ascertiaIndira.com/blogs/pki/2014/08/11/certificate-transparency-the-quick-detection-of-fraudulent-digital-certificates.

[22]. “Indira Gandhi International Airport (DEL/VIDP) Terminal 3, India,” Airport Technology.com, http://www.airport-technology.com/projects/indira-gandhi-international-airport-terminal -3/.

[23]. “How techies used logic bomb to cripple Delhi Airport,” Rediff, November 21, 2011, http://www.rediff.com/news/report/how-techies-used-logic-bomb-to-cripple-delhi-airport/20111121 htm.

[24]. Manu Kaushik and Pierre Mario Fitter, “Beware of the bugs,” Business Today, February 17, 2013, http://businesstoday.intoday.in/story/india-cyber-security-at-risk/1/191786.html.

[25]. “Stuxnet ‘hit’ Iran nuclear plants,” BBC, November 22, 2010, http://www.bbc.com/news/technology-11809827.

[26]. In this case, systems using Microsoft Windows and running Siemens Step7 software were targeted.

[27]. Jonathan Fildes, “Stuxnet worm ‘targeted high-value Iranian assets’,” BBC, September 23, 2010, http://www.bbc.com/news/technology-11388018.

[28]. Farhad Manjoo, “Don’t Stick it in: The dangers of USB drives,” Slate, October 5, 2010, http://www.slate.com/articles/technology/technology/2010/10/dont_stick_it_in.html.

[29]. Ibid.

[30]. “IBM invests in new $5bn chip fab in India, so is chip sale off?,” ElectronicsWeekly, February 14, 2014, http://www.electronicsweekly.com/news/business/ibm-invests-new-5bn-chip-fab-india-chip-sale-2014-02/.

[31]. NT Balanarayan, “Cabinet Approves Creation of Two Semiconductor Fabrication Units,” Medianama, February 17, 2014, http://articles.economictimes.indiatimes.com/2014-02-04/news/47004737_1_indian-electronics-special-incentive-package-scheme-semiconductor-association.

[32]. Jamie Yap, “India bars foreign vendors from national broadband initiative,” ZD Net, January 21, 2013, http://www.zdnet.com/in/india-bars-foreign-vendors-from-national-broadband-initiative-7000010055/.

[33]. Kevin Kwang, “India holds back domestic-maker status for Huawei, ZTE,” ZD Net, February 6, 2013, http://www.zdnet.com/in/india-holds-back-domestic-maker-status-for-huawei-zte-70 00010887/. Also see “Huawei, ZTE await domestic-maker tag,” The Hindu, February 5, 2013, http://www.thehindu.com/business/companies/huawei-zte-await-domesticmaker-tag/article4382888.ece.

[34]. Ellyne Phneah, “Huawei, ZTE under probe by Indian government,” ZD Net, May 10, 2013, http://www.zdnet.com/in/huawei-zte-under-probe-by-indian-government-7000015185/.

[35]. Devidutta Tripathy, “India investigates report of Huawei hacking state carrier network,” Reuters, February 6, 2014, http://www.reuters.com/article/2014/02/06/us-india-huawei-hacking-idUSBREA150QK20140206.

[36]. “Products Certified,” Common Criteria Portal of India, http://www.commoncriteria-india.gov.in/Pages/ProductsCertified.aspx.

For more details visit https://cis-india.org/internet-governance/blog/security-privacy-transparency-and-technology

Call for Essays: Studying Internet in India

sumandro — 2016-07-04T12:48:15Z

As Internet makes itself comfortable amidst everyday lives in India, it becomes everywhere and everyware, it comes in 40 MBPS Unlimited and in chhota recharges – though no longer in zero flavour – the Researchers at Work (RAW) programme at the Centre for Internet and Society invites abstracts for essays that explore how do we study internet in India today.

Submission deadline extended to Sunday, July 03.

Source: Leonardo Flores.

How do we move beyond a fascination with new digital things and interfaces that we engage with on the internet, which are increasingly becoming the objects and sites of our research and creative practices? How do we engage with these on their own terms, and perhaps also against the grain? What "new" is being brought in, performed, and afforded by these digital artefacts in our daily lives? How can our concerns and practices benefit from developing an awareness of their aesthetics, functions, and politics?

This call is for researchers, workers, and others interested in closely – or from a distance – commenting on these topics and questions.

Please send abstracts (200 words) to raw@cis-india.org by Sunday, July 03, 2016. The subject of the email should be 'Studying Internet in India.'

We will select up to 10 abstracts and announce them on Tuesday, July 05, 2016.

The selected authors will be asked to submit the final longform essay (3,000-4,000 words) by Sunday, July 31, 2016. The final essays will be published on the RAW Blog. The authors will be offered an honourarium of Rs. 6,000.

We understand that not all essays can be measured in words. The authors are very much welcome to work with text, images, sounds, videos, code, and other mediatic forms that the internet offers. We will not be running a Word Count on the final 'essay.' The basic requirement is that the 'essay' must offer an argument – through text, or otherwise.

For more details visit https://cis-india.org/raw/call-for-essays-studying-internet-in-india-2016

Comments on the National Geospatial Policy (Draft, V.1.0), 2016

sumandro — 2016-06-30T09:40:59Z

The Department of Science and Technology published the first public draft of the National Geospatial Policy (v.1.0) on May 05, 2016, and invited comments from the public. CIS submitted the following comments in response. The comments were authored by Adya Garg, Anubha Sinha, and Sumandro Chattapadhyay.

1. Preliminary

1.1. This submission presents comments and recommendations by the Centre for Internet and Society ("CIS") on the proposed draft of the National Geospatial Policy 2016 ("the draft Policy / the draft NGP") [1]. This submission is based on Version 1.0 of the draft Policy released by the Department of Science and Technology ("DST") on May 5, 2016.

1.2. CIS commends the DST under the aegis of the Ministry of Science and Technology, Government of India, for its efforts at seeking inputs from various stakeholders to draft a National Geospatial Policy. CIS is thankful for this opportunity to provide a clause-by-clause submission.

2. The Centre for Internet and Society

2.1. The Centre for Internet and Society, CIS, [2] is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa.

2.2. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved. The comments in this submission aim to further the principle of citizens’ right to information, instituting openness-by-default in governmental activities, and the various kinds of public goods that can emerge from greater availability of open (geospatial) data created by both public and private agencies and crucially, by the citizens. The submission is limited to those clauses that most directly have an impact on these principles.

3. Comments and Recommendations

This section presents comments and recommendations directed at the draft policy as a whole, and in certain places, directed at specific clauses of the draft policy.

3.1. The draft policy should make references to five policies applicable to geospatial data, products, services, and solutions

3.1.1. CIS observes that the draft policy lists the key policies related to geospatial information and sharing of government data, namely the National Map Policy 2005, the Civil Aviation Requirement 2012, the Remote Sensing Data Policy 2011 and 2012, and the National Data Sharing and Accessibility Policy 2012 (“NDSAP”).

3.1.2. CIS submits that apart from the policies mentioned above, Geospatial Data,Products, Services and Solutions (“GDPSS”) are also intricately linked to concepts of “open standards,” “open source software,” “open API,” “right to information,” and prohibited places” These concepts are governed by specific acts and policies, and are applicable to geospatial data, as follows:

Adoption of Open Standards: CIS observes that the draft policy captures the importance of open standards in the section 1.4 of the draft policy. It states that “A very high resolution and highly accurate framework to function as a national geospatial standard for all geo-referencing activity through periodically updated National Geospatial Frame [NGF] and National Image Frame [NIF] by ensuring open standards based seamless interoperable geospatial data.”

CIS submits that the Policy on Open Standards for e-Governance [3] which establishes the Guidelines for usage of open standards to ensure seamless interoperability, and the Implementation Guidelines of the National Data Sharing and Accessibility Policy, 2012 [4] listing two key open standards for geospatial data - KML and GML, should be mentioned in the draft policy.

CIS recommends that the final version of the NGP embrace open standards as a key principle of all software projects and infrastructures within the purview of the Policy. This is essential for easier sharing and reuse of open (geospatial) data.
Adoption of Open Source Software: The Policy on Adoption of Open Source Software for Government of India states that the “Government of India shall endeavour to adopt Open Source Software in all e-Governance systems implemented by various Government organisations, as a preferred option in comparison to Closed Source Software” [5]. As the draft policy proposed to guide the development of GDPSS being developed and implemented both by the Government of India and by other agencies (academic, commercial, and otherwise), it must include an explicit reference and embracing of this mandate for adoption of Open Source Software, for reasons of reducing expenses, avoiding vendor lock-ins, re-usability of software components, enabling public accountability, and greater security of software systems.
Implementation of Open APIs: To actualise the stated principle to “[e]nable promotion, adoption and implementation of emerging / state of the art technologies” as well as to ensure the “[a]vailability of all geospatial data collected through public funded mechanism to all users,” CIS suggests that final version of the NGP must refer to and operationalise the Policy on Open Application Programming Interfaces (APIs) for Government of India [6]. This will ensure that the openly available geospatial data is available to the public, as well as to all the government agencies, in a structured digital format that is easy to consume and use on one hand, and is available for various forms of value addition and innovation on the other.
Right to Information Act 2005: The framework for reactive disclosure of information and data collected and held by the Government of India, as well as the basis for proactive disclosure of the same, is enshrined in the Right to Information Act 2005 [7]. The draft NGP, CIS proposes, should refer to this Act, and ensure that whenever an Indian citizen request for such government data and/or information that is of geospatial in nature, and the requested data and/or information is both shareable and non-sensitive, the citizen must be provided with the geospatial data and/or information in an open standard and under open license, as applicable.
Refer to Official Secrets Act, 1923: The Official Secrets Act defines “Prohibited Places” and prohibits all activities involving “sketch, plan, model, or note which is calculated to be or might be or is intended to be, directly; or indirectly, useful to an enemy or (c) obtains collects, records or publishes or communicates to any other person any secret official code or password, or any sketch, plan, model, article or note or other document or information which is calculated to be or might be or is intended to be, directly or indirectly, useful to an enemy” [8]. This provides the fundamental legal basis for regulation, expunging, and stopping circulation of geospatial data containing information about Vulnerable Points and Vulnerable Areas. CIS submits that this Act should be referred to in this context of ensuring non-publication of sensitive geospatial data (that is geospatial data related to Prohibited Places).

3.2. Grant adequate permissions to the public to re-use geospatial data

3.2.1. CIS observes that section 1.4 of the draft policy states that, “Geospatial data of any resolution being disseminated through agencies and service providers, both internationally and nationally be treated as unclassified and made available and accessible by Indian Mapping and imaging agencies.”

3.2.2. CIS recommends the abovementioned section be broadened to include not only availability and accessibility of geospatial data, but also its re-use. Further, such accessibility, availability and re-use should not be only limited to public and private entities such as Indian mapping and imaging agencies, but as well as to Indian people in general.

3.2.3. CIS further submits that section 1.4 be revised as “[g]eospatial data of any resolution being disseminated through agencies and service providers, both internationally and nationally be treated as unclassified and made available, accessible, and reusable by Indian mapping and imaging agencies in particular, and by the people of India in general.”

3.3. Ensure Open Access to shareable and non-sensitive geospatial data

3.3.1. CIS observes that the draft policy directs all “geospatial data generating agencies” to classify their data into “open access,” “registered access,” and “restricted access.” The document, however, neither defines “geospatial data generating agencies”, nor does it clarify what conditions the data must satisfy to be classified as one of the three types. Without a listing of such conditions (at least necessary, and not sufficient, conditions), nothing restricts the agencies from classifying all generated geospatial data as “restricted.”

3.3.2. Further, CIS observes that the draft policy aims to provide geospatial data acquired through public funded mechanism to be made available to the public at free of cost. It is submitted that the policy should not only be made available for free of cost, but it should also be made available in open standard format under an open license.

3.3.3. As defined in the section 1.3, the National Data Sharing and Accessibility Policy (“NDSAP”) applies to “all shareable non-sensitive data available either in digital or analog forms but generated using public funds” [9]. Clearly all shareable [10] and non-sensitive [11] geospatial data, either in digital or analog forms, and generated using public funds should be proactively disclosed by the government agency concerns in accordance to the NDSAP. CIS recommends that the draft policy makes an explicit reference to NDSAP when discussing the topic of Open Access geospatial data, and re-iterates the mandate of proactive publication of shareable and non-sensitive government data.

3.3.4. Further, the process for defining an open government data license to be applied to all open government data sets being published under the NDSAP, and through the Open Government Data Platform India, is in progress. Given this, it is absolutely crucial important that the draft NGP takes this into consideration, and mandates that Open Access geospatial data must be published using the open government data license to be defined by the Implementation Guidelines of the NDSAP, when applicable.

3.4. Lack of clarity regarding the clearances and permits required for data acquisition and dissemination, and the procedures thereof

3.4.1. Section 1.8 of the draft policy states that “[a]ll clearances / permits, as necessary, for data acquisition and dissemination be through a single window, online portal. These clearances be provided within a time span of 30 days of filing the online request.” CIS observes that the draft policy does not specify the kind of clearances/permits needed before a public or private entity, or an individual, can undertake acquisition and dissemination of geospatial data. It neither clarifies under what circumstances and conditions application for such clearance / permits would be required for users.

3.4.2. Since the recently published draft Geospatial Information Regulation Bill (“GIRB”) 2016, directly addresses this topic of clearance / permit required to acquire and share geospatial information [12], it will be effective if the NGP can refer to this Bill and provide an overall governance framework for the same. Further, CIS noted that the time span of 30 days mentioned in the draft policy is inconsistent with the time period specified in the GIRB (which is 90 days).

3.4.3. CIS recommends that the draft policy also be amended suitably to include the circumstances and conditions under which required permissions shall be issued. Accordingly, the draft policy should reference the standardised and time bound security vetting process envisaged in the GIRB.

3.5. Clarification Needed regarding “Cybersecurity is to be ensured through … use of Digital Watermarks for authentication of GDPSS”

3.5.1. CIS submits that the draft policy does not elaborate on the use of “Digital Watermarks” to ensure cybersecurity, neither it is explained who will authenticate GDPSS, under what conditions, and for what reasons. CIS recommends that the draft policy be amended suitably to specify the same.

3.6. Remove Classification of Non-Public (at Present) Satellite / Aerial Imagery as Restricted by Default

3.6.1. CIS observes that the draft policy recommends that “[s]atellite/aerial images of resolution other than those currently made available on websites” should all be “classified for restricted access.”

3.6.2. CIS submits that blanket categorisation of all satellite / aerial imagery of resolution that is not currently available through a public website (for whatever reason it might be) as “restricted access” should be re-evaluated, given the immense importance of such imagery to mapping agencies and industry participants using GDPSS.

3.6.3. CIS recommends that the section be revised to define clear principles for defining satellite /aerial imagery as “open,” “registered,” and “restricted.”

3.7. Governance of User-contributed Geospatial Data

3.7.1. A key resource and feature of contemporary geospatial industry in particular, and the digital economy in general, is the proliferation of user-contributed and user-generated geospatial data and information. CIS observes that this crucial topic, as well as the unique governance concerns that it raises, has not been addressed in the draft policy at all. CIS requests the DST to consider this matter with due attention to the specific nature and values of such user-contributed and user-generated in the digital economy on one hand, and in emergency contexts such as natural disasters on the other, and prepare a framework for its appropriate governance as part of the NGP itself.

3.8. Protect Geospatial Privacy of Citizens by Defining Sensitive Personal Geospatial Data and Information

3.8.1. CIS observes that the draft policy lacks rules for collection, use, storage, and distribution of geospatial data from an individual’s privacy standpoint. Further, neither does the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 address these concerns [13]. Section 3 of the Rules define “Sensitive personal data or information”, which do not include geospatial information.

3.8.2. The argument of violation of constitutional right to privacy was pleaded in a case against Google and other private mapping agencies in 2008 [14]. In the judgment, Madras HIgh Court noted that there existed no legislation/guidelines to prohibit mapping programmes from conducting their activities indiscriminately, and the lack of one thereof prevented the Court from injuncting such activities. Thus, there exists a judicial ambiguity on the aspect of collection and use of geospatial data.

3.8.3. CIS submits that the draft policy may be suitably amended to ensure that collection, processing and dissemination of geospatial information is in consonance with the constitutionally protection of an individual’s privacy.

3.9. Clarification Needed regarding “Mechanisms to be put in place to evaluate / audit GDPSS creation, consumption and distribution”

3.9.1. The draft policy suggests that “mechanisms to be put in place to evaluate/audit GDPSS creation, consumption and distribution” without clarifying the scope, purpose, and purview of this mechanism, and most crucially it does not describe what exactly will be evaluated / audited. CIS submits that this section is revised and expanded.

3.9.2. The same section also identifies the need for a “framework to be put in place to assess the data collection versus its utilization towards government program and socio-economic development.” CIS observes that this is a very promising and much welcome gesture by the DST, but this section must be developed as a separate and detailed mandate. At the least, the NGP may suggest that a more detailed guideline document regarding this framework will be developed in near future.

3.10. Data Taxation and Geospatial Cess

3.10.1. The draft policy refers to imposition of “data taxation (geospatial cess)” and use of “licensing” of geospatial data to raise money for geospatial activities of the Government of India. CIS is of the opinion will severely affect the geospatial industry in the country in particular, and will raise the monetary barrier to public use of geospatial data and maps in general; and hence must be strictly avoided.

3.11. Data Dissemination Cell

3.11.1. CIS submits that instead of development of a separate Data Dissemination Cell within all government agencies to operationalise the mandate of the NGP, the Chief Data Officers within all government agencies identified under the implementation process of the NDSAP be given this complementary responsibility. This would ensure effective channelisation of human and financial resources to take forward the joint mandate of NGP and NDSAP towards greater public availability and use of (shareable and non-sensitive) government data.

3.12. Special Infrastructure for Governance, Management, and Publication of Real-time Geospatial Data

3.12.1. A key term that the draft policy does not talk about is “big data.” The static or much-slowly-changing geospatial data such as national boundaries and details of Vulnerable Points and Vulnerable Areas are really a very small part of of the global geospatial information. The much larger and crucial part is the real-time (that is continuously produced, stored, analysed, and used in almost real-time) big geospatial data – from geo-referenced tweets, to GPS systems of cars, to mobile phones moving through the cities and regions. Addressing such networked data systems, where all data collected by digital devices can quite easily be born-georeferenced, and the security and privacy concerns that are engendered by them, should be the ultimate purpose of, and challenge for, a future-looking NGP.

3.12.2. Further, with increasing number of government assets being geo-referenced for the purpose of more effective and real-time management, especially in the transportation sector, the corresponding agencies (which are often not mapping agencies) are acquiring a vast amount of high-velocity geospatial data, which needs to be analysed and (sometimes) published in the real-time. CIS submits a sincere request to DST to highlight the crucial need for special infrastructure for such data, as well as its governance, and identify the key principles concerned in the next version of the draft NGP.

3.13. Sincere Request for Preparation and Circulation of a Second Public Draft of the National Geospatial Policy

3.13.1. CIS commends the DST for publishing the draft policy, and facilitating a consultation process inviting stakeholders and civil society to submit feedback. The NGP envisages to address crucial concepts of privacy, licensing, intellectual property rights, liability, national security, open data, which cut across and impact various technology platforms, industries and the citizens.

3.13.2. In view of the multifarious issues highlighted that arise at the intersection of various legal and ethical concepts, CIS respectfully requests the DST to conduct another round of consultation after the publication of the second draft of the NGP. Multiple rounds of consultation and feedback would contribute to the robustness of the lawmaking process and ensure that the final policy safeguards the general public interest, and the interests and rights of various stakeholders involved.

3.13.3. CIS is thankful to DST for the opportunity to provide comments, and would be privileged to provide further assistance on the matter to DST.

Endnotes

[1] See: http://www.dst.gov.in/sites/default/files/Draft-NGP-Ver%201%20ammended_05May2016.pdf.

[2] See: http://cis-india.org/.

[3] See: https://egovstandards.gov.in/sites/default/files/Published%20Documents/Policy_on_Open_Standards_for_e-Governance.pdf.

[4] See: http://data.gov.in/sites/default/files/NDSAP.pdf.

[5] See: http://deity.gov.in/sites/upload_files/dit/files/policy_on_adoption_of_oss.pdf.

[6] See: http://deity.gov.in/sites/upload_files/dit/files/Open_APIs_19May2015.pdf.

[7] See: http://rti.gov.in/webactrti.htm.

[8] See: http://www.archive.india.gov.in/allimpfrms/allacts/3314.pdf, sections 2(d) and 3(b).

[9] See: https://data.gov.in/sites/default/files/NDSAP.pdf.

[10] See section 2.11 of NDSAP.

[11] See section 2.10 of NDSAP.

[12] See: http://mha.nic.in/sites/upload_files/mha/files/GeospatialBill_05052016_eve.pdf.

[13] See: http://deity.gov.in/sites/upload_files/dit/files/GSR313E_10511%281%29.pdf.

[14] J. Mohanraj v (1) Secretary To Government, Delhi; (2) Indian Space Research Organisation, Bangalore; (3) Google India Private Limited, Bangalore, 2008 Indlaw MAD 3562.

For more details visit https://cis-india.org/openness/comments-on-the-national-geospatial-policy-draft-v-1-0-2016

Smart City Policies and Standards: Overview of Projects, Data Policies, and Standards across Five International Smart Cities

Kiran A. B., Elonnai Hickok and Vanya Rakesh — 2016-06-11T13:29:04Z

This blog post aims to review five Smart Cities across the globe, namely Singapore, Dubai, New York City, London and Seoul, the Data Policies and Standards adopted. Also, the research seeks to point the similarities, differences and best practices in the development of smart cities across jurisdictions.

Download the brief: PDF.

Introduction

Smart City as a concept is evolutionary in nature, and the key elements like Information and Communication Technology (ICT), digitization of services, Internet of Things (IoT), open data, big data, social innovation, knowledge, etc., would be intrinsic to defining a Smart City [1].

A Smart City, as a “system of systems”, can potentially generate vast amounts of data, especially as cities install more sensors, gain access to data from sources such as mobile devices, and government and other agencies make more data accessible. Consequently, Big Data techniques and concepts are highly relevant to the future of Smart Cities. It was noted by Kenneth Cukier, Senior Editor of Digital Products at The Economist, that Big Data techniques can be used to enhance a number of processes essential to cities - for example, big data can be used to spot business trends, determine quality of research, prevent diseases, tack legal citations, combat crime, and determine real-time roadway traffic conditions [2]. Having said this, data is deemed to be the lifeblood of a Smart City and its availability, use, cost, quality, analysis, associated business models and governance are all areas of interest for a range of actors within a smart city [3]

This blog reviews five Smart Cities namely Singapore, Dubai, New York City, London and Seoul. In doing so, the research seeks to point the similarities, differences and best practices in the development of smart cities across jurisdictions. To achieve this, the research reviews:

The definition of a Smart City in a given context or project (if any).
Existing policy/regulations around data or notes the lack thereof.
The cities adherence to the International standards and providing an update on the current status of the Smart City programme.

Singapore

Introduction

The Smart Nation programme in Singapore was launched on 24th November, 2014. The programme is being driven by the Infocomm Development Authority of Singapore, through which Singapore seeks to harness ICT, networks and data to support improved livelihoods, stronger communities and creation of new opportunities for its residents [4] According to the IDA, a Smart Nation is a city where “people and businesses are empowered through increased access to data, more participatory through the contribution of innovative ideas and solutions, and a more anticipatory government that utilises technology to better serve citizens’ needs” [5]. The Smart Nation programme is driven by a designated Office in the Prime Minister’s Office [6]. As a core component to the Smart Nation Programme, the Smart Nation Platform has been developed as the technical architecture to support the Programme. This Platform enables greater pervasive connectivity, better situational awareness through data collection, and efficient sharing and access to collected sensor data, allowing public bodies to use such data to develop policy and practical interventions [7] Such access would allow for anticipatory governance - a goal of the Smart Nation Programme as noted by Dr. Yaacob Ibrahim, Minister for Communications and Information stating “Insights gained from this data would enable us to better anticipate citizens’ needs and help in better delivery of services” [8].

Status of the Project

The Smart Nation Programme is an ongoing initiative, being built on the past programme Intelligent Nation 2015 (iN2015 masterplan). The plan involves putting in place the infrastructure, policies, ecosystem and capabilities to enable a Smart Nation, by adopting a people-centric approach [9]. A number of co-creating solutions adopted by the Government include:

Development of Mobile Apps to facilitate communication between the public and the providers of public services.
Organization of Hackathons by government agencies or corporations in collaboration with schools and industry partners to ideate and develop solutions to tackle real-world challenges.
Adopt measure for smart mobility to create a more seamless transport experience and providing greater access to real-time transport information so that citizens can better plan their journeys.
Smart technologies are also being introduced to the housing estates [10].

Policies and Regulations

The Smart Nation plan derives its legitimacy from the constitution of Singapore, holding the Prime Minister responsible to take charge of the subject ‘Smart Nation’ blueprint under the Statutory body of ‘Smart Nation’ Programme Office [11]. Singapore has a comprehensive data protection law – the Personal Data Protection Act 2012, rules governing the collection, use, disclosure and care of personal data. The Personal Data Protection Commission of Singapore has committed to work closely with the private sector, and also to support the Smart Nation vision on data privacy and cyber security ecosystem [12] [13].

Towards achieving the Smart Nation vision the government has also promoted the use of open data. In 2015 the Department of Statistics has made a vast amount of data available (across multiple themes say transport, infocomm, population, etc.) for free to the public in order to encourage innovation and facilitate the Smart Nation [14]. Prior to this initiative, the government had adopted the Open Data Policy in 2011, enabling public data for analysis, research and application development [15]. The concept of Virtual Singapore, which is a part of the Smart Nation Initiative, has been developed to adopt and simulate solutions on a virtual platform using big data analytics [16].

Adoption of International Standards

The Smart Nation initiative follows the standards laid under the purview of the Singapore Standards Council (SSC). It specifies three types of Internet of Things (IoT) Standards – sensor network standards (TR38 - for public areas & TR40 - for homes), IoT foundational standards (common set of guidelines for IoT requirements and architecture, information and service interoperability, security and data integrity) and domain-specific standards (healthcare, mobility, urban living, etc.) [17].

Singapore is part of ISO/IEC JTC 1/WG7 Sensor Networks and ISO/IEC JTC 1/WG10 Internet of Things (IoT) [18]. Singapore IT standards abides to the international standards as defined by ISO, ITU, etc.Singapore is a member of many international standards forums (see Singapore International Standards Committee) which includes JTC1/WG9 - Big Data; JTC1/WG10 - Internet of Things; JTC1/WG11 - Smart Cities.

Dubai, United Arab Emirates

Introduction

The Dubai Smart City strategy was launched as part of the Dubai Plan 2021 vision, in the year 2015 [19]. Dubai Plan 2021 describes the future of Dubai evolving through holistic and complementary perspectives, starting with the people and the society and places the government as the custodian of the city’s development. Within the Plan, the smart city theme envisions a platform that is fully connected and integrated infrastructure that enables easy mobility for all residents and tourists, and provides easy access to all economic centers and social services, in line with the world’s best cities [20]. Center to the smart city platform is data and data analytics, particularly cross functional data and big data techniques to give a complete view of the city [21] As envisioned, the Dubai Data portal would provide a gateway to empower relevant stakeholders to understand the nuances of the city and pursue questions that will result in the greatest impact from the city’s data [22]. The platform will be based on current data and existing services, initiatives, and networks to identify opportunities for a smart city [23]. The Smart City Plan also includes a framework for aligning districts of Dubai with the Smart City vision and dimensions [24].

The Smart Dubai roadmap 2015 provides a consolidated report and planned smart city services, its status and the stage of its implementation, for e.g. Smart Grid, Mobile Payment, Smart Water, Health applications, Public Wi-Fi, Municipality, E-Traffic solutions, etc [25].

Status of the Project

The Smart Dubai strategy is envisioned to be completed by the year 2020, and currently it’s ongoing. The first phase of Smart Dubai masterplan is expected to end by 2016. Between 2017 and 2019, the plan aims to deliver new initiatives and services. The second phase of the masterplan is expected to be completed by the year 2020 [26].

Policies and Regulations

The Smart City Plan is being driven by the Dubai Smart City Office – which has been established under Law No. (29) of 2015 on the establishment of Dubai Smart City Office; Law No. (30) of 2015 on the establishment of Dubai Smart City Establishment; Decree No. (37) of 2015 on the formation of the Board of the Dubai Smart City Office; and Decree No (38) of 2015- appointing a Director General for the Office, which will develop overall policies and strategic plans, supervise the smart transformation process and approve joint initiatives, projects and services [27]. Also, an open data law called Dubai Open Data Law was issued to complete the legislative framework for transforming Dubai into a Smart City [28]. This law will enable the sharing of non-confidential data between public entities and other stakeholders.

Adoption of International Standards

In 2015 the Smart Dubai Executive Committee has collaborated through an agreement with the International Telecommunications Union (ITU) adopt the performance indicators by the ITU Focus Group on Smart Sustainable Cities to evaluate the feasibility of the indicators [29]. The Focus Group is working towards identifying global best practices for the development of smart cities [30].

New York City, United States of America

Introduction

The ‘One New York Plan’ announced in the year 2015 is a comprehensive plan for a sustainable and resilient city. It includes the adoption of digital technology and considers the importance of the role of data in transforming every aspect of the economy, communications, politics, and individual and family life [31]. Furthermore, through a publication on 'Building a Smart+Equitable City', the Mayor’s Office of Technology and Innovation (MOTI) describes efforts to leverage new technologies to build Smart city.

Accordingly, the plan seeks to establish better lives through establishing principles and strategic frameworks to guide connected device and Internet of Things (IoT) implementation; MOTI serving as the coordinating entity for new technology and IoT deployments across all City agencies; collaborating with academia and the private sector on innovative pilot projects, and partnering with municipal governments and organizations around the world to share best practices and leverage the impact of technological advancements [32].

Status of the Project

OneNYC represents a unified vision for a sustainable, resilient, and equitable city developed with cross-cutting interagency collaboration, public engagement, and consultation with leading experts in their respective fields. The Mayor’s Office of Sustainability oversees the development of OneNYC and now shares responsibility with the Mayor’s Office of Recovery and Resiliency for ensuring its implementation [33].

Policies and Regulations

As per the Local Law 11 of 2012, each City entity must identify and ultimately publish all of its digital public data for citywide aggregation and publication by 2018. In adherence to this law, there exists a NYC Open Data Plan which requires annual data updation [34].

The LinkNYC initiative, one of the key projects to make New York a ‘smart’ city, aims to connect everyone through a city wide wi-fi network. The LinkNYC initiative will retrofit payphones with kiosks to provide high-speed WiFi hotspots and charging stations for increased connectivity [35]. Data Privacy in the initiative is addressed through the customer first privacy policy, which considers user’s privacy on priority and will not sell any personal information or share with third parties for their own use. LinkNYC will use anonymized, aggregate data to make the system more efficient and to develop insights to improve your Link experience [36].

Adoption of International Standards

The ANSI Network on Smart and Sustainable Cities (ANSSC) is a forum for information sharing and coordination on voluntary standards, conformity assessment and related activities for smart and sustainable cities in the US [37]. The US is a signatory of the ISO/ITU defined standards on smart cities [38].

London, United Kingdom

Introduction

The Smart London Plan was unveiled in the year 2013 by the Mayor of London. The plan is being driven through the Greater London Authority, with the advice of the Smart London Board. The Smart London Plan envisions ‘Using the creative power of new technologies to serve London and improve Londoner’s lives’ [39]. ‘Smart London’ is about harnessing new technology and data so that businesses, Londoners and visitors experience the city in a better way, and do not face bureaucratic hassle and congestion. Smart London seeks to improve the city as a whole and focuses on city macro functions that result from the interplay between city subsystems - such as local labour markets to financial markets, from local government to education, healthcare, transportation and utilities. According to strategy documents, a smarter London recognises and employs data as a service and will leverage data to enable informed decision making and the design of new activities.

Status of the Project

This project is currently ongoing. Since its formation in March 2013, the Smart London Board has been advising the Greater London Authority.The Plan sits within the overarching framework of the Mayor’s Vision 2020 [40].

Policies and Regulations

The Smart London Plan incorporates the existing open data platform called ‘London DataStore’. The rules and guidelines for this platform are defined by the Greater London Authority, which includes working with public and private sector organisations to create, maintain and utilise it, enabling common data standards, identify and prioritise which data are needed to address London’s growth challenges, establish a Smart London Borough Partnership to encourage boroughs to free up London’s local level data. Also, privacy is protected and there is transparent use of data - to ensure data use is managed in the best interests of the public rather than private enterprise.⁴² The Smart London Plan aims to build on this existing datastore to identify and publish data that addresses specific growth challenges, with an emphasis on working with companies and communities to create, maintain, and use this data [41].

The Open Data White Paper, issued by the Office of Paymaster General, seeks to build a transparent society by releasing public data through open data platforms and leveraging the potential of emerging technologies [42]. The Greater London Authority processes personal data in accordance with the Data Protection Act 1998 [43].

Adoption of International Standards

The British Standards Institution (BSI) has already established Smart City standards and has associated with the ISO Advisory Group on smart city standards. The UK subscribes to the BSI standards for smart cities and has adopted the same [44]. The following standards and publications help address various issues for a city to become a smart city:

The development of a standard on Smart city terminology (PAS 180)
The development of a Smart city framework standard (PAS 181)
The development of a Data concept model for smart cities (PAS 182)
A Smart city overview document (PD 8100)
A Smart city planning guidelines document (PD 8101)
BS 8904 Guidance for community sustainable development provides a decision-making framework that will help setting objectives in response to the needs and aspirations of city stakeholders
BS 11000 Collaborative relationship management
BSI BIP 2228:2013 Inclusive urban design - A guide to creating accessible public spaces.

Further, the Smart London Plan incorporates open data standards in accordance with London DataStore [45]. Various government reports – Smart Cities background paper, Open Data White Paper, etc., have suggested the use of standards related to Internet of Things (IoT), open data standards, etc [46].

Seoul, Korea

Introduction

Smart Seoul 2015 was announced in June 2011 by the Seoul Metropolitan Government, which envisions integrating IT services into every field, including administration, welfare, industry and living. Through this, the Seoul Metropolitan Government plans to create a Seoul that uses smart technologies by 2015 [47]. Towards this, the Seoul Metropolitan Government plans to make use of Big Data in policy development, and through scientific analytics, will provide customized administrative services and reduce wasteful spending. Also, the government is utilising Big Data to analyse trends emerging from existing services [48]. Examples of projects that leverage big data that the government has undertaken include the Taxi Matchmaking Project – analyzes the data related to taxi stands and passengers, the Owl Bus [49] - maps the bus routes, etc.

Status of the Project

Building on the Smart Seoul 2015, the Seoul Metropolitan Government plans to establish 'Global Digital Seoul 2020 – New Connections, Different Experiences' vision in next five-years. In this multi-objective plan, it aims to establish a ’Big Data campus’ providing win-win cooperation among public, private, industry and university [50].

Policies and Regulations

The Smart Seoul 2015 aims to create a ‘Seoul Data Mart’, which will be an open platform that makes public information available for data processing [51]. Furthermore, Seoul has opened the Seoul Open Data Plaza [52], an online channel to share and provide citizens with all of Seoul’s public data, such as real-time bus operation schedules, subway schedules, non-smoking areas, locations of public Wi-Fi services, shoeshine shops, and facilities for disabled people, and the information registered in Seoul Open Data Plaza is provided in the open API format.⁴⁵

South Korea has a comprehensive law governing data privacy – Personal Information Protection Act, 2011. The law includes data protection rules and principles, including obligations on the data controller and the consent of data subjects, rights to access personal data or object to its collection, and security requirements. It also covers cookies and spam, data processing by third parties and the international transfer of data [53].

International Standards

The smart city standards are adopted in the development of smart cities in Korea [54]. Korea has adopted the ISO/TC 268, which is focused on sustainable development in communities. Korea also has one working group developing city indicators and another working group developing metrics for smart community infrastructures [55].

Conclusion

The smart city projects studied are at different levels of implementation and have both similarities and differences. Below is an analysis of some of the key similarities and differences between smart city projects, a comparison of these points to India’s 100 Smart City Mission, and a summary of best practices around the development of smart city frameworks.

Nodal Agency

All cities studied have nodal agencies driving the smart city initiatives and many have policies in place backing these initiatives. For example, while the Smart Nation programme in Singapore is being driven by the Infocomm Development Authority, in London the smart city project is governed by the Great London Authority. The Smart Seoul Project in Korea is governed by the Seoul Metropolitan Government and New York has the Mayor’s Office of Technology and Innovation serving as the coordinating entity for new technology and IoT deployments across all City agencies. In India, the nodal agency driving the 100 Smart Cities Project is the Ministry of Urban Development under the Indian Government. In India, the implementation of the Mission at the City level will be done by a Special Purpose Vehicle (SPV), which will be a limited company and will plan, appraise, approve, release funds, implement, manage, operate, monitor and evaluate the Smart City development projects.

Policies

Many of the cities had open data policies and data protection policies that pertain to the Smart City initiatives. In Dubai, an open data law called Dubai Open Data Law has been issued to complete the legislative framework for transforming Dubai into a Smart City and the Smart City Establishment will develop policies for the project. New York also has an Open Data Plan in place and LinkNYC will use anonymized, aggregate data to address data privacy of users. In London, the Smart London Plan incorporates the existing open data platform called ‘London DataStore’, the rules for which are defined by the Greater London Authority, which also ensures privacy and transparent use of data by processing personal data in accordance with the Data Protection Act 1998. For regulation of data in Seoul, a ‘Seoul Data Mart’ will be established to make public information available for data processing and the Seoul Open Data Plaza is an existing online channel to share and provide citizens with all of Seoul’s public data. South Korea has a comprehensive law governing data privacy in place as well. In Singapore, the Personal Data Protection Commission has committed to work and support the Smart Nation vision on data privacy and cyber security ecosystem. To achieve the vision of the project, the government has also promoted the use of open data. It can be said the these countries , with clearly laid out policies to support and guide the project, have well planned ecosystem for regulation and governance of systems, technologies and cities. All cities have incorporated open data into smart cities and many have developed guidelines for its use. All cities have similar goals of enhancing the lives of citizens and developing anticipatory regulation, however, there appears to be little discussion on the need to amend existing law or enable new law around privacy and data protection in light of data collection through smart cities. In India, no enabling legislation or policy has been formulated by the Government, apart from releasing “Mission Statement and Guidelines”, which provides details about the Project and vision, excluding a definition of a ‘smart city’ or the relevant applicable laws and policies. No information is publicly available regarding deployment of open data, use of specific technologies like cloud, big data, etc., the relevant policies and applicability of laws. Unlike India, all cities recognize the importance of big data techniques in enabling smart city visions, technology and policies. On the lines of these cities, India must work towards addressing the need for an open data framework in light of the 100 Smart Cities Mission to enable the sharing of non-confidential data between public entities and other stakeholders. This requires co-ordination to incorporate, enable and draw upon open data architecture in the cities by the Government with the existing open data framework in India, like the National Data Sharing and Accessibility Policy, 2012. Use of technology in the form of IoT and Big Data entails access to open data, bringing another policy area in its ambit which needs consideration. Also, identification and development of open standards for IoT must be looked at. Also, as data in smart cities will be generated, collected, used, and shared by both the public and private sector. It is essential that India’s existing data protection standards and regime must be amended to extend the data regulation beyond a body corporate and oversee the collection and use of data by the Government, and its agencies.

Standards

In Singapore, the Smart Nation initiative follows the standards laid under the purview of the Singapore Standards Council (SSC)and the Singapore IT standards abides to the international standards as defined by ISO, ITU, etc. The Country is also a member of many international standards forums (see Singapore International Standards Committee) which includes JTC1/WG9- Big Data; JTC1/WG10 - Internet of Things; JTC1/WG11 - Smart Cities. In Dubai, the Smart Dubai Executive Committee with the International Telecommunications Union (ITU) to adopt the performance indicators by the ITU Focus Group on Smart Sustainable Cities to evaluate the feasibility of the indicators. For the purpose of standards, the ANSI Network on Smart and Sustainable Cities (ANSSC) in New York is a forum smart and sustainable cities, along with US being a signatory of the ISO/ITU defined standards on smart cities. Also, The British Standards Institution (BSI) has already established Smart City standards and has associated with the ISO Advisory Group on smart city standards. The UK subscribes to the BSI standards for smart cities and has adopted the same and the Smart London Plan incorporates open data standards in accordance with London DataStore. For development of smart cities, Korea has adopted the ISO/TC 268, which is focused on sustainable development in communities and also has one working group developing city indicators and another working group developing metrics for smart community infrastructures. However, in India, the Bureau of Indian Standards (BIS) has undertaken the task to formulate standardised guidelines for central and state authorities in planning, design and construction of smart cities by setting up a technical committee under the Civil engineering department of the Bureau. However, adoption of the standards by implementing agencies would be voluntary and intends to complement internationally available documents in this area. Also, The Global Cities Institute (GCI) has undertaken a mission in the year 2015 to align with the Bureau of Indian Standards regarding development of standards of smart cities and also to forge relationships with Indian cities in light of ISO 37120. It can be said that India has currently not yet adopted international standards, but is in the process of developing national standards and adopting key international standards. Unlike other cities,which are adopting standards - national, ISO, or ITU, Indian cities are yet to adopt standards for regulation of the future smart cities.

Notes for India

India is in the nascent stages of developing smart cities across the country. Drawing from the practices adopted by cities across the world, smart cities in India should adopt strong regulatory and governance frameworks regarding technical standards, open data and data security and data protection policies. These policies will be essential in ensuring the sustainability and efficiency of smart cities while safeguarding individual rights. Some of these policies are already in place - such as India’s Open Data Policy and India’s data protection standards under section 43A of the ITA. It will be important to see how these policies are adopted and applied to the context of smart cities.

References

[1] Smart Cities and Transparent Evolution, http://www.posterheroes.org/Posterheroes3/_mat/PH3_eng.pdf.

[2] "Data, Data Everywhere." The Economist, February 25, 2010. Accessed March 17, 2016, http://www.economist.com/node/15557443.

[3] "Smart Cities." ISO. 2015. Accessed March 17, 2016, http://www.iso.org/iso/smart_cities_report-jtc1.pdf.

[4] Transcript of Prime Minister Lee Hsien Loong's speech at Smart Nation launch on 24 November, http://www.pmo.gov.sg/mediacentre/transcript-prime-minister-lee-hsien-loongs-speech-smart-nation-launch-24-november.

[5] Smart Nation Vision, https://www.ida.gov.sg/Tech-Scene-News/Smart-Nation-Vision.

[6] Smart Nation, http://www.pmo.gov.sg/smartnation.

[7] Smart Nation Platform, https://www.ida.gov.sg/~/media/Files/About%20Us/Newsroom/Media%20Releases/2014/0617_smartnation/AnnexA_sn.pdf.

[8] Transcript of Prime Minister Lee Hsien Loong's speech at Smart Nation launch on 24 November, https://www.ida.gov.sg/blog/insg/featured/singapore-lays-groundwork-to-be-worlds-first-smart-nation/.

[9] Prime Ministers’ Office Singapore-Smart Nation, http://www.pmo.gov.sg/smartnation.

[10] Prime Ministers’ Office Singapore-Smart Nation, http://www.pmo.gov.sg/smartnation.

[11] Constitution of the Republic of Singapore (Responsibility of the Prime Minister) Notification 2015, http://statutes.agc.gov.sg/aol/search/display/view.w3p;page=0;query=Status%3Acurinforce%20Type%3Aact,sl%20Content%3A%22smart%22;rec=4;resUrl=http%3A%2F%2Fstatutes.agc.gov.sg%2Faol%2Fsearch%2Fsummary%2Fresults.w3p%3Bquery%3DStatus%253Acurinforce%2520Type%253Aact,sl%2520Content%253A%2522smart%2522;whole=yes.

[12] Personal Data Protection Singapore-Annual Report 2014-15, https://www.pdpc.gov.sg/docs/default-source/Reports/pdpc-ar-fy14---online.pdf.

[13] Balancing Innovation and Personal Data Protection, https://www.ida.gov.sg/Tech-Scene-News/Tech-News/Digital-Government/2015/9/Balancing-innovation-and-personal-data-protection.

[14] Department of Statistics Singapore- Free Access to More Data on the SingStat Website from 1 March 2015, http://www.singstat.gov.sg/docs/default-source/default-document-library/news/press_releases/press27022015.pdf.

[15] Singapore Marks 50th Birthday With Open Data Contest, https://blog.hootsuite.com/singapore-open-data/.

[16] Virtual Singapore - a 3D city model platform for knowledge sharing and community collaboration, http://www.sla.gov.sg/News/tabid/142/articleid/572/category/Press%20Releases/parentId/97/year/2014/Default.aspx.

[17] Internet of Things (IoT) Standards Outline to Support Smart Nation Initiative Unveiled, http://www.spring.gov.sg/NewsEvents/PR/Pages/Internet-of-Things-(IoT)-Standards-Outline-to-Support-Smart-Nation-Initiative-Unveiled-20150812.aspx.

[18] Information Technology Standards Committee, https://www.itsc.org.sg/technical-committees/internet-of-things-technical-committee-iottc and https://www.ida.gov.sg/~/media/Files/Infocomm%20Landscape/iN2015/Reports/realisingthevisionin2015.pdf.

[19] Government of Dubai-2021 Dubai Plan-Purpose, http://www.dubaiplan2021.ae/the-purpose/.

[20] Government of Dubai-2021 Dubai Plan, http://www.dubaiplan2021.ae/dubai-plan-2021/.

[21] Smart Dubai, http://www.smartdubai.ae/foundation_layers.php.

[22] The Internet of Things: Connections for People’s happiness, http://www.smartdubai.ae/story021002.php.

[23] Smart Dubai - Current State, http://www.smartdubai.ae/current_state.php.

[24] Smart Dubai - District Guidelines, http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf.

[25] See; http://roadmap.smartdubai.ae/search-services-public.php and http://roadmap.smartdubai.ae/search-initiatives-public.php.

[26] Smart Dubai-Smart District Guidelines, http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf.

[27] Dubai Ruler issues new laws to further enhance the organisational structure and legal framework of Dubai Smart City, https://www.wam.ae/en/news/emirates/1395288828473.html.

[28] See: http://slc.dubai.gov.ae/en/AboutDepartment/News/Lists/NewsCentre/DispForm.aspx?ID=147&ContentTypeId=0x01001D47EB13C23E544893300E8367A23439 and http://www.smartdubai.ae/dubai_data.php.

[29] Dubai first city to trial ITU key performance indicators for smart sustainable cities, http://www.itu.int/net/pressoffice/press_releases/2015/12.aspx#.VtaYtlt97IU.

[30] Smart Dubai Benchmark Report 2015 Executive Summary, http://smartdubai.ae/bmr2015/methodology-public.php.

[31] Building a Smart + Equitable City, http://www1.nyc.gov/assets/forward/documents/NYC-Smart-Equitable-City-Final.pdf

[32] Building a Smart + Equitable City, http://www1.nyc.gov/site/forward/innovations/smartnyc.page.

[33] One New York: The Plan for a Strong and Just City, http://www1.nyc.gov/html/onenyc/about.html

[34] Open Data for All, http://www1.nyc.gov/assets/home/downloads/pdf/reports/2015/NYC-Open-Data-Plan-2015.pdf.

[35] 7 public projects that are turning New York into a “smart city”, http://www.builtinnyc.com/2015/11/24/7-projects-are-turning-new-york-futuristic-technology-hub.

[36] LinkNYC, https://www.link.nyc/faq.html#privacy.

[7] ANSI Network on Smart and Sustainable Cities, http://www.ansi.org/standards_activities/standards_boards_panels/anssc/overview.aspx?menuid=3

[38] IoT-Enabled Smart City Framework, http://publicaa.ansi.org/sites/apdl/Documents/News%20and%20Publications/Links%20Within%20Stories/IoT-EnabledSmartCityFrameworkWP20160213.pdf.

[39] Smart London (UK) Plan: Digital Technologies, London and Londoners, http://munkschool.utoronto.ca/ipl/files/2015/03/KleinmanM_Smart-London-UK-v5_30AP2015.pdf.

[40] Smart London Plan, http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf.

[41] Smart London Plan, http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf.

[42] Open Data White Paper, https://data.gov.uk/sites/default/files/Open_data_White_Paper.pdf.

[43] London Datastore-Privacy, http://data.london.gov.uk/about/privacy/.

[44] Future Cities Standards Centre in London, https://eu-smartcities.eu/commitment/5937.

[45] Smart London Plan, http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf.

[46] Smart Cities background paper, October 2013, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/246019/bis-13-1209-smart-cities-background-paper-digital.pdf.

[47] Presentation of 2015 Blueprint of Seoul as ‘State-of-the-art Smart City’, http://english.seoul.go.kr/presentation-of-2015-blueprint-of-seoul-as-%E2%80%98state-of-the-art-smart-city%E2%80%99/.

[48] “Policy Where There is Demand,” Seoul Utilizes Big Data, http://english.seoul.go.kr/policy-demand-seoul-utilizes-big-data/

[49] Seoul’s “Owl Bus” Based on Big Data Technology, http://www.citiesalliance.org/sites/citiesalliance.org/files/Seoul-Owl-Bus-11052014.pdf

[50] Seoul Launches “Global Digital Seoul 2020”, http://english.seoul.go.kr/seoul-launches-global-digital-seoul-2020/

[51] Smart Seoul 2015, http://english.seoul.go.kr/wp-content/uploads/2014/02/SMART_SEOUL_2015_41.pdf

[52] Disclosing public data through the Seoul Open Data Plaza, http://english.seoul.go.kr/policy-information/key-policies/informatization/seoul-open-data-plaza/

[53] Data protection in South Korea: overview, http://uk.practicallaw.com/2-579-7926.

[54]Smart Cities Seoul: a case study, https://www.itu.int/dms_pub/itu-t/oth/23/01/T23010000190001PDFE.pdf

[55] Smart Cities-ISO, http://www.iso.org/iso/livelinkgetfile-isocs?nodeid=16193764.

For more details visit https://cis-india.org/internet-governance/blog/policies-and-standards-overview-of-five-international-smart-cities

Jurisdiction: The Taboo Topic at ICANN

pranesh — 2016-06-29T07:51:05Z

The "IANA Transition" that is currently underway is a sham since it doesn't address the most important question: that of jurisdiction. This article explores why the issue of jurisdiction is the most important question, and why it remains unaddressed.

In March 2014, the US government announced that they were going to end the contract they have with ICANN to run the Internet Assigned Numbers Authority (IANA), and hand over control to the “global multistakeholder community”. They insisted that the plan for transition had to come through a multistakeholder process and have stakeholders “across the global Internet community”.

Why is the U.S. government removing the NTIA contract?

The main reason for the U.S. government's action is that it will get rid of a political thorn in the U.S. government's side: keeping the contract allows them to be called out as having a special role in Internet governance (with the Affirmation of Commitments between the U.S. Department of Commerce and ICANN, the IANA contract, and the cooperative agreement with Verisign), and engaging in unilateralism with regard to the operation of the root servers of the Internet naming system, while repeatedly declaring that they support a multistakeholder model of Internet governance.

This contradiction is what they are hoping to address. Doing away with the NTIA contract will also increase — ever so marginally — ICANN’s global legitimacy: this is something that world governments, civil society organizations, and some American academics have been asking for nearly since ICANN’s inception in 1998. For instance, here are some demands made in a declaration by the Civil Society Internet Governance Caucus at WSIS, in 2005:

“ICANN will negotiate an appropriate host country agreement to replace its California Incorporation, being careful to retain those aspects of its California Incorporation that enhance its accountability to the global Internet user community. "ICANN's decisions, and any host country agreement, must be required to comply with public policy requirements negotiated through international treaties in regard to, inter alia, human rights treaties, privacy rights, gender agreements and trade rules. … "It is also expected that the multi-stakeholder community will observe and comment on the progress made in this process through the proposed [Internet Governance] Forum."

In short: the objective of the transition is political, not technical. In an ideal world, we should aim at reducing U.S. state control over the core of the Internet's domain name system.¹

It is our contention that U.S. state control over the core of the Internet's domain name system is not being removed by the transition that is currently underway.

Why is the Transition Happening Now?

Despite the U.S. government having given commitments in the past that were going to finish the IANA transition by "September 30, 2000", (the White Paper on Management of Internet Names and Addresses states: "The U.S. Government would prefer that this transition be complete before the year 2000. To the extent that the new corporation is established and operationally stable, September 30, 2000 is intended to be, and remains, an 'outside' date.") and later by "fall of 2006",² those turned out to be empty promises. However, this time, the transition seems to be going through, unless the U.S. Congress manages to halt it.

However, in order to answer the question of "why now?" fully, one has to look a bit at the past.

In 1998, through the White Paper on Management of Internet Names and Addresses the U.S. government asserted it’s control over the root, and asserted — some would say arrogated to itself — the power to put out contracts for both the IANA functions as well as the 'A' Root (i.e., the Root Zone Maintainer function that Network Solutions Inc. then performed, and continues to perform to date in its current avatar as Verisign). The IANA functions contract — a periodically renewable contract — was awarded to ICANN, a California-based non-profit corporation that was set up exclusively for this purpose, but which evolved around the existing IANA (to placate the Internet Society).

Meanwhile, of course, there were criticisms of ICANN from multiple foreign governments and civil society organizations. Further, despite it being a California-based non-profit on contract with the government, domestically within the U.S., there was pushback from constituencies that felt that more direct U.S. control of the DNS was important.

As Goldsmith and Wu summarize:

"Milton Mueller and others have shown that ICANN’s spirit of “self-regulation” was an appealing label for a process that could be more accurately described as the U.S. government brokering a behind-the-scenes deal that best suited its policy preferences ... the United States wanted to ensure the stability of the Internet, to fend off the regulatory efforts of foreign governments and international organizations, and to maintain ultimate control. The easiest way to do that was to maintain formal control while turning over day-to-day control of the root to ICANN and the Internet Society, which had close ties to the regulation-shy American technology industry." [footnotes omitted]

And that brings us to the first reason that the NTIA announced the transition in 2014, rather than earlier.

ICANN Adjudged Mature Enough

The NTIA now sees ICANN as being mature enough: the final transition was announced 16 years after ICANN's creation, and complaints about ICANN and its legitimacy had largely died down in the international arena in that while. Nowadays, governments across the world send their representatives to ICANN, thus legitimizing ICANN. States have largely been satisfied by participating in the Government Advisory Council, which, as its name suggests, only has advisory powers. Further, unlike in the early days, there is no serious push for states assuming control of ICANN. Of course they grumble about the ICANN Board not following their advice, but no government, as far as I am aware, has walked out or refused to participate.

L'affaire Snowden

Many within the United States, and some without, believe that the United States not only plays an exceptional role to play in the running of the Internet — by dint of historical development and dominance of American companies — but that it ought to have an exceptional role because it is the best country to exercise 'oversight' over 'the Internet' (often coming from clueless commentators), and from dinosaurs of the Internet era, like American IP lawyers and American 'homeland' security hawks, Jones Day, who are ICANN's lawyers, and other jingoists and those policymakers who are controlled by these narrow-minded interests.

The Snowden revelations were, in that way, a godsend for the NTIA, as it allowed them a fig-leaf of international criticism with which to counter these domestic critics and carry on with a transition that they have been seeking to put into motion for a while. The Snowden revelations led Dilma Rousseff, President of Brazil, to state in September 2013, at the 68th U.N. General Assembly, that Brazil would "present proposals for the establishment of a civilian multilateral framework for the governance and use of the Internet", and as Diego Canabarro points out this catalysed the U.S. government and the technical community into taking action.

Given this context, a few months after the Snowden revelations, the so-called I* organizations met — seemingly with the blessing of the U.S. government³ — in Montevideo, and put out a 'Statement on the Future of Internet Governance' that sought to link the Snowden revelations on pervasive surveillance with the need to urgently transition the IANA stewardship role away from the U.S. government. Of course, the signatories to that statement knew fully well, as did most of the readers of that statement, that there is no linkage between the Snowden revelations about pervasive surveillance and the operations of the DNS root, but still they, and others, linked them together. Specifically, the I* organizations called for "accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing."

One could posit the existence of two other contributing factors as well.

Given political realities in the United States, a transition of this sort is probably best done before an ultra-jingoistic President steps into office.

Lastly, the ten-yearly review of the World Summit on Information Society was currently underway. At the original WSIS (as seen from the civil society quoted above) the issue of US control over the root was a major issue of contention. At that point (and during where the 2006 date for globalization of ICANN was emphasized by the US government).

Why Jurisdiction is Important

Jurisdiction has a great many aspects. Inter alia, these are:

Legal sanctions applicable to changes in the root zone (for instance, what happens if a country under US sanctions requests a change to the root zone file?)
Law applicable to resolution of contractual disputes with registries, registrars, etc.
Law applicable to labour disputes.
Law applicable to competition / antitrust law that applies to ICANN policies and regulations.
Law applicable to disputes regarding ICANN decisions, such as allocation of gTLDs, or non-renewal of a contract.
Law applicable to consumer protection concerns.
Law applicable to financial transparency of the organization.
Law applicable to corporate condition of the organization, including membership rights.
Law applicable to data protection-related policies & regulations.
Law applicable to trademark and other speech-related policies & regulations.
Law applicable to legal sanctions imposed by a country against another.

Some of these, but not all, depend on where bodies like ICANN [the policy-making body], the IANA functions operator [the proposed "Post-Transition IANA"], and the root zone maintainer are incorporated or maintain their primary office, while others depend on the location of the office [for instance, Turkish labour law applies for the ICANN office in Istanbul], while yet others depend on what's decided by ICANN in contracts (for instance, the resolution of contractual disputes with ICANN, filing of suits with regard to disputes over new generic TLDs, etc.).

However, an issue like sanctions, for instance, depends on where ICANN/PTI/RMZ are incorporated and maintain their primary office.

As Milton Mueller notes, the current IANA contract "requires ICANN to be incorporated in, maintain a physical address in, and perform the IANA functions in the U.S. This makes IANA subject to U.S. law and provides America with greater political influence over ICANN."

He further notes that:

While it is common to assert that the U.S. has never abused its authority and has always taken the role of a neutral steward, this is not quite true. During the controversy over the .xxx domain, the Bush administration caved in to domestic political pressure and threatened to block entry of the domain into the root if ICANN approved it (Declaration of the Independent Review Panel, 2010). It took five years, an independent review challenge and the threat of litigation from a businessman willing to spend millions to get the .xxx domain into the root.

Thus it is clear that even if the NTIA's role in the IANA contract goes away, jurisdiction remains an important issue.

U.S. Doublespeak on Jurisdiction

In March 2014, when NTIA finally announced that they would hand over the reins to “the global multistakeholder community”. They’ve laid down two procedural condition: that it be developed by stakeholders across the global Internet community and have broad community consensus, and they have proposed 5 substantive conditions that any proposal must meet:

Support and enhance the multistakeholder model;
Maintain the security, stability, and resiliency of the Internet DNS;
Meet the needs and expectation of the global customers and partners of the IANA services; and,
Maintain the openness of the Internet.
Must not replace the NTIA role with a solution that is government-led or an inter-governmental organization.

In that announcement there is no explicit restriction on the jurisdiction of ICANN (whether it relate to its incorporation, the resolution of contractual disputes, resolution of labour disputes, antitrust/competition law, tort law, consumer protection law, privacy law, or speech law, and more, all of which impact ICANN and many, but not all, of which are predicated on the jurisdiction of ICANN’s incorporation), the jurisdiction(s) of the IANA Functions Operator(s) (i.e., which executive, court, or legislature’s orders would it need to obey), and the jurisdiction of the Root Zone Maintainer (i.e., which executive, court, or legislature’s orders would it need to obey).

However, Mr. Larry Strickling, the head of the NTIA, in his testimony before the U.S. House Subcommittee on Communications and Technology, made it clear that,

“Frankly, if [shifting ICANN or IANA jurisdiction] were being proposed, I don't think that such a proposal would satisfy our criteria, specifically the one that requires that security and stability be maintained.”

Possibly, that argument made sense in 1998, due to the significant concentration of DNS expertise in the United States. However, in 2015, that argument is hardly convincing, and is frankly laughable.⁴

Targetting that remark, in ICANN 54 at Dublin, we asked Mr. Strickling:

"So as we understand it, the technical stability of the DNS doesn't necessarily depend on ICANN's jurisdiction being in the United States. So I wanted to ask would the US Congress support a multistakeholder and continuing in the event that it's shifting jurisdiction."

Mr. Strickling's response was:

"No. I think Congress has made it very clear and at every hearing they have extracted from Fadi a commitment that ICANN will remain incorporated in the United States. Now the jurisdictional question though, as I understand it having been raised from some other countries, is not so much jurisdiction in terms of where ICANN is located. It's much more jurisdiction over the resolution of disputes.

"And that I think is an open issue, and that's an appropriate one to be discussed. And it's one I think where ICANN has made some movement over time anyway.

"So I think you have to ... when people use the word jurisdiction, we need to be very precise about over what issues because where disputes are resolved and under what law they're resolved, those are separate questions from where the corporation may have a physical headquarters."

As we have shown above, jurisdiction is not only about the jurisdiction of "resolution of disputes", but also, as Mueller reminds us, about the requirement that ICANN (and now, the PTI) be "incorporated in, maintain a physical address in, and perform the IANA functions in the U.S. This makes IANA subject to U.S. law and provides America with greater political influence over ICANN."

In essence, the U.S. government has essentially said that they would veto the transition if the jurisdiction of ICANN or PTI's incorporation were to move out of the U.S., and they can prevent that from happening after the transition, since as things stand ICANN and PTI will still come within the U.S. Congress's jurisdiction.

Why Has the ICG Failed to Consider Jurisdiction?

Will the ICG proposal or the proposed new ICANN by-laws reduce existing U.S. control? No, they won't. (In fact, as we will argue below, the proposed new ICANN by-laws make this problem even worse.) The proposal by the names community ("the CWG proposal") still has a requirement (in Annex S) that the Post-Transition IANA (PTI) be incorporated in the United States, and a similar suggestion hidden away as a footnote. Further, the proposed by-laws for ICANN include the requirement that PTI be a California corporation. There was no discussion specifically on this issue, nor any documented community agreement on the specific issue of jurisdiction of PTI's incorporation.

Why wasn't there greater discussion and consideration of this issue? Because of two reasons: First, there were many that argued that the transition would be vetoed by the U.S. government and the U.S. Congress if ICANN and PTI were not to remain in the U.S. Secondly, the ICANN-formed ICG saw the US government’s actions very narrowly, as though the government were acting in isolation, ignoring the rich dialogue and debate that’s gone on earlier about the transition since the incorporation of ICANN itself.

While it would be no one’s case that political considerations should be given greater weightage than technical considerations such as security, stability, and resilience of the domain name system, it is shocking that political considerations have been completely absent in the discussions in the number and protocol parameters communities, and have been extremely limited in the discussions in the names community. This is even more shocking considering that the main reason for this transition is, as has been argued above, political.

It can be also argued that the certain IANA functions such as Root Zone Management function have a considerable political implication. It is imperative that the political nature of the function is duly acknowledged and dealt with, in accordance with the wishes of the global community. In the current process the political aspects of the IANA function has been completely overlooked and sidelined. It is important to note that this transition has not been a necessitated by any technical considerations. It is primarily motivated by political and legal considerations. However, the questions that the ICG asked the customer communities to consider were solely technical. Indeed, the communities could have chosen to overlook that, but they did not choose to do so. For instance, while the IANA customer community proposals reflected on existing jurisdictional arrangements, they did not reflect on how the jurisdictional arrangements should be post-transition , while this is one of the questions at the heart of the entire transition. There were no discussions and decisions as to the jurisdiction of the Post-Transition IANA: the Accountability CCWG's lawyers, Sidley Austin, recommended that the PTI ought to be a California non-profit corporation, and this finds mention in a footnote without even having been debated by the "global multistakeholder community", and subsequently in the proposed new by-laws for ICANN.

Why the By-Laws Make Things Worse & Why "Work Stream 2" Can't Address Most Jurisdiction Issues

The by-laws could have chosen to simply stayed silent on the matter of what law PTI would be incorporated under, but instead the by-law make the requirement of PTI being a California non-profit public benefit corporation part of the fundamental by-laws, which are close to impossible to amend.

While "Work Stream 2" (the post-transition work related to improving ICANN's accountability) has jurisdiction as a topic of consideration, the scope of that must necessarily discount any consideration of shifting the jurisdiction of incorporation of ICANN, since all of the work done as part of CCWG Accountability's "Work Stream 1", which are now reflected in the proposed new by-laws, assume Californian jurisdiction (including the legal model of the "Empowered Community"). Is ICANN prepared to re-do all the work done in WS1 in WS2 as well? If the answer is yes, then the issue of jurisdiction can actually be addressed in WS2. If the answer is no — and realistically it is — then, the issue of jurisdiction can only be very partially addressed in WS2.

Keeping this in mind, we recommended specific changes in the by-laws, all of which were rejected by CCWG's lawyers.

The Transition Plan Fails the NETmundial Statement

The NETmundial Multistakeholder Document, which was an outcome of the NETmundial process, states:

In the follow up to the recent and welcomed announcement of US Government with regard to its intent to transition the stewardship of IANA functions, the discussion about mechanisms for guaranteeing the transparency and accountability of those functions after the US Government role ends, has to take place through an open process with the participation of all stakeholders extending beyond the ICANN community

[...]

It is expected that the process of globalization of ICANN speeds up leading to a truly international and global organization serving the public interest with clearly implementable and verifiable accountability and transparency mechanisms that satisfy requirements from both internal stakeholders and the global community.

The active representation from all stakeholders in the ICANN structure from all regions is a key issue in the process of a successful globalization.

As our past analysis has shown, the IANA transition process and the discussions on the mailing lists that shaped it were neither global nor multistakeholder. The DNS industry represented in ICANN is largely US-based. 3 in 5 registrars are from the United States of America, whereas less than 1% of ICANN-registered registrars are from Africa. Two-thirds of the Business Constituency in ICANN is from the USA. While ICANN-the-corporation has sought to become more global, the ICANN community has remained insular, and this will not change until the commercial interests involved in ICANN can become more diverse, reflecting the diversity of users of the Internet, and a TLD like .COM can be owned by a non-American corporation and the PTI can be a non-American entity.

What We Need: Jurisdictional Resilience

It is no one's case that the United States is less fit than any other country as a base for ICANN, PTI, or the Root Zone Maintainer, or even as the headquarters for 9 of the world's 12 root zone operators (Verisign runs both the A and J root servers). However, just as having multiplicity of root servers is important for ensuring technical resilience of the DNS system (and this is shown in the uptake of Anycast by root server operators), it is equally important to have immunity of core DNS functioning from political pressures of the country or countries where core DNS infrastructure is legally situated and to ensure that we have diversity in terms of legal jurisdiction.

Towards this end, we at CIS have pushed for the concept of "jurisdictional resilience", encompassing three crucial points:

Legal immunity for core technical operators of Internet functions (as opposed to policymaking venues) from legal sanctions or orders from the state in which they are legally situated.
Division of core Internet operators among multiple jurisdictions
Jurisdictional division of policymaking functions from technical implementation functions

Of these, the most important is the limited legal immunity (akin to a greatly limited form of the immunity that UN organizations get from the laws of their host countries). This kind of immunity could be provided through a variety of different means: a host-country agreement; a law passed by the legislature; a U.N. General Assembly Resolution; a U.N.-backed treaty; and other such options exist. We are currently investigating which of these options would be the best option.

And apart from limited legal immunity, distribution of jurisdictional control is also valuable. As we noted in our submission to the ICG in September 2015:

Following the above precepts would, for instance, mean that the entity that performs the role of the Root Zone Maintainer should not be situated in the same legal jurisdiction as the entity that functions as the policymaking venue. This would in turn mean that either the Root Zone Maintainer function be taken up Netnod (Sweden-headquartered) or the WIDE Project (Japan-headquartered) [or RIPE-NCC, headquartered in the Netherlands], or that if the IANA Functions Operator(s) is to be merged with the RZM, then the IFO be relocated to a jurisdiction other than those of ISOC and ICANN. This, as has been stated earlier, has been a demand of the Civil Society Internet Governance Caucus. Further, it would also mean that root zone servers operators be spread across multiple jurisdictions (which the creation of mirror servers in multiple jurisdictions will not address).

However, the issue of jurisdiction seems to be dead-on-arrival, having been killed by the United States government.

Unfortunately, despite the primary motivation for demands for the IANA transition being those of removing the power the U.S. government exercises over the core of the Internet's operations in the form of the DNS, what has ended up happening through the IANA transition is that these powers have not only not been removed, but in some ways they have been entrenched further! While earlier, the U.S. had to specify that the IANA functions operator had to be located in the U.S., now ICANN's by-laws themselves will state that the post-transition IANA will be a California corporation. Notably, while the Montevideo Declaration speaks of "globalization" of ICANN and of the IANA functions, as does the NETmundial statement, the NTIA announcement on their acceptance of the transition proposals speaks of "privatization" of ICANN, and not "globalization".

All in all, the "independence" that IANA is gaining from the U.S. is akin to the "independence" that Brazil gained from Portugal in 1822. Dom Pedro of Brazil was then ruling Brazil as the Prince Regent since his father Dom João VI, the King of United Kingdom of Portugal, Brazil and the Algarves had returned to Portugal. In 1822, Brazil declared independence from Portugal (which was formally recognized through a treaty in 1825). Even after this "independence", Dom Pedro continued to rule Portugal just as he had before indepedence, and Dom João VI was provided the title of "Emperor of Brazil", aside from being King of the United Kingdom of Portugal and the Algarves. The "indepedence" didn't make a whit of a difference to the self-sufficiency of Brazil: Portugal continued to be its largest trading partner. The "independence" didn't change anything for the nearly 1 million slaves in Brazil, or to the lot of the indigenous peoples of Brazil, none of whom were recognized as "free". It had very little consequence not just in terms of ground conditions of day-to-day living, but even in political terms.

Such is the case with the IANA Transition: U.S. power over the core functioning of the Domain Name System do not stand diminished after the transition, and they can even arguably be said to have become even more entrenched. Meet the new boss: same as the old boss.

It is an allied but logically distinct issue that U.S. businesses — registries and registrars — dominate the global DNS industry, and as a result hold the reins at ICANN.↩
As Goldsmith & Wu note in their book Who Controls the Internet: "Back in 1998 the U.S. Department of Commerce promised to relinquish root authority by the fall of 2006, but in June 2005, the United States reversed course. “The United States Government intends to preserve the security and stability of the Internet’s Domain Name and Addressing System (DNS),” announced Michael D. Gallagher, a Department of Commerce official. “The United States” he announced, will “maintain its historic role in authorizing changes or modifications to the authoritative root zone file.”↩
Mr. Fadi Chehadé revealed in an interaction with Indian participants at ICANN 54 that he had a meeting "at the White House" about the U.S. plans for transition of the IANA contract before he spoke about that when he visited India in October 2013 making the timing of his White House visit around the time of the Montevideo Statement.↩
As an example, NSD, software that is used on multiple root servers, is funded by a Dutch foundation and a Dutch corporation, and written mostly by European coders.↩

For more details visit https://cis-india.org/internet-governance/blog/jurisdiction-the-taboo-topic-at-icann