All Blogs
- 90% of respondents work in companies with a dedicated team responsible for the security of software. 80% of them do not carry out any further security checks on an OSS once it has been approved for use by their security teams.
- 80% of respondents see comprehensive documentation as an important factor when selecting an OSS for use.
- 70% of respondents report validating dependencies in their selected open-source software component.
- 50% of respondents consider how actively an open-source software is maintained before selecting it for their projects.
- 40% of respondents do not anticipate accidental exploitation of vulnerabilities or expect malice from bad actors when they create software.
- 30% of respondents report not doing any post-release maintenance on the OSS component used and deployed.
WIPO SCCR 43: Notes from Day 2
Rights of broadcasters
Iran wanted clarifications about whether the rights granted to broadcasters under the treaty would be a negative right (right to prohibit) or a positive right (right to authorise). Iran also highlighted that there was a need to clarify definitions in the treaty, particularly with respect to user generated contents shared on websites such as Youtube, in comparison with traditional broadcasters.
The Chair clarified that the treaty provides two sets of rights, positive rights under Article 6 and 7 and negative rights under Article 8 and 9. The Chair also clarified that the treaty aimed to bridge the various legal frameworks, based on copyright, under a rights based approach and a signal based approach. In the signal based approach, the positive right under Article 6 is based to protect only live signal and the protection ends at the point of fixation, hence there is no relation between the right of fixation Article 7 and the right to prohibit transmission and deferred transmission under article 8. The Chair further clarified that the positive right ends at fixation after which the right to prohibit comes into play. With respect to User Generated Content the Chair clarified that the current draft of the treaty focused protection to traditional broadcasters and not other service providers.
Terms of the Right The USA highlighted their concern over the possible perpetual term of fixation rights and requested that a revised text could have some explicit time limit. Singapore echoed USA’s concern over the absence of limitations on the duration of the rights of the broadcasters which could give broadcasters perpetual protection of a programme. Similarly Pakistan questioned the need for a right of fixation highlighting that piracy was an enforcement issue. With respect to the term of protection the Chair clarified that the treaty sought to provide practical protection to broadcasters of their live signal, and not the content of the broadcast. Further clarifying that one of the main aims of the treaty was the protection of simultaneous retransmission, and to provide protection in case there was a fixation of the signals.
Limitations and Exceptions
Iran and Brazil highlighted issues about limitations and exceptions. While Iran stated that the inclusion of the three step test in the treaty would water down the limitations and exceptions provisions, Brazil highlighted that the Article 11 of the treaty did not follow the text of the Marakesh convention or the Beijing treaty regarding Limitations and Exceptions. Brazil highlighted that there was a need to clarify in the text of the treaty itself that the list provided under the Article is illustrative and not exhaustive. In addition to this they stated that the text of the treaty should also establish the presumption that all the examples listed have already fulfilled the three steps. Brazil also highlighted the question about the consequence of the proposal on works in the public domain that are not sufficiently clear. The draft should ensure that public domain content when broadcasted should not receive another layer of protection.
Communia, Knowledge Ecology International (KEI) and Innovarte also highlighted issues that might come up with broadcasting works that are in the public domain. Communia provided examples where the broadcasters might have the only good copy of historic events and reporting that have now become a part of the public domain, however the broadcasters could reappropriate these which are in the public domain with new exclusive rights through this treaty. Communia hence suggested a need for exclusion of public domain works in the treaty. Innovarte highlighted Article 6 of the Berne convention which allows for exceptions related to public interest such as use of excerpts.
Agenda Item 6 and 7 - Limitations and Exceptions for Libraries and Archives, for Educational and Research Institutions and for Persons with Other disabilities
Working towards a binding international L&E instrument
The beginning of the discussion on Limitations and Exceptions began with the CEBS Group, Group B, the European Union and the USA emphasising on the need to look at other avenues to implement L and E without going for a legally binding international instrument. Some of the solutions provided included strengthening existing national legislations, existing solutions within the framework of the existing international treaties, exchange of best practices, and capacity building for countries to implement L&E’s in their national legislations.
Ghana on behalf of the African Group stated that there was a need to provide mutual benefit between those who generate and those who use creative works. Ghana also highlighted the issues with cross border access and sharing of copyrighted materials which is becoming increasingly difficult for libraries, archives, museums and research institutions to access. Ghana highlighted the need for a strong support in development of a legal instrument on Limitations and Exceptions, for libraries, archives, museums and for persons with disabilities other than blindness. South Africa in their statement also highlighted the benefit L&E’s would provide to both creators and users, and the cross border transfer of data. And extended their support to the statement of Ghana and work towards an international instrument whether model law, joint recommendation or a treaty.
Security of Open Source Software : A Survey of Technical Stakeholders’ Perceptions and Actions
Open-source software (OSS) components are largely assumed to be secure due to their open nature. However, that is not always the case. Of late, there has been an increased incidence of software supply-chain issues, with some industry reports estimating a 300% increase in attacks that exploit existing vulnerabilities between 2020 and 2021.
This report by Centre for Internet and Society surveys technical stakeholders to determine how they select OSS components to use in their projects and how they think broadly about the security of the projects they create.
Highlights:
Click to download the full report
Securing Our Dependence on Code Reuse in Software
Dividing and breaking up a software project into smaller modules with functionality that can be reused to build other software is an increasingly common practice in software development today. We examine our infrastructural dependence on reuse of open-source software (OSS) components, examine the unique security risks posed by the widespread reuse of code, and survey systemic solutions to securing code reuse.
CIS Statement in WIPO SCCR 43
Shweta Mohandas delivered a statement on behalf of CIS, on day 1 of the 43rd WIPO SCCR session on the Broadcast Treaty.
CensorWatch: On the Implementation of Online Censorship in India
Results from a nation-wide empirical study on web censorship
Civil Society’s second opinion on a UHI prescription
On January 13, Pallavi Bedi and Shweta Mohandas from CIS participated in an online collaboration organised by Internet Freedom Foundation for a joint submission to the Consultation Paper on Operationalising Unified Health Interface (UHI) in India released by the National Health Authority.
Comments to the proposed amendments to The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
This note presents comments by the Centre for Internet and Society (CIS), India, on the proposed amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“proposed amendments”). We thank Isha Suri for her review of this submission.
The Centre for Internet and Society’s comments and recommendations to the: The Digital Data Protection Bill 2022
The Centre for Internet & Society (CIS) published its comments and recommendations to the Digital Personal Data Protection Bill, 2022, on December 17, 2022.
CIS’ Comments to the (Draft) Indian Telecommunication Bill 2022
The Department of Telecommunications, Government of India invited comments on the Draft Indian Telecommunication Bill, 2022. The Centre for Internet & Society (CIS) submitted its comments.
Why spectrum needs a change in approach
Rajat Kathuria and Isha Suri write: It must be recognised that spectrum needs to be combined with other infrastructure to enable service delivery.
‘Techplomacy’ and the negotiation of AI standards for the Indo-Pacific
Researchers at the Australian Strategic Policy Institute have partnered with the Centre for Internet and Society (Bengaluru) to produce a ‘techplomacy guide’ on negotiating AI standards for stakeholders in the Indo-Pacific.
Exploring Knowledge Repositories on Water Resources in India
This research study explores knowledge repositories on water resources in India, with a focus on how the digital transition has impacted the process of creation & access to these resources and possible collaborations to build open digital repositories around water. The research was undertaken by Subodh Kulkarni, with editorial inputs by Puthiya Purayil Sneha, and Chiara Furtado. This is part of a series of short-term studies undertaken by the CIS-A2K team in 2021–2022.
Infrastructural Needs of Indian Language Wikisource Projects
This is a short study on identifying the infrastructural gaps on Indian language Wikisource projects, and potential strategies to address the same. The study was undertaken by Jayantha Nath, Puthiya Purayil Sneha and Satdeep Gill, with writing and editorial oversight by Puthiya Purayil Sneha and an external review by Divyank Katira. This is part of a series of short-term studies undertaken by the CIS-A2K team in 2021-22.
Mapping Content on Gender and Sexuality in Indian Languages
This research study explores content production processes on gender and sexuality in Indian languages, its digital documentation and factors that affect its availability and use on open access platforms. The research was undertaken by Yashashwini Srinivas, with editorial inputs by Puthiya Purayil Sneha, and Torsha Sarkar. This research was part of short-term studies undertaken at the CIS-A2K programme 2021-22.
Demystifying Data Breaches in India
Despite the rate at which data breaches occur and are reported in the media, there seems to be little information about how and when they are resolved. This post examines the discourse on data breaches in India with respect to their historical forms, with a focus on how the specific terminology to describe data security incidents has evolved in mainstream news media reportage.
Digitisation of O Bharat, a bilingual biweekly published in Goa from 1912 to 1949
The digitization project of O Bharat, a historic biweekly published between 1912 to 1949 in Goa was completed through collaboration of different organizations. The trustees of Bharatkar Hegde Desai Trust initiated the project in collaboration with Marathi department of Goa University, Bhakti Dnyan Marg Sanstha and Goa Central Library. The Centre for Internet and Society's Access to Knowledge Programme facilitated the project with technical and financial assistance. Two local students scanned 12000 pages in 8 days. The year wise volumes of O Bharat are now freely available on Wikimedia Commons in the form of archive.
Digitisation of O Bharat, a bilingual biweekly published in Goa from 1912 to 1949
It all started like this. During the Wikimedia session at Goa University in October 2021, it was realised that there is very little documentation about the ‘Goa Liberation Struggle’ on Wikimedia projects. So, in the meeting Prof. Vinay Madgaonkar from the Marathi language department took the lead to develop a project around this theme.
Getting the (Digital) Indo-Pacific Economic Framework Right
On the eve of the Tokyo Quad Summit in May 2022, President Biden unveiled the Indo-Pacific Economic Framework (IPEF), visualising cooperation across the Indo-Pacific based on four pillars: trade; supply chains; clean energy, decarbonisation and infrastructure; and tax and anti-corruption. Galvanised by the US, the other 13 founding members of the IPEF are Australia, Brunei Darussalam, India, Indonesia, Japan, Republic of Korea, Malaysia, New Zealand, Philippines, Singapore, Thailand and Vietnam. The first official in-person Ministerial meeting was held in Los Angeles on 9 September 2022.
NHA Data Sharing Guidelines – Yet Another Policy in the Absence of a Data Protection Act
In July this year, the National Health Authority (NHA) released the NHA Data Sharing Guidelines for the Pradhan Mantri Jan Aarogya Yojana (PM-JAY) just two months after publishing the draft Health Data Management Policy.
Designing Domestic Work Platforms
This research was conducted by The Center for Internet and Society (CIS) with funding from Association for Progressive Communication (APC) through the Feminist Internet Research Network (FIRN), supported by International Development Research Centre (IDRC). The authors are deeply grateful to the platform workers who talked to us and shared their experiences of finding work through Urban Company. Their responses shaped our research and their insights guided the creation of this final report.
Document Actions
