From Code to Governance: Why the FOSS Community Must Engage More with Public Policy

This is an extended version of an article titled “Bridging Tech and Policy: Insights on Privacy and AI from IndiaFOSS 2024”, published in Tech Policy Press.

The IndiaFOSS 2024 conference brought together a diverse mix of developers, policymakers, and advocates, creating an engaging forum to explore the future of Free and Open Source Software (FOSS) amid a rapidly changing technological landscape. With the rise of artificial intelligence and new regulations like the EU AI Act and Digital Personal Data Protection Act (DPDPA), conversations about the critical policy and ethical issues they present are at the forefront. In this context, FOSS emerges as a powerful alternative to proprietary software as it allows for greater transparency, security, increased collaboration, and long-term sustainability.

As a speaker at IndiaFOSS 2024, I explored some of these dynamics by discussing the implications of biometric technologies in public service delivery and law enforcement on human rights. The conference also emphasised the vital intersection of FOSS and public policy for dismantling monopolies on innovation and fostering an inclusive future. This article will focus on four themes discussed at the conference and what they mean for the tech policy ecosystem: software patents, reclaiming control over our communication channels through FOSS, privacy, and open-source AI. It will also highlight critical gaps in the enforcement of FOSS adoption in government services resulting in the misuse of public funds by implementing more expensive and less sustainable proprietary software solutions.

Software patents

As per Section 3(k) of the Indian Patents Act, “mathematics, business methods, computer programmes per se and algorithms” are not patentable subject matter and yet, software patents continue to be granted in India and across the world. If we were to overlook the fundamental counterintuitiveness of patenting software, which is essentially applied math and logic, these patents are also opposed to FOSS principles. Patents create barriers to innovation by granting exclusive rights to ideas built on existing knowledge, stifling the open exchange of information that FOSS promotes. Venkatesh Hariharan, an India Representative at the Open Invention Network, spoke about how this exclusivity can lead to a fragmented ecosystem, where developers fear legal repercussions for using patented technologies. Additionally, software patents disproportionately benefit large corporations, particularly foreign companies, by monopolising the industry and marginalising smaller developers and startups. By prioritising proprietary interests over community-driven innovation, software patents undermine the ethos of FOSS, which seeks to empower users and foster a more inclusive technological landscape.

Session link: Measuring the value of FOSS for India | Venkatesh Hariharan

Rohini Lakshané, a technologist and interdisciplinary researcher, spoke about Standard Essential Patents (SEPs) specifically and tensions between SEPs and FOSS. SEPs are patents essential to meet standards that conflict with FOSS primarily over interoperability and licensing terms. For example, there are more than 60,000 patent families declared essential to 5G, as of September 2024. SEPs are designed to ensure products that are compliant with specific standards can work together. However, the licensing requirements often imposed by SEP holders can hinder the integration of FOSS with proprietary systems. This limitation can lead to fragmentation within the software ecosystem, as FOSS projects struggle to maintain compatibility while adhering to exclusive licensing agreements.

Additionally, while SEPs are generally licensed under Fair, Reasonable, and Non-Discriminatory (FRAND) terms (which are contentious and subjective), these terms can contradict FOSS's ethos of open, royalty-free access and redistribution. To illustrate the extent of costs incurred due to penalties in cases of SEP infringement, in April 2024, the Delhi High Court granted USD 29 million in damages in favour of Ericsson in the case of Lava International Limited v Telefonaktiebolaget LM Ericsson. This is the largest ever penalty awarded in an SEP infringement case.

Another significant challenge lies in the issues of patent assertion and the lack of transparency surrounding SEPs. Determining which patents are truly essential to a standard can be complex, as SEP holders may have incentives to over-declare their patents as essential, complicating the patent landscape for FOSS projects. This ambiguity, combined with inadequate transparency about ownership and licensing conditions, creates barriers for FOSS developers who need to navigate these patents. Ultimately, the tension between the exclusive nature of SEPs and the open philosophy of FOSS raises questions about innovation, access, and collaboration in the technology sector.

Session link: The tensions between Standard Essential Patents and FOSS | Rohini Lakshane

Privacy

One of India's key tech policy challenges is the establishment of effective privacy regulations. Since the enactment of the Digital Personal Data Protection Act (DPDPA) in August 2023, the ecosystem has been awaiting the rules for implementation, which, as of September 2024, are yet to be released. This delay means that India still lacks any privacy protections. The rapid advancement of AI exacerbates privacy concerns, particularly issues like data scraping. Notably, clause 3(c)(ii) of the DPDPA excludes all publicly available data from its scope, inadvertently fostering unchecked data scraping practices.

Discussions at the conference also highlighted questions surrounding the implications of the expanding biometric surveillance ecosystem, particularly considering the increase in welfare algorithms that use “AI” to determine the eligibility of an individual for certain welfare schemes (and often get wrong). Such systems are poorly governed and often also lack adequate regulatory safeguards and grievance redressal mechanisms, resulting in a cycle of human rights violations. Furthermore, these algorithms contribute to exclusionary access to public services, exacerbating systemic discrimination and infringing on privacy rights. They also undermine the right to dissent, increase the risk of false incrimination through “predictive policing,” and promote widespread surveillance, all while lacking the transparency necessary for individuals to seek justice.

While open-sourcing digital public infrastructure (DPI) can enhance transparency, accountability, and privacy, the use of AI in DPI for public services and law enforcement - whether open or proprietary - is antithetical to human rights and must be curtailed.

Session link: Big Brother vs. Human Rights: Exploring Incompatibilities with Biometric Technology | Anwesha Sen

Open-sourcing AI

AI consists of three key components: data or data information (e.g., sufficiently detailed information about the data used to train the system), code, and model weights and parameters. However, this widely adopted classification completely overlooks the crucial role of hardware in AI. Infrastructure, compute, and GPU are critical to developing AI and are also resource-intensive components largely owned and controlled by Big Tech. When discussing open source AI, focus must also be brought to the role of open hardware in equitable development of AI.

Going back to the widely adopted classification of AI, open-sourcing refers to granting the four freedoms of FOSS - use, modify, inspect, and sell - to all three elements of AI. While code can often be shared freely, the open sharing of datasets, and even model weights and parameters, presents a more complex challenge. Key questions were discussed at a panel discussion on the same topic, such as which types of datasets can be shared without infringing on individual privacy, what copyright and intellectual property considerations must be taken into account, and how much openness is apt to foster innovation while protecting privacy. The ecosystem continues to navigate these challenges as it seeks to balance transparency and creativity with the protection of individual privacy and community rights.

Advocating for open-source AI initiatives allows policymakers to create an environment where AI frameworks, algorithms, and tools are accessible to all. This promotes collaboration among diverse stakeholders—from researchers to startups—leading to innovative solutions that meet a broader range of societal needs. A transparent approach to AI development aligns with democratic values, enabling citizens to better understand and influence the technologies affecting their lives. However, this push for openness must be coupled with strong protections for privacy and intellectual property. Policymakers should engage with these initiatives to establish robust frameworks that address risks related to open training data, ensuring ethical considerations remain central to AI development.

Session link: Open Source & AI: Understanding the Urgency of Data Activation

FOSS for taking back control of our communication systems

Global communication systems are predominantly managed and governed by major technology corporations, often referred to as Big Tech. These organisations exert significant influence over how information flows across the world, yet they lack a nuanced understanding of the socio-political dynamics in the Global South. Pratik Sinha, co-founder at Alt News, spoke about how this gap in understanding can have severe consequences, particularly on issues such as misinformation, hate speech, and the spread of harmful content.

For instance, the algorithms and content moderation practices employed by these companies are not adequately attuned to the cultural and contextual sensitivities of diverse regions, which leads to the amplification of divisive narratives and marginalization of local voices. Furthermore, their failure to address the unique challenges faced in these areas can contribute to real-world harm, including violence and societal unrest. The lack of accountability from these tech giants is particularly concerning, as their insufficient content moderation has historically facilitated, and continues to fuel, large-scale violence and even genocides.

This underscores the urgent need for alternative communication frameworks that prioritise transparency and accountability. The FOSS community is uniquely positioned to address these challenges by collaboratively developing communication systems tailored to the specific needs of various regions. Pratik suggested that by leveraging open-source principles, the FOSS community can create platforms (such as Mastodon) that empower users, enhance local governance, and nurture a culture of shared responsibility in content moderation. In doing so, they can provide viable alternatives to Big Tech, ensuring that communication systems serve the diverse needs of communities rather than being controlled by a handful of corporations with a limited understanding of local complexities.

Disconnect between public policy and FOSS

Moving on to public policy concerning FOSS, failures exist primarily on 3 levels - the lack of enforcement of laws, the disconnect between the broader FOSS community and policymakers, and a lack of general understanding of the benefits of FOSS. In 2015, the Ministry of Electronics and Information Technology (MeitY) announced the “Policy on Adoption of Open Source Software for Government of India” that mandated all software applications and services of the government to be built using open source software. This is the fundamental policy concerning the adoption of OSS within government services. However, even as recently as 2024, the National Highways Authority of India (NHAI) floated a tender to procure proprietary Microsoft products, including Microsoft’s SQL server, for which many OSS alternatives exist.

The Government of India also recently announced plans to allocate over ₹2,500 Crore for implementing ERP systems in Primary Agricultural Credit Societies (PACs). However, this project could have been executed for just 10% of the cost by adopting an open-source solution like ERPNext, as noted by Rushabh Mehta, the Founder and CEO of ERPNext. The current reliance on proprietary software, which is both more expensive and less sustainable, is funded by taxpayer money. As such, government agencies must be held accountable for these costly decisions. To prevent such inefficiencies, it is essential that failures to align with the OSS policy be carefully scrutinized and rectified through ongoing collaboration between the FOSS community and policymakers.

Proper implementation of the OSS policy also promotes the overall culture of adopting proprietary software among private entities, as they often follow government practices and procurement decisions. This encourages businesses to adopt open standards and contribute to the growth of the open-source ecosystem, creating a more competitive and innovative environment. FOSS adoption requires norm-setting, where transparency, collaboration, and long-term sustainability are valued over short-term proprietary solutions. This can foster a more inclusive digital economy that empowers local developers and reduces dependence on proprietary software providers.