Centre for Internet and Society

The High Level Privacy Conclave

Natasha Vaz — 2012-03-01T06:09:21Z

India in dire need of privacy law; experts say government is ironically creating huge national security risks in attempts to prevent crime and terrorism.

Privacy India, the Centre for Internet and Society and the Society in Action Group, with support from Privacy International, have spent 18 months studying the state of privacy across India, conducting consultations in Kolkata, Bangalore, Ahmedabad, Guwahati, Chennai and Mumbai. Today, the results of their research were discussed by representatives from government, industry, media and civil society at a high-level conclave in Delhi. In attendance were Manish Tewari MP, Microsoft Director of Corporate Affairs Deepak Maheshwari and P.K.H. Tharakan former Chief of the Research and Analysis Wing. A privacy symposium open to the general public will be held tomorrow afternoon at the Indian International Centre.

The 130-page long Country report details how government bodies like the National Technical Research Organization (NTRO) engage in pervasive and frequently unauthorized wiretapping, listening in on the private conversations of politicians and ordinary citizens alike. The Cabinet Secretary himself, in a report last year, noted that a body like the Central Board of Direct Taxes should never have been authorized to conduct telephone tapping, as the Supreme Court had long ago made clear. Privacy problems are arising from UID, NPR, and other e-governance projects that involve the creation of databases and the collection of personal information. Indian citizens are losing the ability to control who has access to their information, what that information says about them and how that information is used.

Overall, the study paints a picture of a dysfunctional system, with multiple pieces of legislation dealing with sectoral privacy-related issues like health, banking, phone tapping etc and no overarching legal guarantee of privacy. As Manish Tewari observed today, there is a nationwide lack of understanding about new technologies and judges are very rarely technologically literate. This has created a situation in which the government's efforts to fight crime and terrorism by intercepting communications has horribly backfired. By building backdoors into communications systems to allow lawful access, and by restricting cryptography to a 40-bit limit, the authorities have created serious vulnerabilities in India's communications system that can be easily exploited by any malicious third party or foreign government.

Gus Hosein, Executive Director of Privacy International: "In their efforts to preserve and defend democratic society, India has undermined the very thing it wanted to protect. Both citizens and state are now at serious risk of being spied upon by anyone with a small amount of technological know-how and a computer."

Usha Ramanathan, social and political activist, said: "In the name of state transparency, government projects are in fact rendering citizens transparent to the State, rather than the other way round. A comprehensive privacy law for India cannot come soon enough."

Privacy India

Privacy India was established in 2010 with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India. One of our goals is to build consensus towards the promulgation of comprehensive privacy legislation in India through consultations with the public, policymakers, legislators and the legal and academic community.

For more details visit http://editors.cis-india.org/internet-governance/the-high-level-privacy-conclave

The Hazards of a Non-neutral Internet

geetha — 2015-05-27T16:07:36Z

Spurred by recent events, India’s policy circles are dancing to the complex tunes of net neutrality. Airtel came under fire for pricing calls made over the Internet differentially; it has since withdrawn this plan. Airtel and Reliance Communications are caught in the storm as Airtel Zero and Internet.org, the Facebook-spearheaded product for low-cost Internet access, face stiff criticism for violating net neutrality. Companies like Flipkart, which earlier supported these products, have stepped back and are throwing their weight behind net neutrality. The Department of Telecommunications has set up a six-member panel to consult on net neutrality.

A modified version of the blog entry was published as an article titled "A must for free speech" in the Week on April 18, 2015

Responding to concerns, the Telecom Regulatory Authority of India (TRAI) released a consultation paper on OTT services on March 27, 2015. TRAI has called for public comments to be sent by April 24, 2015, and counter-comments to be sent by May 8, 2015. The TRAI consultation paper raises several crucial issues, including net neutrality. Given the heightened interest in the issue, let us two steps back and revisit the basics about net neutrality.

What is net neutrality?

In the simplest terms, net neutrality is the principle by which the carrier (telco/ISP like Reliance, Airtel) is prohibited from discriminating between any two ‘packets’ of data carried over its network. That is, ISPs ought not treat data packets differently, no matter what the content, source or price.

It follows, then, that when packets are given differential treatment, the principle of net neutrality is violated. As Centre for Internet and Society’s Sunil Abraham explains, differential treatment may occur in many ways: first, carriers may provide consumers with free access to certain websites or web content, while charging the sender or destination; second, ISPs may throttle traffic of one website/company to give it priority over other sites (the website will then load faster than others); third, ISPs may refuse access to some websites unless consumers or content-providers pay extra charges. Other violations abound too; this list is merely illustrative.

Diversity, Innovation & Competition: The Costs of Net Non-neutrality

Let us take zero-rating to explore the impacts of a net neutrality violation. In Internet.org and Airtel Zero, companies like Facebook and Flipkart (prior to the latter’s withdrawal) pay to provide users with free access to their cluster of websites; these are examples of “zero-rating”. Telcos and content-providers like Facebook argue that this is crucial to expand Internet access in price-sensitive markets like India. While this is an important consideration, zero-rating can have detrimental impacts on free speech and diversity, competition and innovation. It can result in “walled gardens” and a diversity-trap, where the only sites we can access are the walled gardens of curated information compiled by Facebook and the like.

Today, we can access an unprecedented variety of content across freely accessible platforms. We pay for our Internet connections and for data, but the content we access is neither set nor monitored by ISPs or content-providers, unless legally mandated to do so under Section 69 of Information Technology Act, 2000. Our freedom to access and receive diverse information is not curated by the companies themselves (as Facebook would in Internet.org) or their ability to pay ISPs to carry traffic. But with zero-rating, preferential access or traffic throttling, content diversity will suffer.

Of course, impact of receding diversity of content may not be felt in the short term, if access is made the priority. However, if net non-neutrality is allowed to continue in perpetuity, this may result in corporate curation and censorship of content. Moreover, since established players can better shell out the money needed for zero-rated or prioritised access, new companies and start-ups may find their entry blocked. Such a possibility is vexing for innovation, as greater costs will disincentivise smaller players from entering the market. There is also an impact on competition: entrenched players who can afford to pay carriers will dig their heels deeper, and become the sole curators of content. This is censorship by market design.

Access and Self-preservation, say the Telcos

Some telecom operators and ISPs argue that zero-rating is essential for universal access to data services, a dream of the Digital India mission. They also stress that OTTs like Whatsapp, Viber, Skype and others are free-riding on their networks and usurping their revenue, since it is the telcos and not OTTs who pay licence fees and spectrum charges. Finally, telcos and ISPs say that treating packets differently is a form of network and traffic management; such management is crucial to an efficient and open Internet, and is an age-old practice of operators.

Of course, traffic and network management practices do exist, and operators do block or manage speeds during congestion periods or when there are security threats. As users, we also experience different Internet speeds depending on the hardware and software employed by operators, the time of day, the type of content accessed (video/ audio/ text), etc. As Christopher Yoo says, operators should be free to experiment with network management practices (‘network diversity’) so long as consumers and competition suffer no detriment.

But as reports show, net non-neutrality practices have negative impacts on speech diversity, innovation and competition, among others. Any proposal to grant legal recognition to net non-neutrality practices like zero-rating, traffic-prioritization or others, which depend on the consumer or content-provider’s ability to pay and result in differential treatment of data packets, must answer these concerns and provide safeguards. In Shreya Singhal, the Supreme Court affirmed the value of freedom of speech and diversity; saying that “…a culture of open dialogue is important”, the Court declared that “…we need to tolerate unpopular views”. Internet companies and telcos provide the platforms to make such views available. Through traffic prioritization and zero-rating, and by chilling innovation and competition, net neutrality violations can stifle speech diversity. The Department of Telecom and TRAI must remember this when debating a net neutrality regulation.

For more details visit http://editors.cis-india.org/internet-governance/blog/the-week-april-18-2015-geetha-hariharan-hazards-of-non-neutral-internet

The Habit of Care: Technologies of Living and Laboring Cyborgs at World Social Science Forum 2013

praskrishna — 2013-08-28T09:19:43Z

The World Social Science Forum 2013 organized by International Social Science Council will take place in Palais des Congrès de Montréal, Canada from October 13 to 15, 2013. Dr. Nishant Shah is participating in the event as a panelist and will speak on "The Habit of Care: Technologies of Living and Laboring Cyborgs".

This was published on the World Science Forum website.

Within the larger discourse around digital cultures, much attention is given to care. Care infrastructure includes physical infrastructure of access to remote spaces, regulatory and policy environments to control the digital spaces, redesigned geographies to house the new populations created by the ICT industries, and is discussed in disciplines as varied as Artificial Intelligence and Climate Change. Care Technologies find obvious resonances with the Foucaultian idea of ‘Technologies of the Self’, reminding us of the normative nature of measurement, cognition, discipline and punishment that is an inherent part of care.

The responses to Care Technologies and the Labor of Caring are not uniform. Some clearly identify the emergence of Care Technologies as a new form of alienation of labour, leading to discrimination and inequity. Others celebrate the ways in which the penetrative nature of the digital – from deep space probes to the sub-molecular conception of the human – allow us to imagine social interactions and our relationships with our own bodies in new ways.

In all the discourse around Care, there is silence about its form, function and nature. While attention is given to infrastructure, labour, politics, production and the intelligibility of care practices, we haven’t yet tried to fathom the conditions and generation of care, relegating it to the realm of the private and the subjective. Combining practice and theory, in different parts of the Global South, and inspired by gender and sexuality studies, this panel looks at Care as a Habit. We focus on the ‘care of technologies’, showing how the forced separation of care and technology needs to be revisited to look at conditions of being human, being social and being political. Working through diverse geographical and political contexts, the panel illustrates the tensions in understanding and engaging with Care and why there is a need to find new vocabularies and relationships to deal with this area.

Coordinator:

Dr. Nishant Shah

Dr. Radhika Gajjala

Organization/Institution:

Centre for Internet and Society and Bowling Green State University

Schedule:

Tuesday, October 15, 2013 - 09:00 - 10:45

Room:

520AD

Nishant Shah

Dr. Nishant Shah is the co-founder and Research Director at the Centre for Internet and Society, Bangalore, India. He is an International Tandem Partner at the Centre for Digital Cultures, Leuphana University, Germany and a Knowledge Partner with the Hivos Knowledge Programme, The Netherlands. He is committed to producing infrastructure, frameworks and collaborations in the global south to understand and analyse the ways in which the emergence of digital technologies have shaped the contemporary social, political and cultural milieu. He edits a series of monographs on ‘Histories of Internet(s) in India’ that examine the complicated relationship that technologies have with questions of gender, sexuality, body, city, governance, archiving and gaming. He was the principle researcher for a research programme that produced the four-volume anthology ‘Digital AlterNatives With a Cause?’, examining the ways in which young people’s relationship with digital technologies produces changes in their immediate environments. Nishant is on the steering committee of the MacArthur Foundation’s Digital Media and Learning Project (USA) as well as on the Media Art Histories collective (Latvia). He is involved with the Inter-Asia Cultural Studies Consortium (Taiwan/S. Korea/Hong Kong) and the global Network of Centres for Internet and Society housed at the Berkman Centre for Internet & Society, USA. He is committed to encouraging multi-stakeholder dialogue and hence regularly does public consultations and trainings for civil society and NGOs, governments, academic partners and private corporate entities. He is a regular speaker at events like Re:publica and Video Vortex and a columnist with India’s leading English language newspaper The Indian Express. His academic and research publications reflect his political stance on open access and open knowledge infrastructure and are all available for free download and distribution under open license.

Schedule Overview

Saturday, October 12
15:00-18:00 Pre-Registration

Sunday, October 13 (Day 1)
09:00-19:30 Registration
11:00-12:45 Plenary I
11:30-17:00 Exhibition Opens
13:00-14:45 Panel Session 1
15:00-16:45 Panel Session 2
17:30 Opening Ceremony and Reception

Monday, October 14 (Day 2)
08:30-17:30 Registration
09:30-17:00 Exhibition Opens
09:00-10:45 Panel Session 3
11:00-12:45 Plenary II
13:00-14:45 Panel Session 4
15:00-16:45 Panel Session 5
17:00-18:45 Panel Session 6
20:00 Movie Night with the NFB

Tuesday, October 15 (Day 3)
08:30-17:30 Registration
09:30-17:00 Exhibition Opens
09:00-10:45 Panel Session 7
11:00-12:45 Panel Session 8
13:00-14:45 Awards Luncheon
15:00-16:45 Panel Session 9
17:00-18:45 Plenary III
18:45 Closing Ceremony and Reception

For more details visit http://editors.cis-india.org/news/wssf2013-october-15-2013-panel-habit-care-technologies-living-and-laboring-cyborgs

The Government’s Increased Focus on Regulating Non-Personal Data: A Look at the Draft National Data Governance Framework Policy

Digvijay Chaudhary and Anamika Kundu — 2022-06-30T13:24:35Z

Digvijay Chaudhary and Anamika Kundu wrote an article on the National Data Governance Framework Policy. It was edited by Shweta Mohandas.

Introduction

Non Personal Data (‘NPD’) can be understood as any information not relating to an identified or identifiable natural person. The origin of such data can be both human and non-human. Human NPD would be such data which has been anonymised in such a way that the person to whom the data relates cannot be re-identified. Non-human NPD would mean any such data that did not relate to a human being in the first place, for example, weather data. There has been a gradual demonstrated interest in NPD by the government in recent times. This new focus on regulating non personal data can be owed to the economic incentive it provides. In its report, the Sri Krishna committee, released in 2018 agreed that NPD holds considerable strategic or economic interest for the nation, however, it left the questions surrounding NPD to a future committee.

History of NPD Regulation

In 2020, the Ministry of Electronics and Information Technology (‘MEITY’) constituted an expert committee (‘NPD Committee’) to study various issues relating to NPD and to make suggestions on the regulation of non-personal data. The NPD Committee differentiated NPD into human and non-human NPD, based on the data’s origin. Human NPD would include all information that has been stripped of any personally identifiable information and non-human NPD meant any information that did not contain any personally identifiable information in the first place (eg. weather data). The final report of the NPD Committee is awaited but the Committee came out with a revised draft of its recommendations in December 2020. In its December 2020 report, the NPD Committee proposed the creation of a National Data Protection Authority (‘NPDA’) as it felt this is a new and emerging area of regulation. Thereafter, the Joint Parliamentary Committee on the Personal Data Protection Bill, 2019 (‘JPC’) came out with its version of the Data Protection Bill where it amended the short title of the PDP Bill 2019 to Data Protection Bill, 2021 widening the ambit of the Bill to include all types of data. The JPC report focuses only on human NPD, noting that non-personal data is essentially derived from one of the three sets of data - personal data, sensitive personal data, critical personal data - which is either anonymized or is in some way converted into non-re-identifiable data.

On February 21, 2022, the Ministry of Electronics and Information Technology (‘MEITY’) came out with the Draft India Data Accessibility and Use Policy, 2022 (‘Draft Policy’). The Draft Policy was strongly criticised mainly due to its aims to monetise data through its sale and licensing to body corporates. The Draft Policy had stated that anonymised and non-personal data collected by the State that has “undergone value addition” could be sold for an “appropriate price”. During the Draft Policy’s consultation process, it had been withdrawn several times and then finally removed from the website. The National Data Governance Framework Policy (‘NDGF Policy’) is a successor to this Draft Policy. There is a change in the language put forth in the NDGF Policy from the Draft Policy, where the latter mainly focused on monetary growth. The new NDGF Policy aims to regulate anonymised non-personal data (‘NPD’) kept with governmental authorities and make it accessible for research and improving governance. It wishes to create an ‘India Datasets programme’ which will consist of the aforementioned datasets. While MEITY has opened the draft for public comments, is a need to spell out the procedure in some ways for stakeholders to draft recommendations for the NDGF policies in an informed manner. Through this piece, we discuss the NDGF Policy in terms of issues related to the absence of a comprehensive Data Protection Framework in India and the jurisdictional overlap of authorities under the NDGF Policy and DPB.

What the National Data Governance Framework Policy Says

Presently in India, NPD is stored in a variety of governmental departments and bodies. It is difficult to access and use this stored data for governmental functions without modernising collection and management of governmental data. Through the NDGF Policy, the government aims to build an Indian data storehouse of anonymised non-personal datasets and make it accessible for both improving governance and encouraging research. It imagines the establishment of an Indian Data Office (‘IDO’) set up by MEITY , which shall be responsible for consolidating data access and sharing of non-personal data across the government. In addition, it also mandates a Data Management Unit for every Ministry/department that would work closely with the IDO. IDO will also be responsible for issuing protocols for sharing NPD. The policy further imagines an Indian Data Council (‘IDC’) whose function would be to define frameworks for important datasets, finalise data standards, and Metadata standards and also review the implementation of the policy. The NDGF Policy has provided a broad structure concerning the setting up of anonymisation standards, data retention policies, data quality, and data sharing toolkit. The NDGF Policy states that these standards shall be developed and notified by the IDO or MEITY or the Ministry in question and need to be adhered to by all entities.

The Data Protection Framework in India

The report adopted by the JPC, felt that it is simpler to enact a single law and a single regulator to oversee all the data that originates from any data principal and is in the custody of any data fiduciary. According to the JPC, the draft Bill deals with various kinds of data at various levels of security. The JPC also recommended that since the Data Protection Bill (‘DPB’) will handle both personal and non-personal data, any further policy / legal framework on non-personal data may be made a part of the same enactment instead of any separate legislation. The draft DPB states that what is to be done with the NDP shall be decided by the government from time to time according to its policy. As such, neither the DPB, 2021 nor the NDGF Policy go into details of regulating NPD but only provide a broad structure of facilitating free-flow of NPD, without taking into account the specific concerns that have been raised since the NPD committee came out with its draft report on regulating NPD dated December 2020.

Jurisdictional overlaps among authorities and other concerns

Under the NDGF policy, all guidelines and rules shall be published by a body known as the Indian Data Management Office (‘IDMO’). The IDMO is set to function under the MEITY and work with the Central government, state governments and other stakeholders to set standards. Currently, there is no sign of when the DPB will be passed as law. According to the JPC, the reason for including NPD within the DPB was because of the impossibility to differentiate between PD and NPD. There are also certain overlaps between the DPB and the NDGF which are not discussed by the NDGF. NDGF does not discuss the overlap between the IDMO and Data Protection Authority (‘DPA’) established under the DPB 2021.

Under the DPB, the DPA is tasked with specifying codes of practice under clause 49. On the other hand, the NDGF has imagined the setting up of IDO, IDMO, and the IDC, which shall be responsible for issuing codes of practice such as data retention, and data anonymisation, and data quality standards. As such, there appears to be some overlap in the functions of the to-be-constituted DPA and the NDGF Policy.

Furthermore, while the NDGF Policy aims to promote openness with respect to government data, there is a conflict with open government data (‘OGD’) principles when there is a price attached to such data. OGD is data which is collected and processed by the government for free use, reuse and distribution. Any database created by the government must be publicly accessible to ensure compliance with the OGD principles.

Conclusion

Streamlining datasets across different authorities is a huge challenge for the government and hence the NGDF policy in its current draft requires a lot of clarification. The government can take inspiration from the European Union which in 2018, came out with a principles-based approach coupled with self-regulation on the framework of the free flow of non-personal data. The guidance on the free-flow of non-personal data defines non-personal data based on the origin of data - data which originally did not relate to any personal data (non-human NPD) and data which originated from personal data but was subsequently anonymised (human NPD). The regulation further realises the reality of mixed data sets and regulates only the non-personal part of such datasets and where the datasets are inextricably linked, the GDPR would apply to such datasets. Moreover, any policy that seeks to govern the free flow of NPD ought to make it clear that in case of re-identification of anonymised data, such re-identified data would be considered personal data. The DPB, 2021 and the NGDF, both fail to take into account this difference.

For more details visit http://editors.cis-india.org/internet-governance/blog/national-data-governance-framework-policy

The Geopolitics of Cyberspace: A Compendium of CIS Research

arindrajit — 2021-11-15T14:48:49Z

Cyberspace is undoubtedly shaping and disrupting commerce, defence and human relationships all over the world. Opportunities such as improved access to knowledge, connectivity, and innovative business models have been equally met with nefarious risks including cyber-attacks, disinformation campaigns, government driven digital repression, and rabid profit-making by ‘Big Tech.’ Governments have scrambled to create and update global rules that can regulate the fair and equitable uses of technology while preserving their own strategic interests.

With a rapidly digitizing economy and clear interests in shaping global rules that favour its strategic interests, India stands at a crucial juncture on various facets of this debate. How India governs and harnesses technology, coupled with how India translates these values and negotiates its interests globally, will surely have an impact on how similarly placed emerging economies devise their own strategies. The challenge here is to ensure that domestic technology governance as well as global engagements genuinely uphold and further India’s democratic fibre and constitutional vision.

Since 2018, researchers at the Centre for Internet and Society have produced a body of research including academic writing, at the intersection of geopolitics and technology covering global governance regimes on trade and cybersecurity, including their attendant international law concerns, the digital factor in bilateral relationships (with a focus on the Indo-US and Sino-Indian relationships). We have paid close focus to the role of emerging technologies in this debate, including AI and 5G as well as how private actors in the technology domain, operating across national jurisdictions, are challenging and upending traditionally accepted norms of international law, global governance, and geopolitics.

The global fissures in this space matter fundamentally for individuals who increasingly use digital spaces to carry out day to day activities: from being unwitting victims of state surveillance to harnessing social media for causes of empowerment to falling prey to state-sponsored cyber attacks, the rules of cyber governance, and its underlying politics. Yet, the rules are set by a limited set of public officials and technology lawyers within restricted corridors of power. Better global governance needs more to be participatory and accessible. CIS’s research and writing has been cognizant of this, and attempted to merge questions of global governance with constitutional and technical questions that put individuals and communities centre-stage.

Research and writing produced by CIS researchers and external collaborators from 2018 onward is detailed in the appended compendium.

Compendium

Global cybersecurity governance and cyber norms

Two decades since a treaty governing state behaviour in cyberspace was mooted by Russia, global governance processes have meandered along. The security debate has often been polarised along “Cold War” lines but the recent amplification of cyberspace governance as developmental, social and economic has seen several new vectors added to this debate. This past year two parallel processes at the United Nations General Assembly’s First Committee on Disarmament and International Security-United Nations Group of Governmental Experts (UN-GGE) and the United Nations Open Ended Working Group managed to produce consensus reports but several questions on international law, norms and geopolitical co-operation remain. India has been a participant at these crucial governance debates. Both the substance of the contribution, along with its implications remain a key focus area for our research.

Edited Volumes

Karthik Nachiappan and Arindrajit Basu India and Digital World-Making, Seminar 731, 1 July 2020 (featuring contributions from Manoj Kewalramani, Gunjan Chawla, Torsha Sarkar, Trisha Ray, Sameer Patil, Arun Vishwanathan, Vidushi Marda, Divij Joshi, Asoke Mukerji, Pallavi Raghavan, Karishma Mehrotra, Malavika Raghavan, Constantino Xavier, Rajen Harshe' and Suman Bery)

Long-Form Articles

Arindrajit Basu and Elonnai Hickok, Cyberspace and External Affairs: A Memorandum for India (Memorandum, Centre for Internet and Society, 30 Nov 2018)
The Potential for the Normative Regulation of Cyberspace (White Paper, Centre for Internet and Society, 30 July 2018)
Arindrajit Basu and Elonnai Hickok Conceptualizing an International Security Architecture for cyberspace (Briefings of the Global Commission on the Stability of Cyberspace, Bratislava, Slovakia, May 2018)
Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah, and Akriti Bopanna, India's contribution to internet governance debates (NLUD Student Law Journal, 2018)

Blog Posts and Op-eds

Arindrajit Basu, Irene Poetranto, and Justin Lau, The UN struggles to make progress in cyberspace, Carnegie Endowment for International Peace, May 19th, 2021
Andre’ Barrinha and Arindrajit Basu, Could cyber diplomacy learn from outer space, EU Cyber Direct, 20th April 2021
Arindrajit Basu and Pranesh Prakash, Patching the gaps in India’s cybersecurity, The Hindu, 6th March 2021
Arindrajit Basu and Karthik Nachiappan, Will India negotiate in cyberspace?, Leiden Security and Global Affairs blog,December 16, 2020
Elizabeth Dominic, The debate over internet governance and cybercrimes: West vs the rest?, Centre for Internet and Society, June 08, 2020
Arindrajit Basu, India’s role in Global Cyber Policy Formulation, Lawfare, Nov 7, 2019
Pukhraj Singh, Before cyber norms,let's talk about disanalogy and disintermediation, Centre for Internet and Society, Nov 15th, 2019
Arindrajit Basu and Karan Saini, Setting International Norms of Cyber Conflict is Hard, But that Doesn’t Mean that We Should Stop Trying, Modern War Institute, 30th Sept, 2019
Arindrajit Basu, Politics by other means: Fostering positive contestation and charting red lines through global governance in cyberspace (Digital Debates, Volume 6, 2019)
Arindrajit Basu, Will the WTO Finally Tackle the ‘Trump’ Card of National Security? (The Wire, 8th May 2019)

Policy Submissions

Arindrajit Basu, CIS Submission to OEWG (Centre for Internet and Society, Policy Submission, 2020)
Aayush Rathi, Ambika Tandon, Elonnai Hickok, and Arindrajit Basu. “CIS Submission to UN High-Level Panel on Digital Cooperation.” Policy submission. Centre for Internet and Society, January 2019.
Arindrajit Basu,Gurshabad Grover, and Elonnai Hickok. “Response to GCSC on Request for Consultation: Norm Package Singapore.” Centre for Internet and Society, January 17, 2019.
Arindrajit Basu and Elonnai Hickok. Submission of Comments to the GCSC Definition of ‘Stability of Cyberspace (Centre for Internet and Society, September 6, 2019)

Digital Trade and India's Political Economy

The modern trading regime and its institutions were born largely into a world bereft of the internet and its implications for cross-border flow and commerce. Therefore, regulatory ambitions at the WTO have played catch up with the technological innovation that has underpinned the modern global digital economy. Driven by tech giants, the “developed” world has sought to restrict the policy space available to the emerging world to impose mandates regarding data localisation, source code disclosure, and taxation - among other initiatives central to development. At the same time emerging economies have pushed back, making for a tussle that continues to this day. Our research has focussed both on issues of domestic political economy and data governance,and the implications these domestic issues have on how India and other emerging economies negotiate at the world stage.

Long-Form articles and essays

Arindrajit Basu, Elonnai Hickok and Aditya Chawla, T he Localisation Gambit: Unpacking policy moves for the sovereign control of data in India (Centre for Internet and Society, March 19, 2019)
Arindrajit Basu,Sovereignty in a datafied world: A framework for Indian diplomacy in Navdeep Suri and Malancha Chakrabarty (eds) A 2030 Vision for India’s Economic Diplomacy (Observer Research Foundation 2021)
Amber Sinha, Elonnai Hickok, Udbhav Tiwari and Arindrajit Basu, Cross Border Data-Sharing and India (Centre for Internet and Society, 2018)

Blog posts and op-eds

Arindrajit Basu, Can the WTO build consensus on digital trade, Hinrich Foundation,October 05,2021
Amber Sinha, The power politics behind Twitter versus Government of India, The Wire, June 03, 2021
Karthik Nachiappan and Arindrajit Basu, Shaping the Digital World, The Hindu, 30th July 2020
Arindrajit Basu and Karthik Nachiappan, India and the global battle for data governance, Seminar 731, 1st July 2020
Amber Sinha and Arindrajit Basu, Reliance Jio-Facebook deal highlights India’s need to revisit competition regulations, Scroll, 30th April 2020
Arindrajit Basu and Amber Sinha, The realpolitik of the Reliance-Jio Facebook deal, The Diplomat, 29th April 2020
Arindrajit Basu, The Retreat of the Data Localization Brigade: India, Indonesia, Vietnam, The Diplomat, Jan 10, 2020
Amber Sinha and Arindrajit Basu, The Politics of India’s Data Protection Ecosystem, EPW Engage, 27 Dec 2019
Arindrajit Basu and Justin Sherman, Key Global Takeaways from India’s Revised Personal Data Protection Bill, Lawfare, Jan 23, 2020
Nikhil Dave,“Geo-Economic Impacts of the Coronavirus: Global Supply Chains.” Centre for Internet and Society , June 16, 2020.

International Law and Human Rights

International law and human rights are ostensibly technology neutral, and should lay the edifice for digital governance and cybersecurity today. Our research on international human rights has focussed on global surveillance practices and other internet restrictions employed by a variety of nations, and the implications this has for citizens and communities in India and similarly placed emerging economies. CIS researchers have also contributed to, and commented on World Intellectual Property Organization negotiations at the intersection of international Intellectual Property (IP) rules and the human rights.

Long-form article

Arindrajit Basu, Extra Territorial Surveillance and the incapacitation of international human rights law, 12 NUJS LAW REVIEW 2 (2019)
Gurshabad Grover and Arindrajit Basu, ”Internet Blockage”(Scenario contribution to NATO CCDCOE Cyber Law Toolkit,2021)
Arindrajit Basu and Elonnai Hickok, Conceptualizing an international framework for active private cyber defence (Indian Journal of Law and Technology, 2020)
Arindrajit Basu,Challenging the dogmatic inevitability of extraterritorial state surveillance in Trisha Ray and Rajeswari Pillai Rajagopalan (eds) Digital Debates: CyFy Journal 2021 (New Delhi:ORF and Global Policy Journal,2021)

Blog Posts and op-eds

Arindrajit Basu, “Unpacking US Law And Practice On Extraterritorial Mass Surveillance In Light Of Schrems II”, Medianama, 24th August 2020
Anubha Sinha, “World Intellectual Property Organisation: Notes from the Standing Committee on Copyright Negotiations (Day 1, Day 2, Day 3 and 4)”, July 2021
Raghav Ahooja and Torsha Sarkar,How (not) to regulate the internet:Lessons from the Indian Subcontinent,Lawfare,September 23,2021,

Bilateral Relationships

Technology has become a crucial factor in shaping bilateral and plurilateral co-operation and competition. Given the geopolitical fissures and opportunities since 2020, our research has focussed on how technology governance and cybersecurity could impact the larger ecosystem of Indo-China and India-US relations. Going forward, we hope to undertake more research on technology in plurilateral arrangements, including the Quadrilateral Security Dialogue.

Arindrajit Basu and Justin Sherman, The Huawei Factor in US-India Relations,The Diplomat, 22 March 2021
Aman Nair, “TIkTok: It’s Time for Biden to Make a Decision on His Digital Policy with China,” Centre for Internet and Society, January 22, 2021,
Arindrajit Basu and Gurshabad Grover, India Needs a Digital Lawfare Strategy to Counter China, The Diplomat, 8th October 2020
Anam Ajmal, The app ban will have an impact on the holding companies...global power projection begins at home, Times of India, July 7th, 2020 (Interview with Arindrajit Basu)
Justin Sherman and Arindrajit Basu, Trump and Modi embrace, but remain digitally divided, The Diplomat, March 05th, 2020

Emerging Technologies

Governance needs to keep pace with the technological challenges posed by emerging technologies, including 5G and AI. To do so an interdisciplinary approach that evaluates these scientific advances in line with the regimes that govern them is of utmost importance. While each country will need to regulate technology through the lens of their strategic interests and public policy priorities, it is clear that geopolitical tensions on standard-setting and governance models compels a more global outlook.

Long-Form reports

Anoushka Soni and Elizabeth Dominic, Legal and Policy implications of Autonomous weapons systems (Centre for Internet and Society, 2020)
Aayush Rathi, Gurshabad Grover, and Sunil Abraham, Regulating the internet: The Government of India & Standards Development at the IETF (Centre for Internet and Society, 2018)

Blog posts and op-eds

Aman Nair, Would banning Chinese telecom companies make India 5G secure in India? Centre for Internet and Society, 22nd December 2020
Arindrajit Basu and Justin Sherman, Two New Democratic Coalitions on 5G and AI Technologies, Lawfare, 6th August 2020
Nikhil Dave, The 5G Factor: A Primer, Centre for Internet and Society, July 20, 2020.
Gurshabad Grover, The Huawei bogey Indian Express, May 30th, 2019
Arindrajit Basu and Pranav MB, What is the problem with 'Ethical AI'?:An Indian perspective, Centre for Internet and Society, July 21, 2019

(This compendium was drafted by Arindrajit Basu with contributions from Anubha Sinha. Aman Nair, Gurshabad Grover, and Pranav MB reviewed the draft and provided vital insight towards its conceptualization and compilation. Dishani Mondal and Anand Badola provided important inputs at earlier stages of the process towards creating this compendium)

For more details visit http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-september-24-2021-the-geopolitics-of-cyberspace-compendium-of-cis-research

The generation of e-Emergency

sunil — 2015-06-29T16:40:54Z

The next generation of censorship technology is expected to be ‘real-time content manipulation’ through ISPs and Internet companies.

The article was published in Livemint on June 22, 2015.

Censorship during the Emergency in the 1970s was done by clamping down on the media by intimidating editors and journalists, and installing a human censor at every news agency with a red pencil. In the age of both multicast and broadcast media, thought and speech control is more expensive and complicated but still possible to do. What governments across the world have realized is that traditional web censorship methods such as filtering and blocking are not effective because of circumvention technologies and the Streisand effect (a phenomenon in which an attempt to hide or censor information proves to be counter-productive). New methods to manipulate the networked public sphere have evolved accordingly. India, despite claims to the contrary, still does not have the budget and technological wherewithal to successfully pull off some of the censorship and surveillance techniques described below, but thanks to Moore’s law and to the global lack of export controls on such technologies, this might change in the future.

First, mass technological-enabled surveillance resulting in self-censorship and self-policing. The coordinated monitoring of Occupy protests in the US by the Department of Homeland Security, the Federal Bureau of Investigation (FBI) counter-terrorism units, police departments and the private sector showcased the bleeding edge of surveillance technologies. Stingrays or IMSI catchers are fake mobile towers that were used to monitor calls, Internet traffic and SMSes. Footage from helicopters, drones, high-res on-ground cameras and the existing CCTV network was matched with images available on social media using facial recognition technology. This intelligence was combined with data from the global-scale Internet surveillance that we know about thanks to the National Security Agency (NSA) whistle-blower Edward Snowden, and what is dubbed “open source intelligence” gleaned by monitoring public social media activity; and then used by police during visits to intimidate activists and scare them off the protests.

Second, mass technological gaming—again, according to documents released by Snowden, the British spy agency, GCHQ (Government Communications Headquarters), has developed tools to seed false information online, cast fake votes in web polls, inflate visitor counts on sites, automatically discover content on video-hosting platform and send takedown notices, permanently disable accounts on computers, find private photographs on Facebook, monitor Skype activity in real time and harvest Skype contacts, prevent access to certain websites by using peer-to-peer based distributed denial of service attacks, spoof any email address and amplify propaganda on social media. According to The Intercept, a secret unit of GCHQ called the Joint Threat Research Intelligence Group (JTRIG) combined technology with psychology and other social sciences to “not only understand, but shape and control how online activism and discourse unfolds”. The JTRIG used fake victim blog posts, false flag operations and honey traps to discredit and manipulate activists.

Third, mass human manipulation. The exact size of the Kremlin troll army is unknown. But in an interview with Radio Liberty, St. Petersburg blogger Marat Burkhard (who spent two months working for Internet Research Agency) said, “there are about 40 rooms with about 20 people sitting in each, and each person has their assignments.” The room he worked in had each employee produce 135 comments on social media in every 12-hour shift for a monthly remuneration of 45,000 rubles. According to Burkhard, in order to bring a “feeling of authenticity”, his department was divided into teams of three—one of them would be a villain troll who would represent the voice of dissent, the other two would be the picture troll and the link troll. The picture troll would use images to counter the villain troll’s point of view by appealing to emotion while the link troll would use arguments and references to appeal to reason. In a day, the “troika” would cover 35 forums.

The next generation of censorship technology is expected to be “real-time content manipulation” through ISPs and Internet companies. We have already seen word filters where blacklisted words or phrases are automatically expunged. Last week, Bengaluru-based activist Thejesh GN detected that Airtel was injecting javascript into every web page that you download using a 3G connection. Airtel claims that it is injecting code developed by the Israeli firm Flash Networks to monitor data usage but the very same method can be used to make subtle personalized changes to web content. In China, according to a paper by Tao Zhu et al titled The Velocity of Censorship: High-Fidelity Detection of Microblog Post Deletions, “Weibo also sometimes makes it appear to a user that their post was successfully posted, but other users are not able to see the post. The poster receives no warning message in this case.”

More than two decades ago, John Gilmore, of Electronic Frontier Foundation, famously said, “the Net interprets censorship as damage and routes around it.” That was when the topology of the Internet was highly decentralized and there were hundreds of ISPs that competed with each other to provide access. Given the information diet of the average netizen today, the Internet is, for all practical purposes, highly centralized and therefore governments find it easier and easier to control.

For more details visit http://editors.cis-india.org/internet-governance/blog/livemint-june-22-2015-sunil-abraham-the-generation-of-e-emergency

The Gary Chapman International School on Digital Transformation — Deadline Expires on April 30

praskrishna — 2011-04-26T06:23:02Z

The application period for the Gary Chapman International School on Digital Transformation is now open! The deadline for applications is April 30, 2011.

The UT Austin Portugal program is now accepting applications for the third annual International School on Digital Transformation, to be held July 17-22 in Porto, Portugal. Advanced students and emerging professionals, social entrepreneurs, and activists from around the world with an interest in digital technology and the enrichment of civil society are invited to apply.

For the past two years, this intensive residential program has brought together scholars, policy experts, community advocates, designers, and hackers to explore the potential for digital media to empower citizens, strengthen communities, and contribute to a more vibrant civil society. The School is named for Gary Chapman, an internationally renowned Internet policy expert and member of the faculty at the LBJ School of Public Affairs at UT Austin who founded this innovative program and passed away suddenly last year. His life continues to inspire the School.

The School is conducted in English and in previous years has attracted faculty and participants from Portugal, South Africa, Finland, India, the U.K., the U.S., and Brazil, among many other countries. During the week, innovators in digital communications serve as teachers and mentors, presenting current projects and engaging in discussion. Faculty and students will be regarded as peers during the School.

Participants of the School will have the opportunity to present and discuss their own projects with those having similar interests, and explore ways to further develop their work. Additionally, members will collaborate on group projects involving digital media and civil society. Consisting of approximately 40 participants and 15 faculty, the School seeks to create an atmosphere of scholarly collegiality, fostering dialogue among diverse perspectives including those of design, policy, activist, and research backgrounds. The daily schedule will include time for presentations, bar camp style meetings, and informal conversations among faculty and students.

The School’s program for 2011 will focus on these themes:

Information access and open civic discourse
Digital tools for government transparency
Evolving Internet content regulation and the public’s right to information
Digital media and the democratic process
Factors influencing the growth of online civic engagement

The School will be held at the Hotel Eurostars Das Artes, a four-star hotel near the heart of Porto’s historic district, an area renowned for its active arts culture, wine, architecture, and breathtaking views. A link to the hotel site is below.

Participant fees are:

370 Euros, which includes

Six nights of lodging in a single room at the Eurostars Das Artes
Six days of breakfasts at the hotel (Monday-Saturday)
Six dinners at a local restaurant (Sunday-Friday)
The daily program of meetings, with coffee breaks
An evening cultural activity

170 Euros for UT-Austin-Portugal PhD Program students (this includes the items listed above, minus hotel and breakfast. Students will be asked to pay an additional charge for lodging, unless they are based in Porto andwish to stay at home.)

All participants should expect to pay for travel to and from Porto, lunches, and any incidental expenses such as bar tabs and outings to cafes or other Porto sites not included in the official agenda.

The Gary Chapman International School on Digital Transformation is organized by the UT Austin-Portugal program, a cooperative endeavor between the University of Texas at Austin and some of the top universities of Portugal. The co-directors of the School are Dr. Sharon Strover of the University of Texas at Austin and Dr. Artur Pimenta Alves of the University of Porto. More details on the program will be added and updated as they are confirmed.

The Eurostars Das Artes is a deluxe hotel located near many shops, restaurants, and art galleries and about a 20-minute walk to the Praça da Ribeira, at the shores of the Douro River. More information may be found here. For more information on the broader program, please see this.

There is limited space and the final deadline for applications is April 30. For questions regarding the program or call for applications, please contact Karen Gustafson at kegustafson@gmail.com.

Read the original news here

For more details visit http://editors.cis-india.org/news/international-school-on-digital-transformation

The Future of Journalism: EJC @ Picnic 2010

nishant — 2010-10-13T07:13:29Z

Nishant Shah was a speaker at the PICNIC 2010, in Amsterdam, where he made a presentation titled "Citizens in the time of Database Democracies : Information ecology and role of participatory technologies in India"

The relationship between citizenship and government informatics have historically been shaped through a series of debates around questions of citizenship, security, State-market collaborations, and right based discourse in India. Even before the information explosion caused by the emergence of digital and internet technologies, there has been a strident discourse around participatory democracy and technology mediated governance as ways of empowering the citizen's access to rights and resources in the country. With the emergence of new technologies of storage, retrieval and dissemination, these expectations have become more visible. The Indian Government has officially accepted the transition to become a S.M.A.R.T. (Simple, Moral, Accountable, Responsible and Transparent) State, with the rise of 'Netizens' who, in their access to new digital and internet technologies will change the very shape and structure of governance.

However, as the digital infrastructure develops and new kinds of citizen services and consumption come to the fore, battle-lines are being drawn between stakeholders. On the one hand are those who believe that this might be the opening of a Pandora’s Box for a country like India where a stark digital divide might create great inequality in citizens' access to State services and resources, producing unjust and discriminatory structures based on access, bandwidth and education. . On the other hand are those who celebrate the need for transparency, participation and access to governmentality that these e-governance initiatives usher in, addressing long standing questions of plutocratic governance, bureaucratic systems of denial of rights and widespread corruption. Both the warring factions draw upon partial data – of failed attempts and projects by different government initiatives to pilot studies initiated by different government and civil society organisations respectively – to make their arguments for and against the emergence of a 'Database Democracy' .premised on participatory politics facilitated by new media practices in the country.

Especially with the current rolling out of a Unique Identity Project (named Aadhar – The Hindi word for ‘Support’) these discussions have become more severe and the arguments have become angrier. It is not only timely but also necessary to examine the ecology of participatory technologies and processes in the country in order to look at the different sides of the debates and explore the role that new media practitioners and stakeholders would play in efficiently and responsibly establishing a protocol of open and transparent governance structures without compromising either the privacy, rights or safety of the citizens. This presentation explores the project Aadhar as symptomatic of a changing relationship between the State and its Citizens mediated by ICT technologies and stakeholders, to look at the ways in which new Citizenships are being forged in emerging information societies like India.

More news about the panel on Future of Journalism, arranged by the European Journalism Commission, is available at

http://futureofjournalism.net/index.php/EJC_at_PICNIC2010

For more details visit http://editors.cis-india.org/research/conferences/conference-blogs/picnic

The Five Monkeys & Ice-cold Water

sunil — 2012-10-30T10:43:38Z

The Indian government provides leadership, both domestically and internationally, when it comes to access to knowledge.

This article by Sunil Abraham was published in Deccan Chronicle on September 16, 2012.

Our domestic patent policy ensures that generic medicines are available and largely affordable not only within India but also in Africa and elsewhere. It also allows Indians to consume a wide range of technological innovations without worrying about legal bans that are an otherwise common feature in the developed countries, thanks to phenomena such as the ongoing mobile phone patent wars.

Copyright policy, including the last amendment of the copyright act, has ensured that fair dealing and the rights of students, researchers, disabled, etc., are protected. Texts, audio and video for education and entertainment are relatively affordable, especially in comparison to other countries in the Asia-Pacific.

Even at the World Intellectual Property Organisation, other developing countries look to India for guidance. The interventions of the copyright registrar G.R. Raghavender and the Indian team won praise during the most recent round of negotiations for the Treaty for the Visually Impaired. An excellent example of India's soft power protecting public interest at home and abroad.

In diametrical contrast, India has a terrible track record when it comes to freedom of expression, especially expression mediated by networked technologies such as telecommunications and the Internet.

Our policy-makers seem determined to extinguish the privacy of communications and also anonymous/pseudonymous speech through such devices as Know Your Customer (KYC) and data retention requirements for accessing the Internet through cyber-cafes, mobile phones, dial-up or broadband, ban on open wi-fi networks, plans to tie together Aadhaar and NATGRID and Central Monitoring System (CMS) to track a citizen using his/her UID across devices, networks and intermediaries, and requiring real-time interception equipment to be installed at all network and data centres.

All these without any horizontal privacy law or a data protection law that is compliant with international best practices. Security hawks argue that this pervasive, multi-tiered surveillance regime helps thwart criminal and terrorist attacks, but its poor design extracts a terrible price in terms of freedom of expression.

Citizens who cannot express themselves anonymously and privately begin to censor themselves, seriously undermining our democracy, which is most importantly founded on an anonymous expression, the electoral ballot.

In addition, in April 2011, rules under the amended IT Act were notified for intermediaries that have a chilling effect on free speech via unclear and unconstitutional limits on freedom of expression, encouragement of private censorship without any notice to those impacted, missing procedure for redress, and lack of penalties for those who abuse the rules to target legitimate speech. This was followed by calls for proactive censorship of social media, which caused much outrage amongst the twitterati.

Even when the government had legitimate grounds (the recent exodus of North-East Indians) to censor free speech, it overreached and acted incompetently, cracking down on parody accounts on social media rather than carefully configuring the text message ban. As if that weren't enough, the government beats up a cartoonist and jails him for sedition.

There’s a plan behind such attacks on free speech. The powerful in India, with their fragile egos, can afford expensive lawyers who can ensure that for those who dare to speak their mind, “the process is the punishment”, as Lawrence Liang of the Alternative Law Forum put it. Needless to say, cartoonists and others that dare to speak their mind cannot usually afford the time and expense of courts.

An experiment featuring monkeys, bananas and ice-cold water, commonly attributed to the late American psychologist Harry Harlow, explains what’s being attempted by those who attack free speech. First, five monkeys are put in a cage with bananas hanging from the top that can be reached by climbing a ladder. Every time one of the monkeys try to climb the ladder, ice-cold water is thrown on all of them. Soon, the monkeys learn not to climb the ladder.

Then, one of them is replaced with a monkey that has never been drenched with ice-cold water. When the new monkey tries to climb the ladder, the other four monkeys attack it and prevent it from reaching the banana. This is continued till all the original monkeys are replaced with new ones.

When that’s done, although none of the monkeys left in the cage has ever been drenched with ice-cold water, they continue to enforce the regulation on themselves. This is what has happened in China. This is what is being attempted here – to social engineer the Indian netizen.

For more details visit http://editors.cis-india.org/internet-governance/www-deccan-chronicle-sep-16-2012-sunil-abraham-the-five-monkeys-and-ice-cold-water

The Fight for Digital Sovereignty

sunil — 2013-10-25T07:29:22Z

It is time to incorporate free software principles to address the issue of privacy. Thanks to the revelations of Edward Snowden, a former contractor to the United States (US) National Security Agency (NSA) who leaked secrets about the agency’s surveillance programmes, a 24-year-old movement aimed at protecting the rights of software users and developers has got some fresh attention from policymakers.

The article was published in the Economic & Political Weekly, Vol-XLVIII No. 42, October 19, 2013

The free and open source software movement (often collectively labelled as FOSS or sometimes FLOSS, with the “l” standing for “libre”) guarantees four freedoms through a copyright licence – the freedom to use for any purpose, the freedom to study the code, the freedom to modify it and the freedom to distribute the modified code gratis or for a fee. Free software principles have permeated the world in the form of movements around open standards, open content, open access and open data. The second freedom is the most critical in an open society. Privacy, security and integrity are best achieved through the transparency guaranteed by free software rather than the opacity of proprietary software.

Free software is directly useful in deciding on the software required for your device operating system and applications. NSA’s surveillance programme covered operating system vendors like Microsoft and Apple, and application vendors like Skype. The concerns raised by such surveillance programmes are best addressed by shifting to free software. Increasingly, this is possible on mobile devices because of the availability of Android derivatives that keep Google’s nose out of your business and on other personal computing devices through GNU/Linux distributions such as Ubuntu. Ideally, this should be accomplished by a mandate for government and public infrastructure in specific areas where free software alternatives are on par with proprietary competitors. Two other policy options remain outside procurement policies for hardware – code escrow and independent audits. Firms that are willing to share code with the government should be preferred over those that do not, thereby encouraging proprietary software companies to provide for the second freedom in free software within a limited context. Code escrow could improve the quality of the independent audit.

Unfortunately, open hardware based on free software principles is still a fringe phenomenon in terms of market share. The Indian government cannot afford bans on foreign products, unlike the intelligence and military of Australia, the US, Britain, Canada and New Zealand, which recently prohibited the use of Lenovo machines in “secret” and “top secret” networks. Last October, the US government banned US telecos from using equipment from Huawei and ZTE. Both these bans are not based on any credible public evidence regarding back doors in any of the products manufactured by these Chinese companies. The Indian government, using funds like the Universal Service Obligation Fund, should support competitive research to reverse-engineer and analyse all foreign and indigenous hardware to ensure that there is no national security threat or infringement on the individual’s right to privacy. One example would be a research project to determine whether China-manufactured phones call home when they are used on Indian telecom networks.

Cloud and other online services run by corporations could also completely undermine privacy and security. This again can be partially addressed through the transparency enabled by free software and open standards. To begin with, the government must ban the use of Google, Yahoo, Hotmail, etc, for official purposes by those in public office, law enforcement and the military, while simultaneously mandating the use of cryptography for all sensitive material and communication. It should not, however, mandate the use of National Informatics Centre (NIC) infrastructure as it may be a single point of failure; instead, a variety of open-standards-compliant and free-software-based infrastructure for all public sector information communication technology (ICT) requirements should be encouraged. This procurement bias will result in the growth of domestic server administration and security competence, thus creating and contributing towards the establishment of a market for affordable privacy and security-enhanced services that ordinary citizens and private sector organisations can access.

The end objective through means such as free software, open hardware, code escrow and independent audits is sovereignty over software, hardware, cloud and network infrastructure. However, the state, the private sector, the consumer and the citizen may disagree on the details. Apart from law enforcement and national security concerns that may require targeted surveillance, there are other occasions when technological possibilities may have to be curtailed through policy to protect human rights and the public interest. For example, to implement the internationally accepted privacy principle of notice on electronic recording devices, some jurisdictions may require that video recorders display a blinking red light and that digital cameras make an audible click sound just like analog cameras. This was first initiated in South Korea to reduce the incidence of “upskirt photography”. This type of law may become more commonplace when technologies like Google Glass become more popular. In other words, absolute digital sovereignty may need to be curtailed in order to protect human rights in certain circumstances. But code could be used to resist regulation through law, thereby converting both the software and hardware layers of devices and networks into a battleground for sovereignty between the free software hacker and the state.

For more details visit http://editors.cis-india.org/a2k/blogs/epw-vol-xlviii-42-october-19-2013-sunil-abraham-the-fight-for-digital-sovereignty

The Fifth Elephant in Bangalore

praskrishna — 2014-07-16T11:02:15Z

HasGeek is organizing the Fifth Elephant in Bangalore at NIMHANS Convention Centre on July 25 and 26, 2014. The Centre for Internet and Society is a community outreach partner with HasGeek.

Facebook has 100 million users in India. You know who has a billion?

The Indian Census.

Varsha Joshi, Director of the National Population Register, was present at The Fifth Elephant 2013 to explain on how the census team collects and processes such a vast amount of data.

Each year, The Fifth Elephant conference brings consumers and producers of technology to understand how data is processed (via available technologies), insights mined from datasets in different domains, and opportunities that data presents for economy and society. The key differentiator of The Fifth Elephant conference is that the content is crowdsourced and carefully curated by a panel of experts.

HasGeek, organizer of The Fifth Elephant, also shares a strong commitment to open access, open knowledge and open data. We ensure that every edition of The Fifth Elephant has representatives from the government –– either officials themselves or technology teams working on important data projects –– addressing citizens’ concerns around privacy and protection of data.

In 2012, we had Pramod Varma and Regunath B. speaking about the Aadhar project alongside Lucy Chambers’ presentation on the OKF’s work with data journalism, Nikhil Pahwa’s on RTI and Sumandro’s on NSSO data.

In 2013, Varsha Joshi talked to participants about the challenges that the census faces in collating data.
This year, we have invited Mr. Ram Sewak Sharma, secretary of Department of Electronics and Information Technology (DEITY), to talk about the state of government data and how citizens can participate in strengthening government’s efforts.

Why should you attend The Fifth Elephant?
The Fifth Elephant is a relevant event for data geeks and enthusiasts, NGOs, journalists and members of advocacy groups not just from the immediate standpoint of open data. This year’s edition also brings talks from finance and healthcare where speakers will talk about the challenges of working with complex financial datasets, data security and privacy concerns in the field of genomics, and related concerns. S. Anand will speak about what it took – in terms of technology infrastructure and data visualization – to do real-time visualizations for the recently concluded Indian elections. Participants will also get a flavour of frameworks – Lambda, Julia,OSM – and how these are used for building tools and platforms for mining data.

We welcome you to participate in the discussions and enrich interactions at the conference.

Schedule: https://fifthelephant.in/2014/conference
Registrations: http://fifthelephant.doattend.com
For more information, write to support@hasgeek.com

For more details visit http://editors.cis-india.org/news/the-fifth-elephant

The Draft Electronic Delivery of Services Bill, 2011 – Comments by CIS

praskrishna — 2011-08-02T07:37:37Z

The Draft Electronic Delivery of Services Bill, 2011 (“Bill”) is a Bill to provide for delivery of government services manadatorily through electronic means by phasing out manual delivery of services. It is heartening to note that the Bill shifts the approach to electronic delivery of services by Government agencies to one as part of the citizens' right to service delivery through electronic means rather than a luxury or benefit doled out by the Government. The Bill introduces bodies exclusively accountable for ensuring that electronic delivery of services by the Government at the state and central levels. While this is a welcome move on the part of the Government there are a few comments we, at the Centre for Internet and Society, have on the present version of the Bill:

Accessibility
The Bill does not make it mandatory for all Government services to be accessible to all including persons with disabilities. The Bill refers to the term “access”, as defined in Section 2(1)(a) from the prespective of merely gaining physical access to the services or availability of such services1 rather than from the perspective of catering to the ability of a person with print (or other) disbilities from gaining access to the services in the normal format. It is very important that the electronic services are delivered in a format which is accessible to all persons including persons with disbilities, elderly persons etc. It should be mandatory for the Government to comply with Web Content Accessibility Guidelines (WCAG) and National Informatics Centre (NIC) guidelines for web accessibility. It is also important to ensure accessibility of all documents produced during service delivery by Government agencies.
Linguistic Accessibility
Section 5(2)(b) of the Bill requires the Government to prescribe a framework for all its agencies to ensure web presence or enablement which refers to rendering electronic services in the language chosen by the user. In pursuance of the same, it is important for delivery of services to be available in all national languages of India to begin with in addition to the content being encoded in Unicode font for all languages. It is important to note that there are not many open fonts available for Indian languages. Hence, it must be ensured that the Government allocates sufficient funds to ensure linguistic accessbility of the services delivered, while ensuring implementation of the provisions of the Bill.
Public Scrutiny
In order to ensure transparency of Government services and process of service delivery, it is essential that the Bill incorporates a provision to enable citizens to gain access to information provided by the Government as part of the service delivery process unless disclosing such information would amount to violation of any applicable law. Similarly, provision should be made for making public all RTI applications filed with the Government and responses to them.
Use of Free and Open Source Software
Considering that electronic service delivery by Government agencies is effected through public money, it is important that Governments are urged to use Free and Open Source Software (FOSS) for service delivery. This cuts costs to a great extent and also make the process more transparent and capable of customisation to varied needs of different departments. It is important to insert a provision requiring the Government to use FOSS as far as possible and in the event of any use of proprietary software, the Government should clearly explain the reason for such use, the costs incurred for the same, the additional benefit derived out of its use and other relevant details.
Open Standards
The Bill must stress on use of open standards for all computer resources and service delivery systems by Government agencies. As is the case with FOSS, such use brings down operation costs drastically and makes the service delivery process transparent and available for all to use. Use of ODF formats for documents, HTML for websites, ISA standards for hardware is recommended. It is also useful to ensure compliance with W3C guidelines by the concerned Government departments during implementation of the Bill.
Whistleblower Exception
The Bill does not contain any safeguards to ensure free and fearless disclosure of any wilful violation of the law impacting larger public interest. It is important to include a provision protecting any person exposing any violation of the provisions of the Bill or blowing the cover off any scam or farudulent activity decieving the public committed by service providers under the Bill. Such protection can be given by ensuring that the actions of such whistleblower, to the extent required for the exposure, does not constitute an offence under the provisions of the Bill.
Penalties for Offences
- Chapter 4 of the Bill gives a detailed list of acts constituting an offence under the Act including Section 15 which specifically relates to offences by companies. It is critical to ensure that the punishment and penalities for offences extend not only to citizens and companies but also to Government officials who misuse information they are privy to under the provisions of the Bill. In fact, a separate provision specifically applicable to the various offences which could be committed by Government officials under the Bill can reduce misuse of its provisions by the Government.
- It is to be noted that several provisions listed under Chapter 4 of the Bill covering offences and penalties are a reproduction of the provisions for the same under the Information Technology Act, 2000 (“IT Act”). Such reprodution is unnecessary and acts which are already deemed to be offences and have punishments prescribed for them under the IT Act (or any other legislation for the time being in force in India) need not be covered again in the Bill. This will avoid duplication and confusion in the legislations.
- Section 19(1) of the Bill provides that no alleged offence under the Bill can be tried in a court of law unless the Central Electronic Delivery of Services Commissioner (“Central Commissioner”) or the State Electronic Delivery of Services Commissioner (“State Commissioner”) authorises the same by issuing a complaint in this regard to the relevant court. This provision directly conflicts with a citizen's constitutional right to seek legal redress since it takes away his freedom to approach a court of law for redressal of his grievance without the permission of the Commissioners. It is recommended that the provision be either deleted or suitably modify so that it is not in violation of this constitutional right.
Bottoms up Approach
A decentralised approach should be adopted along the lines of the Panchayati Raj system giving the citizen a greater say in the framework and implementation of service delivery by Government agencies. Implementation can be at the Panchayat and District levels apart from State levels. Citizens must be able to access and update their information. Furthermore, they should be able to define to a certain extent, access control to their information. This will automatically make them eligible or ineligible for various government services.
Charges for service delivery
Section 4 of the Bill authorises the Government to allow service providers to collect charges for electronic service delivery while Section 3(2) provides for the Government to regulate the manner and method of payment of such charges. It is critical to ensure that such charges levied under the provisions of the Bill do not exceed the charges levied by the Government agency for manual delivery of services. Charges for manual service delivery may include charges for photocopy, printing, paper, postage etc., all of which are totally eliminated during service delivery through electronic means. Thus, levying the same charges, let alone greater charges for electronic service delivery is totally unnecessary and places an additional burden on the citizen ultimately defeating the very purpose of the Bill.
Security in payment of charges
Section 3(2) of the Bill provides for the Government to regulate the manner and method of payment of charges for delivery of services.It is important that each transaction that takes place is done securely and without the exposure of an individuals confidential details. There are many ways to structure the transaction of payment of fees to achieve this goal. We reccommend that the SCOSTA smart card structure is used for completing and processing a transaction.
Data Security and Privacy
Section 5(1)(e) of the Bill requires the Government to ensure integrity, security and confidentiality of data collected, preserved and retained. We recommend that in addition to this, the Government also ensures integrity, security and confidentiality of data or information that is transferred, accessed or deleted. We also recommend that the Bill requires the Government to prescribe a framework under Section 5(2) for agency privacy policies to ensure that they are interoperable and consistent between different departments of the Government.
Functions of the Central Commissioner
Section 8 of the Bill grants the Central Commissioner the power to perform any or all of the functions listed in the provision including Section 8(f) which refers to the power of the State Commissioner in conducting the work of the State Government agencies. A Central Government authority may not have a say in all matters under the purview of the State Governments. This aspect has been left out for consideration while drafting this provision and hence it needs to be relooked at.
Cut-off Date for Implementation
While the Bill mandates a cut off period of 180 days for the Government to finalise on the scope, framework and manner of service delivery under its provisions, it states that the Government “may” prescribe a framework for implementation of the provisions. It is recommended, for the purpose of ensuring speedy implementation of the provisions, that the term “may” in Section 5(2) be replaced by “shall”.
Transparency of Government Agencies
Transparency and accountability of the Government towards the citizen is as important as the transparency of the citizen towards the Government. Therefore, the provisions of the Bill must ensure that the Government activities are transparent to the citizens by making available to the citizens, details of the responsible officials under the Bill, manner of service delivery and other relevant information in this regard.

For more details visit http://editors.cis-india.org/internet-governance/blog/draft-electronic-delivery-services

The DNA Bill has a sequence of problems that need to be resolved

Shweta Mohandas and Elonnai Hickok — 2019-01-15T02:36:11Z

In its current form, it’s far from comprehensive and fails to adequately address privacy and security concerns.

The opinion piece was published by Newslaundry on January 14, 2019.

On January 9, Science and Technology Minister Harsh Vardhan introduced the DNA Technology (Use and Application) Regulation Bill, 2018, amidst opposition and questions about the Bill’s potential threat to privacy and the lack of security measures. The Bill aims to provide for the regulation of the use and application of DNA technology for certain criminal and civil purposes, such as identifying offenders, suspects, victims, undertrials, missing persons and unknown deceased persons. The Schedule of the Bill also lists civil matters where DNA profiling can be used. These include parental disputes, issues relating to immigration and emigration, and establishment of individual identity. The Bill does not cover the commercial or private use of DNA samples, such as private companies providing DNA testing services for conducting genetic tests or for verifying paternity.

The Bill has seen several iterations and revisions from when it was first introduced in 2007. However, after repeated expert consultations, the Bill even at its current stage is far from a comprehensive legislation. Experts have articulated concerns that the version of the Bill that was presented post the Puttaswamy judgement still fails to make provisions that fully uphold the privacy and dignity of the individual. The hurry to pass the Bill by pushing for it by extending the winter session and before the Personal Data Protection Bill is brought before Parliament is also worrying. The Bill was passed in the Lok Sabha with only one amendment: which changed the year of the Bill from 2018 to 2019.

Need for a better-drafted legislation

Although the Schedule of the Bill includes certain civil matters under its purview, some important provisions are silent on the procedure that is to be followed for these civil matters. For example, the Bill necessitates the consent of the individual for DNA profiling in criminal investigation and for identifying missing persons. However, the Bill is silent on the requirement for consent in all civil matters that have been brought under the scope of the Bill.

The omission of civil matters in the provisions of the Bill that are crucial for privacy is just one of the ways the Bill fails to ensure privacy safeguards. The civil matters listed in the Bill are highly sensitive (such as paternity/maternity, use of assisted reproductive technology, organ transplants, etc.) and can have a far-reaching impact on a number of sections of society. For example, the civil matters listed in the Bill affect women not just in the case of paternity disputes but in a number of matters concerning women including the Domestic Violence Act and the Prenatal Diagnostic Techniques Act. Other matters such as pedigree, immigration and emigration can disproportionately impact vulnerable groups and communities, raising raises concerns of discrimination and abuse.

Privacy and security concerns

Although the Bill makes provisions for written consent for the collection of bodily substances and intimate bodily substances, the Bill allows non-consensual collection for offences punishable by death or imprisonment for a term exceeding seven years. Another issue with respect to collection with consent is the absence of safeguards to ensure that consent is given freely, especially when under police custody. This issue was also highlighted by MP NK Premachandran when he emphasised that the Bill be sent to a Parliamentary Standing Committee.

Apart from the collection, the Bill fails to ensure the privacy and security of the samples. One such example of this failure is Section 35(b), which allows access to the information contained in the DNA Data Banks for the purpose of training. The use of these highly sensitive data—that carry the risk of contamination—for training poses risks to the privacy of the people who have deposited their DNA both with and without consent.

An earlier version of the Bill included a provision for the creation of a population statistics databank. Though this has been removed now, there is no guarantee that this provision will not make its way through regulation. This is a cause for concern as the Bill also covers certain civil cases including those relating to immigration and emigration.

Conclusion

In July 2018, the Justice Sri Krishna Committee released the draft Personal Data Protection Bill. The Bill was open for public consultation and is now likely to be introduced in Parliament in June. The PDP Bill, while defining “sensitive personal data”, provides an exhaustive list of data that can be considered sensitive, including biometric data, genetic data and health data. Under the Bill, sensitive personal data has heightened parameters for collection and processing, including clear, informed, and specific consent. Ideally, the DNA Bill should be passed after ensuring that it is in line with the PDP Bill.

The DNA Bill, once it becomes a law, will allow for law enforcement authorities to collect sensitive DNA data and database the same for forensic purposes without a number of key safeguards in place with respect to security and the rights of individuals. In 2016 alone, 29,75,711 crimes under various provisions the Indian Penal Code were reported. One can only guess the sheer number of DNA profiles and related information that will be collected from both criminal and specified civil cases. The Bill needs to be revised to reduce all ambiguity with respect to the civil cases, and also to ensure that it is in line with the data protection regime in India. A comprehensive privacy legislation should be enacted prior to the passing of this Bill.

There are still studies and cases that show that DNA testing can be fallible. The Indian government needs to ensure that there is proper sensitisation and training on the collection, storage and use of DNA profiles as well as the recognition and awareness of the fact that the DNA tests are not infallible amongst key stakeholders, including law enforcement and the judiciary.

For more details visit http://editors.cis-india.org/internet-governance/blog/newslaundry-elonnai-hickok-and-shweta-mohandas-january-14-2019-dna-bill-has-a-sequence-of-problems-that-need-to-be-resolved

The Digital Protection of Traditional Knowledge: Questions Raised by the Traditional Knowledge Digital Library in India

Sunil Abraham and Vidushi Marda — 2016-12-09T15:50:36Z

This is an edited version of part three of a study that considers the International Covenant on Economic, Social and Cultural Rights (ICESCR) through aspects of intellectual property in India, namely, mobile patents, free and open source software, and India's Traditional Knowledge Digital Library. Through these, it demonstrates the potential of the internet in realising ESCRs.

The original report published by GISWatch can be read here. Aditya Singh Chawla, Parvathy Nair, Raji Gururaj and Balaji Subramaniam provided research assistance for this paper during their internships with the Centre for Internet and Society. Click to download the PDF

Introduction

The first problem one encounters in studying traditional knowledge (TK) is the extent and meaning of the term itself. No globally accepted definition of TK exists,^[1] and therefore no clear delineation of its scope. The definition adopted by the World Intellectual Property Organization (WIPO) is that TK is “knowledge, know-how, skills and practices that are developed, sustained and passed on from generation to generation within a community, often forming part of its cultural or spiritual identity.”⁴ While TK embraces traditional cultural expressions within its ambit, and includes distinctive signs and symbols associated with traditional knowledge,^[2] the scope of this report does not extend to traditional cultural expressions as they necessarily would fall under the purview of copyright law.

Before we frame TK in terms of economic, social and cultural rights (ESCRs), let us understand the phenomenom of biopiracy in a bit more detail using two examples, one connected to the right to food, and the other connected to health. Biopiracy is the use of intellectual property (IP) systems to legitimise control over biological products and processes that were previously used for centuries in non- industrialised cultures.^[3] The case of neem-related patents, through which bio-prospectors attempted to appropriate the royalty arising from a plant whose medicinal value was already in the public domain, is well documented.^[4] Another case worth noting is that of the “Enola bean”, in which Larry Proctor, a United States (US) citizen, purchased a package of Mexican beans of various colours, separated out the yellow ones, and spent three years selectively breeding the plants. He then named his line “Enola” and obtained patent protection for the bean, its plant, its pollen, and the method of producing it.^[5]^[6]

This case is far more worrying than the neem case for two reasons.^[7] First, it was a case that had an immediate and tangible impact on the producers of the commodity in that yellow Mexican beans were exported into the United States before the patent was granted, and the assertion of the patent led to significant reductions in bean exports, representing a quantifiable economic loss for bean farmers.^[8] Second, the patent was allowed to stand for almost a decade, amounting to half the life of a legitimate patent.^[9] This represents an incredibly unjust outcome – an invention (“specifically selected yellow beans”) arising from traditional knowledge in the public domain (since Mexican farmers had been cultivating and exporting these beans) being monopolised by a private entity illegally for almost a decade.

The differences between TK and other forms of IP are the following:

With other forms of IP, property rights are afforded to the innovator or creator, whereas communities own TK.
Other forms of IP are designed as incentive mechanisms for the creation of new property; however, there is no such incentive to create new property with TK.
IP is also time-bound, whereas TK is held in perpetuity from generation to generation.
The invention under IP must also satisfy the requirement for novelty and industrial application, whereas TK does not have these requirements.

Although patent law is not tailored to protect TK, it has been used to prevent misappropriation of TK.

The Traditional Knowledge Digital Library

At the turn of the millennium, an expert group found that roughly 2,000 patents linked to India’s TK in medicine were being granted annually around the world.^[10] This expert group proposed the establishment of the Traditional Knowledge Digital Library (TKDL)¹³in order to reduce biopiracy. The TKDL was envisaged as “a home-grown effort to ensure patent offices around the world do not grant patents for applications founded on India’s wealth of TK that has existed for millennia.”¹⁴ In 2001 India launched the initiative, which digitised its wide repository of TK, with the hope of enabling the protection of this knowledge and preventing its misuse.

The TKDL is a digital knowledge repository of Indian traditional knowledge about medicinal plants and formulations, and practices used in Indian systems of medicine. Its knowledge base is primarily derived from Ayurveda, Unani, Siddha and Yoga. These areas are being documented by collating the information on TK from literature existing in local languages such as Sanskrit, Urdu, Arabic, Persian and Tamil in digitised format. These have been made available in five international languages: English, German, Spanish, French and Japanese. While it is clear that the first three systems of medicine (i.e. Ayurveda, Unani and Siddha) are systems that have a corresponding system of traditional medicines, the framing of Yoga as a system of medicine is unclear as there is no medicine administered to the patient. Increasingly, however, medical procedures are being patented, and the Indian government in August 2015 shortlisted 1,500 yoga asanas to be included in the TKDL to prevent foreign parties from patenting them.^[11] This was in response to several yoga-related patents being applied for^[12] and granted^[13] around the world, notably in the United States.

The TKDL’s appeal lies in the manner in which it approaches attempts to patent TK (the “state of the art”) – it serves to pre-empt the granting of a patent, rather than to contest a patent’s validity after it has been granted. This, it is claimed, reduces the time taken to contest claims from a matter of years to a few weeks.^[14]

Defining the right

The protection of TK can be primarily placed within Article 15 of the International Covenant on Economic, Social and Cultural Rights (ICESCR). In order to understand the relationship between TK and Article 15, we must first appreciate that TK is also scientific knowledge. There are two ways in which the right of the TK community can be mapped onto Article 15. First, the Article recognises “the right to take part in cultural life”, and second, “to enjoy the benefits from scientific progress and its applications”. This ensures that communities have the right to continue to operationalise and use TK. Further, Article 15 includes the right “to benefit from the protection of the moral and material interests resulting from any scientific, literary or artistic production”. However, while this is a universal right, in practice it will only happen when national law recognises the property rights of the community, facilitates protection of these rights, takes legal action against infringements, and provides mechanisms for the collection and distribution of royalties. What might not strike the reader as obvious is that the benefits of protecting the moral and material interests in the world of TK accrue to the community, while in other forms of IP the rights holder is either an individual or corporation.

Article 11 of the ICESCR is also relevant to TK. It recognises the right of everyone to an adequate standard of living, including adequate food, clothing and housing, and to the continuous improvement of living conditions. Article 11 (2) (a) mandates that states parties to the Covenant take measures to “improve methods of production, conservation and distribution of food by making full use of technical and scientific knowledge, by disseminating knowledge of the principles of nutrition and by developing or reforming agrarian systems in such a way as to achieve the most efficient development and utilization of natural resources.”^[15] TK is connected to food in multiple ways, such as ecosystem and landscape management, water management, soil conservation, biological control of pests and diseases, ecological agriculture and livestock practices, and plant and animal breeding – and most importantly, with regard to the latter, breeding and preserving varieties of plant and animal species. Suman Sahai, founder of the Gene Campaign,^[16] helps us understand the connection between food security and traditional knowledge. She argues that farmers are a community of women and men who have not only created several thousand breeds of food and cash crops, but also “identified valuable genes and traits in these crops and maintained them over generations through a highly sophisticated system of crossing and selection.”^[17]

There exist a host of international and national norms, both of a general and a specific nature, enunciating the right of indigenous communities to their traditional knowledge. One specific example is the World Health Organization’s approach to Traditional and Complementary Medicine (T&CM). In this, it urges states to “prevent the misappropriation of T&CM by implementing the relevant international instruments in line with the WHO global strategy and plan of action on public health, innovation and intellectual property, adopting or amending national intellectual property legislation, and enacting other defensive protection strategies.”^[18]

India has signed the Convention on Biological

Diversity (CBD), a treaty with 194 parties in total.^[19] The CBD provides for the respect, preservation and maintenance of “knowledge, innovation and practices of indigenous and local communities embodying traditional lifestyles relevant for the conservation and sustainable use of biological diversity”, and also for encouraging the wider application of such practices while ensuring that the benefits arising from such utilisation are shared equit ably with the communities in question.^[20] Having signed this convention, India has the duty to protect this knowledge without appropriating it, and the TKDL is a means to protect this right.

Such provisions have been included in India’s Biological Diversity Act,^[21] which was enacted in pursuance of India’s duties under the CBD. Restrictions on the granting of patents for inventions arising from research on biological resources,²⁶ the transfer of biological resources or knowledge,^[22] and the enforcement of equitable benefit sharing^[23] aim to serve as effective legal bars to biopiracy and unauthorised use of traditional knowledge.

Successes of the TKDL

Since the inception of the TKDL, in just under two years, and in Europe alone, India has succeeded in using this resource to bring about the cancellation or withdrawal of 36 applications to patents traditionally known as medicinal formulations.

Between 2001 and 2015, out of a total of 189 pharmaceutical applications which include medicines, therapeutics, etc., 21 were granted while 17 were rejected. An additional 30 were deemed withdrawn and another 31 were abandoned. At the time of writing, 90 have their examination still in progress. Out of the 10 applications under cosmetics, seven are under progress while one each has been accepted, rejected and deemed to be withdrawn. There was only one application under agriculture which was rejected. The domain of food had three applications out of which one was rejected, one deemed to be withdrawn and the last one in progress.^[24]

India and the US had the maximum number of applications at 75 and 43 respectively. Japan and Korea were third and fourth at 16 and 11 respectively. Most of these applications were in progress, with 12 applications from India being rejected and 17 being abandoned. Only five had been granted to India while three were deemed to be withdrawn; 38 of India’s applications and 12 of those from the US are pending. Taiwan and Jordan’s only applications were granted while Spain’s only application was rejected.^[25]

But do digital databases work as a form of IP protection?

While proponents of the database have been vocal in their vision for its application, it has received criticism on several grounds.

First of all, there is a fair amount of disagreement regarding the best possible means through which TK can be protected.^[26] Indeed, existing literature already features catalogues of international law (both “hard” and “soft”), regional norms and domestic legislation that accord protection to TK within the framework of culture.^[27] While some believe that data aggregation and record creation is the best means to tackle biopiracy, others propose different approaches,^[28] such as negotiating access agreements between indigenous communities and bio-prospectors.^[29]

Secondly, the TKDL has also attracted criticism because of its high level of confidentiality. In response to a right to information application, the Council for Scientific and Industrial Research (CSIR) clarified that the TKDL can only be accessed by foreign patent offices.^[30] It is not made available to the Indian Patent Office or to CSIR scientists. As per the same response, the decision to make the TKDL confidential was taken during a cabinet meeting in 2006, but there exists no legal instrument that mandates such confidentiality. TK databases in other countries do not impose access restrictions. The Korean Traditional Knowledge Portal, for example, explicitly states the motivation behind making itself publicly available:

The database is presented on-line through the Korean Traditional Knowledge Portal (KTKP). The reasons for making the database publicly accessible through the KTKP are as follows:

To lay the foundation for international protection of Korean traditional knowledge, thereby preventing unauthorized use of patents inside and outside the country.
To provide an abundance of information on traditional knowledge and related research, thereby expediting the development of related studies and industries.
To provide essential information for patent examinations, thereby enhancing the quality of intellectual property applications for traditional knowledge.^[31]

Similarly, the contents of the China Traditional Medicine Patent Database are also publicly available on the internet.^[32]

Finally, the TKDL has also raised questions of copyright, with claims that it falls foul of the Indian Copyright Act, 1957, since it has digitised works (such as translations or compilations of ancient texts) that are still under copyright without the consent of their authors.³⁸ Responding to the same right to information application discussed above, the CSIR claimed that no consent was required since the traditional knowledge in question was authored many years ago. This is a perplexing position to take, as there is significant skill and labour involved in translating and compiling these ancient texts and putting this knowledge together, which merits copyright protection.^[33]

The need for open knowledge systems

There seems to be no reason to keep a valuable resource such as the TKDL away from the public’s reach, especially considering the fact that the entire project was bankrolled by the Indian taxpayer. Restricting access to the TKDL severely limits the benefit that the general public could derive from this knowledge. Even if one were to accept that there exist compelling reasons to keep the data confidential, it is clear that the TKDL, by its very nature, cannot possibly be invulnerable to breach. Problems of access control are endemic to large databases – it has been postulated that large aggregations of secret data are fundamentally impossible because security must be traded off for ease of access in such situations. Thus, “you cannot construct a database with scale, functionality and security because if you design a large system for ease of access it becomes insecure, while if you make it watertight it becomes impossible to use.”^[34] For this reason, governments have been urged to make use of centralised databases only when absolutely necessary.^[35] If we accept the premise that centralised databases cannot possibly be both accessible and secure, then we must examine whether the TKDL represents a balanced trade-off between accessibility and confidentiality.

There are three changes that are necessary in this regard:

The need to push for open knowledge A system like the TKDL constitutes a mechanism for defensive protection of TK – it seeks to keep TK in the public domain rather than to exclusively put it in the hands of the community that evolved it. This is similar to the Peer-to-Patent^[36] initiative, which ensures that more eyes are involved in following the process: a crowd-sourced approach to preventing inappropriate appropriation.

The need to address legal barriers Primarily, the TKDL’s data seems to be far from infallible, with several reports of mistranslations^[37] and exaggerated claims^[38] made by the CSIR. Apart from this, the most important requirement that the TKDL must fulfil is for its data to meet the legal criteria established for prior art in various jurisdictions. This would entail ensuring that the knowledge is made available with clear evidence of the date of its publication, and the presentation of the knowledge in a manner that clearly establishes that a patent claim is anticipated by the data contained in the library.^[39] Further, the fundamental challenge faced by any defensive protection mechanism is its vulnerability to differing definitions of prior art in various jurisdictions:

European Patent Convention (EPC): The most TKDL-friendly jurisdictions are those such as the EU. The EPC defines prior art as “everything made available to the public by means of a written or oral description, by use, or in any other way, before the date of filing of the European patent application”.^[40] Thus, innovations detailed in the works indexed by the TKDL would fall within the definition of prior art, and therefore be unpatentable – assuming, of course, that all the works digitised and translated by the database were publicly available. An overwhelming majority of the TKDL’s self-proclaimed “successes” have been achieved in the EU – around 120 of the 180 “successful outcomes” are against European patent applications.^[41]
United States: On the other end of the spectrum is the US definition of prior art. The United States Patent Act provides that a person “shall be entitled to a patent unless (a) the invention was known or used by others in this country, or patented or described in a printed publication in this or a foreign country, before the invention thereof by the applicant for patent.”⁴⁸ This effectively excludes protection for any non-published knowledge outside the US. Further, given the restrictive access to the TKDL, it appears that the database would not fall within the definition of a “printed publication”, since it has never been “published” – merely circulated among patent examiners on conditions of non-disclosure. Thus, it appears that there is no legal basis for the TKDL to be cited as evidence of prior art in the US, or other jurisdictions that have similar definitions of prior art.^[42]

The need to address structural barriers

In choosing to characterise itself as an archive of prior art, the TKDL has placed the burden of enforcing TK assertions upon patent examiners around the world. In doing so, it has pigeonholed itself into a doctrine (namely prior art) that has a tendency to go largely unheard in patent examinations. With studies showing that more experienced patent examiners, typically occupying higher positions in the patent office, are less likely to cite examples of prior art in their examinations,^[43]^[44] and still other evaluations showing that applicants for patents are extremely unlikely to provide and identify prior art surrounding their claims,^[45] it is evident that there are structural imbalances working against the efficacy of the prior art doctrine in preventing illegitimate patent claims. Thus, efforts must be made to counter this imbalance at two levels: first, access to the TKDL must be made as easy as possible; second, the TKDL has to undertake proactive patent monitoring efforts.

Patent monitoring, while an onerous and expensive task, is nevertheless necessary for the success of a defensive system such as the TKDL, especially in those jurisdictions which do not have the legislative framework to enable provisions of the CBD that mandate disclosure of genetic material sources.

Conclusion

For the reasons stated above, the access policy of the TKDL requires significant modification if the database is to reach its true potential for providing accurate, efficient and time-bound protection to TKbased innovations through the use of a centralised database that is wired into a network of interested parties.

TK systems require all the external support they can get in order to protect their mandate. Civil society must engage effectively with the TKDL initiative, encourage the accuracy of its records through research, and stimulate dialogue regarding the key issues discussed in this report. As pointed out by the UN Special Rapporteur on the rights of indigenous people: “Much more needs to be done to understand fully how … treaties and agreements can undermine or reinforce indigenous peoples’ rights and how they shape the trajectories of national economic development plans.”^[46]

[1] Traditional Knowledge, WIPO. www.wipo.int/tk/en/tk 4 Ibid.

[2] WIPO. (2010). List and Brief Technical Explanation of Various Forms in which Traditional Knowledge May be Found. www.wipo.int/ meetings/en/doc_details.jsp?doc_id=147152

[3] Shiva, V. (2001). Protect or Plunder? Understanding Intellectual Property Rights. London: Zed Books.

[4] See, e.g., Horsbrugh Porter, A. (2006, 17 April). Neem: India’s tree of life. BBC. news.bbc.co.uk/2/hi/south_asia/4916044.stm; BBC. (2005, 9 March). India wins landmark patent battle. BBC. news. bbc.co.uk/2/hi/science/nature/4333627.stm; Hoggan, K. (2000, 11 May). Neem tree patent revoked. BBC. news.bbc.co.uk/2/hi/ science/nature/745028.stm

[5] In re POD-NERS, L.L.C., Re-examination No. 90/005,892, US Fed.

Cir. 2009. law.justia.com/cases/federal/appellate-courts/cafc/08-

[6] /08-1492-2011-03-27.html

[7] It is also noteworthy for another reason: it is illustrative of the time and effort required to contest claims after a patent has been granted. Proponents of the TKDL would argue that what took a decade in the Enola bean case could have been achieved in a manner of weeks at the application stage by a patent office equipped with such a database.

[8] Shashikant, S., & Asghedom, A. (2009, 12 August). The ‘Enola Bean’ dispute: patent failure & lessons for developing countries. Third World Network. twn.my/title2/wto.info/2009/ twninfo20090811.htm

[9] Crouch, D. (2009, 10 July). Mexican Yellow Bean Patent Finally Cooked. Patently-O. patentlyo.com/patent/2009/07/mexican yellow-bean-patent-finally-cooked.html

[10] Gupta, V. K. (2011). Protecting Indian Traditional Knowledge from Biopiracy. WIPO. www.wipo.int/export/sites/www/meetings/ en/2011/wipo_tkdl_del_11/pdf/tkdl_gupta.pdf 13 www.tkdl.res.in/tkdl/langdefault/common/Home.asp?GL=Eng 14 Gupta, V. K. (2011). Op. cit.

[11] PTI. (2015, 9 August). Over 1500 yoga asanas shortlisted to thwart patenting by foreign parties. Indian Express. indianexpress.com/ article/india/india-others/over-1500-yoga-asanas-shortlisted-to thwart-patenting-by-foreign-parties

[12] TNN. (2007, 18 May). US patent on yoga? Indian gurus fume. Indian Express. timesofindia.indiatimes.com/india/US-patent-on yoga-Indian-gurus-fume/articleshow/2058285.cms

[13] Lee, T. B. (2013, 13 December). A yoga patent? Here’s why the USPTO approves so many dubious applications. Washington Post. https://www.washingtonpost.com/news/the-switch/ wp/2013/12/13/a-yoga-patent-heres-why-the-uspto-approves-so many-dubious-applications

[14] Press Information Bureau. (2010, 28 April). India Partners with US and UK to Protect Its Traditional Knowledge and Prevent Bio-Piracy. pib.nic.in/newsite/erelease.aspx?relid=61122

[15] www.ohchr.org/EN/ProfessionalInterest/Pages/CESCR.aspx

[16] genecampaign.org

[17] Sahai, S. (1996). Importance of Indigenous Knowledge in IPR. Economic and Political Weekly, 31(47).

[18] World Health Organization. (2013). WHO Traditional Medicine Strategy 2014-2023. apps.who.int/iris/ bitstream/10665/92455/1/9789241506090_eng.pdf?ua=1

[19] List of Parties, Convention on Biological Diversity. https://www. cbd.int/information/parties.shtml

[20] Article 8(j) of the Convention on Biological Diversity. https://www.

cbd.int/convention/text

[21] nbaindia.org/content/25/19/1/act.html 26 Section 6 of the Biological Diversity Act, 2002.

[22] Section 20 of the Biological Diversity Act, 2002.

[23] Section 21 of the Biological Diversity Act, 2002.

[24] www.tkdl.res.in/tkdl/langdefault/Common/ExaminerReport.

asp?homepage=sub

[25] Ibid.

[26] WIPO. (2010). Op. cit., Annex 2.

[27] See, e.g., Coombe, R. J. (2005). Protecting Traditional

Environmental Knowledge and New Social Movements in the

Americas: Intellectual Property, Human Right, or Claims to an Alternative Form of Sustainable Development? Florida Journal of International Law, 17(1), 115-136.

[28] Swiderska, K. (2006). Banishing the Biopirates: A New Approach to Protecting Traditional Knowledge. International Institute for Environment and Development. pubs.iied.org/pdfs/14537IIED.pdf

[29] Intergovernmental Committee on Intellectual Property and Genetic Resources, Traditional Knowledge and Folklore. (2002). Review of Existing Intellectual Property Protection of Traditional Knowledge. WIPO. www.wipo.int/edocs/mdocs/tk/en/wipo_grtkf_ic_3/ wipo_grtkf_ic_3_17-main1.html

[30] Reddy, P. (2012, 29 March). Is the TKDL a ‘confidential database’ and is it compliant with Indian copyright law? SpicyIP. spicyip. com/2012/03/is-tkdl-confidential-database-and-is-it.html

[31] KTKP Introduction, Korean Traditional Knowledge Portal. www. koreantk.com/en/m_about/about_01.jsp?about=1

[32] Brief introduction of China Traditional Medicine (TCM) Patent Database, China TCM Patent Database. 221.122.40.157/tcm_ patent/englishversion/help/help.html 38 Op. cit.

[33] Reddy, P. (2012, 21 April). The need for an ‘independent’ review of the TKDL project. SpicyIP. spicyip.com/2012/04/need-for anindependent-review-of-tkdl.html

[34] Proposed by Ross J. Anderson, this thumb-rule has come to be known as Anderson’s Rule. See: Porter, H. (2009, 10 August). Nine sacked for breaching core ID card database. The Guardian. www. theguardian.com/commentisfree/henryporter/2009/aug/10/ id-card-database-breach

[35] See, e.g., Anderson, R. et. al. (2009). Database State. Joseph Rowntree Reform Trust. www.jrrt.org.uk/sites/jrrt.org.uk/files/

documents/database-state.pdf

[36] www.peertopatent.org

[37] Rathi, M. (2012, 20 April). Guest Post – TKDL: A success – Really?

SpicyIP. spicyip.com/2012/04/guest-post-tkdl-success-really.html

[38] Reddy, P. (2012, 19 March). Guest Post: The Traditional Knowledge Digital Library and the EPO. SpicyIP. spicyip.com/2012/03/guest post-traditional-knowledge.html

[39] Intergovernmental Committee on Intellectual Property and Genetic Resources, Traditional Knowledge and Folklore. (2003). Practical Mechanisms for the Defensive Protection of Traditional Knowledge and Genetic Resources within the Patent System. WIPO. www.wipo. int/edocs/mdocs/tk/en/wipo_grtkf_ic_5/wipo_grtkf_ic_5_6.pdf

[40] Article 54(2) of the Convention on the Grant of European Patents. https://www.epo.org/law-practice/legal-texts/epc.html

[41] Outcomes against bio-piracy, Traditional Knowledge Digital Library. www.tkdl.res.in/tkdl/langdefault/common/Outcome.asp 48 35 U.S.C. § 102(a).

[42] Quinn, G. (2009, 30 November). US Patent Office to Reject Based on Traditional Knowledge. IPWatchdog. www.ipwatchdog.com/2009/11/30/us-patent office-to-reject-based-on-traditional-knowledge/ id=7502

[43] Lemley, M. A., & Sampat, B. (2012). Examiner Characteristics and

Patent Office Outcomes. The Review of Economics and Statistics,

[44] (3), 817-827. www.mitpressjournals.org/doi/abs/10.1162/ REST_a_00194?journalCode=rest

[45] Sampat, B. (2010). When do Applicants Search for Prior Art? The Journal of Law and Economics, 53(2), 399-416. www.journals. uchicago.edu/doi/abs/10.1086/651959?journalCode=jle

[46] Human Rights Council. (2014). Report of the Special Rapporteur on the Rights of Indigenous People. unsr.vtaulicorpuz.org/site/index. php/documents/annual-reports/26-annual-report-hrc-2014

For more details visit http://editors.cis-india.org/a2k/blogs/giswatch-december-9-2016-sunil-abraham-and-vidushi-marda-digital-protection-of-traditional-knowledge-questions-raised-by-traditional-knowledge-digital-library-in-india

The Digital is Political

nishant — 2016-06-05T03:58:46Z

To speak of technology is to speak of human life and living.

The article was published in the Indian Express on March 20, 2016.

“You are supposed to write about the internet, why do you keep talking about all this politics?” I was taken aback when I was faced with this question. It is true – since the year has begun, I have talked about digital education and the ways in which it needs to account for unexpected and underserved communities, about net neutrality and why the Indian government needs to build a stronger, safer, and a more inclusive digital ecosystem. I have written about freedom of speech and expression and how this is going to be the year when we stand together to save the internet from vested interests that seek to convert it from a public commons into a private commodity.

In my head, all these questions — of inclusion, of access, of presence, of rights — are questions of human life and living, but they are also those that are being hugely restructured by the internet and digital technologies. When faced with the query, I was reminded of a deep-seated division that has been at the heart of digital cultures.

Way back in the ’90s, when the internet was still a space of science fiction and the World Wide Web was in its nascent stages, there was a distinction made between Virtual Reality (VR) and Real Life (RL). The presumption in the construction of these categories was that the digital is only an escape, the technological is merely a prosthesis, and the internet is just a thing that a few geeks engaged with in their free time. However, the last three decades have made this distinction between VR and RL redundant.

We live in digital times. The digital is not just something we use strategically and specifically to do a few tasks. Our very perception of who we are, how we connect to the world around us, and the ways in which we define our domains of life, labour, and language are hugely structured by the digital technologies. The digital is ubiquitous and hence, like air, invisible. We live within digital systems, we live with intimate gadgets, we interact through digital media, and even though we might all be equally digital natives, there is no denying the fact that the very presence and imagination of the digital has dramatically restructured our lives. The digital, far from being a tool, is a condition and context that defines the shapes and boundaries of our understanding of the self, the society, and the structures of governance.

The pervasive nature of the digital technologies and internet can be found at multiple levels. For instance, we do not think about going online anymore, because most of our devices are connected 24×7 to the digital web. Even when we are not online, sunk in a bad network connection, or protecting our precious data usage, we know that our avatars and digital identities are online and talking without us.

So established is this phenomenon that we even have a name for the anxiety it creates: FOMO — the Fear Of Missing Out. Similarly, the digital can be located at the level of human understanding. We are used to thinking of ourselves as digital systems. We talk about our primary identity as one marked by information overload. We often complain, when faced with too many demands on our time and space, that we don’t have enough bandwidth to deal with new problems, and we are not referring to digital connectivity.

The digital also has space at the level of policy and governance. If you, like the many millions of Indians, have registered for an Aadhaar card, you have already been marked by a digital identity whether or not you have broadband access. When our government launches Digital India campaigns, it is not merely about an economic model of growth, but it is suggesting that the digital is going to be at the foundations of the new India that we want to build for the future.

If the digital is so central to our fundamental understanding of the self, the society, and the state, then surely it is time to stop thinking that these technologies have nothing to do with politics? There remains a forced imagination of technologies as devices, as tools, as prostheses which do not have any other role than the performing of a function. However, this is a fallacy, because not only do technologies shape our sense of who we are, but they also prescribe new templates and models of who we are going to be. In the process, these technologies take political action, create social structures, mobilise cultural possibilities, and often, because they are technologies that are still elite and available to the privileged few in the country, they enable decisions which are not always fair, open, and just.

Hence, a technological decision cannot be read merely as a technical decisions but as human decisions. To speak of technology is to speak of human life and living. To write about technology is to write about politics, because a separation between the two is not only futile but downright dangerous.

For more details visit http://editors.cis-india.org/internet-governance/blog/indian-express-march-20-2016-nishant-shah-digital-is-political