Search interesting materials

Monday, May 10, 2021

Backdoors to Encryption: Analysing an Intermediary's Duty to Provide 'Technical Assistance'

by Rishab Bailey, Vrinda Bhandari, and Faiza Rahman.

The rising use of encryption is often said to be problematic for law enforcement agencies (LEAs) in that it directly impacts their ability to collect data required to prosecute online offences. While certainly not a novel issue, the matter has risen to global prominence over the last four or five years, possibly due to the increased usage of privacy enhancing technologies across the digital ecosystem.

While there have been a number of policy proposals that seek to address this perceived impasse, no globally accepted best practice or standard has been evolved thus far. In India (as in many other jurisdictions), the government has increasingly sought to regulate the use of encryption. For instance, the recently announced Intermediary Guidelines under the Information Technology Act, 2000, seek to extend the "technical assistance" mandate of certain intermediaries to ensure traceability, by enabling identification of the first originator of the information on a computer resource. The scope of the term "technical assistance" has not been clearly defined. However, the provision appears to go well beyond existing mandates in the law that require holders of encryption keys to provide decryption assistance, when called upon to do so, in accordance with due process, and based on their capability of decrypting the encrypted information. Courts have also weighed in on this debate, with the Madras High Court and the Supreme Court hearing petitions that seek to create mechanisms whereby LEAs could gain access to content protected by end-to-end encryption (E2E), thereby enabling access to user conversations on popular platforms such as WhatsApp. A Rajya Sabha Ad-hoc Committee Report released in 2020 has also recommended that LEAs be permitted to break or weaken E2E to trace distributors of illegal child sexual abuse content.

Against this background, our recently released paper examines the scope of the obligations that ought to be imposed on intermediaries to provide "technical assistance" to LEAs, and whether that should extend to weakening standards of encryption, for instance, through the creation of backdoors. Broadly speaking the term "backdoors" refers to covert methods of circumventing encryption systems, without the consent of the owner or the user. The paper also evaluates, in brief, proposals for alternatives, such as the use of escrow mechanisms and ghost protocols.

We argue that the government should not impose a general mandate for intermediaries to either weaken encryption standards or create backdoors in their products/platforms. This can significantly affect the privacy of individuals and would constitute a disproportionate infringement into the right to privacy. Such a mandate will also likely fail a cost-benefit analysis, not least in view of the possible effects on network security as well as broader considerations such as growth of the Indian market in securities products, geopolitical considerations, etc. This however, does not mean that the law enforcement agencies have no options when faced with the prospect of having to access encrypted digital data. A first step in this regard would be to implement rights-respecting processes to enable law enforcement to access data collected by intermediaries in a timely manner. In addition, there should be greater focus on enhancing government and law enforcement capacities, including by developing hacking capabilities, with sufficient oversight and due process checks and greater funding to research and development efforts in the cybersecurity and crypto spaces.

This post seeks to throw light on the key issues around the encryption debate, and summarises our main arguments and suggestions on how India should address them.

Understanding the encryption debate

Encryption is the process of using a mathematical algorithm to render plain, understandable text into unreadable letters and numbers (Gill, 2018). Typically, an encryption key is used to carry out this conversion. Reconverting the encrypted text back to plain-text also requires an encryption key. Depending on the manner of encryption, the same encryption key can be used to encrypt or decrypt information, or alternatively, one may require different encryption and decryption keys. Encryption therefore ensures that the message can only be read by the person who has the appropriate decryption key, particularly as newer forms of encryption make it inefficient, if not impossible, to reverse the encryption process (Gill, 2018).

Encryption essentially improves the security of information. It secures information against unwarranted access and ensures the confidentiality and integrity of data, thereby fostering trust in the digital ecosystem and protecting the private information of citizens and businesses alike.

However, the use of encryption can also enable criminals to "go dark", making it difficult for LEAs to carry out their functions. For instance, it is estimated that upwards of 22 percent of global communication traffic uses end-to-end encryption (Lewis et al, 2017). This puts a quarter of communications virtually out of reach for LEAs, not least as the use of modern encryption systems makes it harder for LEAs to use the traditional "brute force" method to access encrypted data (Haunts, 2019). LEAs therefore have increasingly called for limitations to be placed on the use of encryption so as to enable them to have access to information they require to pursue their law enforcement functions. They point to the need to ensure accountability for online harms, and therefore argue that intermediaries must provide them with all data relevant to an investigation.

The concerns with the use of encryption are driven by a number of factors such as the growing instances of cybercrime, the use of data minimisation practices such as disappearing messages and the use of encryption by default in various technology products. For instance, WhatsApp and Signal automatically encrypt communications in transit and also give users the option of automatically deleting their messages. Similarly, Apple uses encryption based authentication on its iPhones (which render the content accessible only if an appropriate passcode is provided. If not, the content on the phone could even be deleted after a certain number of failed attempts) (Lewis et. al, 2017).

These concerns have led to calls for Internet intermediaries to weaken encryption standards or create backdoors in their products/services. These demands are not new. Notably, the 1990s saw the issue being debated in the United States, with the FBI proposing the use of the "Clipper Chip", a mechanism whereby decryption keys would be copied from the devices of users and sent to a trusted third party, where they could be accessed on appropriate authorisation by LEAs. More recently, the FBI has been involved in face-offs with technology companies such as Apple, when it refused to provide exceptional access to an iPhone linked to a terrorist. In India too, the government has encountered similar issues - notably forcing Blackberry manufacturers to relocate their servers to India and hand over plain text of communications. The government also circulated a draft National Encryption Policy in 2015, which sought to implement obligations involving registration of encryption software vendors, and the need for intermediaries to store plain text of user data. The draft was however withdrawn after much criticism.

In response to such proposals, security researchers, cryptographers and service providers, have been near unanimous in pointing out that the creation of backdoors is likely to lead to significant costs to the entire digital ecosystem, especially as it leads to the entire population being exposed to vulnerabilities and security threats. Indeed, the need for stronger encryption and other security standards to protect user data is only heightened by the numerous and frequent data breaches that have been reported in India. Interestingly, even the Telecom Regulatory Authority of India has adopted a similar position in its Recommendations on Regulatory Framework for OTT Communication Services of 2020.

Even two commonly discussed methods of a "balanced solution" to the problem - the use of escrow mechanisms and ghosting protocols - have faced significant criticism. For instance, the use of escrow mechanisms (which, as with the Clipper Chip system described above, involve storage of the decryption key with a trusted third-party, who can then provide the same to LEAs when called upon to do so) is likely to lead to significant vulnerabilities being created in computer systems. Not only will such a system require faith in the integrity of the entity holding the decryption key, such an entity would constitute a single point of failure, which is poor system design (Kaye, 2015). Deployment of complex key recovery infrastructure is also likely to impose huge costs on the ecosystem (Abelson et al., 1997). Similarly, suggestions for using ghost protocols (which would require service providers to secretly add an extra LEA participant to private communications) have also faced significant criticism (Levy and Robinson, 2018). Given that this system would essentially require service providers to convert a private conversation between two individuals into a group chat, with a hidden third participant, critics have argued that it is just another form of a backdoor. It would erode trust between consumers and service providers, and provide for a "dormant wiretap in every user's pocket" that can be activated at will. This would also require fundamental changes in system architecture, thereby introducing vulnerabilities that can create threats for all users on platforms (Access Now et al., 2019).

Thus, while the use of such methods can enable LEAs to access user data more quickly than is currently possible, there are numerous concerns - from a civil liberties, economic and technical perspective. We outline the key concerns in this regard below.

Concerns with mandating backdoors

  • Privacy: In view of the recognition of privacy as a fundamental right, private thoughts and communications are protected from government intrusion subject to satisfaction of tests of necessity and proportionality. Mass surveillance can be considered to be per se disproportionate. It is recognised that government surveillance can lead to unwanted behavioural changes, and create a chilling effect. Encryption therefore serves as a method to protect individual privacy, particularly from government excesses.
  • Security: Creating backdoors can weaken network security as a whole since it can be exploited by governments and hackers alike (Abelson et al., 2015). Backdoors can also lead to increased complexity in systems, which can make them more vulnerable to attack (Abelson et al., 2015).
  • Right against self-incrimination: Mandating decryption of data can arguably also be seen as violating an individual's right against self-incrimination (Gripman, 1999; ACLU and EFF, 2015).
  • Due process requirements: Criminal investigation in general and surveillance in particular is not meant to be a frictionless process. Introducing inefficiencies in the functioning of LEAs is what separates a police state from a democracy (Richards, 2013; Hartzog and Selinger, 2013). As is the case of due process requirements, encryption creates procedural hurdles, ensuring some checks and balances over the functioning of LEAs and the possibility of mass surveillance. It therefore helps re-balance the asymmetric power distribution between the State and citizen.

Scope of "technical assistance": Should it extend to creating backdoors?

Given the aforementioned concerns, the question arises, should the duty of "technical assistance" that intermediaries are required to provide to LEAs, extend to the creation of backdoors or otherwise weakening encryption systems?

We argue that as far as recoverable encryption is concerned, i.e. encryption where a service provider already has a decryption key in the normal course of service provision, there is no requirement for such a mandate. Indian law already requires service providers to decrypt data in such cases, in addition to providing various other forms of assistance. Here, the need is to focus on implementing proper oversight and other procedural frameworks to ensure that LEAs exercise their powers of surveillance or decryption in an appropriate manner. We find however, that the Indian framework is lacking in this regard. There is no judicial oversight of decryption requests, no proportionality requirements in the law, and no meaningful checks and balances over decryption processes at all. We therefore proposed various changes in order to improve the transparency and accountability of the system. Further, research indicates that the primary problem of LEAs in India may relate to the relatively old and slow processes that must be used by LEAs when accessing data held by intermediaries, particularly those based outside India. This points more to the need for LEA data access processes to be revised/streamlined in accordance with modern needs.

As far as unrecoverable encryption is concerned, i.e. encryption where even the service provider cannot access the content (such as with E2E) as it does not have access to the decryption key, which is retained by the user, the situation is undoubtedly more complex. However, even in such instances, for the reasons elaborated above, we believe that mandating backdoors or weakening encryption is not an appropriate solution.

Moreover, LEAs already have multiple alternatives to collect information, including by accessing metadata and unencrypted backups of encrypted communications. They can also use targeted surveillance methods to conduct investigations (National Academy of Science, Engineering and Medicine, 2018). Indeed, the current Indian framework - governing telecom service providers in particular, but also other intermediaries - already gives significant and arguably excessive powers to the State. It should also be noted that LEAs in India are already using spying technology, as we saw in the Pegasus case. LEAs also have other covert methods of gathering data - from key-stroke logging programmes to exploiting weaknesses in implementation of encryption systems. While one cannot argue against the use of such systems in appropriate cases, it is clear that such powers must only be exercised through institutionalised processes, and importantly, subject to appropriate regulatory oversight. There is therefore a case for formulating a legal framework in India, along the lines of the US vulnerabilities equities process, to ensure due process even when the government resorts to exploitation of vulnerabilities within information systems for national security and law enforcement purposes.

Accordingly, we point to the need to carry out a more detailed cost-benefit analysis before deciding on the need to implement such a mandate (which unfortunately, has not been done in the case of the recent Intermediary Guidelines Rules). We point to how such a cost-benefit analysis should consider:

  • Whether the use of unrecoverable encryption is indeed a significant hurdle for LEAs in collecting relevant information. While no data is available in this context in India, data from the US in the period 2012-2015 indicates that of the 14,500 wiretaps ordered under the Communications Assistance for Law Enforcement Act, only about 0.2 percent of wiretaps encountered unrecoverable encryption (Lewis et al., 2017). While this share has likely increased in view of the greater use of unrecoverable encryption in the ecosystem, a similar empirical analysis must be conducted in India to understand the impact of such types of encryption.
  • The cost to intermediaries in changing their platform architecture are unlikely to be insignificant. It is also worth keeping in mind that often intermediaries will avoid using certain types of encryption purely to keep in the good books of LEAs in a form of "weakness by design". Notably, companies such as Apple and WhatsApp have dropped plans to encrypt user back-ups stored in the cloud. Such data can therefore be accessed by LEAs without compromising encryption.
  • The risk of such laws getting caught up in global geopolitics. This has been the case for example, with Huawei and ZTE, who have faced significant international pressure in view of the Chinese government's purported ability to access data flowing through their networks.
  • The possible effectiveness of such laws, considering that many criminals may use open source encryption or encryption from platforms that are not amenable to Indian jurisdiction. Further, the pace of technical development is difficult to keep up with from a regulatory perspective. Notably, institutions such as Europol and Interpol are increasingly concerned about the use of steganography (the technique of hiding the very existence of a message) and open source encryption by international criminals and terrorist groups. Therefore, even if there is a bar on using strong encryption, those who want to break this law, will continue to do so.

We therefore argue that while a mandate for targeted decryption or technical assistance may be constitutional if backed by a law with sufficient safeguards, a general mandate for the creation of backdoors (or an interpretation of the Intermediary Guidelines requirement to provide "technical assistance" to extend to such generic obligations) is unlikely to pass constitutional muster, assuming a high intensity of proportionality review is applied. A higher intensity of review will have to look at not just whether the proposed intervention would substantially improve national security, but would also need to engage with the fact that it would (a) compromise the privacy and security of individuals at all times, regardless of whether there is any evidence of illegal activity on their party, and (b) the existence of alternative means that are available to LEAs to carry out their investigations. Thus, we believe that a general mandate for creating backdoors will not be the least restrictive measure available.

Conclusions and Recommendations

We argue that a general mandate that requires Internet intermediaries to break encryption, use poor quality encryption, or create backdoors in encryption is not a proportionate policy response given the significant privacy and security concerns, and the relatively less harmful alternatives available to LEAs. Instead, the Indian government should support the development and use of strong encryption systems.

Rather than limiting the use of certain technologies, or mandating significant changes in platform/network architecture of intermediaries that compromises encryption, the government ought to take a more rights-preserving and long-term view of the issue. This will enable a more holistic consideration of interests involved, avoid unintended consequences, and limit costs that come with excessive government interference in the technology space. The focus of the government must be on achieving optimal policy results, while reducing costs to the ecosystem as a whole (including privacy and security costs). A substantive mandate to limit the use of strong encryption would increase costs for the entire ecosystem, without commensurate benefits as far as state security is concerned.

The tussle between LEAs and criminal actors has always been an arms race. Rather than adopting steps that may have significant negative effects on the digital ecosystem, the government could learn from the policies adopted by countries such as Germany, Israel and the USA. This would involve interventions along two axes - legal changes and measures to enhance state capacity.

Legal changes that the government must consider implementing, include:

  • Reforming surveillance and decryption processes, to clarify the powers of LEAs, and ensure appropriate transparency, oversight and review. It is also essential to standardise and improve current methods of information access by LEAs at both domestic and international levels. There must be greater transparency in the entire surveillance and information access apparatus, including by casting obligations on intermediaries and the State to make relevant disclosures to the public.
  • Adoption of a Vulnerabilities Equities Process, such as that adopted in the United States, which could enable reasoned decisions to be made by the government about the disclosure of software/network vulnerabilities (thereby allowing these to be patched, in circumstances where this would not significantly affect security interests of the State). Such a process, while not without critics, does chart a path forward and must become central to the Indian conversation around due process in LEA access to personal data.
  • Amending telecom licenses, which currently give excessive leeway for exercise of executive authority, without sufficient checks or safeguards.

Rather than implement ill-thought out policy solutions that would significantly harm the digital ecosystem and user rights, the government could also focus on enhancing its own capacities. This can include measures such as:

  • Developing and enhancing covert hacking capacities (though these must be implemented only subject to appropriate oversight and review processes). To this end, there must be appropriate funding of LEAs, including by hiring security and technical researchers.
  • Investing in academic and industry research into cryptography and allied areas. The government should also aid the development of domestic entities who can participate in the global market for data security related products. Enhancing coordination between industry, academia and the State is essential.
  • Increasing participation in international standard setting and technical development processes.

To conclude, the crux of this issue can be understood using an analogy. Would it be prudent for a government, engaged in a fight against black money, to require all banks to deposit a key to their customer's safe deposit boxes with it? One would venture that this would be an unworkable proposition in a democracy. It would lead to people looking for alternatives to the use of safe-deposit boxes due to the lack of trust such a system will create. Innocent people will be exposed to increased risks. A preferable solution may be for the government to develop the ability to break into a specific safe deposit box, upon learning of its illegal contents, and subsequent to following due process. This would enable more targeted interventions, that would also preserve the broader privacy interests of innocent customers while protecting banks from increased costs (or loss of business).

References

Gill, 2018: L Gill, Law, Metaphor and the Encrypted Machine, Osgoode Hall L.J. 55(2) 2018, 440-477.

Lewis et al., 2017: James Lewis, Denise Zheng and William Carter, The Effect of Encryption on Lawful Access to Communications and Data, Center for Strategic and International Studies, February 2017.

Haunts, 2019: Stephen Haunts, Applied Cryptography in .Net and Azure Key Vault: A Practical Guide to Encryption in .Net and .Net Core, APress, February 2019.

Kaye, 2015: David Kaye, Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, United Nations, Human Rights Council, May 2015.

Abelson et al., 1997: Hal Abelson, Ross Anderson, Steven Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter Neumann, Ronald Rivest, Jeffrey Schiller, and Bruce Schneier, The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption, May 27, 1997.

Levy and Robinson, 2018: Ian Levy and Crispin Robinson, Principles for a More Informed Exceptional Access Debate, LawFare Blog, November 29, 2018.

Cardozo, 2019: Nate Cardozo, Give Up the Ghost: A Backdoor by Another Nam et al.e, Electronic Frontier Foundation, January 7, 2019.

Access Now et al., 2019: Access Now, Big Brother Watch, Center for Democracy and Technology, et al., Open Letter to GCHQ, May 22, 2019.

Harold Abelson et al., 2015: Harold Abelson, Ross Anderson, Steven Bellovin, Josh Benaloh, et al., Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, MIT-CSAIL Technical Report, July 6, 2015.

Gripman, 1999: David Gripman, Electronic Document Certification: A Primer on the Technology Behind Digital Signatures, 17 J. Marshall J. Computer and Info. L. 769 (1999).

ACLU and EFF, 2015: American Civil Liberties Foundation of Massachusetts, the American Civil Liberties Union Foundation, and Electronic Frontier Foundation, Brief for Amici Curiae in Support of the Defendant-Appellee in Commonwealth of Massachusetts v. Leon Gelfgatt, 2015

Richards, 2013: Neil Richards, Don't Let US Government Read Your E-Mail, CNN, August 18, 2013.

Hartzog and Selinger, 2013: Woodrow Hartzog and Evan Selinger, Surveillance as Loss of Obscurity, Washington and Lee L.R. 72(3), 2015.

National Academy of Science, Engineering and Medicine, 2018: National Academy of Science, Engineering and Medicine, Decrypting the Encryption Debate: A Framework for Decision Makers, National Academies Press, Washington DC.


Rishab Bailey is a researcher at NIPFP. Vrinda Bhandari is a practising advocate. Faiza Rahman is a PhD candidate at the University of Melbourne.

Monday, May 03, 2021

Announcement: Position for researchers in public finance and public procurement

xKDR Forum is looking for researchers to work on a project with the Chennai Mathematical Institution (CMI), involving studying the impact of public finance management and public procurement issues on the private sector.

xKDR Forum is a Mumbai-based inter-disciplinary group of researchers working in the fields of household and firm finance, financial markets, public finance management and public procurement and the land market. In these fields, the group engages in academic and policy oriented research, and advocacy. The new recruits will come into an active research program in the field.

xKDR Forum is looking for three researchers with the profiles described below.

Senior Researcher
As a senior researcher, you will be expected to take a lead on delivering on the project objectives. You will be part of the core group of this project, building a pipeline of research ideas, and executing them. This will mean pursuing independent research as well as supervising and advising team members in their research. The requirements for the role of a senior researcher are: knowledge of public economics, public administration, public policy; over four years of work experience; very high quality spoken and written English. Experience with running surveys is additionally desirable.
Two Research Associates
As a research associate, you will work on project deliverables under the supervision of a senior researcher. The requirements for the role of research associate are: a background in economics and public policy, quantitative skills are desirable, two years of work experience.

You must be comfortable in working in an inter disciplinary research environment with people from varying backgrounds such as economics, law, public policy and data science. You must be curious and passionate about research and must be willing to work on independent outputs as well as in teams.

The remuneration offered will be commensurate with your skill and experience and will be comparable with what is found in other research institutions.

Interested candidates must email their resume with the subject line: Application for "Senior Researcher/ Research Associate" at xKDR Forum, to Ms. Jyoti Manke at careers@xkdr.org by 8th May, 2021.

Tuesday, April 27, 2021

Vaccination in India: how will demand change when persons above age 18 are eligible?

by Renuka Sane and Ajay Shah.

  1. On 16 January 2021, the union government's vaccination program started with eligibility limited to frontline workers. On 1 March 2021, eligibility was extended to a) those above the age of 60, and b) for those above the age of 45 with comorbidities. This was further opened up to everyone above the age of 45 from 1 April 2021. On 20 April 2021, the union government announced that from 1 May 2021 the minimum age of a person that is able to obtain a vaccine will go down from 45 to 18.
  2. It is useful to juxtapose this recent expansion, from age 45+ to age 18+, against the structure of the population, and envision the magnitudes involved.
  3. The last available census in India was in 2011. It is likely that the age structure of the Indian population has changed since then. We use the CMIE Consumer Pyramids household survey data to get the following age structure, based on an estimated population of 1.4 billion for late 2020:
    Age group Population
    0-17 344 million (SE: 8 million)
    18-44 622 million (SE: 18 million)
    45-59 321 million (SE: 9.5 million)
    60+ 125 million (SE: 4.7 million)
  4. On 26 April 2021, 142 million vaccine doses have gone out. Of these 119.6 million persons have got one dose, and 22.5 million have got both doses. However, of the 142 million doses, about 11.2 million doses have been to persons below age 40. In the eligible population of 45+, a little less than 5% have received both the doses, while a little less than 27% have received the first dose. There is considerable room to go, in completing the work of vaccinating persons above age 45.
  5. The union government was pushing out approximately 2.3 million doses in the eligible population per day. This translates to 5.1 doses per 1000 eligible persons per day. This reflects a combination of distribution capabilities, vaccine hesitancy and supply constraints.
  6. Opening up the vaccination to those above age 18 has meant that the magnitude of the eligible population has gone up from 446 million to 1.06 billion. If we subtract the already vaccinated, we end up with an eligible population of 926 million.
  7. The eligible population has roughly doubled. To preserve the erstwhile run rate per unit eligible population, the number of doses/day would need to roughly double. In late April, there were anecdotal reports of shortages, where eligible persons were turned away at vaccination centres. Looking forward, this may become a bigger problem with the expansion of eligibility.
  8. If all else is held intact, then, there will be a larger mismatch between demand and the ability of the union-government led system to push out doses. There are two pathways to not hold all else intact. On one hand, there is the need to shift from a union government led system to something that is a self-organising system, with energy from many persons. On the other hand, there is a need to rethink vaccination protocols. For example, if a person has antibodies, perhaps one dose suffices.

Thursday, April 22, 2021

Analysing Bambawale, et. al., 2021 ("Strategic patience and flexible policies: How India can rise to the China challenge")

by Shubhashis Gangopadhyay.

This is the text of my discussant comments at LEPC 4.1 today, which is a session organised around a talk by Gautam Bambawale presenting the recent paper Bambawale et. al. 2021.

The paper makes a strong and convincing argument for the need to create an ecosystem that fosters growth that is fast and sustainable. It focuses strongly on what needs to be done to ensure Indian citizens a desirable future. This future is envisioned as one where we are in control of our own destiny, China notwithstanding. I am in complete agreement with the need for India to grow economic muscle. I also agree that this will play a large part or, could even be necessary, to thwart China’s adventurism in our neighbourhood. But what I like most about the paper is that the authors’ emphasis is not on diplomacy, or on battle preparedness, or on economics but on the realization that they all need to play their respective parts for India to reach a common goal.

The paper is a “must read” for all. The paper sets the tone for how public discourses need to be carried out --- state the problem, clearly articulate the solution and, explain why the solution will work. A public discourse is not simply the voicing of opinions but also explaining the reasons behind them. Reading it will not only inform, but also improve, the public discourse on this topic. Respecting the spirit in which this paper has been prepared, I will try and add to the discourse initiated by the authors.

The paper makes an excellent argument for reforming the ecosystem within which economic transactions are planned and executed. To borrow a term from game theory, building up India’s economic muscle is seen as the “dominant strategy” against the challenges posed by China. There is, or can be, very little dispute about the need for India to grow economically.

While agreeing completely with the recommendation in the paper, I would like to modify somewhat the problem statement. For that, I will distinguish between a goal, or an objective, and the strategy to achieve that goal. A winning strategy is determined by the desired objective of the player and the possible responses by her opponent. In other words, a player’s strategy cannot be independent of what the other player is doing or, of the different circumstance in which the game is being played out.

India’s strategy is not an action it should undertake but an enumeration of the set of all contingent actions that India must take. Contingent on what? Contingent on the response that China will undertake for each of the actions we take. The choice of actions could also be contingent on changing circumstances for which China may not be directly responsible. E.g., if we criticize Myanmar’s military government, China may move in and make the Myanmar government hostile to us; on the other hand, if we do not criticize, we may face problems in the Quad.

A player’s strategy is derived, among other things, from the player’s own objective and the threats to that objective posed by the responses of the other players (or competitors) and, the changes brought about in the environment by nature (uncertainty). Simply put, the strategy is derived from the objective and never the objective itself.

There are two reasons why I want to distinguish between a goal and the strategy to attain that goal. First, as stated before, formulating the problem determines the answer we get. The way the paper currently reads, China is the problem and growing economic muscle is necessary to thwart China. And, it is this that makes me nervous. Why? Our policymaking has been mostly in response to a crisis and we slip back to status quo ante as soon as the crisis blows over. As an example, consider the trade liberalization measures undertaken in the post-1991 period (when we faced a foreign exchange crisis), and the roll-backs in more recent years when we are not facing any foreign exchange shortage. Trade liberalization was never seen by our policymakers as necessary for economic growth; it was always seen as a step towards easing the foreign exchange shortage of 1991. Hence, I am afraid that if we do not clearly state that growing economic muscle is an end in itself (and not simply to thwart China’s adventurism), we will go back to our old economically inefficient ways as soon as the China threat is neutralised.

The second reason is a bit more nuanced and depends essentially on what one means by strategy. As the paper points out, correctly, the game will be played over many years giving enough time both, for China to push back on what India is doing and for circumstances to change as global uncertainties are resolved. For example, if we develop manufacturing and/or services to export into Africa, I do not think that China will simply watch us do so and not push back in various ways to defeat India’s purpose. The correct definition of strategy will enable us to consider the following options (say) --- grow through the African market, focus on the Western market, or ASEAN or, diversify in such a way that China has to push back in every market at great harm to itself (push back is always costly to the one doing it). In other words, we must plan our economic growth in such a way that China cannot, or will not, be able to force us to give up our growth plan in the way we have envisaged. Our growth path must be such that in case they want to affect it, it will be costly to them but with minimal repercussions on us.

This approach immediately alerts us to a careful formulation of our goal, along with a deep understanding of what (a) China is trying to achieve and (b) the national interests of our potential partners. This latter is very important and I get a whiff of romanticism in the paper’s suggestion of forming partnership with those who believe in individual freedom, market resourcefulness and the rule of law. The biggest supporters of the free world routinely justified their inactions against apartheid and continue to be in denial while condoning the atrocities of various “friendly” dictatorial regimes! In other words, they are going to partner with India, against China, only if it is in their interest to do so --- not because they have great regard for India’s righteousness. They will support us only when there is an alignment of our interest with theirs. Some years ago when I complained to a high level US official about how their policies in India’s neighbourhood are adversely affecting us, he was quick to point out that he was paid by US taxpayers not to meet India’s aspirations.

It could be dangerous to misread China’s objective. It may appear as an approach relevant to a zero-sum game (very “mercantilist”), when the economic world is uniquely, and definitely, a positive-sum game. So, why is China doing what it is doing? The paper seems to suggest that this is largely an attempt to raise nationalistic fervour within China to distract people from its domestic problems (of a growth slow-down amid growing disparities). If this indeed is the reason then once China gets back on its erstwhile growth path, Chinese adventurism along India’s borders will diminish. Contrast this with the possibility that irritating Indian border forces is a longer term plan. Should our responses in both cases be the same? To play the game properly, we must be able to anticipate China’s game plan. This will only happen through careful and deep investigation of the ground realities in China along with the interplay among its political actors. Not understanding fully China’s objective is where we begin to lose the game! The paper does point out that there are more people studying India in China than Indians studying China. Given our definition of strategy, the importance of correctly reading China’s objective is crucial to determine India’s optimal strategy.

I want to highlight a specific difference between our two systems that differentiates the manner in which we achieve our respective goals. China could get its banks, companies, policymakers and all other groups in their society to do exactly what the central authorities wanted them to do. In India, that is not feasible. This does not put us at a disadvantage as long as we are aware of it and, hence, stop borrowing “best practices” from China or, for that matter, any other country. We are going to rely on the resourcefulness of our people, operating through innovations and investments by the private sector, facilitated through the appropriate institutions implementing market rules. Historically, this approach has been found to be a more sustainable path to economic growth. As the paper correctly points out, this is a huge advantage for India especially if we see the fault lines now opening up in the Chinese system.

India is not a unitary system but a federal one. Indeed, whatever “ease of doing business” policies the central government rolls out, the ultimate hurdles can be taken down by state governments only. Why would various sops to foreign businesses bring in FDI when our own companies, even when they are flush with investible resources, not investing in India? So the first job of this exercise is to move out of Delhi and get the state governments aligned with the nation’s interest and coordinate their strategies. In this context, I must say that I am extremely sceptical of following a SEZ policy in India simply because China did it successfully. Its implementation invariably leads to corruption and crony capitalism, which will lead to umpteen consequential issues which are difficult to handle in a vibrant federal democracy where the rule of law should reign supreme. What China could do with its centralized economic approach and business activities through state-owned enterprises is simply not doable in India.

Our goal of sustained high growth has to be attained in a way that suits the Indian context. Japan, China, South Korea and the Far East, all followed their own paths to reach where they are now. The differences in the paths they followed are more pronounced than the similarities. And that is what we need to understand --- scholarship without thought will simply not do.


Shubhashis Gangopadhyay is a researcher on India and economics.

Tuesday, April 20, 2021

An important change of course by policy in Indian Covid-19 vaccination

by Amrita Agarwal and Ajay Shah.

Strategy for Covid-19 and vaccination

A global race took place on building vaccines for Sars-Cov-2. By late 2020, it became clear that vaccine development was progressing rather well.

With the vaccines in sight, the standard economics knowledge about vaccination came into play. Each vaccinated person reduces the possibility of spread of the disease. While the individual who gets a vaccine is gaining protection, that individual is also imposing a positive externality upon the population. There is a market failure -- a positive externality -- as an individual would tend to under-spend on buying a vaccine. There is a case for state financing, to augment personal expenditure on personal protection, to tip more people over into vaccination. The end goal of vaccination is not to vaccinate everyone, but to change the disease dynamics by achieving herd immunity.

A debate took place in India in 2020 about two alternative pathways to roll out vaccines, on a significant scale.

On one hand was the vision of a centrally planned program, where the government would control everything, and the citizenry would obediently wait for their turn. This involved (a) Using the coercive power of the state to block any vaccination activities in India other than the union government, and (b) Organising a nationwide vaccination program at the union government. This was similar to the vaccination efforts prevalent in many other countries.

An alternative approach involved recognising that in India, state capacity is limited. A centrally planned effort was likely to work out poorly. It was better to harness all the energy available in the country to do more vaccination -- whether it was at a state government, city government, club, association, educational campus, private non-health firm, health care firms, etc. This involved (a) Not using the coercive power of the state to block any other energy in vaccination, alongside (b) Some work on vaccination by state organisations in order to address market failure. An example of this perspective is in an article from 30 November, and this talk, at an NCAER event on 29 December 2020. Shruti Rajagopalan, Mihir Sharma, Naushad Forbes were some of the thinkers who wrote on this.

In the event, decision makers in government chose the first path. There were difficulties [8 March, 5 April]. Using data for 19 April 2021, the New York Times tracker shows India at rank 62 in the world, with 1.2% of the population fully vaccinated, in roughly the league of Malaysia (rank 61) at 1.4% or Bangladesh (rank 64) at 1.0%.

At present, the union government is able to push out 3.5 million doses a day. Looking forward, the rate achieved (by the unreconstructed union government program) is likely to go down:

  1. It is likely that the process design used, in any centrally planned union government program, would work for one (hopefully modal) use case, but peter out once we reach out beyond this zone.
  2. The present vaccine production for the Indian market [SII, Bharat Biotech] is below the required 100 million doses a month.

By this reasoning, the present run rate, of 3.5 million doses a day, may not be sustainable. If we are to get to half the Indian people fully vaccinated in the coming four months, this requires about 10 million doses a day or 300 million doses a month. We need to get up to 10 million doses/day and we face difficulties in maintaining the present rate of 3.5 million doses/day.

An important change in course

On 19 April, the union government has announced an important change in course. The nature of state coercion will now change as follows:

  1. Indian vaccine makers are forced to sell half their output to the union government, at an unspecified price, the remaining half being available for sale to state governments and private persons in India (at a price that must be publicly disclosed),
  2. Private firms which perform vaccination services are forced to publicly announce the price at which these services are provided,
  3. All providers of vaccination services are forced to supply data to the union government's CoWin IT system, and
  4. Private persons and state governments are free to import vaccines.

This is important progress. The union government has stepped back from blocking every other energy in the country in vaccination. State governments, and private persons, will be able to buy/import vaccines and run vaccination programs. Vaccine makers remain in the grip of central planning in the new world, but it is a step forward when half of their output can be sold to state governments and private persons at market-based prices.

Implications

The 19 April decisions harness energy in thousands of organisations all across the country. Some state governments and many private organisations will now be able to embark on vaccination efforts. Each of them would tailor their process designs for local conditions and the practical problems as seen by them. The sum total of resourcing and energy that would go into vaccination, in India, would go up. This would improve the overall progress in conquering the pandemic.

The private sector will surprise us with innovation in business models, billing arrangements, etc. Perhaps some firms will find it easier to deliver the one-dose J&J vaccine in difficult locations. Perhaps telecom companies will call their vast subscriber base and sell vaccination services. Private firms know how to segment the users into a large number of categories, and devise strategies for each of them. This is what a union government, which solves for one use case, is ill suited for.

In the short run, it is hard for SII to drastically change its production. Import of vaccines holds the key. In the world market for vaccines, a buyer asks for a price quotation at a certain quantity. These prices are on the decline. Vaccine supply in India will go up through imports.

There are some concerns about the AZ vaccine with younger persons and particularly with young women. Availability of mRNA vaccines in India would help address the needs of these users.

If India were an AZ vaccine monoculture, there is greater vulnerability to a new strain that is able to breakthrough. The self-organising system will bring diverse vaccines to play into the Indian populace, and generate greater pandemic security.

The second wave will not be the last one. Existing vaccine makers will regularly make booster doses through which people will become safe against new variants. Covid-19 is only one among many infectious diseases which call for sustained large-scale adult vaccination programs. The work done this year, flowing from the 19 April decisions, will matter not just in conquering the second wave. Thousands of organisations in India need to view this as a sustained activity. As an example, it would make sense for every large employer to organise quarterly vaccination camps for their employees and their family members, through which an array of adult vaccines are regularly delivered.

Improvements required in the policy framework

The pathway to elicit better production by private firms does not lie in coercing them with quantity restrictions or dictating terms on issues such as price. Such coercion will bring out reduced output by Indian manufacturers. We learned, in the 1960s and 1970s, that it is impossible for a state organisation to go inside the firm, and discuss elements of the cost function with the firm. It is not the job of the state to be a financial service provider for a firm. There should be market-based engagement with vaccine producers, that is free of coercion, and couched in the language of prices, quantities and foreign competition.

Some vaccines are distinctly less efficacious and/or more dangerous than others. The union government can play a useful role by wielding its coercive power to limit the vaccines that are permitted for use in India to the class of vaccines which have achieved approval in an advanced economy such as the US, UK, Japan or Germany.

The use of coercive power by the union government, to harvest data through CoWin, raises concerns given the absence of legal protections against state access to the data. State surveillance is particularly harmful when it comes to health data, so enhanced state legibility will have unintended consequences. This program of capturing data will exacerbate vaccine hesitancy.

The decisions of 19 April are important and will get India up from 3.5 million doses a day. It is, however, likely that we will not get up to 10 million doses a day. It is useful to think about two distinct problems on the demand side:

The rich
If protecting a family of five costs Rs.5,000 to Rs.10,000, many individuals / employers will spend this much. While a positive externality influences the decision making, the decision will be correct as long as the personal gains from protection exceed the price of the vaccine.
The poor
Many poor families will balk at this magnitude of expenditure. This is where market failure bites, in generating the wrong decision because there is a gap between the gains to society as a whole vs. the gains for the individual. State governments and the union government need to step into this breach. Vaccine vouchers are the precise instrument through which this market failure can be addressed.

Conclusion

Central planning has worked well for Covid-19 vaccination in countries like the US and the UK. These countries intelligently used private sector energy [example] as opposed to many varieties of coercion. But central planning works poorly under conditions of low state capacity. It is better to harness the energy of the self-organising system.

The 19 April announcements make important progress in stepping back from a centrally planned system, in increasing freedom, and in harnessing the power of the self-organising system.

The role of the state lies in addressing market failure. There is a need to use the coercive power of the state to require that vaccines used in India must have achieved approval in an advanced country. Poor people will make better decisions when nudged towards vaccination through the tool of vouchers.

Thursday, April 15, 2021

An impending problem with wheat inventories of the government

by Ajay Shah.

Wheat stocks with the FCI had risen to 24 million tonnes in 2012-13. This was an imprudent level of inventory, either when compared with the requirement of buffer stock in the country, or when compared with the ability to store wheat in the public system. There was a concerted effort to bring down this inventory, and it was brought all the way down to 8 million MT in 2016-17.

We may now face a bit of a problem on this score. Under certain assumptions, there is a possibility that at the end of 2021-22, wheat stocks could be about 35 million MT.

Govt. opening stock Produc-tion Procure-ment PDS, Schemes outgo Open Market Sales Scheme (OMSS) Closing stock
2017-18 8.1 92.5 31 24 1.4 13.7
2018-19 13.7 92 36 24 8.1 17.5
2019-20 17.5 97.5 34 24 3.0 24.3
2020-21 24.7 98.5 39 34 1.5 27.3
2021-22 (Estimated) 27.3 98 39 24 7.0 35.3

The table above shows data for recent years, and an estimate for 2021-22. At the end of 2016-17, i.e. at the start of 2017-18, wheat stocks were at 8.1 million MT. From this point, inventories have come back up.

Procurement rose to 39 million MT in 2020-21. We assume that it will stay at the same level in 2021-22.

The use of wheat in the public system has been stable at about 23 or 24 million MT. The exception to this is 2020-21 where an additional 10 million MT were given out into the country through "PM Garib Kalyan Yojana", on account of the Covid-19 crisis.

Assuming that 7 million MT is sold through the OMSS, this yields a projection of closing stock, on 31/March/2022, of 35 million MT.

It is worth reiterating the assumptions under which we posit this scenario, for wheat inventory of 35 million MT on 31/March/2022: (a) Public procurement in 2021-22 will be the same as the previous year, i.e. 39 million MT, (b) 24 million MT will be used by PDS and other schemes and (c) Government will sell 7 million MT to the private sector through OMSS.

Holding 35 million MT of inventory presents certain difficulties. It represents an unreasonable scale of holding a buffer stock, when compared with the requirements associated with fluctuations of wheat production. As the data in the column shows, the fluctuations of wheat production are about a few million MT; e.g. a buffer stock of 5 million MT to 8 million MT would suffice. In addition, 35 million MT is likely to exceed the mechanisms available in the public system to safely store wheat. When low quality storage mechanisms are employed, the exchequer loses money owing to depreciation.

This problem was incipient in 2020-21 also, and was averted because an additional 10 million MT was pushed out into schemes, on account of Covid-19.

What can the government do in order to fare better? There are four useful pathways:

  1. If wheat procurement is reduced, then the problem will be diminished. As an example, if the government goes back to the 2019-20 level of buying 34 million MT, this would get the projected closing stock down from 35 million MT to 30 million MT.

  2. Selling more wheat through OMSS would help. At its peak, 8.2 million MT was sold thorugh OMSS in 2018-19.

  3. The macroeconomic distress associated with Covid-19 has not entirely subsided. Hence, there is a case for repeating something like the PMGKY grain subsidy, to help improve access to food for poor people.

  4. Improvements in storage, such as going beyond CWC to private warehouses, will reduce the extent to which stored wheat depreciates.

There is a need for policy makers on food to recognise these impending problems and initiate steps through some linear combination of these four actions. On a similar subject, also see an article by Siraj Hussain and Jugal Mohapatra.

Wednesday, April 14, 2021

Online dispute resolution in India: Looking beyond the window of opportunity

by Rashika Narain and Smriti Parsheera.

Online dispute resolution (ODR) refers to the use of electronic communications and other information and communication technology for dispute resolution (UNCITRAL, 2016). Its objective being to bring the gains of efficiency, reach, cost-effectiveness, and convenience that technology has brought to so many sectors into the domains of redress, resolution and justice delivery. Some of the use cases of ODR include internal dispute management systems of businesses, electronic forms of alternative dispute resolution (often referred to as e-ADR), and operation of online courts.

India has seen a spate of recent developments in this space. There has been a rise in the number of ODR startups and businesses that are willing to experiment with ODR as an alternative to the traditional forms of dispute resolution. On the institutional side, COVID-19 induced pressures forced courts and Lok Adalats to switch to an online mode, the Reserve Bank of India directed payment systems operators to adopt ODR for failed payment disputes and the NITI Aayog put out a draft ODR Policy Plan.

Collectively, these developments signal the intersection of the problem, policy and politics streams to create a window of opportunity (Kingdon, 2013) for ODR in India. However, alongside the many benefits and opportunities of ODR lie a few areas of caution. First, the push toward ODR should account for the country's narrowing yet persistent digital divide. ODR solutions must, therefore, be designed in a manner that avoids extending digital exclusions into the domains of justice delivery and redress. Second, the immediate focus needs to be on building trust in the ODR sector though an emphasis on competence, accountability, equity, and transparency. These priorities should emerge from within the ODR ecosystem rather than being imposed through external forces. Lastly, the ecosystem should remain wary of any kind of central planning, particularly in terms of technical design. While controlled technical standardisation may seem attractive for initial adoption, it could result in the locking in of specific technologies and standards in the long run.

In this article we describe the meaning and evolution of ODR, explain the state of adoption in India, and introduce the Handbook on Online Dispute Resolution (ODR Handbook, 2021) created by a group of nine institutions that was recently launched by Justice D.Y. Chandrachud at a virtual event. The Handbook serves as an invitation to businesses to adopt and mainstream ODR solutions in India. While sharing the optimism generated by recent advancements in this space, we emphasise certain areas of caution and desirable practices for ODR to succeed beyond the current window of opportunity.

What is ODR?

ODR refers to the use of technology for enabling more accessible and efficient dispute resolution. Its genesis is often traced to the growth of Internet-based businesses and the resulting search for mechanisms to deal with online disputes and their accompanying jurisdictional uncertainties (Katsh, 2012). eBay and its payments arm PayPal are recognised to be among the early adopters of tech-enabled solutions for resolving cases arising on their platform (Rule, 2008). Similar tech-mediated systems for grievance redress are now commonplace across online businesses. Examples include the order returns management policies of e-commerce companies, feedback mechanisms of ride hailing companies and content reporting systems of social media firms. Beyond grievance management, e-ADR processes like mediation and arbitration are another popular use case.

The factors responsible for the growth of ODR include its efficiency, reach, cost-effectiveness, and the ability to improve business intelligence through data about dispute management. The possibility of asynchronous communication in many ODR models, which allows parties to respond at their own convenience, is another significant draw. Globally, ODR's reach has expanded to a range of sectors, such as property matters, family settlements, domain name disputes and financial matters (Kinhal et al, 2020). Further, tech solutions have also permeated into different layers of the dispute management process. For instance, negotiation tools like Cybersettle guide parties in making financial settlement bids and communication tools like Our Family Wizard are being used by courts to monitor parental custody settlements.

There are also many cases of institutional adoption of ODR in the public justice delivery system. Notable examples include Canada's British Columbia Civil Resolution Tribunal that uses ODR to handle condominium property claims, small claims, and motor vehicle injury cases, Hong Kong's ODR scheme for COVID-19 related cases, Mexico's Concilianet platform for consumer dispute resolution, and various small value claims courts in the United States (NITI Aayog, 2020).

State of play in India

The ODR industry in India has seen significant movement in the last few years although it still remains in the early stages of development. As per the ODR Handbook, the number of ODR start-ups has grown from 3 in 2018 to 13 by mid 2020. This includes operators like Presolv360, Centre for Online Resolution of Disputes (CORD) and SAMA that are directly involved in delivering online arbitration and mediation services as well as platforms like CREK ODR and Resolve Disputes Online that specialise in offering technology solutions to others.

A pilot project initiated by ICICI Bank in collaboration with SAMA presents one of the early examples of ODR adoption in India. As per the ODR Handbook, this mechanism was used for the resolution of 200 loan repayment related disputes before the introduction of the COVID-19 related loan moratorium. This reportedly led to significant cost and time savings for the bank -- its resolution effort went down from six person-days per case to only half a day (ODR Handbook, p. 61). In another example, SAMA recently organised an e-conciliation camp, called Suljhav Manch, which saw participation from companies like Udaan, Snapdeal and ICICI Housing Finance. An aggregate of over 8,000 loan and customer disputes were recorded for online resolution, of which 1,860 disputes have already been settled.

The COVID-19 situation has also created an impetus for institutional adoption through online filings, electronic court hearings and organisation of e-Lok Adalats in several states (Nair, 2020). Further, in line with RBI's directions for adoption of ODR by payment operators, the National Payments Corporation of India (NPCI) recently went live with its online resolution system for BHIM UPI app users. Others in the payment space are expected to shortly follow suit. The Income Tax Department has also introduced a Faceless Assessment Scheme that is meant to offer greater convenience and transparency in the assessment process.

In another interesting development, last year, the Supreme Court declared that the sole appointment of an arbitrator by a party interested in the dispute would be unlawful, even if previously agreed by the parties (Mehta et al, 2020). This may shift the standard practice of consumer facing companies appointing arbitrators en masse for low value, high volume disputes in favour of the incorporation of ODR clauses in commercial agreements.

Some areas of caution

While the developments above are cited as victories for ODR, the long term trajectory of tech-enabled dispute resolution will depend on a number of factors. First, there is the reality of India's digital divide, which spans across issues of connectivity, device ownership, digital literacy and skills, and social norms. A combination of these factors ends up generating varying levels of digital adoption across demographic groups. While sectors such as digital payments and e-commerce, which cater to an already digital population, are more conducive for ODR adoption, a broader policy push towards mandatory ODR could end up disenfranchising several sections of the population. For instance, the Tax Department's faceless assessment scheme has drawn criticism for the lack of opportunity for individuals to explain their case in person and limitations in technical skills and infrastructural facilities required to comply with the online processes (Chatterji, 2020).

Possible ways to minimise the harms of digital exclusion include keeping ODR adoption voluntary in most circumstances, investing in training and capacity building of intended users, and allowing them to opt for a combination of online and offline interactions. The emergence of a hybrid model where an intermediary can step in to facilitate the engagement between the parities and the technological requirements of the ODR system is another interesting solution. This is illustrated in the work being done by the Aajeevika Bureau to help migrant workers claim unpaid compensation from employers using an ODR process (ODR Handbook, p. 71-72).

Second, there is also the question of how to build trust in the ODR ecosystem in order to facilitate its adoption by businesses and individuals. There are some who argue that a certain level of government intervention and control is a necessary part of trust building (Schluz, 2004) while others have discussed interventions such as increasing knowledge about the process, certification of neutrals, and the existence of a code of ethics as mechanisms to bolster trust (Abedi et al, 2019). This points to the need for a discussion on the role of voluntary codes of conduct in building trust in ODR systems. We discuss this in the next section.

The third area of caution would be to avoid the creation of monolithic technical architectures in the ODR space. All too often in India, there is a temptation to create a state-mandated monopoly in a field, with government controlled technological standards (e.g. the Unified Payments Interface (UPI)) and a government controlled monopoly vendor (e.g. the NPCI). The NITI Aayog's draft report suggests a similar path for the ODR sector. It makes a case for the government's role in developing a 'scalable platform using technology' that will allow for the development of private sector services relying on government-led free and open source software (NITI Aayog, 2020, p. 96-97).

This is a less efficient path for several reasons. Government-mandated engineering designs tend to stagnate over time, and fall out of touch with the requirements of the people and of the technological possibilities. India is highly heterogeneous, and even if an efficient state-run planning process is able to emerge with a sound design for a modal use case, that may only cover a small fraction of the situations in the field. Further, despite being labeled as 'open', such solutions are often designed in a closed environment, with consultations being used as a tool for information dissemination rather than technical collaboration.

Providers and adopters of ODR have the incentives to understand opportunities, customer needs, and figure out innovative solutions. It would, therefore, be more efficient to allow a diverse set of actors to develop technology, protocols and standards in this space. Notably, ODR initiatives would also be bound by existing legal frameworks, such as the rights to data access and portability proposed under the draft Personal Data Protection Bill, 2019 and the safeguards available under competition law. Accordingly, government-backed technical standards are neither the only, nor the most efficient, path to achieving data access, portability, interoperability, and empowerment in this field.

A voluntary code for the ODR ecosystem

While resisting the push for government-backed standards and protocols, we recognise that a sound governance framework could be one of the ways to engender trust in the ODR ecosystem. There are several examples of non-binding ODR principles that have emerged globally. For instance, the International Council for Online Dispute Resolution (ICODR) is a US-based non profit that has put out a set of open standards on ODR. This includes requirements that the ODR programs must be accessible, accountable, competent, confidential, equal, neutral and impartial, legal, secure and transparent. Similar standards and guidelines have also been put out by other institutions such as the UNCITRAL's Technical Notes on ODR and the National Center for Technology and Dispute Resolution's Ethical Principles for ODR. The overlap in the principles outlined in these documents indicates a convergence of ideas on the basic requirements of a well functioning ODR system. Many ODR providers in India have also voluntarily adopted different international standards.

Given the current stage of development of India's ODR system, having mandatory standards or strict legal requirements could impede innovation and create entry barriers (ODR Handbook, p.51). However, this does not preclude the adoption of voluntary codes of conduct that are developed and operationalised by ODR players themselves. This could be done by having a basic set of good practices (see table below for the principles suggested in the ODR Handbook) that may be agreed to among the service providers in an open, inclusive and collaborative manner. Further, voluntary mechanisms such as peer review, ratings and accreditations can be used to verify the extent to which each platform is complying with these principles.


Principle Description
Accessibility Ensuring ODR platforms can be used across devices and by different demographic groups, accounting for the diversity of Indian languages and the ability to engage with technology.
Competence and neutrality Neutrals should possess substantive knowledge and understanding of processes and must be free of conflicts of interest.
Accountability and fairness Adherence to due process standards. Remain mindful of the possibility of unequal bargaining powers between parties.
Information and transparency Proactive disclosure of conflict of interest, risks, and benefits to enable informed consent. Anonymised data on ODR trends and statistics can help in building trust.
Confidentiality and robust data security Adherence to data protection norms, including safe storage and established protocols to deal with breaches, cyber attacks, and disasters.

Besides such voluntary adoption, providers of e-ADR are also bound by the existing laws and principles applicable to ADR processes. However, in many cases, these principles might need to be reframed to account for the impact of technology on ADR processes and the responsibility of ODR platforms and third parties neutrals conducing the mediation or arbitration processes (Rainey, 2014). For instance, use of the online medium might impose additional requirements of how confidentiality in mediation needs to be enforced in practice. This is because the mediator's ability to ensure confidentiality in ODR depends both on their own conduct as well as the design of the ODR platform. The ODR principle for confidentiality must, therefore, account for appropriate technical standards to ensure that the information transmitted on the platform remains confidential and secure. The practitioner also bears the responsibility to convey the risks of online communications to the parties (Rainey, 2014).

Conclusion

Developments in the past year or two have opened a window of opportunity for the adoption of ODR systems in India. As policymakers and private actors start warming up to the benefits of tech-enabled dispute resolution, the immediate goal should be to demonstrate capacity and build trust in ODR systems. This includes the realisation that not all sectors and user groups are equally equipped to immediately transition to ODR. Any kind of mandatory adoption should, therefore, be carefully considered so as to avoid extending digital exclusions into the domains of justice delivery and redress. An emphasis on hybrid models of ODR, both in terms of the choice between offline and online interactions and emergence of intermediaries who can help users in bridging the technological gap, would be useful.

Creating digital trust requires a framework that incorporates accountability, equity, ethics and auditability in its functioning. Thus, another priority at this stage should be to pursue the adoption of a voluntary code of conduct that is conducive to building trust in the ecosystem. Such a code of conduct should emerge, and be implemented, from within the ODR ecosystem rather than being enforced through State coercion. In addition to concerns of stifling innovation through over-regulation, it is also important to avoid excessive central planning in the technical design of ODR systems. This could result in the locking in of specific technologies and standards, hampering the long term prospects of the ODR sector.

References

Chatterji, 2020: B.M. Chatterji, Faceless Assessment: Concerns & Recommendations for Seamless Digital Integration, Tax Guru, 28 November 2020.

Katsh, 2012: Ethan Katsh, ODR: A Look at History, Online Dispute Resolution: Theory and Practice, Mohamed Abdel Wahab, Ethan Katsh & Daniel Rainey (Eds.), Eleven International Publishing, 2012.

Kelkar & Shah, 2019: Vijay Kelkar and Ajay Shah, In service of the republic: The art and science of economic policy, Penguin Allen Lane, 2019.

Kingdon, 2013: John W. Kingdon, Agendas, Alternatives and Public Policies. 2nd ed., Pearson, 2013.

Kinhal et al, 2020: Deepika Kinhal, Tarika Jain, Vaidehi Misra & Aditya Ranjan, ODR: The Future of Dispute Resolution in India, Vidhi Cenre for Legal Policy, July 2020.

Lederer, 2018: Nadine Lederer, The UNCITRAL Technical Notes on Online Dispute Resolution - Paper Tiger or Game Changer?, Kluwer Arbitration Blog, January 2018.

Mehta et al, 2020: Ankoosh Mehta, Maitrayi Jain & Anushka Shah, SC refuses unilateral appointment of single arbitrator, Indian Corporate Law, A Cyril Amarchand Mangaldas Blog, May 2020.

Nair, 2020: Ria Nair, E-Lok Adalats In India, August, 2020.

NITI Aayog, 2020: The NITI Aayog Expert Committee on ODR, Designing the Future of Dispute Resolution: The ODR Policy Plan for India, October, 2020.

ODR Handbook, 2021: NITI Aayog, Agami, Omidyar Network India, Ashoka, ICICI Bank, Trilegal, Dalberg, Dvara Research, NIPFP and Cracker & Rush, Online Dispute Resolution: Shifting from Disputes to Resolutions, April, 2021.

Rainey, 2014: Daniel Rainey, Third-Party Ethics in the Age of the Fourth Party, 2014.

Rule, 2008: Colin Rule, Making Peace on eBay: Resolving Disputes in the World's Largest Marketplace, ACResolution Magazine, Fall 2008.

Schluz 2004: Thomas Schulz, Does Online Dispute Resolution Need Governmental Intervention - The Case for Architectures of Control and Trust, 6 N.C.J.L. & Tech. 71 (2004).

UNCITRAL, 2016: UNCITRAL Technical Notes on Online Dispute Resolution, 2016.


Rashika Narain is lawyer and mediator associated with SAMA and the Centre for Mediation and Arbitration, Mumbai. Smriti Parsheera is a Fellow with the CyberBRICS Project and was previously a researcher with the National Institute of Public Finance & Policy (NIPFP). NIPFP was one of the contributors to the ODR Handbook. The authors would like to thank Vimal Balasubramaniam, Keerthana Medarametla, Renuka Sane and Ajay Shah for valuable inputs.