Facebook will pay $650 million to settle class action suit centered on Illinois privacy law

Facebook was ordered to pay $650 million Friday for running afoul of an Illinois law designed to protect the state’s residents from invasive privacy practices.

That law, the Biometric Information Privacy Act (BIPA), is a powerful state measure that’s tripped up tech companies in recent years. The suit against Facebook was first filed in 2015, alleging that Facebook’s practice of tagging people in photos using facial recognition without their consent violated state law.

1.6 million Illinois residents will receive at least $345 under the final settlement ruling in California federal court. The final number is $100 higher than the $550 million Facebook proposed in 2020, which a judge deemed inadequate. Facebook disabled the automatic facial recognition tagging features in 2019, making it opt-in instead and addressing some of the privacy criticisms echoed by the Illinois class action suit.

A cluster of lawsuits accused Microsoft, Google and Amazon of breaking the same law last year after Illinois residents’ faces were used to train their facial recognition systems without explicit consent.

The Illinois privacy law has tangled up some of tech’s giants, but BIPA has even more potential to impact smaller companies with questionable privacy practices. The controversial facial recognition software company Clearview AI now faces its own BIPA-based class action lawsuit in the state after the company failed to dodge the suit by pushing it out of state courts.

A $650 million settlement would be enough to crush any normal company, though Facebook can brush it off much like it did with the FTC’s record-setting $5 billion penalty in 2019. But the Illinois law isn’t without teeth. For Clearview, it was enough to make the company pull out of business in the state altogether.

The law can’t punish a behemoth like Facebook in the same way, but it is one piece in a regulatory puzzle that poses an increasing threat to the way tech’s data brokers have done business for years. With regulators at the federal, state and legislative level proposing aggressive measures to rein in tech, the landmark Illinois law provides a compelling framework that other states could copy and paste. And if big tech thinks navigating federal oversight will be a nightmare, a patchwork of aggressive state laws governing how tech companies do business on a state-by-state basis is an alternate regulatory future that could prove even less palatable.

 

Jamaica’s JamCOVID pulled offline after third security lapse exposed travelers’ data

Jamaica’s JamCOVID app and website were taken offline late on Thursday following a third security lapse, which exposed quarantine orders on more than half a million travelers to the island.

JamCOVID was set up last year to help the government process travelers arriving on the island. Quarantine orders are issued by the Jamaican Ministry of Health, and instruct travelers to stay in their accommodation for two weeks to prevent the spread of COVID-19.

These orders contain the traveler’s name and the address of where they are ordered to stay.

But a security researcher told TechCrunch that the quarantine orders were publicly accessible from the JamCOVID website but were not protected with a password. Although the files were accessible from anyone’s web browser, the researcher asked not to be named for fear of legal repercussions from the Jamaican government.

More than 500,000 quarantine orders were exposed, some dating back to March 2020.

TechCrunch shared these details with the Jamaica Cleaner, which was first to report on the security lapse after the news outlet verified the data spillage with local cybersecurity experts.

Amber Group, which was contracted to build and maintain the JamCOVID coronavirus dashboard and immigration service, pulled the service offline a short time after TechCrunch and the Jamaica Gleaner contacted the company on Thursday evening. JamCOVID’s website was replaced with a holding page that said the site was “under maintenance.” At the time of publication, the site had returned.

Amber Group’s chief executive Dushyant Savadia did not return a request for comment.

Matthew Samuda, a minister in Jamaica’s Ministry of National Security, also did not respond to a request for comment or our questions — including if the Jamaican government plans to continue its contract or relationship with Amber Group.

This is the third security lapse involving JamCOVID in the past two weeks.

Last week, Amber Group secured an exposed cloud storage server hosted on Amazon Web Services that was left open and public, despite containing more than 70,000 negative COVID-19 lab results and over 425,000 immigration documents authorizing travel to the island. Savadia said in response that there were “no further vulnerabilities” with the app. Days later, the company fixed a second security lapse after leaving a file containing private keys and passwords for the service on the JamCOVID server.

The Jamaican government has repeatedly defended Amber Group, which says it provided the JamCOVID technology to the government “for free.” Amber Group’s Savadia has previously been quoted as saying that the company built the service in “three days.”

In a statement on Thursday, Jamaica’s prime minister Andrew Holness said JamCOVID “continues to be a critical element” of the country’s immigration process and that the government was “accelerating” to migrate the JamCOVID database — though specifics were not given.

India announces sweeping guidelines for social media, on-demand streaming firms, and digital news outlets

India announced sweeping changes to its guidelines for social media, on-demand video streaming services, and digital news outlets on Thursday, posing new challenges for small firms as well as giants such as Facebook and Google that count the nation as its biggest market by users.

Ravi Shankar Prasad, India’s IT, Law, and Justice minister, said in a press conference that social media companies will be required to acknowledge the request within 24 hours and deliver a complete redressal in 15 days. In sensitive cases that surround rape or other sexual nature, firms will be required to takedown the objectionable content within 24 hours.

These firms will also be required to appoint a chief compliance officer, a nodal contact officer, who shall be reachable round the clock, and a resident grievance officer. The firms will also be required to have an office in the country.

For social media companies, Prasad said they will be required to disclose the originator of objectionable content. “We don’t want to know the content, but firms need to be able to tell who was the first person who began spreading misinformation and other objectionable content,” he said. WhatsApp has previously said that it can’t comply with such traceability request without compromising end-to-end encryption security for every user.

Firms will also be required to publish a monthly compliance report to disclose the number of requests they received and what actions they took. They will also be required to offer a voluntary option to users who wish to verify their accounts.

The guidelines go into effect for small firms effective immediately, but bigger services will be provided three months to comply, said Prasad.

New Delhi has put together these guidelines because citizens in India have long requested a “mechanism to address grievances,” said Prasad. India has been working on a law aimed at intermediaries since 2018. This is the first time New Delhi has publicly shared an update on the specifics of the guidelines.

“India is the world’s largest open Internet society and the Government welcomes social media companies to operate in India, do business and also earn profits. However, they will have to be accountable to the Constitution and laws of India,” he said, adding that WhatsApp had amassed 530 million users, YouTube, 448 million users, Facebook’s marquee service 410 million users, Instagram 210 million users, and Twitter, 175 million users in the country.

Full guidelines for social media firms and other intermediaries. (Source: Indian government.)

For streaming platforms, the draft, which will be legally enforceable when it becomes a law, has outlined a three-tier structure for “observance and adherence to the code.” Until now, on-demand services such as Netflix, Disney+ Hotstar, and MX Player have operated in India with little to no censorship.

New Delhi last year said India’s broadcasting ministry, which regulates content on TV, will also be overseeing digital streaming platforms. 17 popular streaming firms had banded together to devise a self-regulation code. Prakash Javedkar, Minister of Information and Broadcasting, said the proposed solution from the industry wasn’t adequate and there will be an oversight mechanism from the government to ensure compliance of code of practices.

Streaming services will also have to attach a content ratings to their titles. “The OTT platforms, called as the publishers of online curated content in the rules, would self-classify the content into five age based categories- U (Universal), U/A 7+, U/A 13+, U/A 16+, and A (Adult). Platforms would be required to implement parental locks for content classified as U/A 13+ or higher, and reliable age verification mechanisms for content classified as “A”,” the Indian government said.

“The publisher of online curated content shall prominently display the classification rating specific to each content or programme together with a content descriptor informing the user about the nature of the content, and advising on viewer description (if applicable) at the beginning of every programme enabling the user to make an informed decision, prior to watching the programme.”

Digital news outlets will be required to disclose the size of their reach and structure of their ownership.

Industry executives have expressed concerns over the new proposed regulation, saying New Delhi hasn’t consulted them for these changes. IAMAI, a powerful industry body that represents nearly all on-demand streaming services, said it was “dismayed” by the guidelines, and hoped to have a dialogue with the government.

Javedkar and Prasad were asked if there will be any consultation with the industry before these guidelines become law. The ministers said that they had already received enough inputs from the industry.

This is a developing story. More to follow…

SolarWinds hackers targeted NASA, Federal Aviation Administration networks

Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private companies.

The two agencies were named by the Washington Post on Tuesday, hours ahead of a Senate Intelligence Committee hearing tasked with investigating the widespread cyberattack, which the previous Trump administration said was “likely Russian in origin.”

Spokespeople for the agencies did not immediately respond to a request for comment, but did not deny the breach in remarks to the Post.

It’s believed NASA and the FAA are the two remaining unnamed agencies of the nine government agencies confirmed to have been breached by the attack. The other seven include the Departments of Commerce, Energy, Homeland Security, Justice, and State, the Treasury, and the National Institutes of Health, though it’s not believed the attackers breached their classified networks.

FireEye, Microsoft, and Malwarebytes were among a number of cybersecurity companies also breached as part of the attacks.

The Biden administration is reportedly preparing sanctions against Russia, in large part because of the hacking campaign, the Post also reported.

The attacks were discovered last year after FireEye raised the alarm about the hacking campaign after its own network was breached. Each victim was a customer of the U.S. software firm SolarWinds, whose network management tools are used across the federal government and Fortune 500 companies. The hackers broke into SolarWinds’ network, planted a backdoor in its software, and pushed the backdoor to customer networks with a tainted software update.

It wasn’t the only way in. The hackers are also said to have targeted other companies by breaking into other devices and appliances on their victims’ networks, as well as targeting Microsoft vendors to breach other customers’ networks.

Last week, Anne Neuberger, the former NSA cybersecurity director who last month was elevated to the White House’s National Security Council to serve as the deputy national security adviser for cyber and emerging technology, said that the attack took “months to plan and execute,” and will “take us some time to uncover this layer by layer.”

FCC proposes rules for emergency broadband program to keep struggling families online

The FCC has taken a major step towards offering financial support for people struggling to pay broadband bills during the pandemic. If approved, the Emergency Broadband Benefit Program could provide $50 per month to millions of households, and more in tribal lands.

The EBBP was created in the budget passed by Congress earlier this year, which earmarked $3.2 billion to offset the cost of broadband in households already struggling to make ends meet.

“From work to healthcare to education, this crisis has made it clear that without an internet connection too many households are locked out of modern life,” said acting FCC Chairwoman Jessica Rosenworcel in a statement. “It’s more apparent than ever that broadband is no longer nice-to-have. It’s need-to-have. But too many of us are struggling to afford this critical service.”

The general shape of the EBBP was already known, but since Congress first proposed it last year it has been up to the FCC to decide what it would actually look like. The rules for the program Rosenworcel circulated at the agency today are an important step in taking it from idea to reality.

The important bit is spelling out exactly who qualifies for the benefit — to wit, anyone who:

  • Qualifies for the FCC’s existing Lifeline connectivity subsidy program
  • Receives free and reduce-price school lunch or breakfast benefits
  • Received a Pell Grant
  • Meets other eligibility requirements for internet providers’ existing low-income or pandemic-related programs
  • “Experienced a substantial loss of income since February 29, 2020”

That last one is a bit vague, and I’ve asked the FCC for more details (the proposed rules are not yet public). It may involve something like qualifying for unemployment benefits or showing a given percentage reduction in income. Depending on exactly what is specified it could greatly increase the scope of the program. I’ve asked the FCC for more details.

Most qualifying households would get $50 per month, and those living on tribal lands would get $75 per month. There’s also the possibility of a one-time $100 to help cover the cost of a device purchased from certain providers.

Unfortunately there are plenty more steps before anyone is likely to get these discounts. The FCC will have to approve and vote on the rules, which even at the fastest pace may take a couple months. And then there is a period of considering requests from providers, which could take up further time. All told it could take as few as three months if everything goes at maximum speed, or much more than that if they get bogged down in red tape.

Now that the rules are at least set down, though, it is likely only a matter of time — a small comfort to those having trouble making ends meet, but it’s something to look forward to.

Jamaica’s Amber Group fixes second JamCOVID security lapse

Amber Group has fixed a second security lapse that exposed private keys and passwords for the government’s JamCOVID app and website.

A security researcher told TechCrunch on Sunday that the Amber Group left a file on the JamCOVID website by mistake, which contained passwords that would have granted access to the backend systems, storage, and databases running the JamCOVID site and app. The researcher asked not to be named for fears of legal repercussions from the Jamaican government.

This file, known as an environment variables (.env) file, is often used to store private keys and passwords for third-party services that are necessary for cloud applications to run. But these files are sometimes inadvertently exposed or uploaded by mistake, but can be abused to gain access to data or services that the cloud application relies on if found by a malicious actor.

The exposed environmental variables file was found in an open directory on the JamCOVID website. Although the JamCOVID domain appears to be on the Ministry of Health’s website, Amber Group controls and maintains the JamCOVID dashboard, app, and website.

The exposed file contained secret credentials for the Amazon Web Services databases and storage servers for JamCOVID. The file also contained a username and password to the SMS gateway used by JamCOVID to send text messages, and credentials for its email-sending server. (TechCrunch did not test or use any of the passwords or keys as doing so would be unlawful.)

A portion of the exposed credentials found on the JamCOVID website, controlled and maintained by Amber Group. (Image: TechCrunch)

TechCrunch contacted Amber Group’s chief executive Dushyant Savadia to alert the company to the security lapse, who pulled the exposed file offline a short time later. We also asked Savadia, who did not comment, to revoke and replace the keys.

Matthew Samuda, a minister in Jamaica’s Ministry of National Security, did not respond to a request for comment or our questions — including if the Jamaican government plans to continue its contract or relationship with Amber Group, and what — if any — security requirements were agreed upon by both the Amber Group and the Jamaican government for the JamCOVID app and website?

Details of the exposure comes just days after Escala 24×7, a cybersecurity firm based in the Caribbean, claimed that it had found no vulnerabilities in the JamCOVID service following the initial security lapse.

Escala’s chief executive Alejandro Planas declined to say if his company was aware of the second security lapse prior to its comments last week, saying only that his company was under a non-disclosure agreement and “is not able to provide any additional information.”

This latest security incident comes less than a week after Amber Group secured a passwordless cloud server hosting immigration records and negative COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year. Travelers visiting the island are required to upload their COVID-19 test results in order to obtain a travel authorization before their flights. Many of the victims whose information was exposed on the server are Americans.

One news report recently quoted Amber’s Savadia as saying that the company developed JamCOVID19 “within three days.”

Neither the Amber Group nor the Jamaican government have commented to TechCrunch, but Samada told local radio that it has launched a criminal investigation into the security lapse.


Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more

South Korea’s prime minister has joined Clubhouse

After garnering an estimated 8 million downloads since its launch, Clubhouse’s popularity continues across the world and even outside of its original tech-focused seed community.

The latest news comes from East Asia, where Korean media reported this morning that the country’s current prime minister, Chung Sye-kyun, has officially joined the social audio app under the username @gyunvely, making him among the most senior political leaders worldwide to join the burgeoning app. His account was created on Valentine’s Day (February 14th) and was “nominated” by a user using the name of TJ Park (Clubhouse does not have verified profiles).

South Korean Prime Minister Chung Sye-kyun on Clubhouse this weekend. Screenshot by Danny Crichton.

So far, the prime minister has garnered slightly fewer than 500 followers and is following a bit fewer than 200 accounts, perhaps indicating the app’s current reach in one of the world’s most mobile and connected digital economies. His Clubhouse bio reads “노란잠바 그 아저씨” or “That Yellow Jacket Guy,” a reference to the Korean civil defense uniform worn by politicians in times of crisis (such as throughout the COVID-19 pandemic) and which currently serves — in cartoon form — as Chung’s profile picture.

South Korean politicians often wear yellow civil defense uniforms in times of national crisis. Photo by South Korean Presidential Blue House via Getty Images

According to local media reports, Chung spoke in a Clubhouse room for over an hour with fellow Democratic Party of Korea member Jung Cheong-rae. In a public Facebook post yesterday, the prime minister said that “I heard this [app] is ‘hot’ these days so I tried it as a nighttime walk.”

He further said “I was a little startled by the unexpected questions and reactions but the new experience was enjoyable. I think I’ll participate from time to time in the future.” Elaborating, he said “the fact that it’s audio-only and everyone can have a conversation without reserve made me think that it’s a better communication tool than any other social media platforms, especially since currently we’re living in the age of non-face-to-face communication.”

Discussions in the Clubhouse room included questions asking whether it was really him, to more bread-and-butter policy issues like the high price of real estate and physical abuse in the sports world, which has dominated headlines in recent weeks in local media.

While Clubhouse has become something of a fixture for techies and every form of hustle culture connoisseur imaginable, the app has increasingly made forays into politics that are hardly unknown to other social networks.

Miami’s mayor Francis Suarez has been on Clubhouse to sell his city’s potential for the tech industry. San Francisco district attorney Chesa Boudin joined a “debate” on the platform about the future of SF, while NYC mayoral aspirant and all around UBI nerd Andrew Yang joined a discussion about … himself. Meanwhile, Bitcoin aficionado and itinerant Tesla leader Elon Musk has even proposed bringing Vladimir Putin onto Clubhouse for a live fireside chat.

Yet, as the platform expands globally, the challenges to its open and free-wheeling if somewhat moderated conversations are coming under closer scrutiny. China has now blocked Clubhouse within its borders after a brief period of uncensored conversation.

As Clubhouse continues to garner mainstream legitimacy and interest, questions continue to percolate on the future of the app’s success, such as how it will fund creators and continue to thrive once the world opens up after COVID-19.

With $20M A round, Promise brings financial flexibility to outdated government and utility payment systems

The last year has been one of financial hardship for billions, and among the specific hardships is the elementary one of paying for utilities, taxes and other government fees — the systems for which are rarely set up for easy or flexible payment. Promise aims to change that by integrating with official payment systems and offering more forgiving terms for fees and debts people can’t handle all at once, and has raised $20 million to do so.

When every penny is going toward rent and food, it can be hard to muster the cash to pay an irregular bill like water or electricity. They’re less likely to be shut off on short notice than a mobile plan, so it’s safer to kick the can down the road… until a few bills add up and suddenly a family is looking at hundreds of dollars of unpaid bills and no way to split them up or pay over time. Same with tickets and other fees and fines.

The CEO and co-founder of Promise, Phaedra Ellis-Lamkins, explained that this (among other places) is where current systems fall down. Unlike buying a TV or piece of furniture, where payment plans may be offered in a single click during online checkout, there frequently is no such option for municipal ticket payment sites or utilities.

“We have found that people struggling to pay their bills want to pay and will pay at extremely high rates if you offer them reminders, accessible payment options and flexibility. The systems are the problem — they are not designed for people who don’t always have a surplus of money in their bank accounts,” she told TechCrunch.

“They assume for example that if someone makes their first payment at 10 PM on the 15th, they will have the same amount of money the next month on the 15th at 10 PM,” she continued. “These systems do not recognize that most people are struggling with their basic needs. Payments may need to be weekly or split up into multiple payment types.”

Even those that do offer plans still see many failures to pay, due at least partly to a lack of flexibility on their part, said Ellis-Lamkins — failure to make a payment can lead to the whole plan being cancelled. Furthermore, it may be difficult to get enrolled in the first place.

“Some cities offer payment plans but you have to go in person to sign up, complete a multiple-page form, show proof of income and meet restrictive criteria,” she said. “We have been able to work with our partners to use self-certification to ease the process as opposed to providing tax returns or other documentation. Currently, we have over a 90% repayment rate.”

Promise acts as a sort of middleman, integrating lightly with the agency or utility, which in turn makes anyone owing money aware of the possibility of the different payment system. It’s similar to how you might see various payment options, including installments, when making a purchase at an online shop.

Mobile and computer screens showing payment interfaces with optiosn to pay over time.

Image Credits: Promise

The user enrolls in a payment plan (the service is mobile-friendly because that’s the only form of internet many people have) and Promise handles that end of it, with reminders, receipts and processing, passing on the money to the agency as it comes in — the company doesn’t cover the cost up front and collect on its own terms. Essentially it’s a bolt-on flexible payment mechanism that specializes in government agencies and other public-facing fee collectors.

Promise makes money by subscription fees (i.e. SaaS) and/or through transaction fees, whichever makes more sense for the given customer. As you might imagine, it makes more sense for a utility to pay a couple bucks to be more sure of collecting $500, than to take its chance on getting none of that $500, or having to resort to more heavy-handed and expensive debt collection methods.

Lest you think this is not a big problem (and consequently not a big market), Ellis-Lamkins noted a recent study from the California Water Boards showing there are 1.6 million people with a total of $1 billion in water debt in the state — one in eight households is in arrears to an average of $500.

Those numbers are likely worse than normal, given the immense financial pressure that the pandemic has placed on nearly all households — but like payment plans in other circumstances, households of many incomes and types find their own reason to take advantage of such systems. And pretty much anyone who’s had to deal with an obtusely designed utility payment site would welcome an alternative.

The new round brings the company’s total raised to over $30 million, counting $10 million it raised immediately after leaving Y Combinator in 2018. The funding comes from existing investors Kapor Capital, XYZ, Bronze, First Round, YC, Village, and others.

Jamaica’s immigration website exposed thousands of travelers’ data

A security lapse by a Jamaican government contractor has exposed immigration records and COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year.

The Jamaican government contracted Amber Group to build the JamCOVID19 website and app, which the government uses to publish daily coronavirus figures and allows residents to self-report their symptoms. The contractor also built the website to pre-approve travel applications to visit the island during the pandemic, a process that requires travelers to upload a negative COVID-19 test result before they board their flight if they come from high-risk countries, including the United States.

But a cloud storage server storing those uploaded documents was left unprotected and without a password, and was publicly spilling out files onto the open web.

Many of the victims whose information was found on the exposed server are Americans.

The data is now secure after TechCrunch contacted Amber Group’s chief executive Dushyant Savadia, who did not comment when reached prior to publication.

The storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was unprotected, but contained more than 70,000 negative COVID-19 lab results, over 425,000 immigration documents authorizing travel to the island — which included the traveler’s name, date of birth and passport numbers — and over 250,000 quarantine orders dating back to June 2020, when Jamaica reopened its borders to visitors after the pandemic’s first wave. The server also contained more than 440,000 images of travelers’ signatures.

Two U.S. travelers whose lab results were among the exposed data told TechCrunch that they uploaded their COVID-19 results through the Visit Jamaica website before their travel. Once lab results are processed, travelers receive a travel authorization that they must present before boarding their flight.

Both of these documents, as well as quarantine orders that require visitors to shelter in place and several passports, were on the exposed storage server.

Travelers who are staying outside Jamaica’s so-called “resilient corridor,” a zone that covers a large portion of the island’s population, are told to install the app built by Amber Group that tracks their location and is tracked by the Ministry of Health to ensure visitors stay within the corridor. The app also requires that travelers record short “check-in” videos with a daily code sent by the government, along with their name and any symptoms.

The server exposed more than 1.1 million of those daily updating check-in videos.

An airport information flyer given to travelers arriving in Jamaica. Travelers may be required to install the JamCOVID19 app to allow the government to monitor their location and to require video check-ins. (Image: Jamaican government)

The server also contained dozens of daily timestamped spreadsheets named “PICA,” likely for the Jamaican passport, immigration and citizenship agency, but these were restricted by access permissions. But the permissions on the storage server were set so that anyone had full control of the files inside, such as allowing them to be downloaded or deleted altogether. (TechCrunch did neither, as doing so would be unlawful.)

Stephen Davidson, a spokesperson for the Jamaican Ministry of Health, did not comment when reached, or say if the government planned to inform travelers of the security lapse.

Savadia founded Amber Group in 2015 and soon launched its vehicle-tracking system, Amber Connect.

According to one report, Amber’s Savadia said the company developed JamCOVID19 “within three days” and made it available to the Jamaican government in large part for free. The contractor is billing other countries, including Grenada and the British Virgin Islands, for similar implementations, and is said to be looking for other government customers outside the Caribbean.

Savadia would not say what measures his company put in place to protect the data of paying governments.

Jamaica has recorded at least 19,300 coronavirus cases on the island to date, and more than 370 deaths.


Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.

India lifts restrictions on mapping and surveying to help local firms

India said on Monday local firms will no longer need license or other permission to collect, generate, store and share geospatial data of the country, bringing sweeping changes to its earlier stance that it admitted hindered innovation.

Until now, New Delhi required Indian firms to seek licenses and additional approvals to create and publish topographical data. India’s Prime Minister Narendra Modi said today’s “deregulation” step will help the country become more self-reliant and reach its $5 trillion GDP goal.

“The regulations that apply to geospatial data and maps henceforth stand radically liberalised. The Department of Science and Technology is announcing sweeping changes to India’s mapping policy, specifically for Indian companies. What is readily available globally does not need to be restricted in India and therefore geospatial data that used to be restricted will now be freely available in India,” New Delhi said in a statement.

In its guidelines, New Delhi said local firms will be permitted access to “ground truthing/verification” that includes access to Indian ground stations and augmentation services for real-time positioning. Indian firms will also be provided access to terrestrial mobile mapping survey, street view survey and surveying in Indian territorial waters.

New Delhi said in the guidelines that only Indian firms shall be permitted access to the aforementioned surveys. Google has previously made unsuccessful attempts to launch its Street View service in India. A Google spokesperson told TechCrunch that the company was reviewing the guidelines and had no immediate comment to offer.

“Foreign companies and foreign owned or controlled Indian companies can license from Indian Entities digital Maps/Geospatial Data of spatial accuracy/value finer than the threshold value only for the purpose of serving their customers in India. Access to such Maps/Geospatial Data shall only be made available through APIs that do not allow Maps/Geospatial Data to pass through Licensee Company or its servers. Re-use or resale of such map data by licensees shall be prohibited,” the guidelines added.

Devdatta Tengshe, who works in the GIS space, told TechCrunch that the government’s move today was significant for the local ecosystem including citizens as previous restrictions had created an uncertainty on what precisely was permitted.

“Today’s announcement makes it explicitly clear that Indian entities can perform any location data collection and we can collect data on our own,” he said. “Additionally, the location data from agencies like municipality will be made available to Indian entities.”

Flipkart-backed 25-year-old firm MapMyIndia said today’s move by the government is “historic” as it opens up maps and the geospatial sector and ushers the self-reliance era in “strategic areas of maps to empower all 1.3 billion Indians and give unprecedented opportunities and growth for Indian companies.”

Modi said: “The reforms will unlock tremendous opportunities for our country’s start-ups, private sector, public sector and research institutions to drive innovations and build scalable solutions. India’s farmers will also be benefited by leveraging the potential of geo-spatial & remote sensing data. Democratizing data will enable the rise of new technologies & platforms that will drive efficiencies in agriculture and allied sectors. These reforms demonstrate our commitment to improving ease of doing business in India by deregulation.”