Reflections on Personal Data Protection Bill, 2019

By Sangh Rakshita and Nidhi Singh

Image result for data protection"

 The Personal Data Protection Bill, 2019 (PDP Bill/ Bill) was introduced in the Lok Sabha on December 11, 2019 , and was immediately referred to a joint committee of the Parliament. The joint committee published a press communique on February 4, 2020 inviting comments on the Bill from the public.

The Bill is the successor to the Draft Personal Data Protection Bill 2018 (Draft Bill 2018), recommended by a government appointed expert committee chaired by Justice B.N. Srikrishna. In August 2018, shortly after the recommendations and publication of the draft Bill, the Ministry of Electronics and Information Technology (MeitY) invited comments on the Draft Bill 2018 from the public. (Our comments are available here.)[1]

In this post we undertake a preliminary examination of:

  • The scope and applicability of the PDP Bill
  • The application of general data protection principles
  • The rights afforded to data subjects
  • The exemptions provided to the application of the law

In future posts in the series we will examine the Bill and look at the:

  • The restrictions on cross border transfer of personal data
  • The structure and functions of the regulatory authority
  • The enforcement mechanism and the penalties under the PDP Bill

Scope and Applicability

The Bill identifies four different categories of data. These are personal data, sensitive personal data, critical personal data and non-personal data

Personal data is defined as “data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, whether online or offline, or any combination of such features with any other information, and shall include any inference drawn from such data for the purpose of profiling. (emphasis added)

The addition of inferred data in the definition realm of personal data is an interesting reflection of the way the conversation around data protection has evolved in the past few months, and requires further analysis.

Sensitive personal data is defined as data that may reveal, be related to or constitute a number of different categories of personal data, including financial data, health data, official identifiers, sex life, sexual orientation, genetic data, transgender status, intersex status, caste or tribe, and religious and political affiliations / beliefs. In addition, under clause 15 of the Bill the Central Government can notify other categories of personal data as sensitive personal data in consultation with the Data Protection Authority and the relevant sectoral regulator.

Similar to the 2018 Bill, the current bill does not define critical personal data and clause 33 provides the Central Government the power to notify what is included under critical personal data. However, in its report accompanying the 2018 Bill, the Srikrishna committee had referred to some examples of critical personal data that relate to critical state interest like Aadhaar number, genetic data, biometric data, health data, etc.

The Bill retains the terminology introduced in the 2018 Draft Bill, referring to data controllers as ‘data fiduciaries’ and data subjects ‘data principals’. The new terminology was introduced with the purpose of reflecting the fiduciary nature of the relationship between the data controllers and subjects. However, whether the use of the specific terminology has more impact on the protection and enforcement of the rights of the data subjects still needs to be seen.

 Application of PDP Bill 2019

The Bill is applicable to (i) the processing of any personal data, which has been collected, disclosed, shared or otherwise processed in India; (ii) the processing of personal data by the Indian government, any Indian company, citizen, or person/ body of persons incorporated or created under Indian law; and (iii) the processing of personal data in relation to any individuals in India, by any persons outside of India.

The scope of the 2019 Bill, is largely similar in this context to that of the 2018 Draft Bill. However, one key difference is seen in relation to anonymised data. While the 2018 Draft Bill completely exempted anonymised data from its scope, the 2019 Bill does not apply to anonymised data, except under clause 91 which gives the government powers to mandate the use and processing of non-personal data or anonymised personal data under policies to promote the digital economy. There are a few concerns that arise in context of this change in treatment of anonymised personal data. First, there are concerns on the concept of anonymisation of personal data itself. While the Bill provides that the Data Protection Authority (DPA) will specify appropriate standards of irreversibility for the process of anonymisation, it is not clear that a truly irreversible form of anonymisation is possible at all. In this case, we need more clarity on what safeguards will be applicable for the use of anonymised personal data.

Second, is the Bill’s focus on the promotion of the digital economy. We have previously discussed some of the concerns regarding focus on the promotion of digital economy in a rights based legislation in our comments to the Draft Bill 2018.

These issues continue to be of concern, and are perhaps heightened with the introduction of a specific provision on the subject in the 2019 Bill (especially without adequate clarity on what services or policy making efforts in this direction, are to be informed by the use of anonymised personal data). Many of these issues are also still under discussion by the committee of experts set up to deliberate on data governance framework (non-personal data). The mandate of this committee includes the study of various issues relating to non-personal data, and to make specific suggestions for consideration of the central government on regulation of non-personal data.

The formation of the non-personal data committee was in pursuance of a recommendation by the Justice Srikrishna Committee to frame a legal framework for the protection of community data, where the community is identifiable. The mandate of the expert committee will overlap with the application of clause 91(2) of the Bill.

Data Fiduciaries, Social Media Intermediaries and Consent Managers

Data Fiduciaries

As discussed above the Bill categorises data controllers as data fiduciaries and significant data fiduciaries. Any person that determines the purpose and means of processing of personal data, (including the State, companies, juristic entities or individuals) is considered a data fiduciary. Some data fiduciaries may be notified as ‘significant data fiduciaries’, on the basis of factors such as the volume and sensitivity of personal data processed, the risks of harm etc. Significant data fiduciaries are held to higher standards of data protection. Under clauses 27-30, significant data fiduciaries are required to carry out data protection impact assessments, maintain accurate records, audit policy and the conduct of its processing of personal data and appoint a data protection officer. 

Social Media Intermediaries

The Bill introduces a distinct category of intermediaries called social media intermediaries. Under clause 26(4) a social media intermediary is ‘an intermediary who primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services’. Intermediaries that primarily enable commercial or business-oriented transactions, provide access to the Internet, or provide storage services are not to be considered social media intermediaries.

Social media intermediaries may be notified to be significant data fiduciaries, if they have a minimum number of users, and their actions have or are likely to have a significant impact on electoral democracy, security of the State, public order or the sovereignty and integrity of India.

Under clause 28 social media intermediaries that have been notified as a significant data fiduciaries will be required to provide for voluntary verification of users to be accompanied with a demonstrable and visible mark of verification.

Consent Managers

The Bill also introduces the idea of a ‘consent manager’ i.e. a (third party) data fiduciary which provides for management of consent through an ‘accessible, transparent and interoperable platform’. The Bill does not contain any details on how consent management will be operationalised, and only states that these details will be specified by regulations under the Bill. 

Data Protection Principles and Obligations of Data Fiduciaries

Consent and grounds for processing

The Bill recognises consent as well as a number of other grounds for the processing of personal data.

Clause 11 provides that personal data shall only be processed if consent is provided by the data principal at the commencement of processing. This provision, similar to the consent provision in the 2018 Draft Bill, draws from various principles including those under the Indian Contract Act, 1872 to inform the concept of valid consent under the PDP Bill. The clause requires that the consent should be free, informed, specific, clear and capable of being withdrawn.

Moreover, explicit consent is required for the processing of sensitive personal data. The current Bill appears to be silent on issues such as incremental consent which were highlighted in our comments in the context of the Draft Bill 2018.

The Bill provides for additional grounds for processing of personal data, consisting of very broad (and much criticised) provisions for the State to collect personal data without obtaining consent. In addition, personal data may be processed without consent if required in the context of employment of an individual, as well as a number of other ‘reasonable purposes’. Some of the reasonable purposes, which were listed in the Draft Bill 2018 as well, have also been a cause for concern given that they appear to serve mostly commercial purposes, without regard for the potential impact on the privacy of the data principal.

In a notable change from the Draft Bill 2018, the PDP Bill, appears to be silent on whether these other grounds for processing will be applicable in relation to sensitive personal data (with the exception of processing in the context of employment which is explicitly barred).

Other principles

The Bill also incorporates a number of traditional data protection principles in the chapter outlining the obligations of data fiduciaries. Personal data can only be processed for a specific, clear and lawful purpose. Processing must be undertaken in a fair and reasonable manner and must ensure the privacy of the data principal – a clear mandatory requirement, as opposed to a ‘duty’ owed by the data fiduciary to the data principal in the Draft Bill 2018 (this change appears to be in line with recommendations made in multiple comments to the Draft Bill 2018 by various academics, including our own).

Purpose and collection limitation principles are mandated, along with a detailed description of the kind of notice to be provided to the data principal, either at the time of collection, or as soon as possible if the data is obtained from a third party. The data fiduciary is also required to ensure that data quality is maintained.

A few changes in the application of data protection principles, as compared to the Draft Bill 2018, can be seen in the data retention and accountability provisions.

On data retention, clause 9 of the Bill provides that personal data shall not be retained beyond the period ‘necessary’ for the purpose of data processing, and must be deleted after such processing, ostensibly a higher standard as compared to ‘reasonably necessary’ in the Draft Bill 2018. Personal data may only be retained for a longer period if explicit consent of the data principal is obtained, or if retention is required to comply with law. In the face of the many difficulties in ensuring meaningful consent in today’s digital world, this may not be a win for the data principal.

Clause 10 on accountability continues to provide that the data fiduciary will be responsible for compliance in relation to any processing undertaken by the data fiduciary or on its behalf. However, the data fiduciary is no longer required to demonstrate such compliance.

Rights of Data Principals

Chapter V of the PDP Bill 2019 outlines the Rights of Data Principals, including the rights to access, confirmation, correction, erasure, data portability and the right to be forgotten. 

Right to Access and Confirmation

The PDP Bill 2019 makes some amendments to the right to confirmation and access, included in clause 17 of the bill. The right has been expanded in scope by the inclusion of sub-clause (3). Clause 17(3) requires data fiduciaries to provide data principals information about the identities of any other data fiduciaries with whom their personal data has been shared, along with details about the kind of data that has been shared.

This allows the data principal to exert greater control over their personal data and its use.  The rights to confirmation and access are important rights that inform and enable a data principal to exercise other rights under the data protection law. As recognized in the Srikrishna Committee Report, these are ‘gateway rights’, which must be given a broad scope.

Right to Erasure

The right to correction (Clause 18) has been expanded to include the right to erasure. This allows data principals to request erasure of personal data which is not necessary for processing. While data fiduciaries may be allowed to refuse correction or erasure, they would be required to produce a justification in writing for doing so, and if there is a continued dispute, indicate alongside the personal data that such data is disputed.

The addition of a right to erasure, is an expansion of rights from the 2018 Bill. While the right to be forgotten only restricts or discontinues disclosure of personal data, the right to erasure goes a step ahead and empowers the data principal to demand complete removal of data from the system of the data fiduciary.

Many of the concerns expressed in the context of the Draft Bill 2018, in terms of the procedural conditions for the exercise of the rights of data principals, as well as the right to data portability specifically, continue to persist in the PDP Bill 2019.

Exceptions and Exemptions

While the PDP Bill ostensibly enables individuals to exercise their right to privacy against the State and the private sector, there are several exemptions available, which raise several concerns.

The Bill grants broad exceptions to the State. In some cases, it is in the context of specific obligations such as the requirement for individuals’ consent. In other cases, State action is almost entirely exempted from obligations under the law. Some of these exemptions from data protection obligations are available to the private sector as well, on grounds like journalistic purposes, research purposes and in the interests of innovation.

The most concerning of these provisions, are the exemptions granted to intelligence and law enforcement agencies under the Bill. The Draft Bill 2018, also provided exemptions to intelligence and law enforcement agencies, so far as the privacy invasive actions of these agencies were permitted under law, and met procedural standards, as well as legal standards of necessity and proportionality. We have previously discussed some of the concerns with this approach here.

The exemptions provided to these agencies under the PDP Bill, seem to exacerbate these issues.

Under the Bill, the Central Government can exempt an agency of the government from the application of this Act by passing an order with reasons recorded in writing if it is of the opinion that the exemption is necessary or expedient in the interest of sovereignty and integrity, security of the state, friendly relations with foreign states, public order; or for preventing incitement to the commission of any cognizable offence relating to the aforementioned grounds. Not only have the grounds on which government agencies can be exempted been worded in an expansive manner, the procedure of granting these exemptions also is bereft of any safeguards.

The executive functioning in India suffers from problems of opacity and unfettered discretion at times, which requires a robust system of checks and balances to avoid abuse. The Indian Telegraph Act, 1885 (Telegraph Act) and the Information Technology Act, 2000 (IT Act) enable government surveillance of communications made over telephones and the internet. For drawing comparison here, we primarily refer to the Telegraph Act as it allows the government to intercept phone calls on similar grounds as mentioned in clause 35 of the Bill by an order in writing. However, the Telegraph Act limits the use of this power to two scenarios – occurrence of a public emergency or in the interest of public safety. The government cannot intercept communications made over telephones in the absence of these two preconditions. The Supreme Court in People’s Union for Civil Liberties v. Union of India, (1997) introduced guidelines to check abuse of surveillance powers under the Telegraph Act which were later incorporated in Rule 419A of the Indian Telegraph Rules, 1951. A prominent safeguard included in Rule 419A requires that surveillance and monitoring orders be issued only after considering ‘other reasonable means’ for acquiring the required information. The court had further limited the scope of interpretation of ‘public emergency’ and ‘public safety’ to mean “the prevalence of a sudden condition or state of affairs affecting the people at large and calling for immediate action”, and “the state or condition of freedom from danger or risk at large” respectively. In spite of the introduction of these safeguards, the procedure of intercepting telephone communications under the Telegraph Act is criticised for lack of transparency and improper implementation. For instance, a 2014 report revealed that around 7500 – 9000 phone interception orders were issued by the Central Government every month. The application of procedural safeguards, in each case would have been physically impossible given the sheer numbers. Thus, legislative and judicial oversight becomes a necessity in such cases.

The constitutionality of India’s surveillance apparatus inclduing section 69 of the IT Act which allows for surveillance on broader grounds on the basis of necessity and expediency and not ‘public emergency’ and ‘public safety’, has been challenged before the Supreme Court and is currently pending. Clause 35 of the Bill also mentions necessity and expediency as prerequisites for the government to exercise its power to grant exemption, which appear to be vague and open-ended as they are not defined. The test of necessity, implies resorting to the least intrusive method of encroachment up on privacy to achieve the legitimate state aim. This test is typically one among several factors applied in deciding on whether a particular intrusion on a right is tenable or not, under human rights law. In his concurring opinion in Puttaswamy (I) J. Kaul had included ‘necessity’ in the proportionality test. (However, this test is not otherwise well developed in Indian jurisprudence).  Expediency, on the other hand, is not a specific legal basis used for determining the validity of an intrusion on human rights. It has also not been referred to in Puttaswamy (I) as a basis of assessing a privacy violation. The use of the term ‘expediency’ in the Bill is deeply worrying as it seems to bring down the threshold for allowing surveillance which is a regressive step in the context of cases like PUCL and Puttaswamy (I). A valid law along with the principles of proportionality and necessity are essential to put in place an effective system of checks and balances on the powers of the executive to provide exemptions. It seems unlikely that the clause will pass the test of proportionality (sanction of law, legitimate aim, proportionate to the need of interference, and procedural guarantees against abuse) as laid down by the Supreme Court in Puttaswamy (I).

The Srikrishna Committee report had recommended that surveillance should not only be conducted under law (and not executive order), but also be subject to oversight, and transparency requirements. The Committee had argued that the tests of lawfulness, necessity and proportionality provided for under clauses 42 and 43 (of the Draft Bill 2018) were sufficient to meet the standards set out under the Puttaswamy judgment. Since the PDP Bill completely does away with all these safeguards and leaves the decision to executive discretion, the law is unconstitutional.  After the Bill was introduced in the Lok Sabha, J. Srikrishna had criticised it for granting expansive exemptions in the absence of judicial oversight. He warned that the consequences could be disastrous from the point of view of safeguarding the right to privacy and could turn the country into an “Orwellian State”. He has also opined on the need for a separate legislation to govern the terms under which the government can resort to surveillance.

Clause 36 of the Bill deals with exemption of some provisions for certain processing of personal data. It combines four different clauses on exemption which were listed in the Draft Bill 2018 (clauses 43, 44, 46 and 47). These include processing of personal data in the interests of prevention, detection, investigation and prosecution of contraventions of law; for the purpose of legal proceedings; personal or domestic purposes; and journalistic purposes. The Draft Bill 2018 had detailed provisions on the need for a law passed by Parliament or the State Legislature which is necessary and proportionate, for processing of personal data in the interests of prevention, detection, investigation and prosecution of contraventions of law. Clause 36 of the Bill does not enumerate the need for a law to process personal data under these exemptions. We had argued that these exemptions granted by the Draft Bill 2018 (clauses 43, 44, 46 and 47) were wide, vague and needed clarifications, but the exemptions under clause 36 of the Bill  are even more ambiguous as they merely enlist the exemptions without any specificities or procedural safeguards in place.

In the Draft Bill 2018, the Authority could not give exemption from the obligation of fair and reasonable processing, measures of security safeguards and data protection impact assessment for research, archiving or statistical purposes As per the current Bill, the Authority can provide exemption from any of the provisions of the Act for research, archiving or statistical purposes.

The last addition to this chapter of exemptions is that of creating a sandbox for encouraging innovation. This newly added clause 40 is aimed at encouraging innovation in artificial intelligence, machine-learning or any other emerging technology in public interest. The details of what the sandbox entails other than exemption from some of the obligations of Chapter II might need further clarity. Additionally, to be considered an eligible applicant, a data fiduciary has to necessarily obtain certification of its privacy by design policy from the DPA, as mentioned in clause 40(4) read with clause 22.

Though well appreciated for its intent, this provision requires clarification on grounds of selection and details of what the sandbox might entail.


[1] At the time of introduction of the PDP Bill 2019, the Minister for Law and Justice of India, Mr. Ravi Shankar Prasad suggested that over 2000 inputs were received on the Draft Bill 2018, based on which changes have been made in the PDP Bill 2019. However, these comments and inputs have not been published by MeitY, and only a handful of comments have been published, by the stakeholders submitting these comments themselves.   

India’s Cybersecurity Budget FY 2013-14 to FY 2019-20: Analysis of Budgetary Allocations for Cybersecurity and Related Activities

This is an edited excerpt of Part V and Annexure ‘C’ of CCG’s Comments to the National Security Council Secretariat on the National Cyber Security Strategy 2020 (NCSS 2020). The full text of the Comments can be accessed here.

Note on Research Methodology

CCG compiled the data on allocations (budgeted and revised) and actual expenditure from the Demands for Grants of Ministries as approved by Parliament and presented in the Annual Expenditure Budget of various ministries and their respective departments which are related to cybersecurity from FY 2013-17 to FY 2019-20. 

The departments have been identified from publicly available information represented in the organograms presented as Annexure ‘B’. We understand a ‘relevant department’ to mean those departments which are either directly related to cybersecurity and/or support the functioning of the technical and security aspects of internet governance at large.

We have then identified those budget heads under the Union Budgets for FY 2013-14 through FY 2019-2020, which correspond most closely to the departments identified and highlighted in Annexure ‘B’ to calculate the total allocation to ministries for cybersecurity-related activities. We then analyse this data in under four broad categories:

(I) Department Wise Allocation: The departments that are directly related to the expenditure for cybersecurity are calculated under this heading. Various expenditures under Ministry of Electronics and Information Technology (MEITY), Department of Telecommunication (DOT), and Ministry of Home Affairs are tabulated for this. 

Under MeitY, we have included the budget heads for

  1. Computer Emergency Response Team (CERT-IN),
  2. Centre for Development of Advanced Computing (C-DAC),
  3. Centre for Materials for Electronics and IT (C-MET),
  4. Society for Applied Microwave Electronics Engineering and Research (SAMEER),
  5. Standardization Testing and Quality Certification (STQC),
  6. Controller of Certifying Authorities (CCA), and
  7. Foreign Trade and Export Promotion and
  8. Certain components of the Digital India Initiative, namely:
  • Manpower Development,
  • National Knowledge Network,
  • Promotion of electronics and IT HW manufacturing,
  • Cybersecurity projects (which includes National Cyber Coordination centre and others),
  • Research and Development in Electronics/IT,
  • Promotion of IT/ITeS industries,
  • Promotion of Digital Payment, and
  • Pradhan Mantri Digital Saksharta Abhiyan (PMGDISHA).

Under Ministry of Communication, our focus was only on the Department of Telecommunication. We considered the budget allocated to the following, to come up with the total Department budget. These heads are:

  1. Telecom Regulatory Authority of India (TRAI),
  2. Human Resource Management under National Institute of Communication Finance,
  3. Wireless Planning and Coordination,
  4. Telecom Engineering Centre,
  5. Technology Development and Investment Promotion,
  6. South Asia Sub-Regional Economic Cooperation (SASEC) under Information Highway Project,
  7. Telecom Testing and Security Certification Centre,
  8. Telecom Computer Emergency Response Team,
  9. Central Equipments Identity Register (CEIR),
  10. 5G Connectivity Test Bed,
  11. Promotion of Innovation and Incubation of Future Technologies for Telecom Sector,
  12. Centre for Development of Telematics (C-DoT), and
  13. Labour, Employment and Skill Development.

Under Ministry of Home Affairs, the funds allocated for the following budget heads have been included:

  1. Education, Training and Research purposes,
  2. Criminology and Forensic Science,
  3. Modernisation of Police Forces and Crime and Criminal Tracking Network and Systems (CCTNS),
  4. Indian Cyber Crime Coordination Centre, and
  5. Technical and Economic Cooperation with Other Countries.

All these budget heads were tabulated to come up with the total for department wise allocation. Along with departments mentioned under ‘Supporting Departments’, all these departments were again classified on the basis of their functions and activities,  and analysed under (III).

(II) Supporting Department Wise Allocation: While certain expenditures of the Ministry of Defence, Ministry of External Affairs, Department of Telecommunication, and Ministry of Home Affairs can potentially be used for cybersecurity-related activities, but it it is not possible to infer from the Demands for Grants, the share of cyber in the total allocation, we have treated them as ‘allocations to supporting departments’. In this data, the total funds indicated may not be directly related to cybersecurity efforts, but they contribute towards the larger security and governance framework, which enables the creation of a secure ecosystem for cyber. These headings are tabulated under this section.

Under Ministry of Defence, the following heads were considered to contribute towards the larger security and governance framework in cyberspace:

  1. Navy/Joint Staff,
  2. Ordnance Factories R&D,
  3. Research and Development, including the Research and Development component of R&D head,
  4. Capital Outlay on R&D, and
  5. Technology Development and Assistance for Prototype Development under Make Procedure

Under Ministry of External Affairs, we considered the following heads as important contributors:

  1. The Special Diplomatic Expenditure,
  2. Expenditure for International Cooperation,
  3. Expenditure for Technical and Economic Cooperation with other Countries, and
  4. Other Expenditure of Ministry

Under Department of Telecommunication again, there were several heads that we considered not to be directly related to cybersecurity, but they did significantly contribute towards it. These include allocations for

  1. Defence Spectrum,
  2. Capital Outlay on Telecommunication and Electronic Industries,
  3. Capital Outlay on Other Communication Services, and
  4. Universal Service Obligation Fund (USOF)

Under Ministry of Home Affairs, the departments that are involved with defence and intelligence along with law enforcement are important to be considered for cybersecurity. Thus we included the allocations for

  1. Intelligence Bureau,
  2. NATGRID,
  3. Delhi Police, and
  4. Capital Outlay on Police.

(III) Activity Wise Allocation: For further analysis, we have categorized the expenditures mentioned in Department Wise Allocation into five categories, each of which have been identified as constituent elements of the three Pillars of Strategy namely:

  1. Human Resource Development Component (Strengthen)
  2. Technical Research & Development Component, Capacity Building (Strengthen/Synergize)
  3. International Cooperation and Investment Promotion Component (Secure/Synergise)
  4. Standardisation, Quality Testing and Certification Component (Strengthen)
  5. Active Cyber Incident Response/ Defence Operations and Security Component (Secure/Strengthen)      

The total for these are calculated to identify if any trends or patterns emerge in expenditure by the ministries. Apart from the ministries covered in classifications (I) and (II), we have also included budgets of two other heads/departments. Namely, these are (i) the allocation towards corporate data management under the authority of the Ministry of Corporate Affairs, which has been included in category (5) indicated above and (ii) the allocation towards technical and economic cooperation with other countries for the Department of Economic Affairs under the Ministry of Finance, which has been included in category (3) indicated above.

(IV) Ministries share over Financial Year: The total value tabulated in Department wise allocation and supporting department wise allocation for the ministries is then used to calculate the share of budget allocated to Cyber Security and related activities with respect to the total budget allocation of ministries. The ministries taken into account, which contribute significantly to Cyber Security and related activities are:

  1. Department of Telecommunication (under the Ministry of Communications),
  2. Ministry of Defence,
  3. Ministry of External Affairs,
  4. Ministry of Electronics and Information Technology,
  5. Ministry of Home Affairs, and
  6. Department of Science and Technology (under the Ministry of Science and Technology).

Ministry-wise Allocations and Expenditure on Cybersecurity and Related Activities FY 2013-14 to FY 2019-20

Figure 9 depicts actual expenditure (from FY 2013-14 to FY 2017-18), the Revised Expenditure (RE) for FY 2018-19 and Budgeted Expenditure for FY 2019-20. With the exception of FY 2016-17, we can see a clear trend of increasing allocations for expenditure towards cyber-security related activities, especially for the DoT. It is relevant to point out that this representation also includes the expenditure on Departments playing a supporting role in cybersecurity activities, such as the IDS/Joint Staff and R&D under the Ministry of Defence (MoD) as well as the MEA’s expenditure on international technical cooperation. As the expenditure incurred on cybersecurity related activities alone cannot be inferred from these budget heads, they have been treated as Departments playing a supporting role for cybersecurity efforts and included in overall expenditure.

Figure 9: Ministry-wise Total Expenditure on Cybersecurity and Related Activities
FY 2013-14 to FY 2019-20

Figure 10 is a narrower subset of the expenses indicated in Figure 9. It represents the allocations to Departments in Ministries that have been entrusted with core activities that contribute towards cybersecurity operations, R&D, e-Governance and internet governance at large. These include, to name a few, the promotion of electronics and IT hardware manufacturing and other initiatives such as Digital India, C-DAC, NCCC and other similar programmes under MeitY, TRAI, C-DoT and the 5G test bed under the authority of the DoT and MHA’s expenses towards modernization of police forces, forensics, and initiatives such as the Indian Cyber Crime Coordination Centre.

Figure 10 reveals an immediate upsurge in such allocations in the time period during and immediately after the formulation of the National Cyber Security Policy 2013, after which the allocations begin to dwindle in FY 2014-15. We can also note that with the exception of FY 2015-16 actual expenditure is consistently lower than the Budgeted Expenditure allocated to all these Ministries for cybersecurity related activities.

Figure 10: Ministry-wise Total Expenditure on Cybersecurity and Related Activities
FY 2013-14 to FY 2019-20

It is interesting to note that if we convert the absolute figures represented in Figure 10 into percentages, and represent the same data set as such, it reveals a remarkable consistency and a clear pattern emerges in burden-sharing between these three Ministries (MHA, MeitY and DoT under the Ministry of Communications).

Figure 11 depicts the same allocations indicated as absolute figures in Figure 10 as percentages of the total expenditure on core cybersecurity activities. It is clear that the MHA consistently bears the bulk of expenses on cyber security related activities, clearly with an emphasis on cyber crimes. The remaining half seems to be divided between MeitY and DoT more or less equally. FY 2015-16 allocations and actual expenditure in FY 2014-15 is the only exception to this equal distribution.

Figure 11: Ministry-wise Total Allocation for Cybersecurity and Related Activities
FY 2013-14 to FY 2019-20

Activity-wise Allocation and Expenditure on Cybersecurity

To further analyse how these budgetary allocations are being utilized, we have re-categorized the expenditures mentioned in Department/Ministry wise allocation into five categories, each of which have been identified as constituent elements of the three Pillars of Strategy namely: 

  1. Human Resource Development Component (Strengthen)
  2. Technical Research and Development Component, Capacity Building (Strengthen/Synergize)
  3. International Cooperation and Investment Promotion Component (Secure/Synergise)
  4. Standardization, Quality Testing and Certification Component (Strengthen)
  5. Active Cyber Incident Response/ Cyber Defence Operations and Security Component (Secure/Strengthen)

The total expenses incurred for these allocations are calculated to identify if any trends or patterns emerge to identify which activities are being prioritized according to the actual expenditure incurred by the relevant ministries. It is important to note that none of these categories include any expenses earmarked for cyber defence operations under the MoD, as the budget heads do not permit drawing such an inference in its current format.

In this reclassification, we have included one budget head each for two other Departments that do not figure in the data represented in Figures 9, 10 or 11. Namely, these are (a) the allocation towards corporate data management under the authority of the Ministry of Corporate Affairs, which has been included in category (5) indicated above and (b) the allocation towards technical and economic cooperation with other countries for the Department of Economic Affairs under the Ministry of Finance, which has been included in category (3) indicated above.

Figure 12 represents activity-wise trends in these Ministries’ actual expenditure. The figures for FY 2018-19 and FY 2019-20 represent the RE and BE for those years, respectively. It is not surprising that the expenditure on international cooperation and investment promotion towers over all other activities, as the allocated expenses would contribute to overall cooperation efforts at the international level and the promotion of investment broadly, and not only cybersecurity. Nonetheless, these are crucial contributions to enhancing India’s cybersecurity posture at home and abroad. For a clearer analysis, we remove the indicator for expenses towards international cooperation and investment promotion in Figure 13.

Figure 12: Activity-wise Expenditure for Cyber Security
FY 2013-14 to FY 2019-20
Figure 13: Activity-wise Expenditure for Cybersecurity FY 2013-14 to FY 2019-20 (excluding international cooperation and investment promotion)

From Figure 13, we can clearly infer which of the four activities at the core of the Government’s cybersecurity efforts are being prioritized in terms of allocation of budgetary resources. Clearly, emphasis on equipment testing and certification needs to be sharpened. There is an apparent tension between the funds that are made available for active cybersecurity operations and programmes on the one hand, and investments in human resource development on the other.

We submit that in both these areas, the Government must look to the private sector to create synergies and supplement the financial resources available for these particular activities. We also recommend that the expenditure earmarked for quality testing, development of technical standards and certification should be increased, and accorded greater priority than before.

Share of Ministries’ Budget Allocated to Cybersecurity and Related Activities

If we try to contextualize the utilization of funds made available for cybersecurity-related activities against the total allocations to relevant Ministries, there is no identifiable trend in expenditure patterns of the MEA, MeitY and DoT. Figure 14 represents the total expenditure on cybersecurity-related activities as a percentage of the total expenses allocated to the relevant Ministry. Cybersecurity-related activities appear to be fluctuating in terms of the priority accorded to them over time, in the diversion of financial resources towards this area. The contribution of the Department of Science and Technology towards R&D in cybersecurity has been consistently low, almost negligible. This has only changed with the establishment of the National Mission on Interdisciplinary Cyber Physical Systems in FY 2018-19. has been MHA’s share of expenditure on cybersecurity activities appears relatively more consistent, and could potentially be leveraged to create synergies for the rationalization of expenditure across Ministries.

Figure 14: Share of Cybersecurity-related Activities in Total Budget Allocated to Ministries

Budget for NCSS 2020?

In anticipation of the National Cyber Security Strategy 2020 expected to be released soon, we will be closely monitoring the the Union Budget for FY 2020-21 for fresh allocations to the relevant departments indicated in our analysis. We will also be on the lookout for fresh allocations that may be relevant to various components of the NCSS 2020. Watch this space for more on India’s Cybersecurity Budget 2020, coming soon!

[September 30-October 7] CCG’s Week in Review Curated News in Information Law and Policy

Huawei finds support from Indian telcos in the 5G rollout as PayPal withdrew from Facebook’s Libra cryptocurrency project; Foreign Portfolio Investors moved MeitY against in the Data Protection Bill; the CJEU rules against Facebook in case relating to takedown of content globally; and Karnataka joins list of states considering implementing NRC to remove illegal immigrants – presenting this week’s most important developments in law, tech and national security.

Digital India

  • [Sep 30] Why the imminent global economic slowdown is a growth opportunity for Indian IT services firms, Tech Circle report.
  • [Sep 30] Norms tightened for IT items procurement for schools, The Hindu report.
  • [Oct 1] Govt runs full throttle towards AI, but tech giants want to upskill bureaucrats first, Analytics India Magazine report.
  • [Oct 3] – presenting this week’s most important developments in law, tech and national security. MeitY launches smart-board for effective monitoring of the key programmes, The Economic Times report.
  • [Oct 3] “Use human not artificial intelligence…” to keep a tab on illegal constructions: Court to Mumbai civic body, NDTV report.
  • [Oct 3] India took 3 big productivity leaps: Nilekani, Livemint report.
  • [Oct 4] MeitY to push for more sops to lure electronic makers, The Economic Times report; Inc42 report.
  • [Oct 4] Core philosophy of Digital India embedded in Gandhian values: Ravi Shankar Prasad, Financial Express report.
  • [Oct 4] How can India leverage its data footprint? Experts weigh in at the India Economic Summit, Quartz report.
  • [Oct 4] Indians think jobs would be easy to find despite automation: WEF, Tech Circle report.
  • [Oct 4] Telangana govt adopts new framework to use drones for last-mile delivery, The Economic Times report.
  • [Oct 5] Want to see ‘Assembled in India’ on an iPhone: Ravi Shankar Prasad, The Economic Times report.
  • [Oct 6] Home market gets attractive for India’s IT giants, The Economic Times report.

Internet Governance

  • [Oct 2] India Govt requests maximum social media content takedowns in the world, Inc42 report; Tech Circle report.
  • [Oct 3] Facebook can be forced to delete defamatory content worldwide, top EU court rules, Politico EU report.
  • [Oct 4] EU ruling may spell trouble for Facebook in India, The Economic Times report.
  • [Oct 4] TikTok, TikTok… the clock is ticking on the question whether ByteDance pays its content creators, ET Tech report.
  • [Oct 6] Why data localization triggers a heated debate, The Economic Times report.
  • [Oct 7] Sensitive Indian govt data must be stored locally, Outlook report.

Data Protection and Privacy

  • [Sep 30] FPIs move MeitY against data bill, seek exemption, ET markets report, Inc42 report; Financial Express report.
  • [Oct 1] United States: CCPA exception approved by California legislature, Mondaq.com report.
  • [Oct 1] Privacy is gone, what we need is regulation, says Infosys Kris Gopalakrishnana, News18 report.
  • [Oct 1] Europe’s top court says active consent is needed for tracking cookies, Tech Crunch report.
  • [Oct 3] Turkey fines Facebook $282,000 over data privacy breach, Deccan Herald report.

Free Speech

  • [Oct 1] Singapore’s ‘fake news’ law to come into force Wednesday, but rights group worry it could stifle free speech, The Japan Times report.
  • [Oct 2] Minister says Singapore’s fake news law is about ‘enabling’ free speech, CNBC report.
  • [Oct 3] Hong Kong protests: Authorities to announce face mask ban, BBC News report.
  • [Oct 3] ECHR: Holocaust denial is not protected free speech, ASIL brief.
  • [Oct 4] FIR against Mani Ratnam, Adoor and 47 others who wrote to Modi on communal violence, The News Minute report; Times Now report.
  • [Oct 5] UN asks Malaysia to repeal laws curbing freedom of speech, The New Indian Express report.
  • [Oct 6] When will our varsities get freedom of expression: PC, Deccan Herald report.
  • [Oct 6] UK Government to make university students sign contracts limiting speech and behavior, The Times report.
  • [Oct 7] FIR on Adoor and others condemned, The Telegraph report.

Aadhaar, Digital IDs

  • [Sep 30] Plea in SC seeking linking of social media accounts with Aadhaar to check fake news, The Economic Times report.
  • [Oct 1] Why another omnibus national ID card?, The Hindu Business Line report.
  • [Oct 2] ‘Kenyan court process better than SC’s approach to Aadhaar challenge’: V Anand, who testified against biometric project, LiveLaw report.
  • [Oct 3] Why Aadhaar is a stumbling block in Modi govt’s flagship maternity scheme, The Print report.
  • [Oct 4] Parliament panel to review Aadhaar authority functioning, data security, NDTV report.
  • [Oct 5] Could Aahdaar linking stop GST frauds?, Financial Express report.
  • [Oct 6] Call for liquor sale-Aadhaar linking, The New Indian Express report.

Digital Payments, Fintech

  • [Oct 7] Vision cash-lite: A billion UPI transactions is not enough, Financial Express report.

Cryptocurrencies

  • [Oct 1] US SEC fines crypto company Block.one for unregistered ICO, Medianama report.
  • [Oct 1] South Korean Court issues landmark decision on crypto exchange hacking, Coin Desk report.
  • [Oct 2] The world’s most used cryptocurrency isn’t bitcoin, ET Markets report.
  • [Oct 2] Offline transactions: the final frontier for global crypto adoption, Coin Telegraph report.
  • [Oct 3] Betting on bitcoin prices may soon be deemed illegal gambling, The Economist report.
  • [Oct 3] Japan’s financial regulator issues draft guidelines for funds investing in crypto, Coin Desk report.
  • [Oct 3] Hackers launch widespread botnet attack on crypto wallets using cheap Russian malware, Coin Desk report.
  • [Oct 4] State-backed crypto exchange in Venezuela launches new crypto debit cards, Decrypt report.
  • [Oct 4] PayPal withdraws from Facebook-led Libra crypto project, Coin Desk report.
  • [Oct 5] Russia regulates digital rights, advances other crypto-related bills, Bitcoin.com report.
  • [Oct 5] Hong Kong regulates crypto funds, Decrypt report.

Cybersecurity and Cybercrime

  • [Sep 30] Legit-looking iPhone lightening cables that hack you will be mass produced and sold, Vice report.
  • [Sep 30] Blackberry launches new cybersecurity development labs, Infosecurity Mgazine report.
  • [Oct 1] Cybersecurity experts warn that these 7 emerging technologies will make it easier for hackers to do their jobs, Business Insider report.
  • [Oct 1] US government confirms new aircraft cybersecurity move amid terrorism fears, Forbes report.
  • [Oct 2] ASEAN unites to fight back on cyber crime, GovInsider report; Asia One report.
  • [Oct 2] Adopting AI: the new cybersecurity playbook, TechRadar Pro report.
  • [Oct 4] US-UK Data Access Agreement, signed on Oct 3, is an executive agreement under the CLOUD Act, Medianama report.
  • [Oct 4] The lack of cybersecurity talent is ‘a  national security threat,’ says DHS official, Tech Crunch report.
  • [Oct 4] Millions of Android phones are vulnerable to Israeli surveillance dealer attack, Forbes report; NDTV report.
  • [Oct 4] IoT devices, cloud solutions soft target for cybercriminals: Symantec, Tech Circle report.
  • [Oct 6] 7 cybersecurity threats that can sneak up on you, Wired report.
  • [Oct 6] No one could prevent another ‘WannaCry-style’ attack, says DHS official, Tech Crunch report.
  • [Oct 7] Indian firms rely more on automation for cybersecurity: Report, ET Tech report.

Cyberwarfare

  • [Oct 2] New ASEAN committee to implement norms for countries behaviour in cyberspace, CNA report.

Tech and National Security

  • [Sep 30] IAF ready for Balakot-type strike, says new chief Bhadauria, The Hindu report; Times of India report.
  • [Sep 30] Naval variant of LCA Tejas achieves another milestone during its test flight, Livemint report.
  • [Sep 30] SAAB wants to offer Gripen at half of Rafale cost, full tech transfer, The Print report.
  • [Sep 30] Rajnath harps on ‘second strike capability’, The Shillong Times report.
  • [Oct 1] EAM Jaishankar defends India’s S-400 missile system purchase from Russia as US sanctions threat, International Business Times report.
  • [Oct 1] SC for balance between liberty, national security, Hindustan Times report.
  • [Oct 2] Startups have it easy for defence deals up to Rs. 150 cr, ET Rise report, Swarajya Magazine report.
  • [Oct 3] Huawei-wary US puts more pressure on India, offers alternatives to data localization, The Economic Times report.
  • [Oct 4] India-Russia missile deal: What is CAATSA law and its implications?, Jagran Josh report.
  • [Oct 4] Army inducts Israeli ‘tank killers’ till DRDO develops new ones, Defence Aviation post report.
  • [Oct 4] China, Russia deepen technological ties, Defense One report.
  • [Oct 4] Will not be afraid of taking decisions for fear of attracting corruption complaints: Rajnath Singh, New Indian Express report.
  • [Oct 4] At conclave with naval chiefs of 10 countries, NSA Ajit Doval floats an idea, Hindustan Times report.
  • [Oct 6] Pathankot airbase to finally get enhanced security, The Economic Times report.
  • [Oct 6] rafale with Meteor and Scalp missiles will give India unrivalled combat capability: MBDA, The Economic Times report.
  • [Oct 7] India, Bangladesh sign MoU for setting up a coastal surveillance radar in Bangladesh, The Economic Times report; Decaan Herald report.
  • [Oct 7] Indian operated T-90 tanks to become Russian army’s main battle tank, EurAsian Times report.
  • [Oct 7] IAF’s Sukhois to get more advanced avionics, radar, Defence Aviation post report.

Tech and Law Enforcement

  • [Sep 30] TMC MP Mahua Mitra wants to be impleaded in the WhatsApp traceability case, Medianama report; The Economic Times report.
  • [Oct 1] Role of GIS and emerging technologies in crime detection and prevention, Geospatial World.net report.
  • [Oct 2] TRAI to take more time on OTT norms; lawful interception, security issue now in focus, The Economic Times report.
  • [Oct 2[ China invents super surveillance camera that can spot someone from a crowd of thousands, The Independent report.
  • [Oct 4] ‘Don’t introduce end-to-end encryption,’ UK, US and Australia ask Facebook in an open letter, Medianama report.
  • [Oct 4] Battling new-age cyber threats: Kerala Police leads the way, The Week report.
  • [Oct 7] India govt bid to WhatsApp decryption gets push as UK,US, Australia rally support, Entrackr report.

Tech and Elections

  • [Oct 1] WhatsApp was extensively exploited during 2019 elections in India: Report, Firstpost report.
  • [Oct 3] A national security problem without a parallel in American democracy, Defense One report.

Internal Security: J&K

  • [Sep 30] BDC polls across Jammu, Kashmir, Ladakh on Oct 24, The Economic Times report.
  • [Sep 30] India ‘invaded and occupied Kashmir, says Malaysian PM at UN General Assembly, The Hindu report.
  • [Sep 30] J&K police stations to have CCTV camera surveillance, News18 report.
  • [Oct 1] 5 judge Supreme court bench to hear multiple pleas on Article 370, Kashmir lockdown today, India Today report.
  • [Oct 1] India’s stand clear on Kashmir: won’t accept third-party mediation, India Today report.
  • [Oct 1] J&K directs officials to ensure all schools reopen by Thursday, NDTV report.
  • [Oct 2]] ‘Depressed, frightened’: Minors held in Kashmir crackdown, Al Jazeera report.
  • [Oct 3] J&K: When the counting of the dead came to a halt, The Hindu report.
  • [Oct 3] High schools open in Kashmir, students missing, The Economic Times report.
  • [Oct 3] Jaishanakar reiterates India’s claim over Pakistan-occupied Kashmir, The Hindu report.
  • [Oct 3] Normalcy prevails in Jammu and Kashmir, DD News report.
  • [Oct 3] Kashmiri leaders will be released one by one, India Today report.
  • [Oct 4] India slams Turkey, Malaysia remarks on J&K, The Hindu report.
  • [Oct 5] India’s clampdown hits Kashmir’s Silicon Valley, The Economic Times report.
  • [Oct 5] Traffic cop among 14 injured in grenade attack in South Kashmir, NDTV report; The Economic Times report.
  • [Oct 6] Kashmir situation normal, people happy with Article 370 abrogation: Prkash Javadekar, Times of India report.
  • [Oct 7] Kashmir residents say police forcibly taking over their homes for CRPF troops, Huffpost India report.

Internal Security: Northeast/ NRC

  • [Sep 30] Giving total control of Assam Rifles to MHA will adversely impact vigil: Army to Govt, The Economic Times report.
  • [Sep 30] NRC list impact: Assam’s foreigner tribunals to have 1,600 on contract, The Economic Times report.
  • [Sep 30] Assam NRC: Case against Wipro for rule violation, The Hindu report; News18 report; Scroll.in report.
  • [Sep 30] Hindu outfits demand NRC in Karnataka, Deccan Chronicle report; The Hindustan Times report.
  • [Oct 1] Centre extends AFPSA in three districts of Arunachal Pradesh for six months, ANI News report.
  • [Oct 1] Assam’s NRC: law schools launch legal aid clinic for excluded people, The Hindu report; Times of India report; The Wire report.
  • [Oct 1] Amit Shah in Kolkata: NRC to be implemented in West Bengal, infiltrators will be evicted, The Economic Times report.
  • [Oct 1] US Congress panel to focus on Kashmir, Assam, NRC in hearing on human rights in South Asia, News18 report.
  • [Oct 1] NRC must for national security; will be implemented: Amit Shah, The Hindu Business Line report.
  • [Oct 2] Bengali Hindu women not on NRC pin their hope on promise of another list, citizenship bill, The Print report.
  • [Oct 3] Citizenship Amendment Bill has become necessity for those left out of NRC: Assam BJP president Ranjeet Das, The Economic Times report.
  • [Oct 3] BJP govt in Karnataka mulling NRC to identify illegal migrants, The Economic Times report.
  • [Oct 3] Explained: Why Amit Shah wants to amend the Citizenship Act before undertaking countrywide NRC, The Indian Express report.
  • [Oct 4] Duplicating NPR, NRC to sharpen polarization: CPM, Deccan Herald report.
  • [Oct 5] We were told NRC India’s internal issue: Bangladesh, Livemint report.
  • [Oct 6] Prasanna calls NRC ‘unjust law’, The New Indian Express report.

National Security Institutions

  • [Sep 30] CRPF ‘denied’ ration cash: Govt must stop ‘second-class’ treatment. The Quint report.
  • [Oct 1] Army calls out ‘prejudiced’ foreign report on ‘torture’, refutes claim, Republic World report.
  • [Oct 2] India has no extraterritorial ambition, will fulfill regional and global security obligations: Bipin Rawat, The Economic Times report.

More on Huawei, 5G

  • [Sep 30] Norway open to Huawei supplying 5G equipment, Forbes report.
  • [Sep 30] Airtel deploys 100 hops of Huawei’s 5G technology, The Economic Times report.
  • [Oct 1] America’s answer to Huawei, Foreign Policy report; Tech Circle report.
  • [Oct 1] Huawei buys access to UK innovation with Oxford stake, Financial Times report.
  • [Oct 3] India to take bilateral approach on issues faced by other countries with China: Jaishankar, The Hindu report.
  • [Oct 4] Bharti Chairman Sunil Mittal says India should allow Huawei in 5G, The Economic Times report
  • [Oct 6] 5G rollout: Huawei finds support from telecom industry, Financial Express report.

Emerging Tech: AI, Facial Recognition

  • [Sep 30] Bengaluru set to roll out AI-based traffic solution at all signals, Entrackr report.
  • [Sep 1] AI is being used to diagnose disease and design new drugs, Forbes report.
  • [Oct 1] Only 10 jobs created for every 100 jobs taken away by AI, The Economic Times report.
  • [Oct 2]Emerging tech is helping companies grow revenues 2x: report, ET Tech report.
  • [Oct 2] Google using dubious tactics to target people with ‘darker skin’ in facial recognition project: sources, Daily News report.
  • [Oct 2] Three problems posed by deepfakes that technology won’t solve, MIT Technology Review report.
  • [Oct 3] Getting a new mobile number in China will involve a facial recognition test, Quartz report.
  • [Oct 4] Google contractors targeting homeless people, college students to collect their facial recognition data: Report, Medianama report.
  • [Oct 4] More jobs will be created than are lost from the IA revolution: WEF AI Head, Livemint report.
  • [Oct 6] IIT-Guwahati develops AI-based tool for electric vehicle motor, Livemint report.
  • [Oct 7] Even if China misuses AI tech, Satya Nadella thinks blocking China’s AI research is a bad idea, India Times report.

Big Tech

  • [Oct 3] Dial P for privacy: Google has three new features for users, Times of India report.

Opinions and Analyses

  • [Sep 26] Richard Stengel, Time, We’re in the middle of a global disinformation war. Here’s what we need to do to win.
  • [Sep 29] Ilker Koksal, Forbes, The shift toward decentralized finance: Why are financial firms turning to crypto?
  • [Sep 30] Nistula Hebbar, The Hindu, Govt. views grassroots development in Kashmir as biggest hope for peace.
  • [Sep 30] Simone McCarthy, South China Morning Post, Could China’s strict cyber controls gain international acceptance?
  • [Sep 30] Nele Achten, Lawfare blog, New UN Debate on cybersecurity in the context of international security.
  • [Sep 30[ Dexter Fergie, Defense One, How ‘national security’ took over America.
  • [Sep 30] Bonnie Girard, The Diplomat, A firsrhand account of Huawei’s PR drive.
  • [Oct 1] The Economic Times, Rafale: Past tense but furture perfect.
  • [Oct 1] Simon Chandler, Forbes, AI has become a tool for classifying and ranking people.
  • [Oct 2] Ajay Batra, Business World, Rethink India! – MMRCA, ESDM & Data Privacy Policy.
  • [Oct 2] Carisa Nietsche, National Interest, Why Europe won’t combat Huawei’s Trojan tech.
  • [Oct 3] Aruna Sharma, Financial Express, The digital way: growth with welfare.
  • [Oct 3] Alok Prasanna Kumar, Medianama, When it comes to Netflix, the Government of India has no chill.
  • [Oct 3] Fredrik Bussler, Forbes, Why we need crypto for good.
  • [Oct 3] Panos Mourdoukoutas, Forbes, India changed the game in Kashmir – Now what?
  • [Oct 3] Grant Wyeth, The Diplomat, The NRC and India’s unfinished partition.
  • [Oct 3] Zak Doffman, Forbes, Is Huawei’s worst Google nightmare coming true?
  • [Oct 4] Oren Yunger, Tech Crunch, Cybersecurity is a bubble, but it’s not ready to burst.
  • [Oct 4] Minakshi Buragohain, Indian Express, NRS: Supporters and opposers must engage each other with empathy.
  • [Oct 4] Frank Ready, Law.com, 27 countries agreed on ‘acceptable’ cyberspace behavior. Now comes the hard part.
  • [Oct 4] Samir Saran, World economic Forum (blog), 3 reasons why data is not the new oil and why this matters to India.
  • [Oct 4] Andrew Marantz, The New York Times, Free Speech is killing us.
  • [Oct 4] Financial Times editorial, ECJ ruling risks for freedom of speech online.
  • [Oct 4] George Kamis, GCN, Digital transformation requires a modern approach to cybersecurity.
  • [Oct 4] Naomi Xu Elegant and Grady McGregor, Fortune, Hong King’s mask ban pits anonymity against the surveillance state.
  • [Oct 4] Prashanth Parameswaran, The Diplomat, What’s behind the new US-ASEAN cyber dialogue?
  • [Oct 5] Huong Le Thu, The Strategist, Cybersecurity and geopolitics: why Southeast Asia is wary of a Huawei ban.
  • [Oct 5] Hannah Devlin, The Guardian, We are hurtling towards a surveillance state: the rise of facial recognition technology.
  • [Oct 5] PV Navaneethakrishnan, The Hindu Why no takers? (for ME/M.Tech programmes).
  • [Oct 6] Aakar Patel, Times of India blog, Cases against PC, letter-writing celebs show liberties are at risk.
  • [Oct 6] Suhasini Haidar, The Hindu, Explained: How ill purchases from Russia affect India-US ties?
  • [Oct 6] Sumit Chakraberty, Livemint, Evolution of business models in the era of privacy by design.
  • [Oct 6] Spy’s Eye, Outlook, Insider threat management.
  • [Oct 6] Roger Marshall, Deccan Herald, Big oil, Big Data and the shape of water.
  • [Oct 6] Neil Chatterjee, Fortune, The power grid is evolving. Cybersecurity  must too.
  • [Oct 7] Scott W Pink, Modaq.com, EU: What is GDPR and CCPA and how does it impact blockchain?
  • [Oct 7] GN Devy, The Telegraph, Has India slid into an irreversible Talibanization of the mind?
  • [Oct 7] Susan Ariel Aaronson, South China Morning Post, The Trump administration’s approach to AI is not that smart: it’s about cooperation, not domination.

[September 16-23] CCG’s Week in Review: Curated News in Information Law and Policy

Cybersecurity experts warned of a new ‘SIM jacking’ threat, the Kerala High Court recognizes a right to access internet as the internet shutdown in Kashmir entered its 50th day; more updates on the linkage of Aadhaar with voter IDs and social media as the Indian Army braces itself to adopt AI – presenting this week’s most important developments in law, tech and national security.

Aadhaar

  • [Sep 16] Here are the amendments the Election Commission wants to the Representation of the People Act for Aadhaar-Voter ID linkage, Medianama report.
  • [Sep 18] Why Maj. Gen. Vombatkere has challenged Aadhaar Amendment Act in the Supreme Court; On WhatsApp and traceability, Medianama report.
  • [Sep 19] Drop in Aadhaar enrolments in J&K, The Economic Times report.
  • [Sep 20] In-principle decision to link Aadhaar with GST registration, The Economic Times report.
  • [Sep 23] Aadhaar card is now mandatory for nominees of your EPF account, Livemint report.

Digital India

  • [Sep 18] Indo-US ICT working group to meet on Sept 30, Oct 1, Medianama report.
  • [Sep 17] NITI Aayog frames guidelines for automated inspection of vehicles, ET Auto report.
  • [Sep 17] What TikTok told MEITY about its intermediary status, data collection, and policies for children, Medianama report.
  • [Sep 18] Soon, lands will have Aadhaar-like unique numbers, The Economic Times report; Business Today report.
  • [Sep 18] Drones to be used to digitally map India: report, Medianama report.
  • [Sep 18] PMO panel to release policy to boost handset manufacturing in India: report, Medianama report.
  • [Sep 19] Karnataka to set up exclusive body to boost innovation, The Hindu report.
  • [Sep 20] ‘Right To Access Internet Is Part Of Right To Privacy And Right To Education’: Kerala HC, Live Law report; Hindu report; NDTV report.

Data Protection and Privacy

  • [Sep 15] Privacy debate between govt, Facebook continues; no winner yet, Money Control report.
  • [Sep 16] Singapore, Philippines sign MoU on personal data protection, The Manila Times report.
  • [Sep 16] Industry wants careful drafting of regulations on non-personal data, The Economic Times report.
  • [Sep 16] Here are the top three reasons why data protection is required in every business, Firstpost report.
  • [Sep 20] Sensitive, super-sensitive data must be stored locally in india: RS PRasad, Business Standard report.
  • [Sep 20] Yet another data leak in Indian government database, exoposes multiple citizen IDs, Inc42 report.
  • [Sep 22] Infosys co-founder Kris Gopalakrishnan to lead panel on protection of non-personal data, Financial Express report.

E-Commerce

  • [Sep 16] Odisha government makes e-marketplace mandatory for procurements, The New Indian Express report.
  • [Sep 16] US antitrust officials investigate Amazon’s marketplace practices, Medianama report.
  • [Sep 17] Ministry of COnsumer Affairs extends deadline for comments on draft E-Commerce Guidelines 2019 to October 31, Medianama report.

FinTech and Digital Payments

  • [Sep 16] WhatsApp to roll out its payment services by end of this year: report, Medianama report; The Economic Times report.
  • [Sep 18] RBI proposes norms to regulate payment gateways and payment aggregators, Entrackr report.
  • [Sep 19] Regulatory shock for fintech firms: RBI blocks unregulated access to consumer credit history, Entrackr report.
  • [Sep 19] DSCI, MeitY and Google India join hands for ‘Digital Payment Abhiyan’, The Economic Times report.

Cryptocurrencies

  • [Sep 16] The toss of a Bitcoin: How crypto ban will hurt 5 mn Indians, 20k Blockchain developers, The Economic Times report.
  • [Sep 16] US Sanctions three alleged crypto hacking groups from North Korea, Coin Desk report.
  • [Sep 16] Crypto firms assess how to comply with anti-money laundering standards, The Wall Street Journal report.
  • [Sep 19] Bitcoin and crypto wallets are now being targeted by malware, Forbes report.
  • [Sep 21] Weekends are for Altcoins when it comes to crypto market gains, ET Markets report.
  • [Sep 21] Chinese officials surprisingly chill on crypto, Decrypt report.

Cybersecurity

  • [Sep 13] Ransomware has a new target, Defense One report.
  • [Sep 16] Deep learning and machine learning to transform cybersecurity, Tech Wire Asia report.
  • [Sep 16] America needs a whole-of-society approach to cybersecurity. ‘Grand Challenges’ can help, Defense One report.
  • [Sep 17] Financial asset firm PCI ordered to pay $1.5 million for poor cybersecurity practices, ZD Net report.
  • [Sep 20] Current Act outdated, need to include cyber security in IT legal framework: DCA chief, The Indian Express report.
  • [Sep 20] 10% of IT budget should be used for cybersecurity: Rear Admiral Mohit Gupta, ET Times report.
  • [Sep 20] Once hacked, twice shy: How auto supplier Harman learned to fight cyber car jackers, ET Auto report.
  • [Sep 21] Cybersecurity a big opportunity for telcos, says IBM executive, The Economic Times report.
  • [Sep 23] Cybersecurity experts raise alarm over new SIM jacking threat, The New Indian Express report.
  • [Sep 23] Cybersecurity: Tackling the menace of phishing, Financial Express report.

Tech and Law Enforcement; Surveillance

  • [Sep 15] Facebook moots ‘prospective’ solution to WhatsApp issue; India stands firm on traceability, Business Today report; Livemint report.
  • [Sep 18] Chinese firms are driving the rise of AI surveillance across Africa, Quartz report.
  • [Sep 18] Documents reveal how Russia taps phone companies for surveillance, Tech Crunch report.
  • [Sep 20] WhatsApp traceability case petitioner asks court to remove Aadhaar from the plea, consider only ‘authorised govt proofs’, Medianama report; Inc42 report; Bar & Bench report.
  • [Sep 20] Chennai-based KPost says traceability is possible, wants to be impleaded in WhatsApp case, Medianama report.

Tech and National Security

  • [Sep 13] Pentagon’s former top hacker wants to inject some Silicon Valley into the defense industry, Defense One report.
  • [Sep 16] Here’s how startups are helping the Defence Ministry up its game, Money Control report.
  • [Sep 16] After 6 years in exile, Edward Snowden explains himself, Wired report.
  • [Sep 17] US tells Saudi Arabia oil attacks were launched from Iran, The Wall Street Journal report.
  • [Sep 17] Why Rafale jets may be inducted into IAF by next summer only, Livemint report.
  • [Sep 17] US Air Force to shift billions of dollars to network its weapons, Defense One report.
  • [Sep 18] India to achieve US$26 billion defence industry by 2025: Defence Minister, Business Standard report.
  • [Sep 18] Mitigating security risks from emerging technologies, Army Technology analysis.
  • [Sep 18] Revised draft defence procurement norms to be ready by November end, The Hindu report.
  • [Sep 20] The NSA is running a satellite hacking experiment, Defense One report.
  • [Sep 20] Army to host seminar on artificial intelligence next week; seeks to enhance lethality, The Economic Times report; India Today report; The New Indian Express report.
  • [Sep 20] Defence Procurement: Not a level playing field for private sector, PSUs still rule, Bharat Shakti report.
  • [Sep 20] Indian Air Force ‘accepts’ Rafale, formal hand over on Dussehra, Livemint report.
  • [Sep 22] Amid US-India blooming ties, Washington prepares to take down Indian air defence systems, EurAsian Times report.
  • [Sep 23] Government likely to order 36 more Rafale fighter jets, The Economic Times report.

Tech and Elections

  • [Sep 20] Social media companies raise concerns over Election Commission’s voluntary code of ethics, Medianama report.

Internal Security: J&K

  • [Sep 16] Supreme Court says normalcy to return to Kashmir but with national security in mind, India Today report.
  • [Sep 16] Farooq Abdullah booked under Public Safety Act, committee to decide duration of arrest: report, Financial Express report.
  • [Sep 17] Amnesty’s report on the (mis)use of Public Safety Act in J&K counters the govt’s narrative, Youth ki Awaaz report.
  • [Sep 18] China says Kashmir issue may not be a ‘major topic’ during Modi-Xi meet, Livemint report.
  • [Sep 19] In Pakistan-held Kashmir, growing calls for independence, The New York Times report.
  • [Sep 20] Kashmir residents say they are being charged by telcos despite no service, The Hindu report.
  • [Sep 20] UN Chief could discuss Kashmir issues at UNGA: UN spokesman, The Economic Times report.
  • [Sep 20] How military drones are becoming deadly weapons across the globe, The Economic Times report.
  • [Sep 22] Modi’s Digital India comes crashing down in Kashmir’s longest ever internet gag, The Wire report; The Hindu report.
  • [Sep 23] No clampdown in Kashmir, only communication line of terrorists stopped: Army Chief Bipin Rawat, India Today report.

Internal Security: NRC

  • [Sep 16] Those declared foreigners cannot file NRC appeal, say Assam govt, Hindustan Times report.
  • [Sep 18] NRC in Haryana, The Tribune report.
  • [Sep 18] NRC is an internal exercise, sovereign right of a country: EAM Jaishankar, Outlook report.
  • [Sep 18] Government will implement NRC across the country: Amit Shah, The Economic Times report.; Times of India report.
  • [Sep 21] NRC Officials issue public advisory against collection of identification documents, Guwahati Plus report.
  • [Sep 22] NRC-exluded Gurkhas not to approach foreigners’ Tribunals, seek empowered panel, The Hindu report; Times of India report.
  • [Sep 14] Final Assam NRC list, with 1.9 million exclusions, published online, Hindustan Times report.

National Security Law

  • [Sep 17] Pulwama to Aug 5: Delhi HC indicted govt for PSA arrests – in 80 pc cases, Financial Express report.
  • [Sep 16] What is the Public Safety Act under which Farooq Abdullah has been detained? News Nation report.
  • [Sep 16] 52 years on, still no sign of national defence university, The Times of India report.
  • [Sep 16] NSA Doval gets national security, foreign policy as PMO defines roles of top officials, The Asian Age report.

Big Tech

  • [Sep 15] Facebook VP Nick Clegg says India’s policies will decide the fate of the internet, Financial Express report.
  • [Sep 17] Facebook Establishes Structure and Governance for an Independent Oversight Board, Facebook Newsroom announcement; Medianama report.
  • [Sep 19] Facebook expands definition of terrorist organization to limit extremism, The New York Times report.
  • [Sep 22] Facebook is experimenting ith AI that lets you digitally get dressed, The Source report.
  • [Sep 23] Google braces for landmark global privacy ruling, Bloomberg report.

Telecom/5G

  • [Sep 16] 5G spectrum auction this year or in early 2020: Telecom Minister RS Prasad, Medianama report.
  • [Sep 20] TRAI opens consultation process for mergers and transfers in telecom sector, Medianama report.
  • [Sep 23] Indian masses have to wait 5-6 years to get true 5G experience, ET Telecom report.

More on Huawei

  • [Sep 17] Facing US ban, Huawei emerging as stronger tech competitor, The Hindu Business Line report, The Diplomat report.
  • [Sep 18] Huawei’s big test will be trying to sell a device with no Google apps outside China, Quartz report.
  • [Sep 18] Huawei users at risk as US blacklist cuts access to shared data on new cyber threats, Forbes report.
  • [Sep 20] Huawei makes sizeable 5G progress, bags 60 contracts: Ken Hu, The Economic Times report.
  • [Sep 21] Huawei unveils 5G training center in UK, ET Telecom report.

AI and Emerging Tech

  • [Sep 14] Artificial intelligence only goes so far in today’s economy, says MIT study, Forbes report.
  • [Sep 16] The US Govt will spend $1 bn on AI next year – not counting the Pentagon, Defense One report.
  • [Sep 18] Facial recognition systems to debut at Pune airport by 2020: report, Medianama report.
  • [Sep 18] AI stats news: AI is actively watching you in 75 countries, Forbes report.
  • [Sep 18] The Intel community ants to identify people from hundreds of yards away, Defense One report.
  • [Sep 19] Google setting up AI lab ‘Google Research India’ in Bengaluru, Entrackr report.
  • [Sep 20] India is planning a huge China-style facial recognition program, The Economic Times report.

Opinions and Analyses

  • [Sep 15] Nitin Pai, Livemint, The geopolitical profile of India tracks the economy’s trajectory.
  • [Sep 16] Paul Ravindranath, Tech Circle, Inclusion in technology is a compelling economic and business case.
  • [Sep 16] Markandey Katju, The Hindu, The litmus test for free speech.
  • [Sep 16] Vishal Chawla, Analytics India Magazine, What India can take away from Google’s settlement on employees’ freedom of expression.
  • [Sep 16] Editorial, Times of India, All talk: Fate of national defence university shows apathy towards defence modernisation.
  • [Sep 16] Jeff Hussey, Forbes, The gap between strong cybersecurity and demands for connectivity is getting massive.
  • [Sep 16] Kai Sedgwick, Bitcoin.com, How crypto became a gamblers paradise.
  • [Sep 17] Ajai Shukla, Business Standard, In picking strategic partners, the defence ministry isn’t spoilt for choice.
  • [Sep 17] Anthony Pfaff, Defense One, The Saudi-Oil attacks aren’t game changing. The Show how the Game has changed.
  • [Sep 17] Kayla Matthews, Security Boulevard, Who’s financially responsible for cybersecurity breaches?
  • [Sep 17] Anirudh Gotety, ET Markets, Check crypto trade, ban won’t help.
  • [Sep 17] PS Ahluwalia, Livemint, Rafale will add heft to IAF’s deterrence capabilities.
  • [Sep 17] Lorand Laksai, Privacy International, How China is supplying surveillance technology and training around the world.
  • [Sep 18] Tabish Khair, The Hindu, In Kashmir, shaking the apple tree.
  • [Sep 18] Catrin Nye, BBC News, Live facial recognition surveillance ‘must stop’ .
  • [Sep 18] Privacy International, the EU funds surveillance around the world: here’s what must be done about it.
  • [Sep 18] Joshua P Meltzer and Cameron F. Kerry, Brookings Institution, Cybersecurity and digital trade: Getting it right.
  • [Sep 19] Lt Gen HS Panag, The Print, Amit Shah’s political aim to recover PoK is not backed by India’s military capacity.
  • [Sep 20] Rifat Fareed, Al Jazeera, Farooq Abdullah’s arrest leaves India with few allies in Kashmir.
  • [Sep 22] Air Marshal (retd) M Matheswaran, Deccan Herald, Time for structural reforms, modernisation.

[September 2-9] CCG’s Week in Review: Curated News in Information Law and Policy

This week, Delhi International Airport deployed facial recognition on a ‘trial basis’ for 3 months, landline communications were restored in Kashmir as the Government mulls over certification for online video streaming platforms like Netflix and PrimeVideo – presenting this week’s most important developments in law, tech and national security.

Aadhaar

  • [Sep 3] PAN will be issued automatically using Aadhaar for filing returns: CBDT, DD News report.
  • [Sep 3] BJD set to collect Aadhaar numbers of its members in Odisha, Opposition parties slam move, News 18 report; The New Indian Express report; Financial Express report.
  • [Sep 5] Aadhaar is secure, says ex-UIDAI chief, Times of India report.
  • [Sep 5] Passport-like Aadhaar centre opened in Chennai: Online appointment booking starts, Livemint report.
  • [Sep 8] Plans to link Janani Suraksha and Matra Vandan schemes with Aadhaar: CM Yogi Adityanath, Times of India report.

Digital India

  • [Sep 5] Digital media bodies welcome 26% FDI cap, Times of India report.
  • [Sep 6] Automation ‘not  threat’ to India’s IT industry, ET Tech report.
  • [Sep 6] Tech Mahindra to modernise AT&T network systems, Tech Circle report.

Data Protection and Governance

  • [Sep 2] Health data comes under the purview of Data Protection Bill: IAMAI, Inc42 report.
  • [Sep 2] Credit history should not be viewed as sensitive data, say online lenders, Livemint report.
  • [Sep 3] MeitY may come up with policy on regulation of non-personal data, Medianama report.
  • [Sep 3] MeitY to work on a white paper to gain clarity on public data regulations, Inc42 report.
  • [Sep 6] Treating data as commons is more beneficial, says UN report, Medianama report.
  • [Sep 9] Indian Government may allow companies to sell non-personal data of its users, Inc42 report, The Economic Times report.
  • [Sep 9] Tech firms may be compelled to share public data of its users, ET Tech report.

Data Privacy and Breaches

  • [Sep 2] Chinese face-swap app Zao faces backlash over user data protection, KrAsia report; Medianama report.
  • [Sep 2] Study finds Big Data eliminates confidentiality in court judgments, Swiss Info report.
  • [Sep 4] YouTube will pay $170 million to settle claims it violated child privacy laws, CNBC report; FTC Press Release.
  • [Sep 4] Facebook will now let people opt-out of its face recognition feature, Medianama report.
  • [Sep 4] Mental health websites in Europe found sharing user data for ads, Tech Crunch report.
  • [Sep 5] A huge database of Facebook users’ phone numbers found online, Tech Crunch report.
  • [Sep 5] Twitter has temporarily disabled tweet to SMS feature, Medianama report.
  • [Sep 6] Fake apps a trap to track your device and crucial data, ET Tech report.
  • [Sep 6] 419 million Facebook users phone numbers leaked online, ET Tech report; Medianama report
  • [Sep 9] Community social media platform, LocalCircles, highlights data misuse worries, The Economic Times report.

Free Speech

  • [Sep 7] Freedom of expression is not absolute: PCI Chairman, The Hindu report.
  • [Sep 7] Chennai: Another IAS officer resign over ‘freedom of expression’, Deccan Chronicle report.
  • [Sep 8] Justice Deepak Gupta: Law on sedition needs to be toned down if not abolished, The Wire report.

Online Content Regulation

  • [Sep 3] Government plans certification for Netflix, Amazon Prime, Other OTT Platforms, Inc42 report.
  • [Sep 4] Why Justice for Rights went to court, asking for online content to be regulated, Medianama report.
  • [Sep 4] Youtube claims new hate speech policy working, removals up 5x, Medianama report.
  • [Sep 6] MeitY may relax norms on content monitoring for social media firms, ET Tech report; Inc42 report; Entrackr report.

E-Commerce

  • [Sep 4] Offline retailers accuse Amazon and Flipkart of deep discounting, predatory pricing and undercutting, Medianama report; Entrackr report.
  • [Sep 6] Companies rely on digital certification startups to foolproof customer identity, ET Tech report.

Digital Payments and FinTech

  • [Sep 3] A sweeping reset is in the works to bring India in line with fintech’s rise, The Economic Times report.
  • [Sep 3] Insurance and lending companies in agro sector should use drones to reduce credit an insurance risks: DEA’s report on fintech, Medianama report.
  • [Sep 3] Panel recommends regulating fintech startups, RBI extends KYC deadline for e-wallet companies, TechCircle report.
  • [Sep 4] NABARD can use AI and ML to create credit scoring registry: Finance Ministry report on FinTech, Medianama report.
  • [Sep 5] RBI denies action against Paytm Payments bank over PIL allegation, Entrackr report.
  • [Sep 5] UPI entities may face market share cap, ET Tech report.
  • [Sep 6] NBFC license makes fintech startups opt for lending, ET Tech report.
  • [Sep 9] Ease access to credit history: Fintech firms, ET Markets report.

Cryptocurrencies

  • [Sep 1] Facebook hires lobbyists to boost crypto-friendly regulations in Washington, Yahoo Finance report.
  • [Sep 2] US Congress urged to regulate crypto under Bank Secrecy Act, Coin Telegraph report.
  • [Sep 2] Indian exchanges innovate as calls for positive crypto regulation escalate, Bitcoin.com report.
  • [Sep 4] Marshall Islands official explains national crypto with fixed supply, Coin Telegraph report.
  • [Sep 5] Apple thinks cryptocurrency has “long-term potential”, Quartz report.
  • [Sep 5] NSA reportedly developing quantum-resistant ‘crypto’, Coin Desk report.
  • [Sep 6] Crypto stablecoins may face bottleneck, ET Markets report.

Cybersecurity

  • [Sep 3] Google’s Android suffers sustained attacks by anti-Ugihur hackers, Forbes report.
  • [Sep 4] Firefox will not block third-party tracking and cryptomining by default for all users, Medianama report.
  • [Sep 4] Insurance companies are fueling ransomware attacks, Defense One report.
  • [Sep 5] Firms facing shortage of skilled workforce in cybersecurity: Infosys Research, The Economic Times report.
  • [Sep 5] Cybersecurity a boardroom imperative in almost 50% of global firms: Survey, Outlook report; ANI report.
  • [Sep 5] DoD unveils new cybersecurity certification model for contractors, Federal News Network report.
  • [Sep 5] Jigsaw Academy launches cybersecurity certification programme in India, DQ India report.
  • [Sep 6] Indians lead the world as Facebook Big Bug Hunters, ET Tech report.
  • [Sep 6] Australia is getting a new cybersecurity strategy, ZD Net report.
  • [Sep 9] China’s 5G, industrial internet roll-outs to fuel more demand for cybersecurity, South China Morning Post report.

Tech and National Security

  • [Sep 3] Apache copters to be inducted today, The Pioneer report.
  • [Sep 3] How AI will predict Chinese and Russian moves in the Pacific, Defense One report.
  • [Sep 3] US testing autonomous border-patrol drones, Defense One report.
  • [Sep 3] Meet the coalition pushing for ‘Cyber Peace’ rules. Defense One report.
  • [Sep 4] US wargames to try out concepts for fighting China, Russia, defense One report.
  • [Sep 4] Southern Command hosts seminar on security challenges, Times of India report; The Indian Express report
  • [Sep 4] Russia, already India’s biggest arms supplier, in line for more, Business Standard report.
  • [Sep 4] Pentagon, NSA prepare to train AI-powered cyber defenses, Defense One report.
  •  [Sep 5] Cabinet clears procurement of Akash missile system at Rs. 5500 crore, Times Now report.
  • [Sep 5] India to go ahead with $3.1 billion US del for maritime patrol aircraft, The Economic Times report.
  • [Sep 5] DGCA certifies ‘small’ category drone for complying with ‘No-Permission, No-Takeoff’ protocol, Medianama report.
  • [Sep 5] India has never been aggressor but will not hesitate in using its strength to defend itseld: Rajnath Singh, The Economic Times report.
  • [Sep 5] Panel reviewing procurement policy framework to come out with new versions of DPP, DPM by March 2020, The Economic Times report; Business Standard report; Deccan Herald report.
  • [Sep 5] Russia proposes joint development of submarines with India, The Hindu report.
  • [Sep 7] Proud of you: India tells ISRO after contact lost with CHandrayaan-2 lander, India Today report.

Tech and Elections

  • [Sep 4] ECI asks social media firms to follow voluntary code of ethics ahead of state polls: report, Medianama report.
  • [Sep 6] Congress party to reorganise its data analytics department, Medianama report.
  • [Sep 5] Why the 2020 campaigns are still soft targets for hackers, Defense One report.
  • [Sep 5] Facebook meets with FBI to discuss election security, Bloomberg report.
  • [Sep 5] Facebook is making its own AI deepfakes to head off a disinformation disaster, MIT Tech Review report.

Internal Security: J&K

  • [Sep 4] Long convoy, intel failure: Multiple lapses led to Pulwama terror attack, finds CRPF inquiry, India Today report; Kashmir Media Service report; The Wire report.
  • [Sep 4] Extension of President’s Rule in Kashmir was not delayed, MHA says in report to SC lawyer’s article, Scroll.in report.
  • [Sep 6] Landline communication restored in Kashmir Valley: Report, Medianama report.
  • [Sep 7] Kashmir’s Shia areas face curbs, all Muharram processions banned, The Quint report.
  • [Sep 7] No question of army atrocities in Kashmir as it’s only fighting terrorists: NSA Ajit Doval, India Today report.
  • [Sep 8] More than 200 militants trying to cross into Kashmir from Pakistan: Ajit Doval, Money Control report.
  • [Sep 8] ‘Such unilateral actions are futile’, says India after Pakistan blocks airspace for President Kovind, Scroll.in report; NDTV report.

Internal Security: NRC

  • [Sep 2] Contradictory voices in Assam Congress son NRC: Tarun Gogoi slams it as waste paper, party MP says historic document, India Today report.
  • [Sep 3] Why Amit Shah is silent on NRC, India Today report.
  • [Sep 7] AFSPA extended for 6 months in Assam, Deccan Herald report.
  • [Sep 7] At RSS mega meet, concerns over Hindus being left out of NRC: Sources, Financial Express report.

National Security Institutions and Legislation

  • [Sep 5] Azhar, Saeed, Dawood declared terrorists under UAPA law, Deccan Herald report; The Economic Times report.
  • [Sep 8] Home Minister says India’s national security apparatus more robust than ever, Livemint report.
  • [Sep 8] Financial safety not national security reason for women to join BSF: Study, India Today report.

Telecom/5G

  • [Sep 6] Security is an issue in 5G: NCSC Pant on Huawei, Times of India report.

More on Huawei

  • [Sep 1] Huawei believes banning it from 5G will make countries insecure, ZD Net report.
  • [Sep 2] Huawei upbeat on AI strategy for India, no word on 5G roll-out plans yet, Business Standard report.
  • [Sep 3] Huawei denies US allegations of technology theft, NDTV Gadgets 260 report; Business Insider report; The Economic Times report.
  • [Sep 3] Shocking Huawei ‘Extortion and Cyberattack’ allegations in new US legal fight, Forbes report; Livemint report, BBC News report; The Verge report
  • [Sep 3] Committed to providing the most advanced products: Huawei, ET Telecom report.
  • [Sep 4] Huawei says 5G rollout in India will be delayed by 3 years if it’s banned, Livemint report
  • [Sep 4] Trump not interested in talking Huawei with China, Tech Circle report.
  • [Sep 5] Nepal’s only billionaire enlists Huawei to transform country’s elections, Financial Times report.
  • [Sep 8] Trump gets shocking new Huawei warning – from Microsoft, Forbes report.

Emerging Tech

  • [Aug 30] Facebook is building an AI Assistant Inside Minecraft, Forbes report.
  • [Sep 3] AWS partners with IIT KGP for much needed push to India’s AI skilling, Inc42 report.
  • [Sep 3] Behind the Rise of China’s facial recognition giants, Wired report.
  • [Sep 4] Facebook won’t use facial recognition on you unless you tell it to, Quartz report.
  • [Sep 4] An AI app that turns you into a movie star has risked the privacy of millions, MIT Technology Review report.
  • [Sep 6] Police use f facial recognition is accepted by British Court, The New York Times report.
  • [Sep 6] Facebook, Microsoft announce challenge to detect deepfakes, Medianama report.
  • [Sep 6] Facial recognition tech to debut at Delhi airport’s T3 terminal; on ‘trial basis’ for next three months, Medianama report.

Internet Shutdowns

  • [Sep 3] After more than 10 weeks, internet services in towns of Rakhine and Chin restored, Medianama report.
  • [Sep 4] Bangladesh bans mobile phone services in Rohingya camps, Medianama report.

Opinions and Analyses

  • [Sep 2] Michael J Casey, Coin Desk, A crypto fix for a broken international monetary system.
  • [Sep 2] Yengkhom Jilangamba, News18 Opinion, Not a solution to immigration problem, NRC final list has only brought to surface fault lines within society.
  • [Sep 2] Samuel Bendett, Defense One, What Russian Chatbots Think About Us.
  • [Sep 2] Shivani Singh, Hindustan Times, India’s no first use policy is a legacy that must be preserved.
  • [Sep 3] Abir Roy, Financial Express, Why a comprehensive law is needed for data protection. 
  • [Sep 3] Dhirendra Kumar, The Economic Times, Aadhaar is back for mutual fund investments.
  • [Sep 3] Ashley Feng, Defense One, Welcome to the new phase of US-China tech competition.
  • [Sep 3] Nesrine Malik, The Guardian, The myth of the free speech crisis.
  • [Sep 3] Tom Wheeler and David Simpson, Brookings Institution, Why 5G requires new approaches to cybersecurity.
  • [Sep 3] Karen Roby, Tech Republic, Why cybersecurity is a big problem for small businesses.
  • [Sep 4] Wendy McElroy, Bitcoin.com, Crypto needs less regulation, not more.
  • [Sep 4] Natascha Gerlack and Elisabeth Macher, Modaq.com, US CLOUD Act’s potential impact on the GDPR. 
  • [Sep 4] Peter Kafka, Vox, The US Government isn’t ready to regulate the internet. Today’s Google fine shows why.
  • [Sep 5] Murtaza Bhatia, Firstpost, Effective cybersecurity can help in accelerating business transformation. 
  • [Sep 5] MG Devasahayam, The Tribune, Looking into human rights violations by Army.
  • [Sep 5] James Hadley, Forbes, Cybersecurity Frameworks: Not just for bits and bytes, but flesh and blood too.
  • [Sep 5] MR Subramani, Swarajya Magazine, Question at heart of TN’s ‘WhatsApp traceability case’: Are you endangering national security if you don’t link your social media account with Aadhaar? 
  • [ Sep 5] Justin Sherman, Wired, Cold War Analogies are Warping Tech Policy.
  • [Sep 6] Nishtha Gautam, The Quint, Peer pressure, militant threats enforcing civil curfew in Kashmir?
  • [Sep 6] Harsh V Pant and Kartik Bommakanti, Foreign Policy, Modi reimagines the Indian military.
  • [Sep 6] Shuman Rana, Business Standard, Free speech in the crosshairs.
  • [Sep 6] David Gokhshtein, Forbes, Thoughts on American Crypto Regulation: Considering the Pros and Cons.
  • [Sep 6] Krishan Pratap Singh, NDTV Opinion, How to read Modi Government’s stand on Kashmir.
  • [Sep 7] MK Bhadrakumar, Mainstream Weekly, The Big Five on Kashmir.
  • [Sep 7] Greg Ness, Security Boulevard, The Digital Cyber Security Paradox.
  • [Sep 8] Lt. Gen. DS Hoods, Times of India, Here’s how to take forward the national security strategy.
  • [Sep 8] Smita Aggarwal, Livemint, India’s unique public digital platforms to further inclusion, empowerment. 

[July 8-15] CCG’s Week in Review: Curated News in Information Law and Policy

The Parliament passed the Aadhaar Amendment Bill, expected to have a far-reaching impact on data sharing with private companies and State Governments; France rolled out a new “digital tax” for Big Tech, Facebook slapped with a massive $5bn fine by the US FTC, while uncertainty over Huawei’s inclusion in India’s 5G trials deepens  — presenting this week’s most important developments in law and tech.

In focus this week: opinions and analyses of the Defence Budget for 2019-20.

Aadhaar

  • [July 8] Parliament passes Aadhaar amendment bill, The Hindu Business Line report.
  • [July 8] RS clears bill on voluntary use of Aadhaar as ID proof, Live Mint report.
  • [July 8] Techie moves Madras High Court assailing compulsory linking of Aadhaar with Universal Account Number (UAN) to avail EPFO pension, The Economic Times report.
  • [July 9] You are not bound to share Aadhaar data with schools, banks and telcos, DNA India report.
  • [July 9] ‘Ordinance on Aadhaar use doesn’t survive as House has cleared the Bill’: Centre tells SC, The Hindu report.
  • [July 10] Aadhaar Bill passage in Parliament: New clause helps secure non-NDA votes, The Economic Times report.
  • [July 11] PAN not linked to Aadhaar will become invalid from September, Business Standard report.
  • [July 11] Aadhaar amendments: New clause to allow use of Aadhaar data for state schemes, Live Mint report.
  • [July 11] Amendment: no Aadhaar for mobile wallet firms, The Economic Times report.
  • [July 11] All your Aadhaar fears are coming true in Assam, HuffPost India report.
  • [July 13] Rajya Sabha passes Aadhaar amendment Bill, allows to file complaint in case of security breach, India Today report.
  • [July 14] You may soon have to pay Rs. 10,000 as fine for entering wrong Aadhaar number for transactions, New 18 report.

Free Speech

  • [July 9] Twitter backs off broad limits on ‘Dehumanizing Speech’, The New York Times report.
  • [July 10] TikTok influencers charged for hate speech and attempting to incite communal violence, Business Insider report.
  • [July 13] White House Social Media recap, National Public Radio report, CNN report, The New York Times report, Engadget report. The Verge report.
  • [July 13] FIRs against 10 for poems that try to ‘hinder NRC’ in Assam, Times of India report.
  • [July 15] RSS wing calls for TikTok, Helo ban, The Economic Times report.

Data Protection

  • [July 8] Indian parliament members call for Data Protection Bill and TikTok ban, Inc42 report.
  • [July 8] British Airways fined record 183 million for data breach involving 500,000 customers: report, Medianama report, BBC report.
  • [July 9] Digital data protection to be a fundamental right in Brazil as amendment to constitution is approved, Medianama report.
  • [July 12] Not ‘Okay Google’: Firms admits that workers listen to audio from Assistant, Home, Medianama report, Fox News report, VRT News report.
  • [July 12] Google data breach faces review by Irish privacy watchdog, Bloomberg report.
  • [July 13] Facebook fined $ 5 billion by US regulators over privacy and data protection lapses, News 18 report, The Hindu Business Line report.
  • [July 13] Indian Govt is selling vehicle owner data to companies and citizens don’t have a clue, Inc42 report, Entrackr report.
  • [July 15] Data protection law must be the same for both private and government players, The New Indian Express report.

Digital India

  • [July 15] PMO panel seeks multinational companies’ inputs on making India electronics hub, ET Telecom report.

Data Localisation and E-Commerce

  • [July 11] Gautam Adani woos Amazon and Google with Indian data hubs, ET Telecom report.
  • [July 9] A tug of war hots the draft e-commerce policy. US tech giants want leeway in data localisation, ET Prime report. [paywall]
  • [July 15] Delhi and Bengaluru customs stop clearing ‘gifts’, Economic Times report, Medianama report.

Telecom/5G

  • [July 15] Inter-ministerial panel clears draft RFP to select auctioneer for 2019 spectrum sale, ET Telecom report.

More on Huawei

  • [July 10] Huawei makes Monaco world’s fully 5G country, Live Mint report.
  • [July 10] Huawei ban eased but tech can’t relax, Financial Times report.
  • [July 11] NSAB members, Chinese diplomat cross swords over Huawei, Indian Express report.
  • [July 12] Doubts over Huawei’s participation in India’s 5G rollout deepen, Live Mint report, NDTV Gadgets 360 report.
  • [July 14] Huawei plans extensive layoffs at its US operations, Live Mint report, The Economic Times report.
  • [July 13] US tells Britain: Fall in line over China and Huawei, or no trade deal, The Telegraph report
  • [July 14] US seeks to discredit UK spies in war against Huawei, The Times UK report.

Big Tech: Regulation

  • [July 11] France passes law taxing digital giants in defiance of US anger, Agence France Presse report.
  • [July 10] US Announces Inquiry of French Digital Tax that may end in tariffs, The New York Times report.

Cryptocurrencies

  • [July 9] Indian govt to educate top cops on cryptocurrencies, aiming to investigate crypto matters, CrytpoNewZ report.
  • [July 9] Facebook to Senators: Libra crypto will respect privacy, Coin Desk report.
  • [July 11] Winklevoss-backed crypto self-regulatory group prepares to woo congress, Coin Desk report.
  • [July 12] Japanese crypto exchange hacked, loses $ 32 million, The Hindu Business Line report, Coin Telegraph report.
  • [July 13] Study exposes how Russia, Iran and China are weaponizing crypto, CNN report.
  • [July 13] China’s illegal crypto mining crackdown could ignite a bitcoin price rally, CNN report.
  • [July 15] IRS confirms it trained staff to find crypto wallets, Coin Desk report.

Emerging Tech

  • [July 9] AI in cybersecurity expected to surpass $38 billion, Security Boulevard report.
  • [July 14] How aritifical intelligence is solving different business problems, Financial Express report.
  • [July 14] Why AI is the future of cybersecurity, Forbes report.

Cybersecurity

  • [July 8] Chinese hackers demonstrate their global cyber espionage reach with breach at 10 of the world’s biggest telecoms, CPO Magazine report.
  • [July 12] Businesses in India tapping AI to improve cybersecurity, The Economic Times report, Fortune India report.
  • [July 15] Indian IT managers facing budget crunch for cybersecurity, The Economic Times report.

Tech and Law Enforcement: Surveillance and Cyber Crime

  • [July 8] NCRB invites bids to implement Automated Facial Recognition System, Medianama report.
  • [July 9]  The chase gets a lot easier for tech-wielding cops now, The Economic Times report.
  • [July 9] Delhi government begins installing CCTV cameras inside classrooms to prevent crime: report, Medianama report. Times now News report.
  • [July 10] Instagram announces two new anti-bullying features, Instagram’s announcement, Thw Wall Street Journal report, Medianama report.
  • [July 11] WhatsApp messages can be traced without diluting encryption, Zee News report.
  • [July 12] New POCSO bill to expand child porn definition to include anime, adults posing depicting children, Medianma report, Hindustan Times report.
  • [July 12] SC refuses to stay installation of CCTV cameras in Delhi Government schools, Medianama report, Bar & Bench report.

Tech and Military

  • [July 8] Japan-India security cooperation: Asian giants to expand their relations to Space, Financial Express report.
  • [July 8] Bill to tag individuals as ‘terrorist’ introduced in LS, Opposition protests: The Unlawful Activities (Prevention) Act Amendment Bill, 2019, Business Standard report
  • [July 8] Government introduces Bill in Lok Sabha to amend National Investigation Agency Act, The Economic Times report.
  • [July 8] Govt to procure 1.86 lakh bullet proof jackets by April next, The Hindu Business Line report.
  • [July 8] India, Russia agree on new payment mode for S-400 deal to get around US sanctions, The Print report.
  • [July 9] National e-Governance Division to revamp management app for the army, The Week report.
  • [July 9] Amazon, Microsoft wage war over the Pentagon’s ‘war cloud’,  NDTV Gadgets 360 report
  • [July 10] Last chance to get tech: Navy says negotiating next 6 subs to take years, Business Standard report.
  • [July 10] Tactical communications market size in the US region is projected to experience substantial proceeds by 2024, Tech Mag report.
  • [July 11] Govt says looking at tech to seal northern and eastern borders, Live Mint report.
  • [July 11] Army man arrested for leaking info on national security, The Tribune report.
  • [July 12] Wait for sniper rifles gets longer, MoD retracts the RFP issued last year, Financial Express report.
  • [July 12] India, Russia discuss space cooperation, The Hindu report
  • [July 12] Israel arms company signs $100 million missile deal with Indian army, Middle East Monitor report.

Defense Budget: Reports and Analyses

  • [July 8] Budget 2019: India redirects foreign aid to Indian ocean countries, NSCS expenditure hiked, Business Standard report.
  • [July 8] Laxman K Behera, Institute for Defense Studies and Analysis, India’s Defence budget 2019-20.
  • [July 8] PK Vasudeva, Deccan Herald, An alarming fall: Defence Budget 2019-20.
  • [July 8] Mihir S Sharma, Business Standard, Budget 2019: India won’t become a superpower with these allocations.
  • [July 9] PRS Legislative Research’s analysis: Ministry of Defence Demands for Grants 2019-20.
  • [July 9] Why Sitharaman’s budgetary allocation is unlikely to satisfy defence establishment, The Economic Times report.
  • [July 10] Brahma Chellaney, Hindustan Times, India’s defence planning has no clear strategic direction.
  • [July 10] Harsh V Pant, Live Mint Opinion, We need not whine about India’s small defence budget.
  • [July 12] Commodore Anil Jai Singh, Financial Express, Budget 2019: Optimising the Defence Budget and the need for organizational reform.
  • [July 13] Shekhar Gupta, The Print, Modi isn’t about to change India into national security state like Pakistan and bankrupt it.
  • [July 13] Budget 2019: Cybersecurity – a holy grail for government’s Digital India dream, Financial Express analysis.
  • [July 15] Ravi Shanker Kapoor, News 18 Opinion, Cost of not carrying out economic reforms: acute shortage of funds for military modernization.

Opinions and Anlayses

  • [July 8] Adam Bemma, Al Jazeera, Is Sri Lanka using the Easter attacks to limit digital freedom?
  • [July 9] Dr M Suresh Babu and Dr K Bhavana Raj, The Hans India, Data Protection Bill – boon or bane for digital economy?
  • [July 8] Walter Olson, The CATO Institute blog, One year later, the harms of Europe’s data-privacy law.
  • [July 8]  Jack Parrock, Euro News, The Brief: Data privacy v. surveillance transatlantic clash.
  • [July 9] Abhijit Mukhopadhyaya and Nishant Jha, ORF, Amidst US-China standoff Huawei battles for survival.
  • [July 10] Kuldip Kunmar, The Economic Times, Budget 2019 shows govt’s will to use Aadhaar to track financial transactions.
  • [July 11] Darryn Pollock, Forbes, Is Facebook forming a crypto mafia as Libra foundation members boost each other’s businesses?
  • [July 12] Amitendu Palit, Financial Express, India ditches data dialogue again.
  • [July 12] Shantanu Roy-Chaudhary, The Diplomat, India-China-Sri Lanka Triangle: The Defense Dimension.
  • [July 12] Richard A Clarke and Robert K Knake, The Wall Street Journal, US companies learn to defend themselves in cyberspace.
  • [July 12] Simon Chandler, Coin Telegraph, US Sanctions on Iran Crypto Mining— Inevitable or Impossible?
  • [July 12] Shekhar Chnadra, Scientific American, What to expect from India’s second Moon mission.
  • [July 14] Agnidipto Tarafder and Siddharth Sonkar, The Wire, Will the Aadhaar Amendment Bill Pass Judicial Scrutiny?
  • [July 14] Scott Williams, Live Wire, Your crypto overlords are coming…
  • [July 15] Why Google cloud hasn’t picked up yet in India, ET Telecom report

Transparency and Diversity in the 2017 MAG Renewal

By Puneeth Nagaraj

Two days before the ongoing MAG meeting, the 2017 MAG renewal was announced. The CSCG protested the lack of civil society representatives among the new MAG members. This brought back focus on the need for MAG reform. Our report on multistakeholderism had identified the lack of transparency and geographic diversity in MAG selections. These issues remain relevant as another set of MAG meetings kick off in Geneva.

The Multistakeholder Advisory Group (MAG) of the Internet Governance Forum (IGF) was renewed for 2017 on Monday. The renewal has attracted controversy as no civil society members were added to this year’s MAG. The announcement has brought into focus a persistent criticism on the lack of transparency in the MAG nomination process. The lack of transparency and geographic diversity in the MAG was discussed in our report on multistakeholderism. Some of its findings are relevant to the 2017 MAG renewal.

Created on the recommendation of the Working Group on Internet Governance (WGIG), the MAG is responsible for organising the annual IGF. The MAG is not a decision-making body by design. But  Jeremy Malcolm  (pp. 420-422) points out  that the MAG effectively chooses issues that are debated on a global stage in the course of organising the IGF. In this respect, he argues that the MAG plays an important agenda setting role in internet governance.

MAG Nomination Process and Transparency

The make-up of the MAG is similar to the WGIG in that consists of representatives of all stakeholder groups (government, private sector, civil society and technical community). The selection of MAG members is made by the United Nations Department of Economic and Social Affairs (UN DESA) under the authority of the UN Secretary General. Nominations to the UN DESA are made through focal points from different stakeholder groups, but applicants can also apply to the UN DESA directly.

As noted in our report (pp. 70-72), once nominations are sent to the UN DESA, there is no clarity on how members are selected to the MAG. The only available information on DESA’s selection criteria are the five criteria listed on the IGF website. These criteria include achieving a geographic and gender balance and that representatives should have strong linkages to their stakeholder groups.

The controversy in this year’s MAG renewal arose out of the lack of new civil society representation on the MAG. The Civil Society Coordination Group (CSCG), which is the focal point for civil society nominations wrote to the IGF secretariat asking it to reconsider its decision. They pointed out that no civil society members were added to the MAG this year despite two civil society members retiring from the MAG (members are selected for 3 year terms and a third of the MAG retires each year). The letter also called on the IGF secretariat to select an additional civil society member to the MAG.

This is not the first time that MAG nominations have been controversial. In 2016, the CSCG wrote to the IGF secretariat asking for greater transparency and inclusiveness in selections to the MAG. Similarly, as discussed in our report (p. 73), an Indian civil society member nominated by the CSCG was not selected to the MAG in 2014. In the above cases, the CSCG had contacted IGF secretariat asking for greater clarity on how selections were made.

Geographic Diversity

One of the findings of our report with respect to the MAG was on the geographic diversity of the group. As mentioned above, geographic diversity is one of the stated criteria based on which the UN DESA selects members to the MAG. Our report found that on average, 8-10% of MAG members were from the United States (based on their affiliation mentioned on the IGF website). As shown in the chart below, this was the highest percentage representation from any country between 2011 and 2015.

Membership by country as a percentage of total MAG Membership (2011-15)

us-igf-mag

Source: Multistakeholderism in Action

This trend has continued in the 2017 MAG renewal with 4 members or 7% of the MAG being from the United States. No other country has more than 2 members in the current MAG. The FAQ section on MAG renewals acknowledges this disparity. It stated that the MAG currently has an excess of members from Western Europe and Others Group. It also states that a new selection process will attempt to make the MAG more regionally balanced. It remains to be seen if this imbalance will be addressed in the next MAG renewal cycle.

The MAG nomination process raises questions on the transparency of the process and the diversity within the MAG. However, there is very little publicly available information or communication from the UN DESA beyond the criteria listed on the IGF website. The 2017 announcement was made one day before the IGF Open Consultations and MAG meeting were to begin in Geneva (1st March). A CSCG representative who circulated the letter believed that the issue of non-selection of a civil society member might be taken up at the meeting.

Puneeth Nagaraj is a Project Managers at the Centre for Communication Governance at National Law University Delhi

Civil Society and CCWG-Accountability: a report from IGF 2016

By Aarti Bhavana

The 11th Internet Governance Forum (IGF) was held earlier this month in Guadalajara, Mexico. Established as a result of the Tunis Agenda, the IGF provides a space for discussing issues relating to the internet, where stakeholders can engage on an equal footing. Though it is not a decision-making forum, the IGF provides stakeholders the opportunity to share their work with others working in the same field.

CCG and the Non-Commercial Stakeholders Group (NCSG) organised a workshop that brought together active civil society participants from the IANA Transition to reflect on the process. The discussion was mainly centered around the Cross-Community Working Group on Enhancing ICANN Accountability (CCWG-Accountability), which has been summarised in this post. With a long line-up of panelists, this workshop touched upon issues that were important to civil society, as well as successes and failures that could help develop strategies for future engagement. While the transcript for this workshop is not available yet, the video recording can be viewed here.

It has been a little over two months since the IANA Transition was successfully completed. The CCWG-Accountability, formed to make recommendations on enhancing ICANN’s accountability, completed the first phase of its work before this. Known as Work Stream 1 (WS1), this phase dealt with all the topics that needed to be completed before transition could occur. Now, CCWG-Accountability has shifted its focus to Work Stream 2 (WS2) and is busy with 9 subgroups working on different issues that were left to be discussed after the transition. However, the IANA Transition was a historic event that brought with it a treasure trove of experiences, invaluable as a guide for future work. Drawing lessons from this experience would require taking a step back and looking at the process as a whole. Luckily, the IGF provides just such a space.

Key issues for civil society

When the IANA Transition was announced in March 2014, civil society was among the voices that demanded increased accountability and transparency of ICANN. As Robin Gross summarised, routine violations with bylaws, top-down policies, mission creep, staff interference and opacity were just some of the reasons for this push. The call for enhancing ICANN’s accountability received support across the board, and was something with which the US government also agreed. The concerns raised had more to do more with the accountability of policy-making processes than of the IANA Functions, Milton Mueller explained. Accordingly, the CCWG-Accountability was created where civil society actors from NCSG and (At-Large Advisory Committee (ALAC) were very active. As Gross stated, it was critical to get strong community powers in order to hold the Board of Directors accountable (such as right to recall board members, oversight over the budget, approval for bylaw changes, etc.). Accordingly, there was a constant push from civil society for stronger accountability measures, be it for the structure of the Empowered Community, the Independent Review Process (IRP), role of governments, human rights, staff and community accountability, or transparency. Many of these issues are still being discussed in WS2. However, as pointed out by Alan Greenberg, it must be remembered that civil society being a large collective of stakeholders with diverse interests, does not have a single agreed position on these issues.

Failures and successes

The various accountability issues are nuanced and complex, and require external experts to join the process. For example, transparency and human rights. However, joining these discussions pose their own set of challenges. As Matthew Shears summarised, many barriers to participation often seen at ICANN were also reflected in the CCWG-Accountability process as well, such as the high time commitment, language of acronyms, and the quick learning curve. Since this process required an understanding of how ICANN functions as a whole, these challenges became all the more significant. As a panelist, I noted that discussions often tended to be centralised around the same few people, which made it difficult for people to join the conversation. Additionally, Jan-Aart Scholte observed that the civil society participation was mainly from North America and Europe. He continued to discuss another significant challenge- the lack of complete openness. While the IANA transition and the CCWG-Accountability are lauded for proving that multistakeholderism can work, we must not ignore the politics involved. He highlighted that crucial discussions and deals took place behind closed doors, and were later presented at the publicly recorded calls, meetings and mailing lists. He also pointed out that civil society was on the sidelines when it came to these private discussions, which reduced its ability to influence the outcome, unlike the other stakeholders involved.

One of the biggest takeaways from this process was observing the bridging effect of a common goal. As Shears noted, this process saw diverse stakeholders talk through options when there were conflicting opinions, perspectives and interests. However, with the completion of the transition, the common goal has gone away and he observed that participants are now falling back into their stakeholder group “silos”.

Strategies for the future

While it may be a bit early to take a call on successes and failures, WS2 is still ongoing. It may be useful to try to replicate what went well, and learn from the challenges seen in WS1. Greenberg pointed out the utility of having regular informal discussions with members from other stakeholder groups in order to reach a compromise, something he recommended should be continued in WS2. The nature of the work being done by CCWG-Accountability requires finding a way to continue to work together, beyond just “looking for the lowest common denominator”, as Klaus Stoll suggested. Further, the range of issues being discussed in WS2 is diverse, and continues to require experts from outside the ICANN community to get involved. The strategy of clearly dividing the topics into separate issues was appreciated by Marilia Maciel, as it allows for easy identification of the different areas. She also pointed out that even though most of the discussion has been documented, it would be impossible to go through the tens of thousands of emails exchanged and hundreds of hours of calls. Drawing parallels with the effort required to understand the NetMundial Initiative retrospectively, she emphasised the need for documenting this process while it is still recent. CCG has attempted to do that over the past year, but the sheer volume of the discussions require more active participants to pen down their experiences and analysis to allow for a closer study later.

 

CCWG ploughs on with WS2: ICANN57

By Aarti Bhavana

With 3141 participants in attendance, ICANN57 (held from 3-9 November 2016) was the largest public meeting in its history. It was also the first meeting to be held after the successful completion of the IANA Transition. The transition greenlit the enforcement of the provisions of the IANA Stewardship Transition Proposal, which consisted of two documents: the IANA Stewardship Transition Coordination Group (ICG) proposal and the Cross-Community Working Group on Enhancing ICANN Accountability (CCWG-Accountability) Work Stream 1 Report. Our previous posts analysing these recommendations can be found here.

The meeting week was preceded by a full day face-to-face meeting of the CCWG-Accountability on the 2nd of November. The group met to continue its discussion on Work Stream 2 (WS2), which officially kicked off during the previous meeting in Helsinki. Rapporteurs from many of the WS2 Drafting Teams and subgroups presented updates on the progress of work in the preceding months. This post captures some of the key updates.

Jurisdiction

ICANN’s incorporation and physical location in California has long been a source of contention for governments and other stakeholders. Jurisdiction directly impacts the manner in which ICANN and its accountability mechanisms are structured (for example, the sole designator model arises from the California Corporations Code). Greg Shatan, co-rapporteur of the Jurisdiction subgroup presented an update document on the progress of this group. While the current bylaws state that ICANN shall remain headquartered in California, stakeholders were interested to see whether the subgroup would look into the matter of relocation. It was stated during this meeting that the subgroup has determined that it will not be investigating the issue of changing ICANN’s headquarters or incorporation jurisdiction. However, should a problem yield no other solution in the future, this option will then be examined.

A substantial issue found to be within the scope of this subgroup’s mandate is that of “the influence of ICANN’s existing jurisdictions relating to resolution of disputes (i.e., “Choice of Law” and “Venue”) on the actual operation of policies and accountability mechanisms”. The group’s working draft analysis of this issue can be accessed here. Another mandate from Annex 12 of the WS1 report requires the subgroup to study the ‘multilayer jurisdiction issue’. This has been discussed in some detail in the draft document, which can be accessed here.

One of the concerns raised during the discussion was that the subgroup would not recommend any change and conclude in favour of the status quo. Reassurance was sought that this would not be the case. The rapporteur stated in response that one cannot predict the outcome of the group as there are no internal preconceptions. It was also pointed out that since the discussion ran the risk of being purely academic, it was important to get external opinions. Accordingly, it was agreed that a survey would be sent out to hear from registries, registrars, and others. Advice will also be sought from ICANN Legal.

Transparency

ICANN has often been criticised for a lack of transparency in its functioning. This has largely been attributed to its hybrid structure, which is argued to not have the necessary active, passive, and participatory transparency structures. WS1 of the CCWG-Accountability attempted to address some of these concerns. The inclusion of inspection rights is one such example. However, a significant part of the work has been left for WS2.

This subgroup has made significant progress and shared the first draft of its report, which can be read here. This document discusses the right to information, ICANN’s Documentary Information Disclosure Policy (DIDP), proactive disclosures, and ICANN’s whistleblower protection framework. A suggestion was made to include requiring transparency in Board deliberations, which will be considered by the subgroup. There was also some discussion on increasing the scope of the proactive disclosures for greater transparency. Suggestions included disclosure of Board speaking fees and requiring disclosures of contracts of amounts lower than $1 million (the current threshold for disclosure) as well. There was also a discussion on ‘harm’ as an exception to disclosure, and the need to define it carefully. A revised draft of the report will be shared in the coming weeks, incorporating the points raised during this meeting.

Supporting Organisation (SO)/Advisory Committee (AC) Accountability

With the SOs and ACs being given greater powers under the Empowered Community, it is essential to ensure that they themselves do not remain unchecked. Accordingly, SO/AC reviews need to take place. This subgroup is tasked with the mandate of determining the most suitable manner of enhancing accountability. During this meeting, four identified tracks of activities were presented: (i) SO/AC effectiveness; (ii) evaluating the proposal of a ‘mutual accountability roundtable’; (iii) developing a detailed plan on how to increase SO/AC accountability; and (iv) assessing whether the Independent Review Process (IRP) should also apply to SO/AC activities.

Preliminary discussions have taken place on the first two tracks. It was decided that track 3 could not begin without some input from the SO/ACs. Accordingly, a list of questions was developed with the aim of better understanding the specific modalities of each organization. After a brief discussion, it was decided that this list would be sent to the SO/ACs.

Apart from these updates there was also a discussion on the Accountability and Transparency Review Team (ATRT) 3 and an interaction with the ICANN CEO.

ATRT3 and WS2:

During the Helsinki meeting, it was pointed out that the 3rd review of the Accountability and Transparency Review Team (ATRT3), scheduled to begin work in January, would have a significant overlap with WS2 topics (6 out of the 9 topics). After some discussion, it was decided that a letter would be sent to bring this to the attention of the ICANN Board. This letter also laid out possible ways to proceed:

  1. Option 1- ATRT3 and WS2 work in parallel, with a procedure to reconcile conflicting recommendations.
  2. Option 2- Delay ATRT3 until WS2 is completed.
  3. Option 3- Limit the scope of ATRT3 to assessing the implementation of ATRT2. ATRT4 can then make a full assessment of accountability and transparency issues before 2022 (preferred path).
  4. Option 4- ATRT3 continues with its full scope, with CCWG focusing only on the remaining issues. The ATRT recommendations could then be discussed by CCWG.

The Board’s response stated that while this was of concern, it was a decision to be made by the larger community, and brought it to the attention of the SOs and ACs. In Hyderabad it was decided that CCWG-Accountability will continue to follow up with the Board on this issue, while the SO/ACs deliberate internally as well.

Exchange with ICANN CEO

ICANN CEO Göran Marby’s meeting with CCWG-Accountability was arguably the most engaging session of the day. Central to this discussion was his recent announcement about a new office called the ICANN Complaints Officer. This person “will receive, investigate and respond to complaints about the ICANN organization’s effectiveness, and will be responsible for all complaints systems and mechanisms across the ICANN organization”. It was also stated that they would report to ICANN’s General Counsel. The last provision was not received well by members of the CCWG-Accountability, who stressed on the need for independence. It was pointed out that having the Complaints Officer report to the General Counsel creates a conflict of interest, as it is the legal team’s responsibility to protect ICANN. Though this was raised several times, Marby insisted that he did not think it was an issue, and asked that this be given a fair chance. This discussion was allotted extra time towards the end of the meeting, and there seemed to be a general agreement that the role and independence of the Complaints Officer needed greater thought and clarity. However, this remains the CEO’s decision, and any input provided by CCWG-Accountability will merely be advisory. It will be interesting to see whether he decides to take into account the strong concerns raised by this group.

The substantial discussions in WS2 are only just kicking off, with some subgroups (such as the Diversity subgroup) yet to begin their deliberations. The Transparency subgroup is making good progress with its draft document, on which CCWG-Accountability input is always welcome. It will be worth keeping an eye on the Jurisdiction subgroup, as this remains a divisive issue with political and national interests in the balance. Much remains to be done in the SO/AC Accountability subgroup, which is working to better understand the specific internal working of each SO/AC. This is an extremely important issue, especially in light of the new accountability structures created in WS1. CCWG-Accountability remains an open group that anyone interested can join as a participant or observer.