[Request for Comments] FOSS United Public Policy Roadmap for FY 24-25

Will give a longer reply (have to go out), but my point is not that the DNA should be constant, if we really want to do this, authenticity is necessary. It just feels inauthentic when most people don’t care about policy or the issues that are being talked about. Maybe we need to have vigourous debates on big issues like privacy vs DPG head on.

This just sounds like platitudes. Build a powerful voice, yes, but for what?

I don’t think we have articulated the principles clearly as well. They are not clear to me either. If we create a framework, then more people can contribute and participate.

I think we need to take a long-term institution building perspective and not an immediate, “here-and-now” perspective on public policy. Given the huge role that government plays, we can ignore it at our own peril. For example, if the government comes up with rules that make it hard for FOSS developers, how do we respond to it without having a policy initiative?

On software patents, this is an issue that affects the four freedoms of FOSS. Therefore, FSF, Stallman, OSI and every other FOSS organization in the world are staunchly opposed to it. If we lose the software patents battle, our freedom to use and share are in peril. Should we wait until we have community, support or should we proactively address address this clear and present danger? Let’s assume that we meet with Stallman and he asks us what we are doing on the software patents issue, what would our answer be?

Again, taking the long-term view, if we think community participation in policy is essential, we have to invest in it. This is one of the areas that requires a long-term approach. From an institution building perspective, every organization has to address current demand as well as long term issues and the two are not contradictory.

This is a good example of the kind of long term work that is required. We cannot (and should not) start digging a well when we feel thirsty.

We need to look at this from the policy makers perspective. When someone approaches a policy maker with a representation, the first question they ask is, “What is this person’s locus standi?” “Is he/she an affected party?” “What is their credibility in this matter?” The fact that we approach policy makers on behalf of the FOSS community, we articulate how FOSS is critical for India and how software patents impact the four freedoms, gives great legitimacy to our point of view with policy makers. The fact that we have a growing and thriving community gives greater credibility to our arguments. If we set up a new organization that does only FOSS Policy, we will have to start again from scratch, our locus standi might be suspect in the eyes of policy makers and we will have to deal with the cumbersome work that comes with setting up another non-profit.

If the FOSS community had an ambivalent stance on software patents, I could have agreed with you here. My view is that is is an issue that is core to FOSS, and not a “nice-to-do,” optional issue that we can address.

Again, from a long-term institution building perspective, we have to be crystal clear as to what we stand for. Are we a FOSS organization or are we a privacy organization? I have been involved in privacy discussions for almost a decade https://www.youtube.com/watch?v=2j9EgcoJZGg and I can say from first hand experience that there are a multitude of organizations addressing this issue. On the other hand, how many organizations are out there representing the FOSS community to policy makers? Just one, at the moment. Secondly, there is the issue of resourcing. If we want to successfully push our point of view in FOSS/Privacy, we have to be well resourced. Currently, we are not even well resourced for FOSS advocacy, but we have to start somewhere because institutions get built up over time. To try and deal with multiple, complex issues at a time when we are not well resourced is a recipe for failure.

Any policy maker who takes a look at www.endsoftwarepatents.in/quotes will agree that we have built a powerful coalition in support of our stance against software patents. The NLS study will also add to this over time.

Let us also look at the counterfactual situation. FOSS United does nothing on software patents. 10 years down the line, there are hundreds of thousands of software patents on every conceivable programming technique imaginable. You want to do AI? Negotiate with the patent owners. You want to do e-commerce? Ditto. The code is freely available under open source licenses but to build any program, you have to pay royalties to the patent owners. At that point in time when someone asks, what was FOSS United doing about software patents, what do we say?

If we meet Stallman, he’s most likely going to say “What the hell are you doing about Aadhaar and DPG”

By what framework does intellectual property become more important than violation of our freedom of expression and privacy rights? You are just side stepping the elephant in room.

But we have resources to push against IP rights? The question is what is our priority - that is my entire point - Somehow I am not just able to communicate it.

Yes, we all want patents to end, but this seems just like a safe issue because we can’t really comment on the issues that present a “clear and present” danger, can we? Maybe I need to be more blunt to put my point across. Zerodha is the poster child of Aadhaar and eKYC. FOSS United and Frappe are both supported by Zerodha funds (to varying degrees). In fact the lion’s share of FOSS United funds come from Zerodha. Can @knadh take a stand against Aadhaar. He can’t. Neither can you @Venkatesh_Hariharan - you have been a big supporter of IndiaStack and part of iSpirt. (do I need to share references?)

Here is the elephant in the room. We are compromised. We can’t really have an independent stand on many very important issues of the day, unless. unless. unless, there is a membership and voting mechanism. Yes we can take a position on software patents, but that would not accurately represent the community.

Anything that does not address this just sounds like hypocrisy to me. We just become a platform to whitewash DPG by not talking about it. I hope my point is clear. I am open to any other mechanisms, but don’t give me platitudes about institution building, that is a very moot point.

As a FOSS organization, our policy priority should be to push back against software patents, and to create a favorable policy environment for FOSS, and that is what we are engaged in.

I would also like to remind you that I did submit FOSS United’s policy position on the Digital Personal Data Protection Bill. and that reflects my own views as well. Kindly read that. It may be a short document but it took a lot of time to put that together, and my realization was that it took time away from the software patents work. In the field of privacy, there are hundreds of organizations involved. Just look at the comments submitted to the Srikrishna Committee’s draft. However, how many organizations are out there advocating for FOSS? Isn’t that something we should be focused on?

On Digital Public Infrastructure (DPI), yes, I am a supporter because I think all of us need efficient governments. However does that equate to supporting surveillance as you postulate? I think you are postulating a false dichotomy. Rather than take an “All DPIs are bad,” stance, I prefer to take a more nuanced approach that balances efficiency with oversight and the checks and balances of democratic institutions. For example, when Aarogya Setu was released during the Covid Pandemic, I wrote the following in an op-ed in Indian Express:

"Where the collection of data through such apps is done by the state, the state must recognize that it is not the owner of the collected data, but merely the custodian of data. It holds the data in custody, on behalf of its citizens. Secondly, as compared to the private sector, the state has a much higher responsibility for safeguarding data, because its control of the police, tax authorities and other instruments gives it great coercive power. The threats of state misuse of data are therefore much higher than its misuse by the private sector. The only way to mitigate this is by putting privacy and good data governance practices at the center of such data collection, and by instituting checks and balances on state power.

“Wherever data is collected by the state, it must be the minimum required to get the job done. For example, self-testing apps should not collect personally identifiable information, except essential information like age (higher age groups have higher risk, and therefore this is essential), gender etc. This data should be deleted after the crisis is over.”

To repeat, I prefer to take a nuanced approach on these issues, and not an absolutist approach. If that equates to “compromised” in your mind, I am not going to try and change your opinion.

On institution building, I have said again and again that what we are building at FOSS United is really precious. I have been in the FOSS community since 1999, and the big mistake that we made in the past was that we did not focus on building a FOSS institution. Most of us were happy organizing FOSS meetups and dispersing. Different FOSS groups used to talk to each other rarely. Our policy advocacy was unfocused and sporadic. With FOSS United, we now have an organization that is spreading the gospel of FOSS to places like Sholapur that have never seen a FOSS meetup, we are supporting many FOSS organizations around the country. By trying to be all things to all people, we can very quickly lose all of that. In other words, I don’t agree that institution building is a “moot point.” On membership, I have replied on a previous thread and don’t have anything more to add.

Whew, that’s such a weird take.

What have state services like Aadhaar or eKYC got to do with FOSS/FOSS devs or tinkering/hacking? Why not the adverse effects of climate change then? One of the biggest issues threatening everything out there.

Openwashing is a FOSS-related issue and the letters that we’ve attempted to send (like the NPCI one) were hoped at addressing them specifically. Directly related.

DPG is a vague and overused buzzword umbrella term like AI/web3/big data. If stuff gets openwashed, it may make sense for FOSS United to address that.

Apart from the FOSS angle, FOSS United “calling out” specific state services like eKYC or Aadhaar or the centralised systems like the income tax portal or the vehicle database or IRCTC or N number of other things that central and state governments, I don’t know how that falls in the purview of FOSS. Rights, privacy, surveillance etc., are a different ballgame altogether and I don’t see how all of them fit directly into FOSS United. There are orgs out there with people who understand those issues deeply involved doing good work. What’s that got to do with FOSS United?

Can @knadh take a stand against Aadhaar.

I can’t/won’t take a stand on plenty of things, technology or otherwise, for various reasons. I don’t see how that’s relevant to FOSS United which focuses on FOSS stuff. Also, I don’t see the relevance of Zerodha using these services as mandated by laws/regulations prescribed specifically for financial intermediaries like it.

By what framework does intellectual property become more important than violation of our freedom of expression and privacy rights? You are just side stepping the elephant in room.

Anything that does not address this just sounds like hypocrisy to me

Um, I don’t get this. These are huge fundamental issues indeed, but really, we’re talking about FOSS United, an org that works on stuff directly pertaining to FOSS, not broad societal issues, no matter how serious. I can’t make sense of this.

Also, by that logic, any org that doesn’t work on the existential problem of climate change doesn’t make sense either, right? Should FOSS United work on climate change issues too? The Supreme Court just the other day declared “right against the adverse affects of climate change” a fundamnetal right.

Software patents on the other hand, they directly affect FOSS, software, code, FOSS innovation, and FOSS developers.

unless. unless. unless, there is a membership and voting mechanism.

Please feel free to attempt this again. In our past attempts, we haven’t seen participation or strong interest from a critical mass in the community to get involved in governance, ironically. There were also a number of unresolved questions if I recall correctly. Perhaps that is the nature of community that has formed around the org.

Finally, the entire point of talking about tech/policy related matters in the community (via community partnerships, talks, the policy scholarship etc.) is to increase awareness, hoping that people take an interest and pursue various issues that they relate with, be it tech/privacy, or tech/rights. Can’t think of a more democratic approach than this!

We just become a platform to whitewash DPG by not talking about it.

What? Anything that FOSS United doesn’t talk about, FOSS United whitewashes? I don’t understand.

Also, honestly, getting jaded with any serious discussion here spiralling out of the focus area into overly general matters—rights, existential freedoms, democracy, liberty, justice, equality … @rushabh. All extremely important matters, but here, can we just stick to stuff that directly pertain to FOSS in the community (software, code, developers, tinkering, innovation, sharing etc)?

For the nth time, how can you say this should be the priority policy without providing any mechanism to see if the entire community thinks this way? Maybe it priority for you, but is it for the entire community?

Screenshot 2024-04-11 at 4.48.41 PM918×580 50.7 KB

This is the only unscientific poll I have seen yet. And according to this, whatever the community that responded says we should be focussing on ensuring school syllabus is based on FOSS - which I think is a great point to reflect on. Btw, this was Jan '23 - we have not conducted any such survey yet. Since we have limited resources, should we not focus on this as our prime policy objective? Have we done anything in that direction?

Just on the principle of centralisation of power this is bad. Checks and balances don’t matter when you are dealing with the central governments. Our systems must be designed to be de-centralised. The key ideological thinking behind free software is about “freedom”. Dictatorships are most efficient. Efficiency cannot be the only variable that matters.

Yes these topics require vigourous debates before we come to any common stand. My question was why are we even avoiding them and jumping to “safe” issues?

Also this is not about nuance, it is about incentives. Follow the money.

Climate change? That’s a strawman (and you are usually the first to pick those ). Aadhaar is a software platform that violates all the principles of free software and we are forced to use it - is this even up for debate?

What is in our purview or not, should be decided through a community mechanism. I may feel how is intellectual property rights in the purview of FOSSUnited? This is a genuine question. Based on the poll, more people think this should be important than ESP.

There are huge financial incentives for the parties involved.

The poll, we’ve been putting in effort into all of those areas with the capacity we have, right? Conversations about FOSS curriculum and adoption in Karnataka, Telengana, Tamil Nadu etc. “Mandating open standards for digital public goods (DPGs)” also. Remember the letter to NPCI that you mentioned earlier?

These are all things, including FOSS/software patents, that we’re slowly working on. What is the point here?

Um, no. That is not a strawman. I just used climate change as an exaggerated “bigger issue” to illustrate a point because you said “there are bigger problems than software patents”. Yes, there are always bigger problems. You cited liberty in society. Sure, but that’s not FOSS Unite’d purview, just like climate change isn’t.

Huh, this makes no sense. Every state and central govt. system, from election card registration, income tax, MCA portals, vehicles, health, insurance, exam results, absolutely every system, 1000s of them, is proprietary SaaS operated by various govts. This is one of the reasons why as a part of our policy efforts, we’ve attempted to advocate for FOSS and open standards wherever we can. We’re talking about absolutely every single govt. system. What do you want us to do about it? What exactly is the solution for govt. SaaS? I don’t know and I hope one day there is one.

Also, this argument is the actual strawman here.

Okay? Every sponsor of FOSS United/our events have varying levels of financial incentives. These are all for-profit corps. I don’t get the point.

Because it is against the four freedoms of FOSS and the entire global FOSS community is against it.

I think we are finally getting somewhere. All these are pro-FOSS suggestions and yes, we can work on them. I wish you had brought this up right at the beginning. Also, this is a Request for Comments and I hope more folks chime and and say what they would like to see us do. Will try to create capacity (voluntary/paid) for additional initiatives.

When I signed up for the policy role, I had very clearly told you and Kailash that this is what I would like to pursue. I am happy to take on more pro-FOSS initiatives but not at the cost of deprioritising the software patents initiative. We are slowly getting traction there and it would be utterly foolish to flush it down the toilet after so much of hard work.

Agreed. In one of our conversations, I had mentioned to you that I am against monopolies in the private sector as well as the government sector. I agree that we must have more decentralized systems too. However, I disagree when you say, “Checks and balances don’t matter when you are dealing with the central governments.” On the contrary, this is exactly where we need more checks and balances. By its very nature, central governments have access to a vast array of IT system and data. Without the kind of governance I argued for in my Indian Express op-ed quoted above, it is hard to have trust in government systems. The problem is not with government systems but with the governance of these systems. For example, some political parties have been known to use electoral records and beneficiary records in their political campaigns. The solution is not in scrapping electoral records or stopping benefits but in preventing and punishing misuse, and building in privacy safeguards.

My humble request is that we keep this a FOSS focused discussion. For non-FOSS issues, there are plenty of forums and we can have vigorous debates there.

The point is a tiny set of people (with varying incentives) setting agenda without a clear mechanism for a broad community based group like FOSS United feels inauthentic. If that is not clear, maybe I am just terrible at communication

My strong opinion would be to use FOSSUnited as a platform to discuss policy and taking stands with some democratic model, but to avoid direct use of funds in specific policy initiatives.

IF we have more funds we should used them to fund indie FOSS projects like AdonisJS, Skytable, RethinkDNS rather than put them in policy.

This is how most organizations evolve. Almost all organizations start with a small set of people. Over time, if they don’t broad base themselves, they don’t scale. We are still in the very early stage of our evolution but sharing our thought processes on the forum (something that you have been a strong advocate for), and seeking community input are the right things to do.

Let us look at the counterfactual. If we outline something and get no feedback, should we just twiddle our thumbs and do nothing? In my book, that would be an abject lack of leadership that goes against the goal of building FOSS United as an institution.

Why do you see this as an either/or kind of proposition? Can’t we do both?

You know what happened at iSpirt - there was credibility built through community effort of product founders and a tiny group of policy minded people took advantage of it. I was there and there was clearly no coherence or buy-in of the community. If you have no engagement, then you should consider it as a NO vote, not yes.

Strawman. Can you quote one non-FOSS discussion here?

Either ways. I am jaded as well. I have expressed my strong objections to the way the policy effort is funded and how the agenda is set several times. Anyways we have not resolved any governance mechanism here.

Why do you see this as an either/or kind of proposition? Can’t we do both?

This is an issue I’ve been meaning to talk about since quiet some time. I do not wish to further derail this conversation but find it really upsetting that we as FOSS United have paused project grants.

Firstly, I strongly believe policy initiatives at FOSS United should continue. We have got some great members in this community thanks to the GCPP program. We’ve also been one of the only organizations in India to make a small chunk of the population to care about public policy. I’m still not sure if we require another umbrella to actively carry out the work, but the awareness and outreach should definitely be done under FOSS United.

This debate has gone way off track for me to be able to comprehend anything or contribute more. But since the topic of project funding has come up ill give my two paisa in a seperate thread.

Where is this word coming back from?

We discussed this long and agreed that new terms that lead to confusions should not be introduced.

I strongly agree with @rushabh’s comments that there is (at least in perception) a push for surveillance capitalism through FOSS United. Please don’t see my (others’) silence as lack of interest in the topic. It is just lack of interest in FOSS United’s cunning efforts here.

In our About page we have said,

In the Indian context, our goals are:

• To promote the spirit of hacking and tinkering.*
• To build quality FOSS for public good.*
• To enable and evangelise the use of FOSS in academia, social sector, industry and government.*

This is the lens through which proposals should be evaluated. On surveillance tech, I have given my answer in the above thread. Happy to drop the word, “Open Tech.”

I remember a long discussion on the Telegram group on this. This term is vague and is used in open-washing and should be avoided in the context of FOSS. It’s as vague as “powered by AI”. It should just be removed from the FOSS vocabulary for good @Venkatesh_Hariharan @rahulporuri. These terms invite suspicion and scepticism naturally.

With this, I’ll stop any further comments on policy stuff here.

Aside:
I stopped participating in this thread because it just went off the rails. My original post/proposal on this thread was to stop the policy experiments at FOSS United as there’s no community participation. Without active community participation, it becomes a silo (as it has) and is susceptible to varying interpretations (as it has). What is working really well at FOSS United is community building and activities.

Stopping policy stuff at the org is what @rushabh also wants but then the thread just took a really weird tangent instead of something along the lines of “+1, let’s stop it”. This has left me really really confused. I’m personally worn out by every discussion turning into tirades (not just this thread, but several other matters, everything from IndiaFOSS to the conference platform the team has been working on to internships).

About Zerodha, don’t know what to do about the theory that Zerodha is furthering some nefarious agendas by funding the org, apart from stopping funding (which will kill the org because despite our best efforts, we have been unable to build sustainability via broader industry participation). This whole thing is really tiring especially because all funding is explicitly approved by the directors and the team (CC @wisharya). Anyone who suspects that there is some 4D chess going on , I’d urge them to speak to the fulltime employees, interns, and volunteers who’ve been running the org! Despite multiple attempts, we haven’t had volunteers step forward and be a part of governance apart from very few (@rahulporuri - @vishnus @realvinay volunteer and commit a lot of time in helping with governance and everything else, but they’re “compromised” because they’re at Zerodha, I guess?).

I’ve had several chats with a very confused and stressed out @wisharya and @mriya11 over the last couple of days. They, and the rest of the fulltime and intern team have been unfortunately at the receiving end of facing mounting confusion and stress from these back-and-forth tirades on N number of matters for more than a year. As directors, “leaders”, we’ve failed to ensure a stress-free work environment for them. Mental health of the people I work with is something I care very much about. I’ve in fact apologised to the team multiple times over the last year for not being able to get a handle on this.

The direction this thread has taken is the final straw for me, personally. Not the specific policy/patent/Aadhaar/DPI/DPG/Zerodha/whatever stuff, but the language and direction which @rushabh used which was not necessary. Not every discussion has to be provocative and devolve into never ending debates. Certain behaviour and language around IndiaFOSS that severely affected the mental wellbeing of the team was a big red flag for me, and it has finally culminated in this thread. Perhaps @wisharya and @mriya11 and the intern would like to share their experiences around some of the matters I am referring to, if they’re comfortable sharing.

I’ll end by reiterating that my original post on this thread was to stop policy stuff at the org as it has not gained community participation! This is in accordance with the agreement we had in a general meeting last year (some ~10 of us, two directors, full time employees, volunteers. The minutes should be somewhere on the forum @rahulporuri @mriya11?) where we had agreed that we would give it 12 more months to see if the policy experiments find community participation and then take a call. Personally, my belief that tech/policy is a critical matter has only grown stronger in the last three years with the government pumping out tech policies at a crazy rate. For FOSS and indie devs and small orgs, software patents specifically is something I personally worry about.

Anyway, that’s it. I’m personally done with this stuff. @rushabh you are free to run it like a democratic/republic without the deep tentacles of any capitalistic cabals! After all, the org originally was your idea.

This thread was just the straw that broke the camel’s back and it’s been building up for a while now. I’ve way too many productive projects that I’m interested in and getting sucked into tirades is something I’ve no need to do. I have candidly communicated with @rushabh that I’m unable to deal with a certain brand of constant, provocative, derisive (it is in my book) communication and language for matter after matter. The constant need to turn every matter into a raging debate, the volatility. There’s a reason why I don’t use social media! @rushabh candidly admits that it is his style of communication. Absolutely fair to have whatever style of communication, but it’s not something I am equipped to deal with or can appreciate. This kind of style is not good for my mental wellbeing personally, and it definitely isn’t good for the young team who have brought this up N times over the last couple of years. I hope they find it comfortable to come forward, speak, and share their thoughts.

The team have my full support to continue the amazing work they’ve been doing. The vibrant, distributed FOSS communities have my full appreciation. I’ll of course always happily support and participate in FOSS activities, projects, initiatives, and I’ll continue to encourage techies to pay attention to and participate in matters of tech/policy (not participating is a systemic societal risk). Also quite amusing that this org also has spiralled into high drama like so many other orgs .

Whew! I hope FOSS United sans Zerodha will not be the cunning, insidious org you think it is!

While we are here. Can we also use this platform to call out the dangerous trend of open washing ?

I am not suggesting to alienate them, But to constructively work with them to ensure that well established community terminologies are not misused.

My suggestion is to keep FOSS United to just be about “FOSS”.

Building stuff. Hacking. Tinkering.
Meetups. Demo’s. Building cool shit.
Network with like minded people. Share code.

Not saying “policy” stuff is not important. But it’s best to keep it separate from FOSS United.

We need more hackers and tinkerers in India.
We need students to know that you can code an IPv4 Packet by hand.
We need young minds to have a home(a.k.a community) to share their love of coding and build stuff.
We need platform where people can show off cool shit that they build.

FOSS United is that. At least it has been for me.

@asd
Its quite sad to see you label the efforts as “cunning”. Whats cunning here?
You just insulted so many volunteers who work at FOSS United.

I want to make it absolutely clear.

I’m making an insinuation. An allegation. I’m making a frank and blunt accusation.

And I’m making it against the founders of FOSS United.

I’m saying that they’ve built FOSS United and hired Venkatesh Hariharan with no regard for the harms that surveillance technology built/pushed by orgs like iSpirt (which Venkatesh Hariharan was part of earlier) unleash on the democracy.

I’m saying that FOSS United engages in open-washing of these surveillance technologies.

And there is proof within this thread that Kailash Nadh is not interested in taking structural reforms that protects FOSS United from being used in this manner.

What is cunning is that this is framed as a limitation of the word “FOSS” whereas it is a limitation of the politics of FOSS United.