Vickram Crishna | 12 Jun 12:44 2016

cloud consultation

An assessment (The Wire):

Cross-Border Data Flows Debate Hits India as TRAI Issues Paper on Cloud Services

Clocking in at a whopping 119 pages and a little over 20 questions, this is one of TRAI’s most broadly-focused and comprehensive consultations in recent times.

Data centres are the new battleground of regulation when it comes to privacy and data protection. Credit: Sean Ellis, Flickr CC BY 2.0

New Delhi: With a new consultation paper on cloud computing, the Telecom Regulatory Authority of India (TRAI) is looking to continue its trend of tackling the biggest and most burning digital issues that face India’s government.

This time around, the telecom regulator is looking to kick-start debate over the challenges that arise in regulating the flow of data through the numerous cloud-based platforms that underpin our digital life.

Questions of cross-border flow of data, licensing of cloud-based services and best practices on how to successfully carry out law-enforcement requests are a few examples. Clocking in at a whopping 119 pages and a little over 20 questions, this is one of TRAI’s most broadly-focused and comprehensive consultations in recent times.

While the paper addresses everything from how to increase implementation of government cloud services to interoperability and security issues, the portion concerning the legal and regulatory framework for domestic and foreign cloud services is likely to be the focus of debate and discussion in the coming weeks.

“Regulations should be put in place to protect the interests of both cloud services providers and the consumers.Regulations are also required for standardization of technical parameters associated with cloud computing networks. Legal framework under which the cloud operates becomes very important..,” the regulator says in the paper’s introductory section.

The rest of the paper is divided into six broad sections: cloud security, quality of service, interoperability, legal framework for jurisdictions, cost benefit analysis and incentivising the implementation of cloud services in governments. The Wire breaks down the most crucial portions below, with examples of the problems that India is currently undergoing…

Security and cross-border – where, when and why?

In a sub-section on ‘Cross Border or Data Location Security Issues’, TRAI implicitly references the global debate on what restrictions should be applied to the free flow of data by detailing how various European Union States have dealt with the issue.

“One of the top security concerns… is the physical location of the data especially if they are located in another country because the laws of the host country apply to the machine and data residing on it…As an example, the data protection laws of the European Union member states are extremely complex. The transfer of personal data outside these regions needs to be handled in very specific way,” the paper states.

The problem that confronts and concerns the privacy of India’s residents, that TRAI is looking to gain more information on, is this: Should Internet services be, at minimum, required to inform you that your data is being sent and processed outside India?  Building on this principle, in a more extreme measure, if data is sent outside India should a data controller in India ensure that specific conditions surrounding the privacy and security of that data are met?

The issues surrounding the security of every jurisdiction that is part of the cross-border data flow process are addressed in questions 10 and 11 of the consultation paper:

Question 10- Enumerate in detail with justification, the provisions that need to be put in place to ensure that the cloud services being offered are secure.

Question 11 – What are the termination or exit provisions that need to be defined for ensuring security of data or information over cloud?

Whither regulatory framework?

In the opening parts of the section on what legal and regulatory frameworks could be applied to cloud computing and data sovereignty in India, TRAI examines currently existing legislation and how it could be applied to the problem at hand.

The regulator starts from the Indian Telegraph Act of 1885 and goes up to the much-criticized Information Technology Act – 2000 & Information Technology Rules 2011. Most significantly, TRAI notes that the “wide-reaching jurisdiction conferred by the IT Act” with regard to data ownership/privacy/security” could lay the groundwork for imposing  Indian jurisdiction on issues “arising from the use of cloud services by Indian persons”.

While the idea of using Indian jurisdiction and legal justification for Indian users of foreign services isn’t new in other industries, this is the first proper articulation of a similar approach for the digital sphere. Ultimately, however, TRAI dismisses existing legislation as “they don’t contemplate the scope of cloud computing services and the resultant magnification of the issues..”. Consequently, it calls for the birth of new and “specific regulation whereby any emergent issues can be dealt with directly and effectively.”

What should this regulatory framework deal with? The consultation paper points in a few directions, all of which are hotly contested in legal-technology-policy circles and even amongst various Western governments.

Law enforcement

The framework, as TRAI spells out, should ideally deal with “regulation of investigatory powers, regulation on stored communication, mandatory guidelines for national security, state privacy laws”.

However, the paper itself devotes good chunk of attention towards law enforcement. TRAI starts from a basic assumption, that the Internet and digital ICTs has hobbled the practice of law enforcement; a phenomenon that most recently manifested in the showdown between Apple and the FBI.

The consultation paper helpfully points out that “machines and data are no longer physically in one place or national boundary” and that today’s “encryption and security of data are far stronger and of industrial grade.” Consequently, Question 15 asks: “What polices [sic], systems and processes are required to be defined for information governance framework in Cloud, from lawful interception point of view and particularly if it is hosted in a different country?”

One solution that TRAI offers to the problem of law enforcement is a rather blatant reference to the concept of data localisation — where the data of Indian users would remain on Indian soil. “To overcome the problem of multiple jurisdictions, one of the possibilities may be to mandate the cloud service providers to host the data centres only in India,” the paper says.

Other less controversial examples include bringing about a US regime on data, where critical information such as health records, financial transactions and tax returns would come with specific restrictions if transferred across different countries. For instance, in this case, the medical or health data of Indian residents would not be sent to countries that India deems unsafe or lacking in data protection laws.

Unfortunately, it appears that in order to strictly regulate foreign and domestic cloud companies, TRAI falls back on a much-criticized example: a licence regime. Question 16 of the consultation paper asks: “What shall be the scope of cloud computing services in law? What is your view on providing licence or registration to cloud service providers so as to subject them to the obligations thereunder?”

The idea of a licence regime for technology companies is not new: China, and to a lesser extent Russia, have perfected this model. If companies like Uber for instance wish to operate in either China or Russia they are required to open local data centres where the data of the company’s Russian and Chinese users must be stored. Closer to home, TRAI’s last consultation paper on OTT (over-the-top) applications also hinted at whether a licence regime would be necessary to help regulate instant messaging companies such as WhatsApp.

On the other hand, TRAI still appears to be open to other solutions to how to more effectively enforce law-enforcement in the time of Facebook and Google. The issue of prodding Silicon Valley-based companies into helping out Indian security agencies such as CBI assumed centre-stage during Prime Minister Modi’s recent to the US. Both governments released a “framework for US-India Cyber Relationship”, one point in which expresses “ a commitment to promote closer cooperation among law enforcement agencies to combat cybercrime”.

TRAI, and consequently the Department of Telecommunications, appear to be interested in this as well. Question 17 of the paper asks the public “what protocol for cloud service providers to submit to the territorial jurisdiction of India for the purpose of lawful access of information?”

Carrot and the stick

The final section of the TRAI consultation paper, mostly because in addition to the stick of forcing companies to open data centres in India, it also seems open to receiving feedback on how market incentives can accelerate cloud adoption in government services and encourage domestic cloud services.

The regulator correctly notes that in countries such as India (and even Brazil to a lesser extent) physical factors such as the lack of a reliable power supply, road infrastructure as well as network stability have resulted in an environment that doesn’t encourage local or domestic data centres.

It also notes that in order to make up for these disadvantages, it’s possible that a new tax regime is necessary. “It is to be considered as to what tax regime should be employed for cloud service providers in india and whether tax benefits shall be given to them, for promoting the adoption of cloud services in the country,” the paper says.

Questions 18-21 address this: Should tax subsidies be given? What steps can be taken to promote establishment centres of data centres in India? Should there be a dedicated cloud for government applications?

Simply put, TRAI, who after this round of consultations will submit a set of recommendations to the Department of Telecommunications, is looking to tame the Wild Wild West that is cloud services in India today. How should data that is created by Indians, in India, on foreign technology platforms be governed? How should that data be treated? Is it even possible without national privacy and data protection legislation? How can the long arm of law enforcement be restored?

TRAI hopes to answer these questions and in the process, shape the digital future of India.

India-gii mailing list
India-gii <at>
Banibrata Dutta | 2 Jun 06:57 2016

LTE test equipment, very low RF TX-power and licensing requirements


Does anyone here have authoritative information on possibility of using LTE test equipment with very low Tx power, in test environment ? Since the test equipment is to be used with real LTE devices (dongles/phones), the equipment needs to operate in the popular licensed bands used by the device LTE chipsets.

India-gii mailing list
Arun Mehta | 31 May 07:05 2016

people don't even know Apple in India

I believe Steve Jobs tried India, and gave up totally within a few weeks. No doubt Cook will show more staying power, but I think this is a bit late for Apple to make much of a dent. What do you think?
"In India, carriers in general sell virtually no phones and it is out in retail - and retail is many, many different small shops," Cook told analysts recently. "Because smartphones there are low-end, primarily because of the network and the economics, the market potential has not been as great," added Cook, likening India to the Chinese market 7-10 years ago.
With per capita income of $1,570 as of 2014 and the average smartphone selling for less than $90, a third of the global average, India's market growth is predominantly led by cheaper phones. High-end smartphones - costing from $300 - make up only 6 percent of the market, or just 6 million units, according to Morgan Stanley.
Apple's brand awareness ranks 10th in India, trailing Samsung, Sony, Blackberry and some local rivals. Almost half of respondents in a Morgan Stanley survey said they do not know Apple.
India-gii mailing list
Vickram Crishna | 31 May 06:37 2016

Trai on Meet Neutrality: consultation paper for comments

Business Standard

India-gii mailing list
Atanu Garai | 30 May 14:43 2016

How to communicate recurring tech problems to airtel DTH

I was forced to take Airtel DTH subscription as the other DTH operator was not getting its signal in its antenna and this particular apartment was so enticed by the marketing of Airtel to put a universal antenna on the rooftop.

Now every month I recharge online in airtel's website, they deduct the amount but doesn't update the credit and disconnect the A/Cs. One of 2 TVs is running and the other TV is disconnected.

How do you explain this to communicate to our friends in Airtel?

India-gii mailing list
Vickram Crishna | 25 May 07:31 2016

Fw: A Tuition-free School In Silicon Valley

Another interesting idea on why a pervasive connectivity paradigm delivers unexpected outcomes, that are potentially positive in nature. It may not need to use a lot of bandwidth, arguably, but it does need to be reliably on, wrt the separate thread on 4G. Relevant to India in the sense that an innately talented youngster with minimal exposure and competency in communication techniques such as this, no matter where, should be able to access such opportunities. Or hitch on them, in this case.


On Sun, 22 May, 2016 at 6:44 p.m., 

Free lessons in coding and entrepreneurial thinking.


A French billionaire put up $100 million to create a tuition-free school in Silicon Valley that's endorsed by Jack Dorsey and Evan Spiegel

A radical French technology school funded by $100 million from billionaire entrepreneur Xavier Niel is coming to Silicon Valley, and has plans to grow to 10,000 students in the next five years.

The tuition-free school is primarily focused on teaching coding and entrepreneurial thinking, and is called "42," a nod to the book "Hitchhikers Guide to the Galaxy," where 42 is the answer to "life, the universe and everything."

Niel, a high-school dropout and one of France's biggest technology giants, started the school in 2013 to shake up the traditional mold of French education, and to churn out students that were innovative problem-solvers (and who employers wanted to hire). Another huge draw, especially in the US, is the lack of tuition, which can work to drastically reduce the cost of learning programming skills.

42 already has big supporters in tech like Snapchat CEO Evan Spiegel, Twitter and Square CEO Jack Dorsey, and Slack CEO Stewart Butterfield. Spiegel called it a school from the future, while Dorsey gave a glowing endorsement, saying ''We are always looking for great engineers from any background and any education like 42.''

Here's how 42's US operation will work:

42 doesn't require a high-school diploma or give a traditional certificate at the end. The students, ages 18 to 30, get accepted into 42 through a logic-focused entrance exam (no coding experience is required). Then they come to 42 for a month-long session called "piscine" (pool), whose 100-hour weeks are designed to see who sinks and who swims. If they succeed, they enter into the program, which runs 3 to 5 years.

There are no teachers. Students work in groups of two to five on computer programming challenges. The school calls this "peer to peer" learning, and students are expected to find what they need on the internet (the school gives them space, computers, and other equipment available 24/7).

There is no tuition. Niel has provided $100 million to launch the new nonprofit school in the US. He told VentureBeat he has no plans to make any money off it, and hopes alumni will choose to give back to the school with donations.
42 will launch in a new 200,000 square-foot classroom in Fremont, CA, and a 300-person (free) dormitory (42 says it is working to increase that capacity to 600).
Since its launch in France, 42 has received more than 200,000 applications, and taught over 2,500 students. 
India-gii mailing list
Arun Mehta | 23 May 07:25 2016

your opinion of 4G? The Cook visit?


You have said how 4G is going to be a big trigger for a market like India. But most of the country is still is 2G and other half pay for 3G but get 2G? How important is good network to get the best out of services like that of Apple’s?

Yah, I think that is where we are today. The level of things you can do are not brought to life fully because of the level of infrastructure here. This week I have seen some very bold plans on 4G and a lot of commitment to it. I think there is going to be a fairly rapid change. It is not going to happen tomorrow and there is a journey there, but I see the seeds already planted and we are going to grow very fast over the next several months. My own observation is that video is more important to the Indian consumer, and yet they are held back from enjoying it because of the network. I do think that 4G will have a profound effect, I am not talking about evolutionary, but it will be profound. It will be great to see that happen.

It must be hard for the telcos to manage data and voice in 2g, 3g and 4g. They do seem to be trying to get people to move to 4g. Those who already have migrated to 4g, do you really see a "profound" difference?

Arun Mehta 
India-gii mailing list
Arun Mehta | 17 May 12:19 2016

which is the best VOIP?

I have been using Skype quite intensively: I learn classical singing from a teacher in Pune, and once a week we have a "skype" lesson -- except, that the last few times, Skype has been behaving terribly, dropping the sound inexplicably. 

We tried Whatsapp, but on my teachers' side, the call would redial every two minutes with a beep. Google Hangouts seemed to work best this morning.

Others in India who use VOIP a lot, which service works best for you?

Arun Mehta
India-gii mailing list
Ruchir T | 17 May 10:01 2016

Rolling Train - Learn with friends Hindi, Telugu, Punjabi, Marathi and more

Hi Friends,

I wanted to recreate a bit of the multilingual phonic experience of traveling in an Indian train and offer a way to learn languages on a mobile device that is rooted in listening to words, just like children learn.

So built an app to do this - it is called Rolling Train.

Please check it out and add your voice in your own language to the experience.

Rolling Train - Learn with friends Hindi, Telugu, Punjabi, Marathi and more

best regards, - Ruchir

India-gii mailing list
Suresh Ramasubramanian | 12 May 10:17 2016

Sort of off topic - forgot that privacy india list and not sure if it is even active

Anyway .. this is something most of you should have noticed by now.

As soon as your car is up for insurance renewal, even if you originally bought your policy online and not
through an agent, you will have about a dozen agents and / or insurers calling / texting you offering great
deals on policy renewal if you switch to them.

The only inference I can see for this is that someone, somewhere, is sharing customer data on vehicle
insurance.  Whether this is at the RTO where a copy of the insurance is filed, or at the level of the insurance
companies / brokers is something I can’t decide yet.

But it is certainly irritating, especially when I have stuck to the same insurer for all my insurance needs
for over fifteen years now and don’t plan to change.

India-gii mailing list
India-gii <at>
Srini RamaKrishnan | 28 Apr 06:52 2016

Dedicated panic buttons on phones is not a well thought out policy

Dedicated panic buttons on phones is not a well thought out policy...

But it makes good headlines.

I don't think I need to say more, the implications are obvious but in
case they aren't, here are a few issues:

1.Genuine calls to the police will be drowned among thousands of
accidental key presses of the panic button.
2. India lacks a dedicated emergency helpline like 911 in the US, so a
panic button to call the police is useless outside 4 or 5 major metros
which might have some level of computerization and wireless response
with the 112 service.
3. First responders, including the police can take up to 30 minutes to
respond even in crowded urban centers, which is too late to prevent
most  crimes.
4. Depending on friends or relatives for help is a poor choice. Most
ordinary people who aren't teenagers can often go a few hours without
checking the phone for messages. Besides we are not all Bruce Lee to
beat off goons, we can at best help rush the victim to the hospital.
5. Always on GPS will weaken batteries, so most will turn it off. When
the panic button is pressed, acquiring a GPS/Glonass fix can take
between 3-60 minutes depending on when GPS was last used.

I'm sure with 5 minutes of thinking we can all find still more issues.
What would have been nice is a call for proposals from the technology
community instead of what appears to be an off-the-cuff policy