A few questions on the draft Geospatial Information Regulation Bill

Blog post by: Amitabha Bagchi

The Ministry of Home Affairs of the Government of India has posted a draft bill aimed at regulating the acquisition and use of geospatial information pertaining to India. This draft can be viewed here.

In brief, the provisions of this act make it illegal to acquire and even maintain previously acquired Indian geospatial data without applying for and receiving a license from an authority that is to be created for this purpose. Media reports have tended to focus on the aspect of the bill that talks about heavy penalties for misrepresenting the boundaries of India, but let us instead focus on the more important aspects that pertain to the data ecosystem. Some questions:

1. What happens if the data needs an update? Map information keeps changing. We aren’t talking about roads and buildings, since they remain relatively stable, but since the draft bill also includes “value addition”, it will also include other kinds of information that changes faster. Consider the case of your favourite restaurant discovery app: Will it have to apply for a new licence every time a new restaurant opens in Hauz Khas village? Effectively it will have to, since the draft bill proposes that only data that bears the watermark of the vetting authority be used for display. Changing the name of a restaurant in such data would amount to tampering with watermarked data. This sounds bad. Not propagating updates till security clearance is released may affect the business model of businesses premised on providing up-to-date information. The bill promises a three month turnaround on all clearances. This might not be quick enough, even if it was feasible, which leads us to the next question.

2. Do we have the bandwidth to handle all applications for this usage inside and outside India? Someone somewhere may have an estimate of how many different non-governmental services inside and outside India are currently using Indian geospatial data. I don’t have such an estimate but I would say this number is huge. Add to this all those 17-year old kids dreaming of startup glory who are mashing Google maps in their soon-to-be-world-dominating app. A government regulator that is yet to be set up will need hundreds of GIS experts who can “vet” TBs of data from each applicant. The logistics of getting this data across to the vetting authority alone boggles the mind, forget about the logistics of hiring and training these hundreds of experts. Unless this bill, on becoming an act, manages to singlehandedly kill the innovation ecosystem that depends on geospatial data, the number of requests will keep going up. And all these people will be “acquiring” and wanting to propagate updates (see #1 above). Which further leads us to the next question.

3. Does every single end-user of such data also need a license? The large organisations like Google who are acquiring and making geospatial data available through their APIs are in some sense at the lowest level of an application stack which could potentially have several layers (and probably already has). Application A buys a service that uses geospatial data from application B that has in turn bought it from provider C who has licensed it from organisation D. Or, in a more complex turn of events app A mashes up data from services B, C and D which in turn have bought their data from E, F and G and, guess what, F and G have some kind of data sharing agreement. How will A get its data acquisition vetted? The complexity of the ecosystem and the trajectories such data can take are only limited by the imagination of developers and service creators working on different kinds of problems in a host of different sectors. Unravelling this complexity will further burden the vetting authority  (see #2 above).

An alternative modality that can serve national security purposes would involve requiring all users of geospatial data to register with the security vetting authority and providing an online window through which the authority can conduct an audit of their data. The vetting authority can go through the data and raise an objection if it finds anything objectionable, and it can do this in its own time. In the meantime the data can be used and updated by the business as required. In other words, the onus has to be on the vetting authority to regularly check that the data is in order, rather than on the service. By shifting the onus onto the service we run the risk of creating a significant roadblock for a major part of the innovation ecosystem. This is undesirable.

Added 10 May 2016:

• An extended version of this blog entry appeared in The Hindu dated 10 May 2016. Read that piece here.
• Another view on this bill that contextualises it in terms of existing mapping laws can be read here.
• A more detailed exposition of the dangers this bill poses to flagship government projects like Digital India can be read here.