The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 3.
Recommendations for the Covid Vaccine Intelligence Network (Co-Win) platform
http://editors.cis-india.org/internet-governance/blog/an-analysis-of-the-covid-vaccine-intelligence-network-co-win-platform
<b></b>
<p style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr">The first confirmed case of Covid-19 was recorded in India on January 30, 2020, and India’s vaccination drive started 12 months later on January 16, 2021; with the anxiety and hope that this signals the end of the pandemic. The first phase of the vaccination drive identified healthcare professionals and other frontline workers as beneficiaries. The second phase, which has been rolled out from March 1, covers specified sections of the general population; those above 60 years and those between 45 years and 60 with specific comorbid conditions. The first phase also saw the deployment of the Covid Vaccine Intelligence Network (Co-Win) platform to roll out and streamline the Covid 19 vaccination process. For the purpose of this blog post, the term CoWIn platform has been used to refer to the CoWin App and the CoWin webportal. </p>
<p style="text-align: justify;" dir="ltr">During the first phase, <a href="https://www.livemint.com/news/india/covid-vaccination-in-india-health-min-says-registering-with-cowin-is-mandatory-11610678273260.html">it was mandatory </a>for the identified beneficiaries to be registered on the Co-Win App prior to receiving the vaccine. The Central Government had earlier indicated that it would be mandatory for all the future beneficiaries to register on the Co-Win app; however, the Health Ministry hours before the roll out of the second phase <a href="https://www.livemint.com/news/india/cowin-app-not-for-vaccine-registration-visit-its-portal-instead-ministry-of-health-11614581076188.html">tweeted t</a>hat beneficiaries should use the Co-Win web portal (not the Co-Win app) to register themselves for the vaccine. The App which is currently available on the play store is only for administrators; it will not be available for the general public. Beneficiaries can now access the vaccination by; (i) registering on the CoWin website; or (ii) Certain vaccination (sites) have a walk-in-facility: On-site registration, appointment, verification, and vaccination will all be on-site the same day; or (iii) register and get an appointment for the vaccination through the Aarogya Setu app. </p>
<p style="text-align: justify;" dir="ltr">The scale and extent of the global pandemic and the Covid-19 vaccination programme differs significantly from the vaccination/immunisation programmes conducted by India previously, and therefore, the means adopted for conducting the vaccination programme will have to be modified accordingly. However, as<a href="https://www.firstpost.com/india/glitches-in-cowin-2-0-hold-up-vaccination-centre-must-upgrade-app-capacity-to-meet-demand-say-experts-9361051.html"> several newspaper reports</a> have indicated the roll out of the CoWin platform has not been smooth. There are<a href="https://www.indiatoday.in/cities/mumbai/story/technical-glitches-in-cowin-app-again-affects-vaccination-drive-at-vaccination-centres-1769410-2021-02-15"> several glitch</a>es; from the user data being incorrectly registered, to beneficiaries not receiving the one time password required to schedule the appointment. </p>
<p style="text-align: justify;" dir="ltr">An entirely offline or online method (internet penetration is at 40% ) to register for the vaccine is not feasible and a hybrid model (offline registration and online registration) should be considered. However, the specified platform should take into account the concerns which are currently emanating from the use of Co-Win and make the required modifications. <br /> </p>
<h3 style="text-align: justify;">Privacy Concerns </h3>
<p style="text-align: justify;" dir="ltr">When the beneficiary uses the Co-Win website to register, she is required to provide certain demographic details such as name, gender, date of birth, photo identity and mobile number. Though Aadhar has been identified as one of the documents that can be uploaded as a photo identity, the Health Ministry in a response to a RTI filed by the Internet Freedom Foundation (IFF) clarified that Aadhaar is nor mandatory for registration either through the Co-Win website or through Aarogya Setu. While, the Government has clarified that the App cannot be used by the general public to register for the vaccination, it still leaves open the question of the status of the personal data of the beneficiaries identified in the first phase of the process, who were registered on the App, and whose personal details were pre-populated on the App. In fact in certain instances,<a href="https://www.thenewsminute.com/article/teething-troubles-privacy-concerns-look-co-win-india-s-vaccine-portal-142015"> Aadhar details</a> were uploaded on the app as the identity proof, without the knowledge of the beneficiary. </p>
<p style="text-align: justify;" dir="ltr">These concerns are exacerbated in the absence of a robust data protection law and with the knowledge that the Co-Win platform (App and the website) does not have a dedicated independent privacy policy. While the Co-Win web portal does not provide any privacy policy, the <a href="https://play.google.com/store/apps/details?id=com.cowinapp.app">privacy policy</a> hyperlinked on the App directs the user to the Health Data Policy of the <a href="https://ndhm.gov.in/health_management_policy">National Health Data Management Policy, 2020.</a> The Central Government approved the Health Data Management Policy on December 14, 2020. It is an umbrella document for all entities operating under the digital health ecosystem. </p>
<p style="text-align: justify;" dir="ltr">An analysis of the Health Policy against the key internationally recognised privacy principles which are represented in most data protection frameworks in the world, including the Personal Data Protection Bill, 2019, highlights that the Health Policy does not provide any information on data retention, data sharing and the grievance redressal mechanism. It is important to note that the Health policy has also been framed in the absence of a robust data protection law; the Personal Data Protection Bill is still pending before Parliament. </p>
<p style="text-align: justify;" dir="ltr">The Co-WIn website does not provide any separate information on how long the data will be retained, whether the data will be shared and how many ministries/departments have access to the data. </p>
<p style="text-align: justify;" dir="ltr">A National Health Policy cannot and should not be used as a substitute for specific independent privacy policies of different apps that may be designed by the Government to collect and process the health data of users. Health Data is recognised as sensitive personal data under the proposed personal data protection bill and should be accorded the highest level of protection. This was also reiterated by the Karnataka High Court in its<a href="https://www.livelaw.in/news-updates/karnataka-high-court-privacy-article-21-constitution-aarogya-setu-app-168950"> recent interim order</a> on Aarogya Setu. It held that medical information or data is a category of data to which there is a reasonable expectation of privacy, and “the sharing of health data of a citizen without his/her consent will necessarily infringe his/her fundamental right of privacy under Article 21 of the Constitution of India.” <br /><br /></p>
<h3 style="text-align: justify;">Link with Aarogya Setu</h3>
<p style="text-align: justify;" dir="ltr"> A beneficiary registered on the Co-Win platform can use the Aarogya Setu App to download their vaccination certificate. Beneficiaries have now also been provided an option to register for vaccination through Aarogya Setu. However, the rationale for linking the two separate platforms is not clear, especially as Aaroya Setu has primarily been deployed as a contact tracing application. </p>
<p style="text-align: justify;" dir="ltr">There is no information on whether the data (and to what extent) that is stored in the Co-Win platform will be shared with Aarogya Setu. It is also not clear whether the consent of the beneficiary registered on the Co-Win platform will be obtained again prior to sharing the data or whether registration on the Co-Win platform will be regarded as general consent for sharing the data with Aarogya Setu. This is contrary to the principle of informed consent (i.e the consent has to be unambiguous, specific, informed and voluntary), which a data fiduciary has to comply with prior to obtaining personal data from the data principal. The privacy policy of Aarogya Setu has also not been amended to reflect this change in the purpose of the App.<br /> </p>
<h3 style="text-align: justify;">Co-Win registration as an entry to develop health IDs?</h3>
<p style="text-align: justify;" dir="ltr"> One of the objectives of the Health Data Management Policy is to develop a digital unique health ID for all the citizens. The National Health Data Management Policy states that participation in the National Health Data Ecosystem is voluntary; and the participants will, at any time, have the right to exit from the ecosystem. Currently, the policy has been rolled out on a pilot basis in 6 union territories, namely; Chandigarh, Dadra & Nagar Haveli, Daman & Diu, Puducherry, Ladakh and Lakshadweep. As Health is a state subject under the Indian Constitution, <a href="https://scroll.in/latest/972361/new-health-data-policy-may-be-misused-for-surveillance-chhattisgarh-minister-writes-to-vardhan">Chhattisgarh</a> has raised concerns about the viability and necessity of the policy, especially in the absence of a robust data protection legislation. </p>
<p style="text-align: justify;" dir="ltr"> Mr. R.S. Sharma, the Chairperson of the ‘Empowered Group on Technology and Data Management to combat Covid-19’ had in an <a href="https://www.indiatoday.in/coronavirus-outbreak/vaccine-updates/story/exclusive-besides-co-win-aarogya-setu-self-register-indi-vaccine-drive-1760833-2021-01-20">interview to India Today</a> stated “ “Not just for vaccinations, but the platform will be instrumental in becoming a digital health database for India”. This indicates that this is an initial step towards generating health ID for all the beneficiaries. It would also violate the<a href="https://www.accessnow.org/india-cowin-app/"> principle of purpose limitatio</a>n, that data collected for one purpose (for the vaccine) cannot be reused for another (for the creation of the Digital Health ID system) without an individual’s explicit consent and the option to opt-out.<br /><br /></p>
<h3 style="text-align: justify;">Conclusion</h3>
<p style="text-align: justify;" dir="ltr"> <a href="https://www.thehindu.com/opinion/editorial/injecting-confidence-the-hindu-editorial-on-indias-covid-19-vaccination-drive/article33595220.ece">Given India’s experience and reasonable success with childhood immunisation</a>, there is reasonable confidence that the country has the ability to scale up vaccination. However, the vaccination drive should not be used as a means to set aside the legitimate concerns of the citizens with regard to the mechanism deployed to get pet people to register for the vaccination drive. As a first step it is essential that Co-Win has a separate dedicated privacy policy which conforms to the internationally accepted privacy principles and enumerated in the Personal Data Protection Bill. It is also essential that Co-Win or any other app/digital platform should not be used as a backdoor entry for the government to create unique digital health IDs for the citizens, especially without their consent and in the absence of a robust data protection law. </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/an-analysis-of-the-covid-vaccine-intelligence-network-co-win-platform'>http://editors.cis-india.org/internet-governance/blog/an-analysis-of-the-covid-vaccine-intelligence-network-co-win-platform</a>
</p>
No publisherPallavi BediAarogya SetuHealth TechPiracyinternet governanceHealthcaree-Governance2021-03-25T13:14:46ZBlog EntryElectoral Databases – Privacy and Security Concerns
http://editors.cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns
<b>In this blogpost, Snehashish Ghosh analyzes privacy and security concerns which have surfaced with the digitization, centralization and standardization of the electoral database and argues that even though the law provides the scope for protection of electoral databases, the State has not taken any steps to ensure its safety.</b>
<p></p>
<p> </p>
<p style="text-align: justify; ">The recent move by the Election Commission of India (ECI) to tie-up with Google for providing electoral look-up services for citizens and electoral information services has faced heavy criticism on the grounds of data security and privacy.<a href="#_edn1" name="_ednref1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[i]</span></span></a> After due consideration, the ECI has decided to drop the plan.<a href="#_edn2" name="_ednref2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ii]</span></span></a></p>
<p style="text-align: justify; ">The plan to partner with Google has led to much apprehension regarding Google gaining access to the database of 790 million voters including, personal information such as age, place of birth and residence. It could have also gained access to cell phone numbers and email addresses had the voter chosen to enroll via the online portal on the ECI website. Although, the plan has been cancelled, it does not necessarily mean that the largest database of citizens of India is safe from any kind of security breach or abuse. In fact, the personal information of each voter in a constituency can be accessed by anyone through the ECI website and the publication of electoral rolls is mandated by the law.</p>
<p style="text-align: justify; "><b>Publication of Electoral Rolls</b><br />The electoral roll essentially contains the name of the voter, name of the relationship (son of/wife of, etc.), age, sex, address and the photo identity card number. The main objective of creation and maintenance of electoral rolls and the issue of Electoral Photo Identity Card (EPIC) was to ensure a free and fair election where the voter would have been able to cast his own vote as per his own choice. In other words, the main purpose of the exercise was to curtail bogus voting. This is achieved by cross referencing the EPIC with the electoral roll.</p>
<p style="text-align: justify; ">The process of creation and maintenance of electoral rolls is governed by the Registration of Electors Rules, 1960. Rule 22 requires the registration officer to publish the roll with list of amendments at his office for inspection and public information. Furthermore, ECI may direct the registration officer to send two copies of the electoral roll to every political party for which a symbol has exclusively been reserved by the ECI. It can be safely concluded that the electoral roll of a constituency is a public document<a href="#_edn3" name="_ednref3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iii]</span></span></a> given that the roll is published and can be circulated on the direction of the ECI.</p>
<p style="text-align: justify; ">With the computational turn, in 1998 the ECI took the decision to digitize the electoral databases. Furthermore, printed electoral rolls and compact discs containing the rolls are available for sale to general public.<a href="#_edn4" name="_ednref4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iv]</span></span></a> In addition to that, the electoral rolls for the entire country are available on the ECI website.<a href="#_edn5" name="_ednref5"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[v]</span></span></a> However, the current database is not uniform and standardized, and entries in some constituencies are available only in the local language. The ECI has taken steps to make the database uniform, standardized and centralized.<a href="#_edn6" name="_ednref6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vi]</span></span></a></p>
<p style="text-align: justify; "><b>Security Concerns</b><br />The Registration of Electoral Rules, 1960 is an archaic piece of delegated legislation which is still in force and casts a statutory duty on the ECI to publish the electoral rolls. The publication of electoral rolls is not a threat to security when it is distributed in hard copies and the availability of electoral rolls is limited. The security risks emerge only after the digitization of electoral database, which allows for uniformity, standardization and centralization of the database which in turn makes it vulnerable and subject to abuse. The law has failed to evolve with the change in technology.</p>
<p style="text-align: justify; ">In a recent article, Bill Davidow analyzes "the dark side of Moore’s Law" and argues that with the growth processing power there has been a growth in surveillance capabilities and on this note the article is titled, “<i>With Great Computing Power Comes Great Surveillance”</i><a href="#_edn7" name="_ednref7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vii]</span></span></a> Drawing from Davidow’s argument, with the exponential growth in computing power, search has become convenient, faster and cheap. A uniform, standardized and centralized database bearing the personal information of 790 million voters can be searched and categorized in accordance with the search terms. The personal information of the voters can be used for good, but it can be equally abused if it falls into the wrong hands. Big data analysis or the computing power makes it easier to target voters, as bits and pieces of personal information give a bigger picture of an individual, a community, etc. This can be considered intrusive on individual’s privacy since the personal information of every voter is made available in the public domain</p>
<p style="text-align: justify; ">For example, the availability of a centralized, searchable database of voters along with their age would allow the appropriate authorities to identify wards or constituencies, which has a high population of voters above the age of 65. This would help the authority to set up polling booths at closer location with special amenities. However, the same database can be used to search for density of members of a particular community in a ward or constituency based on the name, age, sex of the voters. This information can be used to disrupt elections, target vulnerable communities during an election and rig elections.</p>
<p style="text-align: justify; "><b>Current IT Laws does not mandate the protection of the electoral database</b><br />A centralized electoral database of the entire country can be considered as a critical information infrastructure (CII) given the impact it may have on the election which is the cornerstone of any democracy. Under Section 70 of the Information Technology Act, 2000 (IT Act) CII means “the computer resource, incapacitation or destruction of which, shall have debilitating impact on national security, economy.”<a href="#_edn8" name="_ednref8"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[viii]</span></span></a> However, the appropriate Government has not notified the electoral database as a protected system<a href="#_edn9" name="_ednref9"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ix]</span></span></a>. Therefore, information security practices and procedures for a protected system are not applicable to the electoral database.</p>
<p style="text-align: justify; ">The Information Technology Rules (IT Rules) are also not applicable to electoral databases, <i>per se</i>. Since, ECI is not a body corporate, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), Rules, 2011 (<i>hereinafter </i>Reasonable Security Practices Rules) do not apply to electoral databases. Ignoring that Reasonable Security Practices Rules only apply to a body corporate, the electoral database does fall within the ambit of definition of “personal information”<a href="#_edn10" name="_ednref10"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[x]</span></span></a> and should arguably be made subject to the Rules.</p>
<p style="text-align: justify; ">The intent of the ECI for hosting the entire country’s electoral database online <i>inter alia</i> is to provide electronic service delivery to the citizens. It seeks to provide “electoral look up services for citizens ... for better electoral information services.”<a href="#_edn11" name="_ednref11"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[xi]</span></span></a> However, the Information Technology (Electronic Service Delivery) Rules, 2011 are not applicable to the electoral database given that it is not notified by the appropriate Government as a service to be delivered electronically. Hence, the encryption and security standards for electronic service delivery are not applicable to electoral rolls.</p>
<p style="text-align: justify; ">The IT Act and the IT Rules provide a reasonable scope for the appropriate Government to include electoral databases within the ambit of protected system and electronic service delivery. However, the appropriate government has not taken any steps to notify electoral database as protected system or a mode of electronic service delivery under the existing laws.</p>
<p style="text-align: justify; "><b>Conclusion</b><br />Publication of electoral rolls is a necessary part of an election process. It ensures free and fair election and promotes transparency and accountability. But unfettered access to electronic electoral databases may have an adverse effect and would endanger the very goal it seeks to achieve because the electronic database may pose threat to privacy of the voters and also lead to security breach. It may be argued that the ECI is mandated by the law to publish the electoral database and hence, it is beyond the operation of the IT Act. But Section 81 of the IT Act has an overriding effect on any law inconsistent, therewith. The appropriate Government should take necessary steps under the IT Act and notify electoral databases as a protected system.</p>
<p style="text-align: justify; ">It is recommended that the Electors Registration Rules, 1960 should be amended, taking into account the advancement in technology. Therefore, the Rules should aim at restricting the unfettered electronic access to the electoral database and also introduce purposive limitation on the use of the electoral database. It should also be noted that more adequate and robust data protection and privacy laws should be put in place, which would regulate the collection, use, storage and processing of databases which are critical to national security.</p>
<div>
<hr align="left" size="1" width="100%" />
<div id="edn1">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref1" name="_edn1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[i]</span></span></a> Pratap Vikram Singh, Post-uproar, EC’s Google tie-up plan may go for a toss, Governance Now, January 7, 2014 available at <a class="external-link" href="http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss">http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss</a></p>
</div>
<div id="edn2">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref2" name="_edn2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ii]</span></span></a> Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at <a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf">http://eci.nic.in/eci_main1/current/PN09012014.pdf</a></p>
</div>
<div id="edn3">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref3" name="_edn3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iii]</span></span></a> Section 74, Indian Evidence Act, 1872</p>
</div>
<div id="edn4">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref4" name="_edn4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iv]</span></span></a> <a class="external-link" href="http://eci.nic.in/eci_main1/the_function.aspx">eci.nic.in/eci_main1/the_function.aspx</a></p>
</div>
<div id="edn5">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref5" name="_edn5"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[v]</span></span></a> <a class="external-link" href="http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx">http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx</a></p>
</div>
<div id="edn6">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref6" name="_edn6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vi]</span></span></a> “At present, in most States and UTs the Electoral Database is kept at the district level. In some cases it is kept even with the vendors. In most States/UTs it is maintained in MS Access, while in some cases it is on a primitive technology like FoxPro and in some other cases on advanced RDBMS like Oracle or Sql Server. The database is not kept in bilingual form in some of the States/UTs, despite instructions of the Commission. In most cases Unicode fonts are not used. The database structure not being uniform in the country, makes it almost impossible for the different databases to talk to each other” – Election Commission of India, Revision of Electoral Rolls with reference to 01-01-2010 as the qualifying date – Integration and Standardization of the database- reg., No. 23/2009-ERS, January 6, 2010 available at e<a class="external-link" href="http://eci.nic.in/eci_main/eroll&epic/ins06012010.pdf">ci.nic.in/eci_main/eroll&epic/ins06012010.pdf</a><span dir="RTL"></span></p>
</div>
<div id="edn7">
<p class="MsoEndnoteText"><a href="#_ednref7" name="_edn7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vii]</span></span></a><a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf"><span><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"> </span></span></span>http://www.theatlantic.com/technology/archive/2014/01/with-great-computing-power-comes-great-surveillance/282933/</a></p>
</div>
<div id="edn8">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref8" name="_edn8"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[viii]</span></span></a> Section 70, Information Technology Act, 2000</p>
</div>
<div id="edn9">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref9" name="_edn9"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ix]</span></span></a> Computer resource which directly or indirectly affects the facility of Critical Information Infrastructure</p>
</div>
<div id="edn10">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref10" name="_edn10"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[x]</span></span></a> Rule 2(1)(i), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011</p>
</div>
<div id="edn11">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref11" name="_edn11"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[xi]</span></span></a> Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at <a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf">http://eci.nic.in/eci_main1/current/PN09012014.pdf</a></p>
</div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns'>http://editors.cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns</a>
</p>
No publishersnehashishDigital GovernancePrivacyCybersecurityData ProtectionInternet GovernanceSafetyInformation TechnologyCyber SecuritySecuritye-GovernanceTransparency, PoliticsE-Governance2014-01-16T11:07:21ZBlog EntryCIS Comments on the Draft National Policy on Electronics
http://editors.cis-india.org/internet-governance/comments-draft-national-policy-on-electronics
<b>These were the comments submitted by CIS to the request for comments put out by the Department of Information Technology on its draft 'National Policy on Electronics'.</b>
<p> </p>
<p>The Department of Information Technology must be commended for taking the initiative to create <a class="external-link" href="http://www.mit.gov.in/sites/upload_files/dit/files/Draft-NationalPolicyonElectronics2011_4102011(2).pdf">this policy</a> which aims to reduce India’s dependence on other countries for crucial electronic hardware requirements, and to increase Indian production to such a capacity as to not only serve India’s increasing demand for electronics, but to fulfil foreign demand as well.</p>
<p>We have mainly focused our comments on the implications of the patent regime on this laudable goal.</p>
<h2 id="technology-transfer">Technology Transfer</h2>
<p>An area that the policy is silent on is technology transfer. In relation to technology, the main bargain embedded in the Trade-Related Intellectual Property Rights (TRIPS) Agreement of the WTO was the increase in the level of protection offered under patent laws of developing countries in exchange for increased transfer of technological know-how from the developed countries. While India has increased patent protection in accordance with the TRIPS Agreement, there has been no commensurate transfer of technology from countries which are currently hubs of electronics know-how.</p>
<p>One important example is China’s policy on transfer of technology along the whole value chain to enable domestic firms to gain technological expertise.</p>
<p>The Association of American Manufacturing notes, “One of the most potent weapons China has used to move up the value chain is forced technology transfer … It is only through the acquisition (rather than internal development) of sophisticated technologies that Chinese companies have been able to rapidly enter and expand in sophisticated industries ….”</p>
<p>This insistence on technology transfer as a national policy has served China well, and their experience should be incorporated into India’s National Policy on Electronics. This is not to say that India should not internally develop our own technological capabilities, but that the Indian government must use the policy space available to it to ensure that acquisition of technological capabilities happens alongside.</p>
<h2 id="outflow-of-foreign-exchange-as-royalties-creating-adverse-balance-of-payments">Outflow of Foreign Exchange as Royalties Creating Adverse Balance of Payments</h2>
<p>The latest data from the World Bank shows that our balance of payments is increasing adversely at an alarming rate, and has now reached over USD 2.38 billion.</p>
<p>Our royalty and licence fee payments have kept on increasing at an astounding rate.</p>
<h3 id="table-indias-royalty-and-licence-fees-payments-current-usd">Table: India’s royalty and licence fees payments (current USD)</h3>
<table class="plain">
<thead>
<tr>
<th align="right">1991</th>
<th align="right">2006</th>
<th align="right">2007</th>
<th align="right">2008</th>
<th align="right">2009</th>
<th align="right">2010</th>
</tr>
</thead>
<tbody>
<tr>
<td align="right">49,565,208</td>
<td align="right">845,949,436</td>
<td align="right">1,159,824,391</td>
<td align="right">1,528,826,913</td>
<td align="right">1,860,283,808</td>
<td align="right">2,437,500,663</td>
</tr>
</tbody>
</table>
<p> </p>
<p>Meanwhile India’s income is gaining slowly and erratically, and in 20100 reached USD 59.6 million.</p>
<h3 id="table-indias-royalty-and-licence-fees-receipts-current-usd">Table: India’s royalty and licence fees, receipts (current USD)</h3>
<table class="plain">
<thead>
<tr class="header">
<th align="right">1991</th>
<th align="right">2006</th>
<th align="right">2007</th>
<th align="right">2008</th>
<th align="right">2009</th>
<th align="right">2010</th>
</tr>
</thead>
<tbody>
<tr>
<td align="right">615,525</td>
<td align="right">13,445,053</td>
<td align="right">30,690,000</td>
<td align="right">27,211,957</td>
<td align="right">38,128,141</td>
<td align="right">59,560,687</td>
</tr>
</tbody>
</table>
<p>This bleeds the Indian economy through a very inefficient outflow of capital. Insisting on transfer of technology is an important component in slowing down this trend.</p>
<h2 id="linking-of-value-chain-and-preferential-treatment">Linking of Value Chain and Preferential Treatment</h2>
<p>One important clarification that is needed in the policy (specifically clause IV.1.3) is that “domestically manufactured electronic products” is intended to mean not those products for which the last part of value has been added in India. This way essentially non-Indian products with Indian branding can be seen to be “domestically manufactured electronic products”. The longer the Indian part of the value chain, the more preference it should be given, and holding by Indian companies of essential patent rights (or the availability of greater number of components of the product under royalty-free, FRAND and RAND licences) could be an important criteria. This will also encourage the transfer of technological know-how to Indian firms.</p>
<h2 id="preferential-treatment">Preferential Treatment</h2>
<p>Some may argue that the provision of preferential treatment to domestic manufacturers contravenes the GATT Agreement, however the GATT Agreement itself provides a usable exception in Article 3(8):</p>
<blockquote class="callout">
<p>Article III: National Treatment on Internal Taxation and Regulation</p>
<p>8 (a) The provisions of this Article shall not apply to laws, regulations or requirements governing the procurement by governmental agencies of products purchased for governmental purposes and not with a view to commercial resale or with a view to use in the production of goods for commercial sale.</p>
<p>(b) The provisions of this Article shall not prevent the payment of subsidies exclusively to domestic producers, including payments to domestic producers derived from the proceeds of internal taxes or charges applied consistently with the provisions of this Article and subsidies effected through governmental purchases of domestic products.</p>
</blockquote>
<p> </p>
<p>Thus, by crafting any further regulation under this policy to fit within this exception, India would not fall afoul of its obligations under GATT.</p>
<h2 id="cybersecurity-and-source-code">Cybersecurity and Source Code</h2>
<p>An important aspect of the cybersecurity that is discussed in clause IV.5 is the ability to validate the lack of malicious code in the electronics used in strategically important infrastructure. For this, manufacturers must be required to provide the source code as part of government tenders in strategically important infrastructure.</p>
<h2 id="distinction-between-innovation-and-intellectual-property">Distinction between Innovation and Intellectual Property</h2>
<p>The Electronic Development Fund must seek to promote innovation, research and development, and commercialization of products, and must be used to strategically acquire patents. Promotion of patents is not an end in itself, unlike promotion of innovation and ensuring that research and development reaches markets through commercialization. Patents are only a means to an end, and may sometimes be strategically useful, and often stand in way of gaining optimal use of technology by markets due to their monopolistic nature. Thus, it is recommended that “promotion of IP” be dropped from this clause, and instead “promotion of strategic acquirement and use of patents” be substituted in its place.</p>
<h2 id="national-electronics-mission">National Electronics Mission</h2>
<p>The National Electronics Mission should not only have industry participation but also participation from academia and civil society.</p>
<h2 id="funding">Funding</h2>
<p>The issue of funding for the initiatives outlined in this policy must be addressed as well.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/comments-draft-national-policy-on-electronics'>http://editors.cis-india.org/internet-governance/comments-draft-national-policy-on-electronics</a>
</p>
No publisherpraneshGovernment FeedbackIntellectual Property RightsInternet Governancee-GovernanceSubmissionsPatents2011-11-01T00:05:32ZBlog Entry