The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 12.
Notes for India as the digital trade juggernaut rolls on
http://editors.cis-india.org/internet-governance/blog/the-hindu-arindrajit-basu-february-8-2022-notes-for-india-as-the-digital-trade-juggernaut-rolls-on
<b>Sitting out trade negotiations could result in the country losing out on opportunities to shape the rules.</b>
<p>The article by Arindrajit Basu was <a class="external-link" href="https://www.thehindu.com/opinion/op-ed/notes-for-india-as-the-digital-trade-juggernaut-rolls-on/article38393921.ece">published in the Hindu</a> on February 8, 2022</p>
<hr />
<p style="text-align: justify; ">Despite the cancellation of the Twelfth Ministerial Conference (MC12) of the World Trade Organization (WTO) late last year (scheduled date, November 30, 2021-December 3, 2021) due to COVID-19, digital trade negotiations continue their ambitious march forward. On December 14, Australia, Japan, and Singapore, co-convenors of the plurilateral Joint Statement Initiative (JSI) on e-commerce, welcomed the ‘substantial progress’ made at the talks over the past three years and stated that they expected a convergence on more issues by the end of 2022.</p>
<h3>Holding out</h3>
<p style="text-align: justify; ">But therein lies the rub: even though JSI members account for over 90% of global trade, and the initiative welcomes newer entrants, over half of WTO members (largely from the developing world) continue to opt out of these negotiations. They fear being arm-twisted into accepting global rules that could etiolate domestic policymaking and economic growth. India and South Africa have led the resistance and been the JSI’s most vocal critics. India has thus far resisted pressures from the developed world to jump onto the JSI bandwagon, largely through coherent legal argumentation against the JSI and a long-term developmental vision. Yet, given the increasingly fragmented global trading landscape and the rising importance of the global digital economy, can India tailor its engagement with the WTO to better accommodate its economic and geopolitical interests?</p>
<h3><strong>Global rules on digital trade</strong></h3>
<p style="text-align: justify; ">The WTO emerged in a largely analogue world in 1994. It was only at the Second Ministerial Conference (1998) that members agreed on core rules for e-commerce regulation. A temporary moratorium was imposed on customs duties relating to the electronic transmission of goods and services. This moratorium has been renewed continuously, to consistent opposition from India and South Africa. They argue that the moratorium imposes significant costs on developing countries as they are unable to benefit from the revenue customs duties would bring.</p>
<p style="text-align: justify; ">The members also agreed to set up a work programme on e-commerce across four issue areas at the General Council: goods, services, intellectual property, and development. Frustrated by a lack of progress in the two decades that followed, 70 members brokered the JSI in December 2017 to initiate exploratory work on the trade-related aspects of e-commerce. Several countries, including developing countries, signed up in 2019 despite holding contrary views to most JSI members on key issues. Surprise entrants, China and Indonesia, argued that they sought to shape the rules from within the initiative rather than sitting on the sidelines.</p>
<p style="text-align: justify; ">India and South Africa have rightly pointed out that the JSI contravenes the WTO’s consensus-based framework, where every member has a voice and vote regardless of economic standing. Unlike the General Council Work Programme, which India and South Africa have attempted to revitalise in the past year, the JSI does not include all WTO members. For the process to be legally valid, the initiative must either build consensus or negotiate a plurilateral agreement outside the aegis of the WTO.</p>
<p style="text-align: justify; ">India and South Africa’s positioning strikes a chord at the heart of the global trading regime: how to balance the sovereign right of states to shape domestic policy with international obligations that would enable them to reap the benefits of a global trading system.</p>
<h3><strong>A contested regime</strong></h3>
<p style="text-align: justify; ">There are several issues upon which the developed and developing worlds disagree. One such issue concerns international rules relating to the free flow of data across borders. Several countries, both within and outside the JSI, have imposed data localisation mandates that compel corporations to store and process data within territorial borders. This is a key policy priority for India. Several payment card companies, including Mastercard and American Express, were prohibited from issuing new cards for failure to comply with a 2018 financial data localisation directive from the Reserve Bank of India. The Joint Parliamentary Committee (JPC) on data protection has recommended stringent localisation measures for sensitive personal data and critical personal data in India’s data protection legislation. However, for nations and industries in the developed world looking to access new digital markets, these restrictions impose unnecessary compliance costs, thus arguably hampering innovation and supposedly amounting to unfair protectionism.</p>
<p style="text-align: justify; ">There is a similar disagreement regarding domestic laws that mandate the disclosure of source codes. Developed countries believe that this hampers innovation, whereas developing countries believe it is essential for algorithmic transparency and fairness — which was another key recommendation of the JPC report in December 2021.</p>
<h3><strong>India’s choices</strong></h3>
<p style="text-align: justify; ">India’s global position is reinforced through narrative building by political and industrial leaders alike. Data sovereignty is championed as a means of resisting ‘data colonialism’, the exploitative economic practices and intensive lobbying of Silicon Valley companies. Policymaking for India’s digital economy is at a critical juncture. Surveillance reform, personal data protection, algorithmic governance, and non-personal data regulation must be galvanised through evidenced insights,and work for individuals, communities, and aspiring local businesses — not just established larger players.</p>
<p style="text-align: justify; ">Hastily signing trading obligations could reduce the space available to frame appropriate policy. But sitting out trade negotiations will mean that the digital trade juggernaut will continue unchecked, through mega-regional trading agreements such as the Regional Comprehensive Economic Partnership (RCEP) and the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP). India could risk becoming an unwitting standard-taker in an already fragmented trading regime and lose out on opportunities to shape these rules instead.</p>
<p style="text-align: justify; ">Alternatives exist; negotiations need not mean compromise. For example, exceptions to digital trade rules, such as ‘legitimate public policy objective’ or ‘essential security interests’, could be negotiated to preserve policymaking where needed while still acquiescing to the larger agreement. Further, any outcome need not be an all-or-nothing arrangement. Taking a cue from the Digital Economy Partnership Agreement (DEPA) between Singapore, Chile, and New Zealand, India can push for a framework where countries can pick and choose modules with which they wish to comply. These combinations can be amassed incrementally as emerging economies such as India work through domestic regulations.</p>
<p style="text-align: justify; ">Despite its failings, the WTO plays a critical role in global governance and is vital to India’s strategic interests. Negotiating without surrendering domestic policy-making holds the key to India’s digital future.</p>
<hr />
<p style="text-align: justify; "><i>Arindrajit Basu is Research Lead at the Centre for Internet and Society, India. The views expressed are personal. The author would like to thank The Clean Copy for edits on a draft of this article.</i></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-hindu-arindrajit-basu-february-8-2022-notes-for-india-as-the-digital-trade-juggernaut-rolls-on'>http://editors.cis-india.org/internet-governance/blog/the-hindu-arindrajit-basu-february-8-2022-notes-for-india-as-the-digital-trade-juggernaut-rolls-on</a>
</p>
No publisherbasuDigitalisationDigital KnowledgeInternet GovernanceE-CommerceDigital India2022-02-09T15:04:36ZBlog EntryRecommendations for EU cyber diplomacy
http://editors.cis-india.org/internet-governance/blog/recommendations-for-eu-cyber-diplomacy
<b>Written statement by Arindrajit Basu delivered at the EU Cyber Direct Civil Society Forum 2020</b>
<p id="docs-internal-guid-ab8c7a89-7fff-3047-3e79-b8b91593b2a0" dir="ltr"><strong>1.Key issues for EU cyber diplomacy</strong></p>
<p dir="ltr">There are two key issues that the EU should take the lead on. Extra-territorial surveillance by several countries, in partnership with private actors continues with aplomb. In Schrems II, the Court of Justice of the European Union has already dealt a decisive victory for civil society actors campaigning against <a href="https://www.medianama.com/2020/08/223-american-law-on-mass-surveillance-post-schrems-ii/">US law and surveillance policy, </a>and protected the rights of EU citizens by doing so. Channelising the rich human rights jurisprudence in the European Convention on Human Rights, the court was able to highlight how existing US law and policy do not comply with the principle of proportionality in the ECHR..While the courts are an important avenue of resistance, other countries targeted by illegal and illegitimate surveillance often do not have judicial recourse or the clout to effectively counter surveillance practices.In line with the accepted principles of international law, the EU must engage in diplomatic posturing calling for reining in the use of extra-territorial surveillance,which includes surveillance enhancing technologies, mass dragnet surveillance, and surveillance by private actors.</p>
<p> </p>
<p dir="ltr">The second key issue is that of ‘data sovereignty’-or a recognition that notwithstanding the significance of cross-border data flows, the ultimate responsibility of guaranteeing citizen rights in the digital sphere lie with the state enforcing laws in that jurisdiction. Undoubtedly, this responsibility must be discharged in conjunction with the principles of international law but the policy space itself should be sovereign, and not be dictated by other states or private actors. This sovereign space includes the right to regulate private actors such as technology companies through taxation, anti-trust laws, and impose on them key human rights obligations. It also includes an obligation to protect citizen interests against foreign adversaries.Sovereignty must not be conflated with brazen technology nationalism that involves restrictions on foreign technology or investment that harms the economic welfare or civil liberties of a state’s own citizens.</p>
<p> </p>
<p dir="ltr">Several jurisdictions including the EU are grappling with the precise contours of ‘data sovereignty’ and what it means in today’s increasingly fractured geo-political climate. However, as it set the ball rolling with privacy enhancing diplomacy across the world, the EU has an opportunity to work with several key partners, including emerging economies such as India, Brazil and South Africa to ensure that these debates culminate in digital ecosystems that preserve the rule of law while also increasing digital accessibility and reducing inequality.</p>
<p dir="ltr"><strong>2. Multi-stakeholder coalitions</strong></p>
<p dir="ltr"> The EU has signed up for <a href="https://www.lawfareblog.com/two-new-democratic-coalitions-5g-and-ai-technologies">multilateral coalitions </a>such as the Global Partnership on Artificial Intelligence and EU countries have signed onto multi-stakeholder digital agreements such as the Paris Call for Trust and Security in Cyberspace. While coalitions have been dismissed (incorrectly I believe) as talking shops, often efficient coalitions can attain key goals and promote core democratic values. Through these coalitions, the EU should look to attract as vast an array of stakeholders as possible-both states and private actors.However, that should happen once the key principles, objectives and mechanisms of engagement have been charted out by the coalition. Attracting too many stakeholders without having these clearly charted out allows for the agenda to be hijacked or limited.</p>
<p> </p>
<p dir="ltr"><strong>3. Engagement with civil society abroad</strong></p>
<p> The EU has to some extent successfully engaged civil society actors from various parts of the world. The Closing the Gap Conference held successfully by EU Cyber Direct in July showcased quality scholarship from all around the world and enabled dialogue between participants that we do not see often. The dialogue we are having today is a critical form of engagement.The EU should also consider supporting and providing resources for transnational movements such as the <a href="https://www.accessnow.org/keepiton/">#Keepiton </a>coalition that is advocating against internet shutdowns around the world and other civil society consortiums that are upholding values the EU also believes in around the world. Further, it is clear that European policy innovations-be it the GDPR or the European Data Strategy deeply impacts the future of global digital spaces. Therefore, robust consultative mechanisms should be deployed to ensure that academics and civil society participants from all over the world have a meaningful opportunity to shape these policies, keeping in mind the resources available for organisations, specially those in the global south to do the same.</p>
<p> </p>
<p dir="ltr"><em>17th September 2020.</em></p>
<em>
</em>
<p dir="ltr"><em>(Remarks delivered via video-conferencing)</em></p>
<p> </p>
<em>
</em>
<p dir="ltr"><em>(Note: This write-up is not meant to be an exhaustive representation of all recommendations for EU cyber diplomacy but captures the statement made by Arindrajit at the Civil Society Forum)</em></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/recommendations-for-eu-cyber-diplomacy'>http://editors.cis-india.org/internet-governance/blog/recommendations-for-eu-cyber-diplomacy</a>
</p>
No publisherbasu2020-09-19T13:32:36ZBlog EntryCIS Comments on 'Pre Draft' of the Report of the UN Open Ended Working Group
http://editors.cis-india.org/internet-governance/blog/cis-comments-on-pre-draft-of-the-report-of-the-un-open-ended-working-group
<b>CIS submitted comments on the 'pre draft' report of the United Nations Open Ended Working Group on developments in the field of information and telecommunications in the context of international security. </b>
<p id="docs-internal-guid-d5ba40a1-7fff-8b79-5dfd-da3f5a6b9315" dir="ltr">CIS would like to thank the Open Ended Working Group for making public the ‘pre-draft’ report of the Open Ended Working Group (OEWG). The publication of the draft is in line with the principles of transparency and openness that founded, and continue to define the OEWG process. As a research organisation, we will use this brief intervention to highlight key research areas, avenues of discourse, and next steps that both states and non-state actors involved in the OEWG should bear in mind going forward.</p>
<p dir="ltr"> </p>
<p dir="ltr">Read the full intervention <a class="external-link" href="http://cis-india.org/cis comments to oewg">here</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cis-comments-on-pre-draft-of-the-report-of-the-un-open-ended-working-group'>http://editors.cis-india.org/internet-governance/blog/cis-comments-on-pre-draft-of-the-report-of-the-un-open-ended-working-group</a>
</p>
No publisherbasu2020-04-06T12:26:07ZBlog EntryLaw and Politics of Global Governance Course Outline
http://editors.cis-india.org/internet-governance/blog/law-and-politics-of-global-governance-course-outline
<b>Arindrajit Basu taught a course on various prospects and challenges of global governance at NUJS, including the geo-politics of emerging technologies.</b>
<p id="docs-internal-guid-952fb8f7-7fff-75c6-fb21-e2821ede9549" dir="ltr">INTRODUCTION</p>
<p> </p>
<p style="text-align: justify;" dir="ltr">Since 1945, a crude amalgamation of transnational regulatory agencies, standard-setting bodies and inter-governmental organisations has wielded considerable influence in shaping the civil, political, social and economic conditions for human beings across the globe. Yet, the project of global governance as articulated by the UN Charter, Bretton Woods institutions, and many other international instruments has struggled to move past its inherently undemocratic character. Democratic states are governed by a legislature, an executive and an independent judiciary, all guided by a constitution that reflects the will of the people. The ‘liberal, international order’, which reflects the post-War aspiration for a “democratic peace” neither has corresponding institutions nor mechanisms that render it accountable to the global public. The lack of direct linkages between the governance structures and the governed resulted in the manipulation of multilateral regimes by powerful interest groups, states and non-state actors. The international order today has incubated an “underclass” of vulnerable communities, including refugees, indigenous populations, agricultural labourers and blue-collar workers -- that Richard Stewart has appropriately termed ‘the disregarded. </p>
<p> </p>
<p style="text-align: justify;" dir="ltr">During the past decade, populist leaders have latched onto the outbreak of discontent among the disregarded and jettisoned multilateral, rules-based cooperation for policies favouring protectionism and isolationism. Withdrawal from treaties and processes , rejection of human rights norms and the stonewalling of processes at the international level have cast a grim shadow on the future of multilateralism. </p>
<p> </p>
<p style="text-align: justify;" dir="ltr">As India takes up its rightful position as a norm enterpreneur in the global order, she must ask herself what sort of an order does she want to shape? A modest derivation of the established order that was driven largely by the super-powers of the time, or a new world order-shaped by the leaders of today? Are there values from the old order that continue to be applicable in today’s day and age? Can International Law be conceptualized as an instrument that accomplishes more than mere virtue-signalling for the elite?</p>
<p> </p>
<p style="text-align: justify;" dir="ltr">All these are tough questions-questions that budding lawyers from the global South should be equipped to grapple with. This course does not seek to provide any answers -indeed a silver bullet solution might prove to be elusive. Neither does it seek to frame the questions-students are expected to figure this out for themselves. Indeed, the journey to framing the right questions would mark half the battle won. Instead, we hope to stimulate intellectual thought and provoke discord so that the voices of the hitherto disregarded are never silenced again. </p>
<p> </p>
<p style="text-align: justify;" dir="ltr">The course starts off by quickly recapping some of the basics of International Law and International Relations. It then moves onto the structure and functioning of existing institutions with a bid to provoke critique of the same. We then look separately at two sides of the global governance architecture-the Bretton Woods driven international economic order and the UN driven human rights regime-both of which are under considerable threat. We then dedicate a unit solely to pontificating on the future of International Law in an era of lucrative deals.</p>
<p> </p>
<p style="text-align: justify;" dir="ltr">We then zoom in a little bit-looking at India’s role in this cacophony and how we can pave a way forward for ourselves in a manner that serves our national interest and benefits the most vulnerable. In the final unit, we look at technology-which holds the key to international relations for the next century. A new Iron Curtain is rising as a clash of values, interests and institutions are coming to the fore again to determine the future of cyberspace. Lessons from the last seven decades (and the first six units of this course) might have to be unlearned and reformed. Not doing so makes us run the risk of entrenched redundancy.</p>
<p style="text-align: justify;" dir="ltr">Click to read the full course outline<a class="external-link" href="http://cis-india.org/global%20governance-reading%20list"> here<br /></a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/law-and-politics-of-global-governance-course-outline'>http://editors.cis-india.org/internet-governance/blog/law-and-politics-of-global-governance-course-outline</a>
</p>
No publisherbasuglobal governance, geopolitics,emerging technologies, teaching2020-02-14T12:06:10ZBlog EntryIndia’s Role in Global Cyber Policy Formulation
http://editors.cis-india.org/internet-governance/blog/lawfare-arindrajit-basu-november-7-2019-indias-role-in-global-cyber-policy-formulation
<b>The past year has seen vigorous activity on the domestic cyber policy front in India. On key issues—including intermediary liability, data localization and e-commerce—the government has rolled out a patchwork of regulatory policies, resulting in battle lines being drawn by governments, industry and civil society actors both in India and across the globe.</b>
<p>The article by Arindrajit Basu was <a class="external-link" href="https://www.lawfareblog.com/indias-role-global-cyber-policy-formulation">published in Lawfare</a> on November 7, 2019. The article was reviewed and edited by Elonnai Hickok and Justin Sherman.</p>
<hr />
<p style="text-align: justify; ">The onslaught of recent developments demonstrates how India can shape cyber policy debates. Among emerging economies, India is uniquely positioned to exercise leverage over multinational tech companies due to its sheer population size, combined with a rapid surge in users coming online and the country’s large gross domestic product. India occupies a key seat at the <a href="https://www.theatlantic.com/international/archive/2019/06/g20-data/592606/">data governance table</a> alongside other players like the EU, China, Russia and the United States — a position the country should use to promote its interests and those of other similarly placed emerging economies.</p>
<p style="text-align: justify; ">For many years, the Indian population has served as an economic resource for foreign, largely U.S.-based tech giants. Now, however, India is moving toward a regulatory strategy that reduces the autonomy of these companies in order to pivot away from a system that recently has been termed “<a href="https://swarajyamag.com/magazine/colonialism-20-truly">data colonialism</a>”—in which Western technologies use data-driven revenue bolstered by information extracted from consumers in the Global South to consolidate their global market power. The policy thinking underpinning India’s new grand vision still has some gaps, however.</p>
<h3 style="text-align: justify; ">Data Localization</h3>
<p style="text-align: justify; ">Starting with a circular from the Reserve Bank of India in April 2018, the Indian government has <a href="https://twitter.com/cis_india/status/1143096429298085889">introduced a range of policy instruments</a> mandating “<a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">data localization</a>”—that is, requiring that certain kinds of data must be stored in servers located physically within India. A snapshot of these policies is summarized in the table below.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/IndianLaws.jpg" alt="Indian Laws" class="image-inline" title="Indian Laws" /></p>
<p style="text-align: justify; "><span style="text-align: -webkit-center; ">(</span><em>Source </em><a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf" style="text-align: -webkit-center; "><em>here</em></a><em>. Design credit: Saumyaa Naidu</em><span style="text-align: -webkit-center; ">)</span></p>
<p style="text-align: justify; "><span style="text-align: -webkit-center; ">While there are <a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">a number of</a> reasons for this maneuver, two in particular are in line with India’s broader vision of data sovereignty—broadly defined as the sovereign right of nations to govern data within their territory and/or jurisdiction in order to support their national interest for the welfare of their citizens. First, there is an incentive to keep data within India’s jurisdiction because of the cumbersome process through which Indian law enforcement agencies must go during criminal investigations in order to access data stored in the U.S. Second, data localization undercuts the <a href="https://theprint.in/tech/digital-colonialism-why-countries-like-india-want-to-take-control-of-data-from-big-tech/298217/">extractive economic models</a> used by U.S. companies operating in India by which the data generated by Indian citizens is collected in India, stored in data centers located largely in the U.S., and processed and analyzed to derive commercially valuable insights.</span></p>
<p style="text-align: justify; ">Both foreign players and smaller Indian private-sector actors were against this move. A <a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">study</a> on the issue that I co-authored earlier this year with Elonnai Hickok and Aditya Chawla found that one of the reasons for this resistance involved the high costs of setting up the data centers that are needed to comply with the requirement. President Trump <a href="https://www.whitehouse.gov/briefings-statements/remarks-president-trump-g20-leaders-special-event-digital-economy-osaka-japan/">echoed</a> this sentiment when he explicitly opposed data localization during a meeting with Prime Minister Narendra Modi on the sidelines of the G-20 in June 2019.</p>
<p style="text-align: justify; ">At the same time, large Indian players such as Reliance and Paytm and Chinese companies like AliBaba and Xilink were in favor of localization—possibly because these companies could absorb the costs of setting up storage facilities while benefiting from the fixed costs imposed on foreign competition. In fact, some companies, such as AliBaba, <a href="https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/alibaba-cloud-opens-second-data-centre-in-india/articleshow/65995570.cms">have already set up storage facilities in India.</a></p>
<p style="text-align: justify; ">As my co-authors and I noted, data localization comes with various risks, both diplomatically and politically. So far, the issue has caused friction in U.S.-India trade relations. For example, before Secretary of State Mike Pompeo's trip to New Delhi in June, the Trump administration <a href="https://thewire.in/diplomacy/us-india-h1b-visa-data-localisation">reportedly</a> contemplated limiting H-1B visas for any country that implements a localization requirement. Further, on his trips to New Delhi, Commerce Secretary Wilbur Ross has <a href="https://www.medianama.com/2019/05/223-us-trade-secretary-wilbur-ross-highlights-data-localisation-high-tariffs-on-electronics-telecom-products-in-india-as-trade-issues/">regularly argued</a> that data localization restrictions are a barrier to U.S. companies and stressed the need to eliminate such barriers. Further, data localization poses several <a href="https://www.lawfareblog.com/where-your-data-really-technical-case-against-data-localization">technical challenges</a> as well as security risks. Mirroring data across multiple locations, as India’s <a href="https://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf">Draft Personal Data Protection Bill</a> mandates, increases the number of physical data centers that need to be protected and thereby the number of vulnerable points that malicious actors can attack.</p>
<p style="text-align: justify; ">Recently, the Indian media have reported <a href="https://economictimes.indiatimes.com/news/economy/policy/policymakers-a-divided-lot-on-personal-data-bill-provisions/articleshow/70404637.cms?from=mdr&utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst">disagreements</a> between policymakers over data localization, along with speculation that the data storage requirement in the Draft Personal Data Protection Bill could be limited only to critical data—a term not defined in the bill itself—or be left to sectoral regulators, officials from individual government departments.</p>
<p style="text-align: justify; ">Our paper <a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">recommended a dual approach</a>. In our view, data localization policy should include mandatory localization for critical sectors such as defense or payments data, while also adopting “conditional” localization for all other data. Under conditional localization, data should only be transferred to countries that (a) agree to share the personal data of Indian citizens with law enforcement authorities based on Indian criminal procedure laws (examples of such a mechanism may be an executive data-sharing agreement under the <a href="https://epic.org/privacy/cloud-act/">CLOUD Act</a>) and (b) have equivalent privacy and security safeguards. This approach would be in line with India’s overarching vision of data sovereignty and the goal of standing up to the hegemony of big tech and of U.S. internet regulations, while avoiding undue collateral damage to India’s global alliances.</p>
<h3 style="text-align: justify; ">Intermediary Liability</h3>
<p style="text-align: justify; ">In line with the goal of ensuring that big tech is answerable to the rule of law, the Indian government has also sought to regulate the adverse social impacts of some speech hosted by platforms. Rule 3(9) of the <a href="https://meity.gov.in/writereaddata/files/Draft_Intermediary_Amendment_24122018.pdf">Draft of the Information Technology Intermediaries Guidelines (Amendment) Rules, 2018,</a> released by the Ministry of Electronics and Information Technology in December 2019, takes up the interventionist mission of laws like the <a href="https://www.lawfareblog.com/germanys-bold-gambit-prevent-online-hate-crimes-and-fake-news-takes-effect">NetzDg</a> in Germany. The regulation would mandate that platforms use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.” These regulations have prompted concerns from both the private sector and civil society groups that claim the proposal fails to address <a href="https://cis-india.org/internet-governance/resources/Intermediary%20Liability%20Rules%202018.pdf">constitutional concerns</a> about algorithmic discrimination, excessive censorship and inappropriate delegation of legislative powers under Indian law. Further, some observers object that the guidelines adopt a “one-size-fits-all” approach to classifying intermediaries that does not differentiate between platforms that thrive on end-to-end encryption like WhatsApp and public platforms like Facebook.</p>
<p style="text-align: justify; ">In many ways, these guidelines—likely to be <a href="https://www.medianama.com/2019/10/223-intermediary-guidelines-to-be-notified-by-jan-15-2020-meity-tells-supreme-court/">notified</a><a href="https://www.medianama.com/2019/10/223-intermediary-guidelines-to-be-notified-by-jan-15-2020-meity-tells-supreme-court/"> (as an amendment to the Information Technology Act) as early as January 2020</a>—put the cart before the horse. Before devising regulatory models appropriate for India’s geographic scale and population, it is first necessary to conduct empirical research about the vectors through which misinformation spreads in India and how misinformation impacts different social, economic and linguistic communities, along with pilot programs for potential solutions to the misinformation problem. And it is imperative that these measures be brought in line with constitutional requirements.</p>
<h3 style="text-align: justify; ">Community Data and “Data as a Public Good”</h3>
<p>Another important question involves the precise meaning of “data” itself—an issue on which various policy documents have failed to deliver a consistent stance.</p>
<p style="text-align: justify; ">The first conceptualization of “community data” appears in both the <a href="https://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf">Srikrishna Committee Report</a> that accompanied the <a href="https://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf">Draft Personal Data Protection Bill</a> in 2018 and the draft e-commerce policy. However, neither policy provides clarity on the concept of data.</p>
<p style="text-align: justify; ">When defining community data, the Srikrishna Report endorses a collective protection of privacy as protecting an identifiable community that has contributed to community data. According to the Srikrishna Report, receiving collective protection requires the fulfillment of three key aspects. First, the data belong to an identifiable community. Second, the individuals in the community consent to being a part of the community. And third, the community as a whole consents to its data being treated as community data.</p>
<p style="text-align: justify; ">The <a href="https://dipp.gov.in/sites/default/files/DraftNational_e-commerce_Policy_23February2019.pdf">draft e-commerce policy</a> reconceptualizes the notion of community data as “societal commons” or a “national resource,” where the undefined ‘community” has rights to access data but the government has overriding control to utilize the data for welfare purposes. Unlike the Srikrishna Report, the draft e-commerce policy does not outline the key aspects of community data. This approach fails to demarcate a clear line between personal and nonpersonal data or to specify any practical guidelines or restrictions on how the government can use community data. For this reason, implementation of this policy could pose a threat to the right to privacy that the Indian Supreme Court recognized as a <a href="https://thewire.in/law/supreme-court-aadhaar-right-to-privacy">fundamental right</a> in 2017.</p>
<p style="text-align: justify; ">The second idea is that of “data as a public good.” This is described in Chapter 4 of the <a href="https://www.indiabudget.gov.in/economicsurvey/doc/vol1chapter/echap04_vol1.pdf">2019 Economic Survey Report</a>—a document published by the Ministry of Finance along with the Annual Financial Budget. The report explicitly states that any data governance framework needs to be deferential to privacy norms and the soon-to-be-enacted privacy law. The report further states that “personal data” of an individual in the custody of a government is a “public good” once the datasets are anonymized.</p>
<p style="text-align: justify; ">However, the report’s recommendation of setting up a government database that links several individual databases together leads to the <a href="https://thewire.in/government/india-vision-data-republic-dangers-privacy">“triangulation” problem</a>, in which individuals can be identified by matching different datasets together. The report further suggests that the same data can be sold to private firms (though it is unclear whether this includes foreign or domestic firms). This directly contradicts the characterization of a “public good”—which, by definition, must be <a href="https://www.britannica.com/topic/public-good-economics">n</a><a href="https://www.britannica.com/topic/public-good-economics">onexcludable and nonrivalrous</a>—and is also at odds with the government’s vision of reining in big tech. The government has set up an expert committee to look into the scope of nonpersonal data, and the results of the committee’s deliberations <a href="https://www.medianama.com/2019/09/223-meity-non-personal-data-committee/">are likely to</a> influence the shape that India’s data governance framework takes across multiple policy instruments.</p>
<p style="text-align: justify; ">There is obviously a need to reassess and reevaluate the range of governance efforts and gambits that have emerged in the past year. With domestic cyber policy formulation pivots reaching a crescendo, we must consider how domestic cyber policy efforts can influence India’s approach to global debates in this space.</p>
<h3 style="text-align: justify; ">India’s Contribution to Global Cyber Policy Debates</h3>
<p style="text-align: justify; ">As the largest democracy in the world, India is undoubtedly a key <a href="https://www.newamerica.org/cybersecurity-initiative/reports/digital-deciders/">“digital decider”</a> in shaping the future of the internet. Multilateral cyber policy formulation efforts remain <a href="https://cis-india.org/internet-governance/blog/the-potential-for-the-normative-regulation-of-cyberspace-implications-for-india">polarized</a>. The U.S. and its European allies continue to advocate for a free, rules-based conception of cyberspace with limited governmental interference. China and Russia, along with their Shanghai Cooperation Organisation allies, are pushing for a tightly regulated internet in which each state has the right to manage and define its “network frontiers” through domestic regulation free from external interference. To some degree, India is already influencing debate over the internet through its various domestic cyber policy movements. However, its participation in international debates has been lacking the vigor or coherence needed to clearly articulate India’s national interests and take up a global leadership role.</p>
<p style="text-align: justify; ">In shaping its contributions to global cyber policy formulation, India should focus its efforts on three key places: (a) internet governance forums that deliberate the governance of the technical architecture of the internet such as domain names, (b) cyber norms formulation processes that seek to establish norms to foster responsible behavior in cyberspace by states and nonstate actors in cyberspace, and (3) global debates on trade and cross-border data flows that seek to conceptualize the future of global digital trade relationships. As I discuss below, there are key divisions in Indian policy in each of these forums. To realize its grand vision in the digital sphere, India needs to do much more to make its presence felt.</p>
<p><em>Internet Governance Forums</em></p>
<p style="text-align: justify; ">India’s stance on a variety of issues at internet governance forums has been inconsistent, switching repeatedly between <a href="https://www.cigionline.org/sites/default/files/documents/GCIG%20Volume%202%20WEB.pdf">multilateral and multistakeholder visions for internet governance.</a> A core reason for this uncertainty <a href="https://cis-india.org/internet-governance/files/indias-contribution-to-internet-governance-debates">is the participation of multiple Indian government</a> ministries, which often disagree with each other. At global internet governance forums, India has been represented either by the Department of Electronics and Information Technology (now renamed to Ministry of Electronics and Information Technoloft or the Department of Telecommunications (under the Ministry of Communications and Information Technology) or by the Ministry of External Affairs (MEA).</p>
<p style="text-align: justify; ">As my colleagues have documented <a href="https://cis-india.org/internet-governance/files/indias-contribution-to-internet-governance-debates">in a detailed paper,</a> India has been vocal in global internet governance debates at forums including the International Telecommunications Union, the Internet Governance Forum and the U.N. General Assembly. However, the Indian stance on <a href="https://www.diplomacy.edu/IGFLanguage/multistakeholderism">multistakeholderism</a> has been complex, with the MEA advocating for a multilateral stance while the other departments switched between multistakeholderism and “nuanced multilateralism”—which calls for multistakeholder participation in policy formulation but multilateral implementation. The paper also argues that there has been a decline recently in the vigor of Indian participation at forums such as the 2018 meeting of the Working Group on Enhanced Co-operation (WGEC 2.0), due to key personnel changes. For <a href="https://cis-india.org/internet-governance/files/indias-contribution-to-internet-governance-debates">example</a>, B.N. Reddy, who was a skilled and experienced negotiator for the MEA in previous forums, was transferred to another position before WGEC 2.0, and the delegation that attended the meeting did not make its presence felt as strongly or skillfully.</p>
<p><em>Cyber Norms for Responsible State Behavior in Cyberspace</em></p>
<p style="text-align: justify; ">With the exception of two broad and unoriginal statements at the <a href="https://unoda-web.s3-accelerate.amazonaws.com/wp-content/uploads/2016/10/India.pdf">70th</a> and <a href="https://undocs.org/A/71/172">71st</a> sessions of the U.N. General Assembly, India has yet to make public its position on the multilateral debate on the proliferation of norms for responsible state behavior in cyberspace. During the <a href="https://dig.watch/events/open-ended-working-group-oewg-first-substantive-session">substantive session</a> of the Open-Ended Working Group held in September, India largely reaffirmed points made by other states, rather than carving out a new or original approach. The silence and ambiguity is surprising, as India has been represented on four of the five Groups of Governmental Experts (GGEs) set up thus far and has also been inducted into the 2019-2021 GGE that is set to revamp the global cyber norms process. (Due to the GGE’s rotational membership policy, India was not a member of the fourth GGE that submitted its report in 2015.)</p>
<p style="text-align: justify; ">However, before becoming an evangelist of any particular norms, India has some homework to do domestically. It has yet to advance a clear, coherent and detailed public stance outlining its views on the application of international law to cyberspace. This public stance is necessary for two reasons. First, a well-reasoned statement that explains India’s stance on core security issues—such as the applicability of self-defense, countermeasures and international humanitarian law—would show India’s appetite for offensive and defensive strategies for external adversaries and allies alike. This would serve as the edifice of a potentially credible cyber deterrence strategy. Second, developing a public stance would help India to take advantage of the economic, demographic and political leverage that it holds and to assume a leadership role in discussions. The <a href="https://www.gov.uk/government/speeches/cyber-and-international-law-in-the-21st-century">U.K.</a>, <a href="https://www.lawfareblog.com/frances-cyberdefense-strategic-review-and-international-law">France,</a> <a href="https://www.lawfareblog.com/germanys-position-international-law-cyberspace">Germany</a>, <a href="https://www.justsecurity.org/64490/estonia-speaks-out-on-key-rules-for-cyberspace/">Estonia</a>, <a href="https://www.justsecurity.org/wp-content/uploads/2017/06/Cuban-Expert-Declaration.pdf">Cuba</a> (backed by China and Russia) and the <a href="https://www.justsecurity.org/wp-content/uploads/2016/11/Brian-J.-Egan-International-Law-and-Stability-in-Cyberspace-Berkeley-Nov-2016.pdf">U.S.</a> have all made their positions publicly known with varying degrees of detail.</p>
<p><em>Data Transfers</em></p>
<p style="text-align: justify; ">Unlike in other forums, Indian policy has been clearer in the cross-border data transfer debate. This is a foreign policy extension of India’s emphasis on localization and data sovereignty in domestic policy instruments. At the G-20 Summit in Osaka, India and the rest of the BRICS group (Brazil, Russia, China and South Africa) stressed the role that data play in economic development for emerging economies and reemphasized the need for <a href="https://www.youtube.com/watch?v=0a8YsZQ0F6k&feature=youtu.be">data sovereignty</a>. India did not sign the <a href="https://www.international.gc.ca/world-monde/international_relations-relations_internationales/g20/2019-06-29-g20_declaration-declaration_g20.aspx?lang=eng">Osaka Declaration on the Digital Economy</a> that kickstarted the “Osaka Track”—a process whereby the 78 signatories agreed to participate in global policy discussions on international rule-making for e-commerce at the World Trade Organization (WTO). This was a continuation of India’s sustained efforts opposing the e-commerce moratorium at the WTO.</p>
<p style="text-align: justify; ">The importance of cross-border data flows in spurring the global economy found its way into the <a href="https://g20.org/pdf/documents/en/FINAL_G20_Osaka_Leaders_Declaration.pdf">Final G-20 Leaders Declaration</a>—which India signed. Foreign Secretary Vijay Gokhale <a href="https://www.youtube.com/watch?v=0a8YsZQ0F6k&feature=youtu.be">argued</a> that international rule-making on data transfers should not take place in plurilateral forums outside the WTO. Gokhale claimed that limiting the debate to the WTO would ensure that emerging economies have a say in the framing of the rules. The clarity expressed by the Indian delegation at the G-20 should be a model for more confident Indian leadership in this global cyber policy development space.</p>
<h3 style="text-align: justify; ">Looking Forward</h3>
<p style="text-align: justify; ">India is no newcomer to the idea of normative leadership. To overcome material shortcomings in the nation’s early years, Jawaharlal Nehru, the first Indian prime minister, engineered a <a href="https://www.livemint.com/Opinion/h13WRfZP09BWA3Eg68TuVL/What-Narendra-Modi-has-Jawaharlal-Nehru-to-thank-for.html">normative pivot in world affairs</a> by championing the sovereignty of countries that had gained independence from colonial rule. In the years immediately after independence, the Indian foreign policy establishment sought to break the hegemony of the United States and the Soviet Union by advancing a foreign policy rooted in what came to be known as <a href="https://www.foreignaffairs.com/articles/india/2016-09-19/india-after-nonalignment">“nonalignment.”</a></p>
<p style="text-align: justify; ">Making sound contributions to foreign policy in cyberspace requires a variety of experts—international lawyers, computer scientists, geopolitical strategists and human rights advocates. Indian civil society and academia are brimming with tech policy enthusiasts from a variety of backgrounds who could add in-depth substance to the government’s cyber vision. Such engagement has begun to some extent at the domestic level: Most government policies are now opened up to consultation with stakeholders Yet there is still room for greater transparency in this process.</p>
<p style="text-align: justify; ">India's cyber vision is worth fighting for. The continued monetization of data dividends by foreign big tech at the expense of India’s socioeconomic development needs to be countered. This can be accomplished by predictable and coherent policymaking that balances economic growth and innovation with the fundamental rights and values enshrined in the Indian Constitution, including the right to equality, freedom of speech and expression, and the right to life. But inherent contradictions in the conceptualization of personal data, delays in tabling the Personal Data Protection Bill, and uncertain or rushed approaches in several other regulatory policies are all fettering the realization of this vision. On core geopolitical issues, there exists an opportunity to set the rule-shaping agenda to favor India’s sovereign interests. With global cyber policy formulation in a state of flux, India has the economic, demographic and intellectual leverage to have a substantial impact on the debate and recraft the narrative in favor of the rapidly emerging Global South.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/lawfare-arindrajit-basu-november-7-2019-indias-role-in-global-cyber-policy-formulation'>http://editors.cis-india.org/internet-governance/blog/lawfare-arindrajit-basu-november-7-2019-indias-role-in-global-cyber-policy-formulation</a>
</p>
No publisherbasuCyber SecurityInternet Governance2019-11-13T14:13:33ZBlog Entry“Politics by other means”: Fostering positive contestation and charting ‘red lines’ through global governance in cyberspace
http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-orfonline-october-21-2019-politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace
<b>The past year has been a busy one for the fermentation of global governance efforts in cyberspace with multiple actors-states, industry, and civil society spearheading a variety of initiatives. Given the multiplicity of actors, ideologies, and vested interests at play in this ecosystem, any governance initiative will be, by default, political, and desirably so.</b>
<p style="text-align: justify; "><span style="text-align: justify; ">Arindrajit Basu's essay for this year's Digital Debates: The CyFy Journal </span><a class="external-link" href="https://www.orfonline.org/wp-content/uploads/2019/10/Digital_Debates_2019_V7.pdf" style="text-align: justify; ">was published jointly by Global Policy and ORF</a><span style="text-align: justify; ">. It was written in response to a framing essay by Dennis Broeders under the governance theme. The article was edited by Gurshabad Grover. </span><i style="text-align: justify; "> Arindrajit also acknowledges the contributions of the editorial team at ORF: Trisha, Akhil and Meher.</i></p>
<hr />
<p style="text-align: justify; ">There is no silver bullet that will magically result in universally acknowledged rules of the road. Instead, through consistent probing and prodding, the global community must create inclusive processes to galvanize consensus to ensure that individuals across the world can repose trust and confidence in their use of global digital infrastructure.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn2"><sup>[2]</sup></a> This includes both ‘red lines’ applicable to clearly prohibited acts of cyberspace and softer norms for responsible state behaviour in cyberspace, that arise from an application of the tenets of International Law to cyberspace.</p>
<h2 style="text-align: justify; ">Infrastructure is political</h2>
<p style="text-align: justify; ">Networked infrastructures typically originate when a series of technological systems with varying technical standards converge, or when a technological system achieves dominance over other self-contained technologies.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn3"><sup>[3]</sup></a> Through this process of convergence, networked infrastructures must adapt to a variety of differing political conditions, legal regulations and governance practices.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn4"><sup>[4]</sup></a> Internet infrastructure was never self-contained technology, but an amalgamation of systems, protocols, standards and hardware along with the standards bodies, private actors and states that define it.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn5"><sup>[5]</sup></a> The architecture has always been deeply socio-technical<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn6"><sup>[6]</sup></a> and any attempt to severe the technology from the politics of internet governance would be a fool’s errand.</p>
<p style="text-align: justify; ">Politics catalyzed the development of the technological infrastructure that lead to the creation of the internet. During the heyday of nuclear brinkmanship between the USA and USSR, Paul Baran, an engineer with the US Department of Defense think tank RAND Corporation was tasked with building a means of communication that could continue running even if some parts were to be knocked out by a nuclear war.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn7"><sup>[7]</sup></a></p>
<p style="text-align: justify; ">As Baran’s ‘Bomb proof network’ morphed into the US Department of Defense funded ARPANET, it was initially apparent that it was not meant for either mass or commercial use, but instead saw its nurturing in the US as a tool of strategic defense.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn8"><sup>[8]</sup></a></p>
<p style="text-align: justify; ">This enabled the US to retain a disproportionate -- and till the 1990s, relatively uncontested -- influence on internet governance. As the internet rapidly expanded across the globe, various actors found that single state control over an invaluable global resource was unjust.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn9"><sup>[9]</sup></a> Others (9which included US Senator Ted Cruz), argued that the internet would be safer in the hands of the United States than an international forum whose processes could be reduced to stalemate as a result of politicized conflict between democratic and non-democratic states who seek to use online spaces as an instrument of suppression.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn10"><sup>[10]</sup></a> The ICANN and IANA transitions were therefore not rooted in technical considerations but much-needed geopolitical pressure from states and actors who felt ‘disregarded’<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn11"><sup>[11]</sup></a> in the governance of the internet. An inclusive multi-stakeholder process fueled by inclusive geopolitical contestation is far more effective in the long run and has the potential of respecting the rights of ‘disregarded’ communities all across the globe far more than a unilateral process that ignores any voices of opposition.</p>
<p style="text-align: justify; ">It is now clear that despite its continued outsized influence, the United States is no longer the only major state player in global cyber governance. China has propelled itself as a major political and economic challenger to the United States across several regimes<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn12"><sup>[12]</sup></a>, including in the cyber domain. China’s export of the ‘information sovereignty’<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn13"><sup>[13]</sup></a> doctrine at various cyber norms proliferation fora, including at the United Nations-Group of Governmental Experts (GGE), and regional forums like the Shanghai Co-operation (SCO), is an example of its desire to impose its ideological clout on global conceptions of the internet.</p>
<p style="text-align: justify; ">As a rising power, China’s aspirations in global internet governance are not limited to ideology. China is at an ‘innovation imperative’, where it needs to develop new technologies to retain its status and fuel long-term growth.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn14"><sup>[14]</sup></a> This locks it into direct economic, and therefore strategic competition with the United States that seeks to retain control over the same supply chains and continues to assert its economic and military superiority.</p>
<p style="text-align: justify; ">China has dominated the 5G space in an unprecedented way, and has been a product of a concerted ‘whole of government’ effort.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn15"><sup>[15]</sup></a> Beijing charted out an industrial policy that enabled the deployment of 5G networks as a key national priority.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn16"><sup>[16]</sup></a> China has also successfully weaponized global technical standard-setting efforts to promote its geo-economic interests.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn17"><sup>[17]</sup></a> Reeling from the failure of its domestic 3G standard that was ignored globally, China realised the importance of the ‘first-movers’ advantage’ in setting standards for companies and businesses.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn18"><sup>[18]</sup></a> Through an aggressive strategic push at a number of international bodies such as the International Telecommunications Union, China’s diplomatic pivot has allowed it to push standards established domestically with little external input, thereby giving Chinese companies the upper hand globally.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn19"><sup>[19]</sup></a></p>
<p style="text-align: justify; ">Politics continues to frame the technical solutions that enable cybersecurity.19 Following Snowden’s revelations, some stakeholders in the global community have shaped their politics to frame the problem as one of protecting individuals’ data from governments and private companies looking to extract and exploit it. The technical solutions developed in this frame are encryption standards and privacy enhancing technologies. However, intelligence agencies continue to frame the problem differently: they see it as an issue of collecting and aggregating data in order to identify malicious actors and threat vectors. The technical solutions they devise are increased surveillance and data analysis -- problems the first framing intended to solve. The techno-political gap, both in academic scholarship and global norms proliferation efforts continues to jeopardize attempts at framing cybersecurity governance.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn20"><sup>[20]</sup></a> Instead of artificially depoliticizing technology, it is imperative that we ferment political contestation in a manner that holistically promulgates the perception that internet infrastructure can be trusted and utilised by individuals and communities around the world.</p>
<h2 style="text-align: justify; ">Fostering ‘red lines’ and diffusing ‘unpeace’ in cyberspace</h2>
<p style="text-align: justify; ">‘Unpeace’ in cyberspace continues to ferment through ‘below the threshold’ operations that do not amount to the ‘use of force’ as per Article 2(4), or an ‘armed attack’ triggering the right of self-defense under Article 51 of the United Nations Charter. This makes the application of jus ad bellum (‘right to war’) inapplicable to most cyber operations.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn21"><sup>[21]</sup></a> However, the application of ‘jus in bello’ (law that governs the way in which warfare is conducted) or International Humanitarian Law (IHL) does not require armed force to be of a specific intensity but seeks to protect civilians and prevent unnecessary suffering. Therefore the principles of IHL that have evolved in The Geneva Conventions should be used as red lines that limit collateral damage as a result of cyber operations.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn22"><sup>[22]</sup></a> No state should conduct cyber operations that intend to harm civilians, and should us all means at its disposal to avoid this harm to civilians. It should act in line with the principles of necessity<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn23"><sup>[23]</sup></a> and proportionality.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn24"><sup>[24]</sup></a></p>
<p style="text-align: justify; ">Cultivating ‘red lines’ is easier said than done. The debate around the applicability of IHL to cyberspace was one of the reasons for the breakdown of the fifth UN-GGE in 2017.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn25"><sup>[25]</sup></a> States have also been reluctant to state their positions on the rules developed by the International Group of Experts (IGE) in the Tallinn Manual.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn26"><sup>[26]</sup></a> This is due to two main reasons. First, not endorsing the rules may allow them to retain operational advantages in cyberspace where they continue engaging in cyber operations without censure. Second, even those states who wish to apply and adhere to the rules hesitate to do so in the absence of effective processes that censure states that do not comply with the rules.</p>
<p style="text-align: justify; ">Both these issues stem from the difficulties in attributing a cyber attack to a state as cyber attacks are multi-stage, multi-step and multi-jurisdictional, which makes the attacker several degrees removed from the victim.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn27"><sup>[27]</sup></a> Technical challenges to attribution, however should not take away from international efforts that adopt an integrated and multi-disciplinary approach to attribution which must be seen as a political process working in conjunction with robust technical efforts.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn28"><sup>[28]</sup></a> The Cyber Peace Institute, which was set up earlier in September 2019, and adopts an ecosystem approach to studying cyber attacks, thereby improving global attribution standards may institutionally serve this function.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn29"><sup>[29]</sup></a> As attribution processes become clearer and hold greater political weight, an increasing number of states are likely to show their cards and abandon their policy of silence and ambiguity -- a process that has already commenced with a handful of states releasing clear statements on the applicability of international law in cyberspace.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn30"><sup>[30]</sup></a></p>
<p style="text-align: justify; ">Below the threshold operations are likely to continue. However, the process of contestation should result in the international community drawing out norms that ensure that public trust and confidence in the security of global digital infrastructure is not eroded. This would include norms such as protecting electoral infrastructure or a prohibition on coercing private corporations to aid intelligence agencies in extraterritorial surveillance29 The development of these norms will take time and repeated prodding. However, given the entangled and interdependent nature of the global digital economy, protracted effort may result in universal consensus in some time.</p>
<h2 style="text-align: justify; ">The Future of Cyber Diplomacy</h2>
<p style="text-align: justify; ">The recently rejuvenated UN driven norms formulation processes are examples of this protracted effort. Both the Group of Governmental Experts (GGE) and Open-Ended Working Group (OEWG) processes are pushing states towards publicly declaring their positions on multiple questions of cyber governance, which will only further certainty and predictability in this space. The GGE requires all member states to clearly chart out their position on the applicability of various questions of International Law, which will be included as an Annex to the final report and is definitely a step in the right direction.</p>
<p style="text-align: justify; ">There are multiple lessons from parliamentary diplomacy culminating in past global governance regimes that negotiators in these processes can borrow from.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn31"><sup>[31]</sup></a> As in the past, the tenets of international law can influence collective expectations and serve as a facilitative mechanism for chalking out bargaining points, and driving the negotiations within an inclusive, efficient and understandable framework.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn32"><sup>[32]</sup></a></p>
<p style="text-align: justify; ">Both processes will be politicized as before with states seeking to use these as fora for furthering national interests. However, this is not necessarily a bad thing. Protracted contestation is preferable to unilateralism where a select group of states decides the future of cyber governance. The inclusive, public format of the OEWG running in parallel to the closed-door deliberations at the GGE enables concerted dialogue to continue. Most countries had voted for the resolutions setting up both these processes and while the end-game is unknown, it appears that states remain interested in cultivating cyber norms.</p>
<p style="text-align: justify; ">Of course, the USA and its NATO allies had voted against the resolution setting up the OEWG and Russia, China and the SCO allies had voted against the resolution resurrecting the GGE. However, given the economic interests of all states in a relatively stable cyberspace, it is clear that both these blocks desire global consensus on some rules of the road for responsible behaviour in cyberspace. This means that both processes may arrive at certain similar outcomes. These outcomes might over time evolve into norms or even crystallise into rules of customary international law if they are representative of the interests of a large number of states.</p>
<p style="text-align: justify; ">However, sole reliance on state-centric mechanisms to achieve a stable governance regime may be misplaced. As seen with Dupont’s contribution to the Montreal Protocol that banned the global use of Chloro-Fluoro-Carbons (CFCs)<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn33"><sup>[33]</sup></a> or the International Committee of the Red Cross’s concerted efforts in rallying states to sign the Additional Protocols to the Geneva Conventions<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn34"><sup>[34]</sup></a>, norm-entrepreneurship and the mantle of leadership in norm-entrepreneurship need not be limited to state actors. Non-state actors often have the gifts of flexibility and strategic neutrality that make them a better fit for this role than states. Microsoft’s leadership and its ascent to this leadership mantle in the cyber governance space must therefore be taken heed off. The key role it played in charting out the CyberSecurity Tech Accords, Paris Call for Trust and Security in Cyberspace and its most recent initiative, the Cyber Peace Institute, must be commended. However, the success of its entrepreneurship relies on how well it can work both with multilateral mechanisms under the aegis of the United Nations and multi-stakeholder fora such as the Global Commission on Stability in Cyberspace. This will lead to a cohesive set of rules that adequately govern the conduct of both state and non-state actors in cyberspace.</p>
<p style="text-align: justify; ">It is unfortunate, however, that most governance efforts in cyberspace are driven by the United States or China or their allies. For example, only UK<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn35"><sup>[35]</sup></a>, France<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn36"><sup>[36]</sup></a>, Germany,<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn37"><sup>[37]</sup></a> Estonia<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn38"><sup>[38]</sup></a>,Cuba<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn39"><sup>[39]</sup></a> (backed by China and Russia), and the USA<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn40"><sup>[40]</sup></a> have all engaged in public posturing advocating their ideological position on the applicability of International Law in cyberspace in varying degrees of detail with other countries largely remaining silent. Other emerging economies need to get into the game to make the process more representative and equitable.</p>
<p style="text-align: justify; ">More recently, India has begun to take a leadership role in the global debate on cross-border data transfers, spurred largely by their domestic political and policy ecosystem championing ‘digital nationalism.’ At the G20 summit in Osaka in July this year, India, alongside the BRICS grouping emphasized the development dimensions of data for emerging economies and pushed the notion of ‘data sovereignty’-broadly understood as the sovereign right of nations to govern data within their territories/jurisdiction in the national interest and for the welfare of its people.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn41"><sup>[41]</sup></a> Resisting calls from Western allies including the United States to get on board Japan’s initiative promoting the free flow of data across borders, Vijay Gokhale also mentioned that discussions on data flows must not take place at plurilateral forums outside the World Trade Organization as this would prevent inclusive discussions.<a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_edn42"><sup>[42]</sup></a>This form of posturing should be sustained by emerging economies like India and extended to the security domain as well through which the hegemony that a few powerful actors retain over the contours of cyber governance can be reduced.</p>
<p style="text-align: justify; ">To paraphrase Clausewitz, technological governance is the conduct of politics by other means. Internet infrastructure has become so deeply intertwined with the political ethos of most countries that it has become the latest front for geopolitical contestation among state and non-state actors alike. Politicizing cyber governance prevents a deracinated approach to the process that ignores simmering inequalities, power asymmetries and tensions that a limited technical lens prevents us from viewing.</p>
<p style="text-align: justify; ">The question is, not if but how cyber governance will be politicized. Will it be a politics of inclusion that protects the rights of the disregarded and adequately represents their voices in line with the requirements of International Law, or will it be a politics of convenience through which states and non-state actors utilise cyber governance for reaping strategic dividends? The global cyber policy ecosystem must continue the battle to ensure that the former remains essential.</p>
<hr />
<h3>Endnotes</h3>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref1"><sup>[1]</sup></a> Arindrajit Basu and Elonnai Hickok (2018) “<a href="https://cis-india.org/internet-governance/files/cyberspace-and-external-affairs" rel="noopener" target="_blank">Cyberspace and External Affairs: A memorandum for India</a>”, 8-13.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref2"><sup>[2]</sup></a> In its draft definition of cyber stability, <a href="https://cyberstability.org/news/request-for-consultation-definition-of-stability-of-cyberspace/" rel="noopener" target="_blank">The Global Commission on the Stability of Cyberspace has adopted a bottom up user centric definition of Cyber Stability where individuals can be confident in the stability of cyberspace as opposed to an objective top-down determination of cybersecurity metrics</a>.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref3"><sup>[3]</sup></a> PN Edwards, GC Bowker Jackson SJ, R Williams 2009. Introduction: an agenda for infrastructure studies. J. Assoc. Inf. Syst.10(5):364–74</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref4"><sup>[4]</sup></a> Brian Larkin, “ The Politics and Poetics of Infrastructure” Annual Rev. Anthropol 2013,42:327-43</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref5"><sup>[5]</sup></a> Ibid.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref6"><sup>[6]</sup></a> Kieron O’Hara and Wendy Hall, “<a href="https://www.cigionline.org/sites/default/files/documents/Paper%20no.206web.pdf" rel="noopener" target="_blank">Four Internets: The Geopolitics of Digital Governance</a>” CIGI Report No.208, December 2018.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref7"><sup>[7]</sup></a> Cade Metz, “<a href="https://www.wired.co.uk/article/h-bomb-and-the-internet" rel="noopener" target="_blank">Paul Baran, the link between nuclear war and the internet</a>” Wired, 4th Sept. 2012.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref8"><sup>[8]</sup></a> Kal Raustila (2016) “Governing the Internet” American Journal of International Law 110:3,491</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref9"><sup>[9]</sup></a> Samantha Bradshaw, Laura DeNardis, Fen Osler Hampson, Eric Jardine & Mark Raymond, <a href="https://www.cigionline.org/sites/default/files/no17.pdf" rel="noopener" target="_blank">The Emergence of Contention in Global Internet Governance</a> 3 (Global Comm’n on Internet Governance, Paper Series No. 17, July 2015).</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref10"><sup>[10]</sup></a> Klint Finley, "<a href="https://www.wired.com/2016/10/internet-finally-belongs-everyone/" rel="noopener" target="_blank">The Internet Finally Belongs to Everyone</a>”, Wired, March 18th, 2016.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref11"><sup>[11]</sup></a> Richard Stewart (2014), Remedying Disregard in Global Regulatory Governance: Accountability, Participation and Responsiveness” AJIL 108:2</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref12"><sup>[12]</sup></a> Tarun Chhabra, Rush Doshi, Ryan Hass and Emilie Kimball, “<a href="https://www.brookings.edu/research/global-china-domains-of-strategic-competition-and-domestic-drivers/" rel="noopener" target="_blank">Global China: Domains of strategic competition and domestic drivers</a>” Brookings Institution, September 2019.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref13"><sup>[13]</sup></a> According to this view, a state can manage and define its ‘network frontiers; through domestic legislation or state policy and patrol information at it state borders in any way it deems fit. Yuan Yi,. “网络空间的国界在哪 ” [Where Are the National Borders of cyberspace]? 学习时报.May 19, 2016.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref14"><sup>[14]</sup></a> Anthea Roberts, Henrique Choer Moraes and Victor Ferguson (2019), “<a href="https://ssrn.com/abstract=3389163" rel="noopener" target="_blank">Toward a Geoeconomic Order in International Trade and Investment</a>” (May 16, 2019).</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref15"><sup>[15]</sup></a> Eurasia Group (2018), “The Geopolitics of 5G”</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref16"><sup>[16]</sup></a> Ibid.( In 2013, the Ministry of Industry and Information Technology (MIIT), the National Development and Reform Commission (NDRC) and the Ministry of Science and technology (MOST) established the IMT-2020 5G Promotion Group to push for a government all-industry alliance on 5G.)</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref17"><sup>[17]</sup></a> Bjorn Fagersten&Tim Ruhlig (2019), "<a href="https://www.ui.se/globalassets/ui.se-eng/publications/uipublications/2019/ui-brief-no.-2-2019.pdf" rel="noopener" target="_blank">China’s standard power and it’s geopolitical implications for Europe</a>” Swedish Institute for International Affairs.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref18"><sup>[18]</sup></a> Alan Beattie, “Technology: how the US, EU and China compete to set industry standards” Financial Times, Jul 14th, 2019</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref19"><sup>[19]</sup></a> Laura Fitchner, Walter Pieters.,&Andre Herdero Texeira(2016). Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. In Proceedings of the 2016 New Security Paradigms Workshop (36-48). New York: Association for Computing Machinery (ACM)</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref20"><sup>[20]</sup></a> Michael Crosston,” Phreak the Speak: The Flawed Communications within cyber intelligentsia” in Jan-Frederik Kremer and Benedikt Muller,”Cyberspace and International Relations: Theory, Prospects and Challenges (2013, Springer) 253.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref21"><sup>[21]</sup></a> “<a href="https://casebook.icrc.org/glossary/fundamental-principles-ihl" rel="noopener" target="_blank">Fundamental Principles of International Humanitarian Law</a>".</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref22"><sup>[22]</sup></a> Veronique Christory “<a href="https://casebook.icrc.org/glossary/fundamental-principles-ihl" rel="noopener" target="_blank">Cyber warfare: IHL provides an additional layer of protection</a>” 10 Sept. 2019.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref23"><sup>[23]</sup></a> See (The “<a href="https://casebook.icrc.org/glossary/military-necessity" rel="noopener" target="_blank">principle of military necessity</a>” permits measures which are actually necessary to accomplish a legitimate military purpose and are not otherwise prohibited by international humanitarian law. In the case of an armed conflict, the only legitimate military purpose is to weaken the military capacity of the other parties to the conflict.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref24"><sup>[24]</sup></a> See <a href="https://casebook.icrc.org/glossary/proportionality" rel="noopener" target="_blank">Proportionality</a>; The principle of proportionality prohibits attacks against military objectives which are “expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated”</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref25"><sup>[25]</sup></a> Declaration by Miguel Rodriguez, Representative of Cuba, <a href="https://www.justsecurity.org/wp-content/uploads/2017/06/Cuban-Expert-Declaration.pdf" rel="noopener" target="_blank">At the final session of group of governmental experts on developments in the field of information and telecommunications in the context of international security</a> (June 23 2017).</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref26"><sup>[26]</sup></a> Dan Efrony and Yuval Shany (2018), “ A Rule Book on the Shelf? Tallinn Manual 2.0 on Cyberoperations and Subsequent State Practice” AJIL 112:4</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref27"><sup>[27]</sup></a> David Clark and Susan Landau. “Untangling Attribution.” Harvard National Security Journal (Harvard University) 2 (2011</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref28"><sup>[28]</sup></a> Davis, John S., Benjamin Adam Boudreaux, Jonathan William Welburn, Jair Aguirre, Cordaye Ogletree, Geoffrey McGovern and Michael S. Chase. Stateless Attribution: Toward International Accountability in Cyberspace. Santa Monica, CA: RAND Corporation, (2017). At</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref29"><sup>[29]</sup></a> See “<a href="https://cyberpeaceinstitute.org/latest-insights/2019-09-26-cyberpeace-institute-to-lead-global-action-againstcyberattacks" rel="noopener" target="_blank">CyberPeace Institute to Support Victims Harmed by Escalating Conflicts in Cyberspace</a>”.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref30"><sup>[30]</sup></a> Dan Efrony and Yuval Shany (2018), “ A Rule Book on the Shelf? Tallinn Manual 2.0 on Cyberoperations and Subsequent State Practice” AJIL 112:4</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref31"><sup>[31]</sup></a> Arindrajit Basu and Elonnai Hickok (2018), “<a href="https://cis-india.org/internet-governance/files/gcsc-research-advisory-group.pdf" rel="noopener" target="_blank">Conceptualizing an International Security architecture for cyberspace</a>”.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref32"><sup>[32]</sup></a> Monica Hakimi (2017), “The Work of International Law,” Harvard International Law Journal 58:1.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref33"><sup>[33]</sup></a> James Maxwell and Forrest Briscoe (2007),” There’s money in the air: The CFC Ban and Dupont’s Regulatory Strategy” Business Strategy and the Environment 6, 276-286.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref34"><sup>[34]</sup></a> Francis Buignon (2004). “The International Committee of the Red Cross and the development of international humanitarian law.” Chi. J. Int’l L.5: 19137</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref35"><sup>[35]</sup></a> Jeremy Wright, “<a href="https://www.gov.uk/government/speeches/cyber-and-international-law-in-the-21st-century" rel="noopener" target="_blank">Cyber and International Law in the 21st Century</a>” Govt. UK.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref36"><sup>[36]</sup></a> Michael Schmitt, “<a href="https://www.justsecurity.org/66194/frances-major-statement-on-international-lawand-cyber-an-assessment/" rel="noopener" target="_blank">France’s Major Statement on International Law and Cyber: An Assessment</a>” Just Security, September 16th, 2019.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref37"><sup>[37]</sup></a> Nele Achten, "<a href="https://www.lawfareblog.com/germanys-position-international-law-cyberspace" rel="noopener" target="_blank">Germany’s Position on International Law in Cyberspace</a>”, Lawfare, Oct 2, 2018,</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref38"><sup>[38]</sup></a> Michael Schmitt, “<a href="https://www.justsecurity.org/64490/estonia-speaks-out-on-key-rules-for-cyberspace/" rel="noopener" target="_blank">Estonia Speaks out on Key Rules for Cyberspace</a>” Just Security, June 10, 2019.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref39"><sup>[39]</sup></a> <a href="https://www.justsecurity.org/wp-content/uploads/2017/06/Cuban-Expert-Declaration.pdf" rel="noopener" target="_blank">https://www.justsecurity.org/wp-content/uploads/2017/06/Cuban-Expert-Declaration.pdf</a></p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref40"><sup>[40]</sup></a> <a href="https://www.justsecurity.org/wp-content/uploads/2016/11/Brian-J.-Egan-International-Law-and-Stabilityin-Cyberspace-Berkeley-Nov-2016.pdf" rel="noopener" target="_blank">https://www.justsecurity.org/wp-content/uploads/2016/11/Brian-J.-Egan-International-Law-and-Stabilityin-Cyberspace-Berkeley-Nov-2016.pdf</a></p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref41"><sup>[41]</sup></a> Justin Sherman and Arindrajit Basu, "<a href="https://thediplomat.com/2019/07/fostering-strategic-convergencein-us-india-tech-relations-5g-and-beyond/" rel="noopener" target="_blank">Fostering Strategic Convergence in US-India Tech Relations: 5G and Beyond</a>”, The Diplomat, July 03, 2019.</p>
<p style="text-align: justify; "><a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/#_ednref42"><sup>[42]</sup></a> Aditi Agrawal, "<a href="https://www.medianama.com/2019/07/223-india-and-tech-policy-at-the-g20-summit/" rel="noopener" target="_blank">India and Tech Policy at the G20 Summit</a>”, Medianama, Jul 1, 2019.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-orfonline-october-21-2019-politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace'>http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-orfonline-october-21-2019-politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace</a>
</p>
No publisherbasuCyberspaceInternet Governance2019-10-21T15:40:38ZBlog EntryWe need a better AI vision
http://editors.cis-india.org/internet-governance/blog/fountain-ink-october-12-2019-arindrajit-basu-we-need-a-better-ai-vision
<b>Artificial intelligence conjures up a wondrous world of autonomous processes but dystopia is inevitable unless rights and privacy are protected.</b>
<p style="text-align: justify; ">The blog post by Arindrajit Basu was published by<a class="external-link" href="https://fountainink.in/essay/we-need-a-better-ai-vision-"> Fountainink</a> on October 12, 2019.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">he dawn of Artificial Intelligence (AI) has policy-makers across the globe excited. In India, it is seen as a tool to overleap structural hurdles and better understand a range of organisational and management processes while improving the implementation of several government tasks. Notwithstanding the apparent enthusiasm in the government and private sectors, an adequate technological, infrastructural, and financial capacity to develop these models at scale is still in the works.</p>
<p style="text-align: justify; ">A number of policy documents with direct or indirect references to India’s AI future—to be powered by vast troves of data—have been released in the past year and a half. These include the National Strategy for Artificial Intelligence (which I will refer to as National Strategy) authored by NITI Aayog, the AI Taskforce Report, Chapter 4 of the Economic Survey, the Draft e-Commerce Bill and the Srikrishna Committee Report.</p>
<p style="text-align: justify; ">While they extol the virtues of data-driven analytics, references to the preservation or augmentation of India’s constitutional ethos through AI has been limited though it is crucial for safeguarding the rights and liberties of citizens while paving the way for the alleviation of societal oppression.</p>
<p style="text-align: justify; ">In this essay, I outline the variety of AI use cases that are in the works. I then highlight India’s AI vision by culling the relevant aspects of policy instruments that impact the AI ecosystem and identify lacunae that can be rectified. Finally, I attempt to “constitutionalise AI policy” by grounding it in a framework of constitutional rights that guarantee protection to the most vulnerable sections of society.</p>
<blockquote class="synopsis" style="text-align: justify; ">In the manufacturing industry, AI adoption is not uniform across all sectors. But there has been a notable transformation in electronics, heavy electricals and automobiles.</blockquote>
<p style="text-align: justify; ">It is crucial to note that these cases, still emerging in India, have been implemented at scale in other countries such as the United Kingdom, United States and China. Projects were rolled out to the detriment of ethical and legal considerations. Hindsight should make the Indian policy ecosystem much wiser. By closely studying the research produced in these diverse contexts, Indian policy-makers should try to find ways around the ethical and legal challenges that cropped up elsewhere and devise policy solutions that mitigate the concerns raised.</p>
<p style="text-align: justify; ">***</p>
<p style="text-align: justify; ">B<span>efore anything else we need to define AI—an endeavour fraught with multiple contestations. My colleagues and I at the Centre for Internet & Society ducked this hurdle when conducting our research by adopting a function-based approach. An AI system (as opposed to one that automates routine, cognitive or non-cognitive tasks) is a dynamic learning system that allows for the delegation of some level of human decision-making to the system. This definition allows us to capture some of the unique challenges and prospects that stem from the use of AI.</span></p>
<p style="text-align: justify; ">The research I contributed to at CIS identified key trends in the use of AI across India. In healthcare, it is used for descriptive and predictive purposes.</p>
<p style="text-align: justify; ">For example, the Manipal Group of Hospitals tied up with IBM’s Watson for Oncology to aid doctors in the diagnosis and treatment of seven types of cancer. It is also being used for analytical or diagnostic services. Niramai Health Analytix uses AI to detect early stage breast cancer and Adveniot Tecnosys detects tuberculosis through chest X-rays and acute infections using ultrasound images. In the manufacturing industry, AI adoption is not uniform across all sectors. But there has been a notable transformation in the electronics, heavy electricals and automobiles sector gradually adopting and integrating AI solutions into their products and processes.</p>
<p style="text-align: justify; ">It is also used in the burgeoning online lending segment in order to source credit score data. As many Indians have no credit scores, AI is used to aggregate data and generate scores for more than 80 per cent of the population who have no credit scores. This includes Credit Vidya, a Hyderabad-based data underwriting start-up that provides a credit score to first time loan-seekers and feeds this information to big players such as ICICI Bank and HDFC Bank, among others. It is also used by players such as Mastercard for fraud detection and risk management. In the finance world, companies such as Trade Rays are being used to provide user-friendly algorithmic trading services.</p>
<blockquote class="synopsis" style="text-align: justify; ">AI is also being increasingly used in the education sector for providing services to students such as decision-making assistance and also for student-progress monitoring.</blockquote>
<p style="text-align: justify; ">The next big development is in law enforcement. Predictive policing is making great strides in various states, including Delhi, Punjab, Uttar Pradesh and Maharashtra. A brainchild of the Los Angeles Police Department, predictive policing is the use of analytical techniques such as Machine Learning to identify probable targets for intervention to prevent crime or to solve past crime through statistical predictions.</p>
<p style="text-align: justify; ">Conventional approaches to predictive policing start with the mapping of locations where crimes are concentrated (hot spots) by using algorithms to analyse aggregated data sets. Police in Uttar Pradesh and Delhi have partnered with the Indian Space Research Organisation (ISRO) in a Memorandum of Understanding to allow ISRO’s Advanced Data Processing Research Institute to map, visualise and compile reports about crime-related incidents.</p>
<p style="text-align: justify; ">There are aggressive developments also on the facial recognition front. Punjab Police, in association with Gurugram-based start-up Staqu has started implementing the Punjab Artificial Intelligence System (PAIS) which uses digitised criminal records and automated facial recognition to retrieve information on the suspected criminal. At the national level, on June 28, the National Crime Records Bureau (NCRB) called for tenders to implement a centralised Automated Facial Recognition System (AFRS), defining the scope of work in broad terms as the “supply, installation and commissioning of hardware and software at NCRB.”</p>
<p style="text-align: justify; ">AI is also being increasingly used in the education sector for providing services to students such as decision-making assistance and also for student-progress monitoring. The Andhra Pradesh government had started collecting information from a range of databases and processes the information through Microsoft’s Machine Learning Platform to monitor children and devote student focussed attention on identifying and curbing school drop-outs.</p>
<p style="text-align: justify; ">In Andhra Pradesh, Microsoft collaborated with the International Crop Institute for Semi-Arid Tropics (ICRISAT) to develop an AI Sowing App powered by Microsoft’s Cortana Intelligence Suite. It aggregated data using Machine Learning and sent advisories to farmers regarding optimal dates to sow. This was done via text messages on feature phones after ground research revealed that not many farmers owned or were able to use smart phones. The NITI Aayog AI Strategy specifically cited this use case and reported that this resulted in a 10-30 per cent increase in crop yield. The government of Karnataka has entered into a similar arrangement with Microsoft.</p>
<p style="text-align: justify; ">Finally, in the defence sector, our research found enthusiasm for AI in intelligence, surveillance and reconnaissance (ISR) functions, cyber defence, robot soldiers, risk terrain analysis and moving towards autonomous weapons systems. These projects are being developed by the Defence Research and Development Organisation but the level of trust and support in AI-driven processes reposed by the wings of the armed forces is yet to be publicly clarified. India also had the privilege of leading the global debate on Lethal Autonomous Weapons Systems (LAWS) with Amandeep Singh Gill chairing the United Nations Group of Governmental Experts (UN-GGE) on the issue. However, ‘lethal’ autonomous weapons systems at this stage appear to be a speck in the distant horizon.</p>
<p style="text-align: justify; ">***</p>
<p style="text-align: justify; ">A<span>long with the range of use cases described above, a patchwork of policy imperatives is emerging to support this ecosystem. The umbrella document is the National Strategy for Artificial Intelligence published by the NITI Aayog in June 2018. Despite certain lacunae in its scope, the existence of a cohesive and robust document that lends a semblance of certainty and predictability to a rapidly emerging sphere is in itself a boon. The document focuses on how India can leverage AI for both economic growth and social inclusion. The contents of the document can be divided into a few themes, many of which have also found their way into multiple other instruments.</span></p>
<p style="text-align: justify; ">NITI Aayog provides over 30 policy recommendations on investment in scientific research, reskilling, training and enabling the speedy adoption of AI across value chains. The flagship research initiative is a two-tiered endeavour to boost AI research in India. First, new centres of research excellence (COREs) will develop fundamental research. The COREs will act as feeders for international centres for transformational AI which will focus on creating AI-based applications across sectors.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/AIinCountries.jpg/@@images/16b4af34-cb6d-423c-be35-e45a60d501cf.jpeg" alt="AI in Countries" class="image-inline" title="AI in Countries" /></p>
<p style="text-align: justify; ">This is an impressive theoretical objective but questions surrounding implementation and structures of operation remain to be answered. China has not only conceptualised an ecosystem but through the Three Year Action Plan to Promote the Development of New Generation Artificial Intelligence Industry, it has also taken a whole-of-government approach to propelling the private sector to an e-leadership position. It has partnered with national tech companies and set clear goals for funding, such as the $2.1 billion technology park for AI research in Beijing.</p>
<p style="text-align: justify; ">The contents of the NITI document can be divided into a few themes, many of which have also found their way into multiple other instruments. First, it proposes an “AI+X” approach that captures the long-term vision for AI in India. Instead of replacing the processes in their entirety, AI is understood as an enabler of efficiency in processes that already exist. NITI Aayog therefore looks at the process of deploying AI-driven technologies as taking an existing process (X) and adding AI to them (AI+X). This is a crucial recommendation all AI projects should heed. Instead of waving AI as an all-encompassing magic wand across sectors, it is necessary to identify specific gaps AI can seek to remedy and then devise the process underpinning this implementation.</p>
<blockquote class="synopsis" style="text-align: justify; ">A cacophony of policy instruments by multiple government departments seeks to reconceptualise data to construct a theoretical framework that allows for its exploitation for AI-driven analytics.</blockquote>
<p style="text-align: justify; ">The AI-driven intervention to develop sowing apps for farmers in Karnataka and Andhra Pradesh are examples of effective implementation of this approach. Instead of other knee-jerk reactions to agrarian woes such as a hasty raising of Minimum Support Price, effective research was done in this use-case to identify a lack of predictability in weather patterns as a key factor in productive crop yields. They realised that aggregation of data through AI could provide farmers with better information on weather patterns. As internet penetration was relatively low in rural Karnataka, text messages to feature phones that had a far wider presence was indispensable to the end game.</p>
<p style="text-align: justify; ">***</p>
<p style="text-align: justify; ">T<span>his is in contrast to the ill-conceived path adopted by the Union ministry of electronics and information technology in guidelines for regulating social media platforms that host content (“intermediaries”). Rule 3(9) of the Draft of the Information Technology [Intermediary Guidelines (Amendment) Rules] 2018 mandates intermediaries to use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content”.</span></p>
<p style="text-align: justify; ">Proposed in light of the fake news menace and the unbridled spread of “extremist” content online, the use of the phrase “automated tools or appropriate mechanisms” is reflective of an attitude that fails to consider ground realities that confront companies and users alike. They ignore, for instance, the cost of automated tools: whether automated content moderation techniques developed in the West can be applied to Indic languages or grievance redress mechanisms users can avail of if their online speech is unduly restricted. This is thus a clear case of the “AI” mantra being drawn out of a hat without studying the “X” it is supposed to remedy.</p>
<p style="text-align: justify; ">The second focus of the National Strategy that has since morphed into a technology policy mainstay across instruments is on data governance, access and utilisation. The document says the major hurdle to the large scale adoption of AI in India is the difficulty in accessing structured data. It recommends developing big annotated data sets to “democratise data and multi-stakeholder marketplaces across the AI value chain”. It argues that at present only one per cent of data can be analysed as it exists in various unconnected silos. Through the creation of a formal market for data, aggregators such as diagnostic centres in the healthcare sector would curate datasets and place them in the market, with appropriate permissions and safeguards. AI firms could use available datasets rather than wasting effort sourcing and curating the sets themselves.</p>
<p style="text-align: justify; ">A cacophony of policy instruments by multiple government departments seeks to reconceptualise data to construct a theoretical framework that allows for its exploitation for AI-driven analytics.The first is “community data” and appears both in the Srikrishna Report that accompanied the draft Data Protection Bill in 2018 and the draft e-commerce policy.</p>
<p style="text-align: justify; ">But there appears to be some conflict between its usage in the two. Srikrishna endorses a collective protection of privacy by protecting an identifiable community that has contributed to community data. This requires the fulfilment of three key conditions: <i>first,</i> the data belong to an identifiable community; <i>second, </i>individuals in the community consent to being a part of it, and <i>third</i>, the community as a whole consents to its data being treated as community data. On the other hand, the Department of Promotion of Industry and Internal Trade’s (DPIIT) draft e-commerce policy looks at community data as “societal commons” or a “national resource” that gives the community the right to access it but government has ultimate and overriding control of the data. This configuration of community data brings into question the consent framework in the Srikrishna Bill.</p>
<blockquote class="synopsis" style="text-align: justify; ">The government’s attempt to harness data as a national resource for the development of AI-based solutions may be well-intentioned but is fraught with core problems in implementation.</blockquote>
<p style="text-align: justify; ">The matter is further confused by treating “data as a public good”. This is projected in Chapter 4 of the 2019 Economic Survey published by the Ministry of Finance. It explicitly states that any configuration needs to be deferential to privacy norms and the upcoming privacy law. The “personal data” of an individual in the custody of a government is also a “public good” once the datasets are anonymised. At the same time, it pushes for the creation of a government database that links several individual databases, which leads to the “triangulation” problem, where matching different datasets together allows for individuals to be identified despite their anonymisation in seemingly disparate databases.</p>
<p style="text-align: justify; ">“Building an AI ecosystem” was also one of the ostensible reasons for data localisation—the government’s gambit to mandate that foreign companies store the data of Indian citizens within national borders. In addition to a few other policy instruments with similar mandates, Section 40 of the Draft Personal Data Protection Bill mandates that all “critical data” (this is to be notified by the government) be stored exclusively in India. All other data should have a live, serving copy stored in India even if transfer abroad is allowed. This was an attempt to ensure foreign data processors are not the sole beneficiaries of AI-driven insights.</p>
<p style="text-align: justify; ">The government’s attempt to harness data as a national resource for the development of AI-based solutions may be well intentioned but is fraught with core problems in implementation. First, the notion of data as a national resource or as a public good walks a tightrope with constitutionally guaranteed protections around privacy, which will be codified in the upcoming Personal Data Protection Bill. My concerns are not quite so grave in the case of genuine “public data” like traffic signal data or pollution data. However, the Economic Survey manages to crudely amalgamate personal data into the mix.</p>
<p style="text-align: justify; ">It also states that personal data in the custody of a government is a public good once the datasets are anonymised. This includes transactions data in the User Payments Interface (UPI), administrative data including birth and death records, and institutional data including data in public hospitals or schools on pupils or patients. At the same time, it pushes for a government database that will lead to the triangulation problem outlined above. The chapter also suggests that said data may be sold to private firms (unclear if this includes foreign or domestic firms). This not only contradicts the notion of public good but is also a serious threat to the confidentiality and security of personal data.</p>
<p style="text-align: justify; ">***</p>
<p style="text-align: justify; ">T<span>herefore, along with the concerted endeavour to create data marketplaces, it is crucial for policy-makers to differentiate between public data and personal data individuals may consent to be made public. The parameters for clearly defining free and informed consent, as codified in the Draft Personal Data Protection Bill need to be strictly followed as there is a risk of de-anonymisation of data once it finds its way into the marketplace. Second, it is crucial for policy-makers to define clearly a community and parameters for what constitutes individual consent to be part of a community. Finally, along with technical work on setting up a national data marketplace, there must be protracted efforts to guarantee greater security and standards of anonymisation.</span></p>
<blockquote class="synopsis" style="text-align: justify; ">The National Strategy mentions that India should position itself as a “garage” for AI in emerging economies. This could mean Indian citizens are used as guinea pigs for AI-driven solutions at the cost of their rights.</blockquote>
<p style="text-align: justify; ">Assuming that a constitutionally valid paradigm may be created, the excessive focus on data access by tech players dodges the question of the capabilities of analytic firms to process this data and derive meaningful insights from the information. Scholars on China, arguably the poster-child of data-driven economic growth, have sent mixed messages. Ding argues that despite having half the technical capabilities of the US, easy access to data gives China a competitive edge in global AI competition. On the contrary, Andrew Ng has argued that operationalising a sufficient number of relevant datasets still remains a challenge. Ng’s views are backed up by insiders at Chinese tech giant Tencent who say the company still finds it difficult to integrate data streams due to technical hurdles. NITI Aayog’s idea of a multi-stream data marketplace may theoretically be a solution to these potential hurdles but requires sustained funding and research innovation to be converted into reality.</p>
<p style="text-align: justify; ">The National Strategy suggests that government should create a multi-disciplinary committee to set up this marketplace and explore levers for its implementation. This is certainly the need of the hour. It also rightly highlights the importance of research partnerships between academia and the private sector, and the need to support start-ups. There is therefore an urgent need for innovative allied policy instruments that support the burgeoning start-up sector. Proposals such as data localisation may hurt smaller players as they will have to bear the increased fixed costs of setting up or renting data centres.</p>
<p style="text-align: justify; ">The National Strategy also incongruously mentions that India should position itself as a “garage” for the use of AI in emerging economies. This could mean Indian citizens are used as guinea pigs for AI-driven solutions at the cost of their fundamental rights. It could also imply that India should occupy a leadership position and work with other emerging economies to frame the global rights based discourse to seek equitable solutions for the application of AI that works to improve the plight of the most vulnerable in society.</p>
<p style="text-align: justify; ">***</p>
<p style="text-align: justify; ">O<span>ur constitutional ethos places us in a unique position to develop a framework that enables the actualisation of this equitable vision—a goal the policy instruments put out thus far appear to have missed. While the National Strategy includes a section on privacy, security and ethical implications of AI, it stops short of rooting it in fundamental rights and constitutional principles. As a centralised policy instrument, the National Strategy deserves praise for identifying key levers in the future of India’s AI ecosystem and, with the exception of the concerns I outlined above, it is at par with the policy-making thought process in any other nation.</span></p>
<p style="text-align: justify; ">When we start the process of using constitutional principles for AI governance, we must remember that as per Article 12, an individual can file a writ against the state for violation of a fundamental right if the action is taken under the aegis of a “public function”. To combat discrimination by private actors, the state can enact legislation compelling private actors to comply with constitutional mandates. In July, Rajeev Chandrashekhar, a Rajya Sabha MP, suggested a law to combat algorithmic discrimination along the lines of the Algorithmic Accountability Bill proposed in the US Senate. There are three core constitutional questions along the lines of the “golden triangle” of the Indian Constitution any such legislation will need to answer—those of accountability and transparency, algorithmic discrimination and the guarantee of freedom of expression and individual privacy.</p>
<p style="text-align: justify; ">Algorithms are developed by human beings who have their own cognitive biases. This means ostensibly neutral algorithms can have an unintentional disparate impact on certain, often traditionally disenfranchised groups.</p>
<p style="text-align: justify; ">In the <i>MIT Technology Review</i>, Karen Hao explains three stages at which bias might creep in. The first stage is the framing of the problem itself. As soon as computer scientists create a deep-learning model, they decide what they want the model to finally achieve. However, frequently desired outcomes such as “profitability”, “creditworthiness” or “recruitability” are subjective and imprecise concepts subject to human cognitive bias. This makes it difficult to devise screening algorithms that fairly portray society and the complex medley of identities, attributes and structures of power that define it.</p>
<p style="text-align: justify; ">The second stage Hao mentions is the data collection phase. Training data could lead to bias if it is unrepresentative of reality or represents entrenched prejudice or structural inequality. For example, most Natural Language Processing systems used for Parts of Speech (POS) tagging in the US are trained on the readily available data sets from the <i>Wall Street Journal</i>. Accuracy would naturally decrease when the algorithm is applied to individuals—largely ethnic minorities—who do not mimic the speech of the <i>Journal</i>.</p>
<p style="text-align: justify; ">According to Hao, the final stage for algorithmic bias is data preparation, which involves selecting parameters the developer wants the algorithm to consider. For example, when determining the “risk-profile” of car owners seeking insurance premiums, geographical location could be one parameter. This could be justified by the ostensibly neutral argument that those residing in inner-city areas with narrower roads are more likely to have scratches on their vehicles. But as inner cities in the US have a disproportionately high number of ethnic minorities or other vulnerable socio-economic groups, “pin code” becomes a facially neutral proxy for race or class-based discrimination.</p>
<p style="text-align: justify; ">***</p>
<p style="text-align: justify; ">T<span>he right to equality has been carved into multiple international human rights instruments and into the Equality Code in Articles 14-18 of the Indian Constitution. The dominant approach to interpreting the right to equality by the Supreme Court has been to focus on “grounds” of discrimination under Article 15(1), thus resulting in a lack of recognition of unintentional discrimination and disparate impact.</span></p>
<p style="text-align: justify; ">A notable exception, as constitutional scholar Gautam Bhatia points out, is the case of <i>N.M. Thomas </i>which pertained to reservation in promotions. Justice Mathew argued that the test for inequality in Article 16(4) is an effects-oriented test independent of the formal motivation underlying a specific act. Justice Krishna Iyer and Mathew also articulated a grander vision wherein they saw the Equality Code as transcending the embedded individual disabilities in class driven social hierarchies. This understanding is crucial for governing data driven decision-making that impacts vulnerable communities. Any law or policy on AI-related discrimination must also include disparate impact within its definition of “discrimination” to ensure that developers think about the adverse consequences even of well-intentioned decisions.</p>
<p style="text-align: justify; ">AI driven assessments have been challenged on grounds of constitutional violations in other jurisdictions. In 2016, the Wisconsin Supreme Court considered the legality of using risk assessment tools such as COMPAS for sentencing criminals. It affirmed the trial court’s findings and held that using COMPAS did not violate constitutional due process standards. Eric Loomis had argued that using COMPAS infringed both his right to an individualised sentence and to accurate information as COMPAS provided data for specific groups and kept the methodology used to prepare the report a trade secret. He additionally argued that the court used unconstitutional gendered assessments as the tool used gender as one of the parameters.</p>
<p style="text-align: justify; ">The Wisconsin Supreme Court disagreed with Loomis arguing that COMPAS only used publicly available data and data provided by the defendant, which apparently meant Loomis could have verified any information contained in the report. On the question of individualisation, the court argued that COMPAS provided only aggregate data for groups similarly placed to the offender. However, it went on to argue as the report was not the sole basis for a decision by the judge, a COMPAS assessment would be sufficiently individualised as courts retained the discretion and information necessary to disagree.</p>
<p style="text-align: justify; ">By assuming that Loomis could have genuinely verified all the data collected about similarly placed groups and that judges would exercise discretion to prevent the entrenchment of inequalities through COMPAS’s decision-making patterns, the judges ignored social realities. Algorithmic decision-making systems are an extension of unequal decision-making that re-entrenches prevailing societal perceptions around identity and behaviour. An instance of discrimination cannot be looked at as a single instance but as one in a menagerie of production systems that define, modulate and regulate social existence.</p>
<p style="text-align: justify; ">The policy-making ecosystem needs, therefore, to galvanise the “transformative” vision of India’s democratic fibre and study existing systems and power structures AI could re-entrench or mitigate. For example, in the matter of bank loans there is a presumption against the credit-worthiness of those working in the informal sector. The use of aggregated decision-making may lead to more equitable outcomes given that there is concrete thought on the organisational structures making these decisions and the constitutional safeguards provided.</p>
<p style="text-align: justify; ">Most case studies on algorithmic discrimination in Virgina Eubanks’ <i>Automating Inequality </i>or Safiya Noble’s <i>Algorithms of Oppression</i> are based on western contexts. There is an urgent need for publicly available empirical studies on pilot cases in India to understand the contours of discrimination. Primary research questions should explore three related subjects. Are specified ostensibly neutral variables being used to exclude certain communities from accessing opportunities and resources or having a disproportionate impact on their civil liberties? Is there diversity in the identities of the coders themselves? Are the training data sets used representative and diverse and, finally, what role does data driven decision-making play in furthering the battle against embedded structural hierarchies?</p>
<p style="text-align: justify; ">***</p>
<p style="text-align: justify; ">A key feature of AI-driven solutions is the “black box” that processes inputs and generates actionable outputs behind a veil of opacity to the human operator. Essentially, the black box denotes that aspect of the human neural decision-making function that has been delegated to the machine. A lack of transparency or understanding could lead to what Frank Pasquale terms a “Black Box Society” where algorithms define the trajectories of daily existence unless “the values and prerogatives of the encoded rules hidden within black boxes” are challenged.</p>
<p style="text-align: justify; ">Ex-<i>post facto</i> assessment is often insufficient for arriving at genuine accountability. For example, the success of predictive policing in the US was drawn from the fact that police have indeed found more crimes in areas deemed “high risk”. But this assessment does not account for the fact that this is a product of a vicious cycle through which more crime is detected in an area simply because more policemen are deployed. Here, the National Strategy rightly identifies that simply opening up code may not deconstruct the black box as not all stakeholders impacted by AI solutions may understand the code. The constant aim should be explicability which means the human developer should be able to explain how certain factors may be used to arrive at a certain cluster of outcomes in a given set of situations.</p>
<p style="text-align: justify; ">The requirement of accountability stems from the Right to Life provision under Article 21. As stated in the seven-judge bench in <i>Maneka Gandhi vs. Union of India</i>, any procedure established by law must be seen to be “fair, just and reasonable” and not “fanciful, oppressive or arbitrary.”</p>
<p style="text-align: justify; ">The Right to Privacy was recognised as a fundamental right by the nine-judge bench in <i>K.S. Puttaswamy (Retd.) vs. Union of India</i>. Mass surveillance can lead to the alteration of behavioural patterns which may in turn be used for the suppression of dissent by the State. Pulling vast tracts of data on all suspected criminals—as in facial recognition systems like PAIS—create a “presumption of criminality” that can have a chilling effect on democratic values.</p>
<p style="text-align: justify; ">Therefore, any use, particularly by law enforcement would need to satisfy the requirements for infringing on the right to privacy: the existence of a law, necessity—a clearly defined state objective—and proportionality between the state object and the means used restricting fundamental rights the least. Along with centralised policy instruments such as the National Strategy, all initiatives taken in pursuance of India’s AI agenda must pay heed to the democratic virtues of privacy and free speech and their interlinkages.</p>
<p style="text-align: justify; ">India needs a law to regulate the impact of Artificial Intelligence and enable its development without restricting fundamental rights. However, regulation should not adopt a “one-size-fits-all” approach that views all uses with the same level of rigidity. Regulatory intervention should be based on questions around power asymmetries and the likelihood of the use case adversely affronting human dignity captured by India’s constitutional ethos.</p>
<blockquote class="synopsis" style="text-align: justify; ">As an aspiring leader in global discourse, India can lay the rules of the road for other emerging economies not only by incubating, innovating and implementing AI powered technologies but by grounding it in a lattice of rich constitutional jurisprudence that empowers the individual.</blockquote>
<p style="text-align: justify; ">The High Level Task Force on Artificial Intelligence (AI HLEG) set up by the European Commission in June 2018 published a report on “Ethical Guidelines for Trustworthy AI” earlier this year. They feature seven core requirements which include human agency and oversight; technical robustness and safety; privacy and data governance; transparency; diversity, non-discrimination and fairness; societal and environmental well-being; and accountability. While the principles are comprehensive, this document stops short of referencing any domestic or international constitutional law that helps cement these values. The Indian Constitution can help define and concretise each of these principles and could be used as a vehicle to foster genuine social inclusion and mitigation of structural injustice through AI.</p>
<p style="text-align: justify; ">At the centre of the vision must be the inherent rights of the individual. The constitutional moment for data driven decision-making emerges therefore when we conceptualise a way through which AI can be utilised to preserve and improve the enforcement of rights while also ensuring that data does not become a further avenue for exploitation.</p>
<p style="text-align: justify; ">National vision transcends the boundaries of policy and to misuse Peter Drucker, “eats strategy for breakfast”. As an aspiring leader in global discourse, India can lay the rules of the road for other emerging economies not only by incubating, innovating and implementing AI powered technologies but by grounding it in a lattice of rich constitutional jurisprudence that empowers the individual, particularly the vulnerable in society. While the multiple policy instruments and the National Strategy are important cogs in the wheel, the long-term vision can only be framed by how the plethora of actors, interest groups and stakeholders engage with the notion of an AI-powered Indian society.</p>
<hr style="text-align: justify; " />
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/fountain-ink-october-12-2019-arindrajit-basu-we-need-a-better-ai-vision'>http://editors.cis-india.org/internet-governance/blog/fountain-ink-october-12-2019-arindrajit-basu-we-need-a-better-ai-vision</a>
</p>
No publisherbasuInternet GovernanceArtificial Intelligence2019-10-14T13:55:59ZBlog EntryPrivate Sector and the cultivation of cyber norms in India
http://editors.cis-india.org/internet-governance/blog/nextrends-india-arindrajit-basu-august-5-2019-private-sector-and-the-cultivation-of-cyber-norms-in-india
<b>Information Communication Technologies (ICTs) have become a regular facet of modern existence. The growth of cyberspace has challenged traditional notions of global order and uprooted the notion of governance itself. All over the world, the private sector has become a critical player, both in framing cyber regulations and in implementing them.</b>
<p style="text-align: justify; ">The article by Arindrajit Basu was published by <a class="external-link" href="http://nextrendsindia.org/private-sector-and-the-cultivation-of-cyber-norms-in-india/">Nextrends India</a> on August 5, 2019.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">While the United Nations ‘Group of Governmental experts’ (GGE), tried and failed to establish a common law for governing the behavior of states in cyberspace, it is Big Tech who led the discussions on cyberspace regulations. Microsoft’s <a class="addbackground" href="https://www.microsoft.com/en-us/cybersecurity/content-hub/a-digital-geneva-convention-to-protect-cyberspace">Digital Geneva Convention</a> which devised a set of rules to protect civilian use of the internet was a notable initiative on that front. Microsoft was also a major driver of the <a class="addbackground" href="https://cybertechaccord.org/">Tech Accords</a> — a public commitment made by over 100 companies “agreeing to defend all customers everywhere from malicious attacks by cyber-criminal enterprises and nation-states.” The <a class="addbackground" href="https://www.diplomatie.gouv.fr/en/french-foreign-policy/digital-diplomacy/france-and-cyber-security/article/cybersecurity-paris-call-of-12-november-2018-for-trust-and-security-in">Paris Call for Trust and Security in Cyberspace</a> was a joint effort between the French government and Microsoft that brought in (as of today) 66 states, 347 private sector entities, including Indian business guilds such as FICCI and the Mobile Association of India and 139 organisations from civil society and academia from all over the globe.</p>
<p style="text-align: justify; ">However, the entry of Big tech into the business of framing regulation has raised eyeballs across jurisdictions. In India, the government has attempted to push back on the global private sector due to arguably extractive economic policies adopted by them, alongside the threats they pose to India’s democratic fabric. The Indian government has taken various steps to constrain Big Tech, although some of these policies have been hastily rolled out and fail to address the root of the problem.</p>
<p style="text-align: justify; ">I have identified two regulatory interventions that illustrate this trend. First, on <a class="addbackground" href="https://www.thehindubusinessline.com/opinion/resurrecting-the-marketplace-of-ideas/article26313605.ece">intermediary liability</a>, Rule 3(9) of the Draft of the Information Technology 2018 released by the Ministry of Electronics and Information Technology (MeiTy) last December. The rule follows the footsteps of countries like Germany and France by mandating that platforms use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.” These regulations have resulted in criticism from both the private sector and civil society as they fail to address concerns around algorithmic discrimination, excessive censorship and gives the government undue power. Further, the regulations paint all the intermediaries with the same brush, thus not differentiating between platforms such as Whatsapp who thrive on end-to-end encryption and public platforms like Facebook.</p>
<p style="text-align: justify; ">Another source of discord between the government and the private sector has been the government’s localisation mandate, featuring in a slew of policies. Over the past year, the Indian government has <a class="addbackground" href="https://twitter.com/cis_india/status/1143096429298085889">introduced a range of policy instruments</a> which<br />demand that certain kinds of data must be stored in servers located physically within India — termed “<a class="addbackground" href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">data localization</a>.”</p>
<p style="text-align: justify; ">While this serves <a class="addbackground" href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">a number of policy objectives</a>, the two which stand out are (1) the presently complex process for Indian law enforcement agencies to access data stored in the U.S. during criminal investigations, and (2) extractive economic models used by U.S. companies operating in India.</p>
<p style="text-align: justify; ">A <a class="addbackground" href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">study</a> I co-authored earlier this year on the issue found that foreign players and smaller Indian private sector players were against this move due to the high compliance costs in setting up data centres.</p>
<p style="text-align: justify; ">On this question, we <a class="addbackground" href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">recommended a dual approach</a> that involves mandatory sectoral localisation for critical sectors such as defense or payments data while adopting ‘conditional’ localisation for all other data. Under ‘conditional localisation,’<br />data should only be transferred to countries that (1)Agree to share the personal data of Indian citizens with law enforcement authorities based on Indian criminal procedure laws and (2) Have equivalent privacy and security safeguards.</p>
<p style="text-align: justify; ">These two instances demonstrate that it is important for the Indian government to engage with both the domestic and foreign private sector to carve out optimal regulatory interventions that benefit the Indian consumer and the private sector as a whole rather than a few select big players. At the same time, it is important for the private sector to be a responsible stakeholder and comply both with existing laws and accepted norms of ‘good behaviour.’</p>
<p style="text-align: justify; ">Going forward, there is no denying the role of the private sector in the development of emerging technologies. However, a balance must be struck through continued engagement and mutual respect to create a regulatory ecosystem that fosters innovation while respecting the rule of law with every stakeholder – government, private sector and civil society. India’s position could set the trend for other emerging economies coming online and foster a strategic digital ecosystem that works for all<br />stakeholders.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/nextrends-india-arindrajit-basu-august-5-2019-private-sector-and-the-cultivation-of-cyber-norms-in-india'>http://editors.cis-india.org/internet-governance/blog/nextrends-india-arindrajit-basu-august-5-2019-private-sector-and-the-cultivation-of-cyber-norms-in-india</a>
</p>
No publisherbasuCyber SecurityInternet Governance2019-08-07T15:18:27ZBlog EntryWill the WTO Finally Tackle the ‘Trump’ Card of National Security?
http://editors.cis-india.org/internet-governance/blog/the-wire-arindrajit-basu-may-8-2019-will-the-wto-finally-tackle-the-trump-card-of-national-security
<b>The election of Donald Trump has marked a foundational challenge to the rules-based international order based on “free and fair trade”.</b>
<p style="text-align: justify; ">The article by Arindrajit Basu was <a class="external-link" href="https://thewire.in/trade/will-the-wto-finally-tackle-the-trump-card-of-national-security">published in the Wire</a> on May 8, 2019.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">From <a href="https://www.reuters.com/article/us-usa-trade-wto/u-s-blocks-wto-judge-reappointment-as-dispute-settlement-crisis-looms-idUSKCN1LC19O">stonewalling appointments </a>at the appellate body of the WTO’s dispute settlement body (DSB) to <a href="https://www.bloombergquint.com/china/trump-is-said-to-delay-decision-on-steel-and-aluminum-tariffs">slapping exorbitant steel and aluminium tariffs on a variety of countries, Trump has attempted to desecrate an institution that he views as being historically unfair to America’s national interests.</a></p>
<p style="text-align: justify; ">Given this potentially cataclysmic state of affairs, <a href="https://www.wto.org/english/tratop_e/dispu_e/512r_e.pdf">a WTO panel report adopted</a> last month regarding a transport restriction dispute between the Russia and Ukraine would ordinarily have attracted limited attention. In reality, this widely celebrated ruling was the first instance of the WTO mechanism mounting a substantive legal resistance to Trump’s blitzkrieg.</p>
<p style="text-align: justify; ">The opportunity arose from the Russian Federation’s invocation of the ‘national security exception’ carved into the Article XXI of the General Agreement on Tariffs and Trade (GATT-the primary WTO covered agreement dealing with trade in goods.)</p>
<p style="text-align: justify; ">This clause has rarely been invoked by a litigating party at the DSB and never been interpreted by the panel or appellate body due to the belief among WTO member states that the exception is <a href="https://scholarship.law.nd.edu/law_faculty_scholarship/330/">‘self-judging’</a> i.e. beyond the purview of WTO jurisdiction sovereign prerogative to use as they see fit.</p>
<p style="text-align: justify; ">Over the past couple of years, the provision has taken on a new avatar with trade restrictions being increasingly used as a strategic tool to accomplish national security objectives. In addition to the Russian Federation, in this case, it was used by the <a href="https://www.cambridge.org/core/journals/american-journal-of-international-law/article/security-exception-in-wto-law-entering-a-new-era/CF8C3DCDF2CD924CAEEDD147840668F9">UAE to justify sanctions against Qatar in 2017</a>and notably by the <a href="https://www.washingtonpost.com/news/monkey-cage/wp/2019/01/11/trump-claims-that-a-national-security-exception-allows-him-to-block-imports-is-he-right/?utm_term=.5c178ecfcd7d">US administration in response to the commencement of WTO proceedings </a>by nine countries (including India) against its steel and aluminum tariffs.</p>
<p style="text-align: justify; ">India itself has also cited the clause in its diplomatic statements when justifying revocation of the Most Favoured Nation Status to Pakistan, although this has not yet resulted in proceedings at the WTO.</p>
<p style="text-align: justify; ">Even though the panel held in favour of Russia, this report lays down the edifice for dismantling the Trump Administration’s present strategy. By explicitly stating that Article XXI is not entirely beyond review of the WTO, the panel report gives a <em>cause de celebre</em> for all countries attempting to legally battle Trump’s arbitrary protectionist cause disguised as genuine national security concerns.</p>
<p style="text-align: justify; ">At the same time, it might act as a source of comfort for Huawei and China as it allows them to challenge the legality of banning Huawei (as some countries have chosen to do) at the WTO.</p>
<p style="text-align: justify; ">History of Article XXI</p>
<p style="text-align: justify; ">Article XXI had <a href="https://www.wto.org/english/res_e/booksp_e/gatt_ai_e/art21_e.pdf">an uncertain presence</a> in the legal architecture of the WTO from its very inception. It had its origins in the US proposal to establish the International Trade Organisation. The members of the delegation themselves were divided between those who wanted to preserve the sovereign right of the United States to interpret the extent of the exception as it saw fit and others who felt that this provision would be abused to further arbitrary protectionism. The delegate of Australia was also skeptical about the possible exclusion of dispute resolution through a mere invocation of the security exception.</p>
<p style="text-align: justify; ">Given this divergence, the drafters of the provision thus sought to create a specific set of exceptions in order to<a href="http://sul-derivatives.stanford.edu/derivative?CSNID=90240173&mediaType=application/pdf"> arrive at a compromise</a> that “would take care of real security interests” while limiting “the exception so as to prevent the adoption of protection for maintaining industries under every conceivable circumstances”.</p>
<p style="text-align: justify; ">To attain that objective, the provision in the ITO Charter, which was reflected in Article XXI of GATT 1947 was worded thus:</p>
<blockquote class="blurb" style="text-align: justify; ">
<p>Nothing in this Agreement shall be construed</p>
<p>to require any contracting party to furnish any information the disclosure of which it considers contrary to its essential security interests;</p>
<p>or to prevent any contracting party from taking any action which it considers necessary for the protection of its essential security interests (i) relating to fissionable materials or the materials from which they are derived; (ii) relating to the traffic in arms, ammunition and implements of war and to such traffic in other goods and materials as is carried on directly or indirectly for the purpose of supplying a military establishment; (iii) taken in time of war or other emergency in international relations; or</p>
<p>to prevent any contracting party from taking any action in pursuance of its obligations under the United Nations Charter for the maintenance of international peace and security</p>
</blockquote>
<p style="text-align: justify; ">Article XXI has been <a href="http://www.wl-tradelaw.com/gatt-article-xxis-national-security-exception-the-ultimate-trade-policy-conundrum/">historically invoked </a>in cases where national security is devised as a smokescreen for protectionism. For example, in 1975, Sweden cited Article XXI to justify global import restrictions it had had slapped on certain types of footwear. It argued that a decrease in domestic production of said kinds of footwear represented ” a critical threat to the emergency planning of its economic defense.” There was sustained criticism from some states, who questioned Sweden’s juxtaposition of a national security threat with economic strife, claiming that they too were suffering from severe unemployment at the time and the Swedish restrictions would be devastating for their economic position.</p>
<p style="text-align: justify; ">The Swedish problem dissipated when Sweden withdrew the restrictions but the uncertain peril of Article XXI remained.</p>
<p style="text-align: justify; ">In <a href="http://nujslawreview.org/wp-content/uploads/2017/01/2016-9-3-4-Sandeep-Ravikumar-The-GATT-Security-Exception_-Systemic-Safeguards-Against-Its-Misuse.pdf">another instance</a>, the US themselves had previously relied on the security exception to justify measures prohibiting all imports of goods and services of Nicaraguan origin to the US in addition to all U.S. exports to Nicaragua.It argued that Article XXI was self-judging and each party could enact measures it considered necessary for the protection of its essential security interests. In fact, it was successful in keeping its Article XXI invocation outside the terms of reference (which establishes the scope of the Panel’s report), which precluded the Panel from asserting its jurisdiction and examining the provision. It is worth noting, though, that the Panel was critical of the US for utilising the provision in this case and emphasised the need for balancing this exception against the need to preserve the stability of global trade.</p>
<p style="text-align: justify; ">The recent spate of national security driven justifications to subvert the adjudicatory powers of the WTO provided a necessary opportunity for the panel to clarify its stance on this issue.</p>
<p style="text-align: justify; ">The findings of the panel</p>
<p style="text-align: justify; ">The findings of the panel can be divided into <a href="https://www.ejiltalk.org/the-wto-panel-ruling-on-the-national-security-exception-has-the-panel-cut-the-baby-in-half/">three </a>broad clusters:</p>
<p style="text-align: justify; ">1) The WTO tribunals’ jurisdiction over the security exception: Right from the outset, the panel clearly stated that it had jurisdiction to adjudicate the matter at hand. It rebutted Russia’s claim that any country invoking the exception had unfettered discretion in the matter</p>
<p style="text-align: justify; ">2) The ambit of the self-judging nature of the security clause: Both the Russian Federation and the United States, which had filed a third party submission, re-emphasised the supposed self-judging nature of the security clause due to the incorporation of the words “ which it[the WTO member] considers necessary for the protection of its essential security interests” in clause (2) of the provision.</p>
<p style="text-align: justify; ">However, the panel argued that the sub-paragraphs (i)-(iii) require an objective review by the Panel to determine whether the state of affairs indicated in the sub-paragraphs do, in fact, exist. In this way, the Panel added,the three sub-clauses act as “limiting qualifying clauses.” The determination of the measures that may be ‘necessary’ for protecting their ‘essential security interests’ are then left to each WTO member. By interpreting the clause in this manner,the Panel deftly preserved the sovereign autonomy of member states while preventing the bestowing of carte blanche’ ability to take shelter behind the provision.</p>
<p style="text-align: justify; ">3) Determination of emergency in international relations: The use of the term “other emergency in international relations” as used in the provision is an amorphous one because the term ‘emergency’ is not clearly defined in international law. Therefore, the Panel relied on UN General Assembly Resolutions and the fact that multiple states had imposed sanctions on Russia to conclude that there was, in fact, an ‘emergency’ in international relations in this case. In doing so, the Panel upheld the transport restrictions imposed by Russia. However, the implications extend far beyond the immediate impact on the two parties.</p>
<p style="text-align: justify; ">Implications of the ruling</p>
<p style="text-align: justify; ">Before considering the implications of this report, we must consider that, like in other avenues of international law, the municipal legal principle of <em>stare decisis </em><a href="https://www.wto.org/english/tratop_e/dispu_e/disp_settlement_cbt_e/c7s1p1_e.htm">does not apply to Panel or Appellate Body decisions.</a> This means that future panels are not bound by law to follow the finding in this report.</p>
<p style="text-align: justify; ">However, WTO tribunals have often used the reasoning put forward in previous panel or Appellate Body reports to support their findings.</p>
<p style="text-align: justify; ">Steel and aluminium tariffs</p>
<p style="text-align: justify; ">The US, whose third party submission failed to sway the panel has recognised the potential implications of the report and disparaged it as being <a href="https://news.bloomberglaw.com/international-trade/u-s-calls-wto-national-security-ruling-seriously-flawed">“seriously flawed”.</a> They have also discouraged the WTO tribunals deciding the steel and aluminium tariff disputes from using it as precedent.</p>
<p style="text-align: justify; ">However, Australia, Brazil, Canada, China, European Union, Japan, Moldova, Singapore and Turkey had all filed third party submissions which encouraged the panel to assert its jurisdiction in the matter and <a href="https://www.reuters.com/article/us-usa-trade-wto-idUSKCN1S21V9">have openly supported</a> the panel’s approach – which would be a boost for the panels set up to adjudicate the Trump sanctions.</p>
<p style="text-align: justify; ">Given the groundwork laid out by the panel in this dispute, <a href="https://www.csis.org/analysis/wtos-first-ruling-national-security-what-does-it-mean-united-states">it would be difficult</a> for the US to satisfy the panel’s understanding of ‘emergency in international relations’ as the Panel clearly stated that “political or economic differences between Members are not sufficient, of themselves, to constitute an emergency in international relations for purposes of subparagraph (iii)”.</p>
<p style="text-align: justify; ">Huawei and cybersecurity</p>
<p style="text-align: justify; ">In addition to steel and aluminium tariffs, the panel’s decision also has an impact on the rapidly <a href="https://www.aljazeera.com/news/2018/12/countries-banning-huawei-181206130850129.html">unfolding Huawei saga</a>. Huawei, which is the world’s largest telecom equipment company and is now <a href="https://foreignpolicy.com/2019/04/03/the-improbable-rise-of-huawei-5g-global-network-china/">taken the lead in the race to develop </a>one of the world’s most critical emerging technologies: fifth generation mobile telephony.</p>
<p style="text-align: justify; ">However, Huawei has recently fallen out of favour with the US and <a href="https://www.bbc.com/news/av/technology-47489411/government-s-worries-over-backdoors-in-huawei-s-5g-tech-castle">other western countries amidst suspicions of them </a>enabling the Chinese government to spy on other countries by incorporating backdoors into their infrastructure.</p>
<p style="text-align: justify; ">Various countries, including Australia, Japan, New Zealand have effectively <a href="https://www.aljazeera.com/news/2018/12/countries-banning-huawei-181206130850129.html">banned Huawei from public participation</a> while the US has prevented government agencies from buying Huawei infrastructure-<a href="https://www.cnbc.com/2019/03/08/china-supports-huawei-lawsuit-against-us.html">triggering litigation by Huawei</a> seeking to prevent the move.India has <a href="https://www.orfonline.org/expert-speak/the-huawei-issue-and-dilemma-before-countries-like-india-47442/">adopted an independent approach </a>by allowing Huawei to participate in field trials of 5G equipment despite Indian agencies flagging concerns over the use of Chinese made telecom equipment.</p>
<p style="text-align: justify; ">On April 11, <a href="https://www.businessinsurance.com/article/00010101/STORY/912327909/Australia-defends-Huawei-ban,-China-complains-to-WTO">China complained about</a> the Australian decision at the formal meeting of the WTO’s Council for Trade in Goods by highlighting its discriminatory impact on China. To defend itself, Australia may need to invoke Article XXI and argue that the ban fits in under one of the sub-paragraphs (i)-(iii) of clause (2) The report by this panel, may, therefore propel the WTO’s first big foray into cybersecurity and enable it to act as a multi-lateral adjudicator of the critical geo-political issues discussed in this piece.</p>
<p style="text-align: justify; ">The history of international law has been a history of powerful nations manipulating its tenets for strategic gain. At the same time, it has been a history of institutional resilience, evolution and change. The World Trade Organisation is no exception. Despite several aspects of the WTO ecosystem being severely flawed with a disparate impact on vulnerable groups in weaker nations, it has been the bulwark of the modern geo-economic order.</p>
<p style="text-align: justify; ">By taking the ‘national security’ exception head on, the panel has undertaken a brave act of self-preservation and foiled the utilisation of a dangerous trump card.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-wire-arindrajit-basu-may-8-2019-will-the-wto-finally-tackle-the-trump-card-of-national-security'>http://editors.cis-india.org/internet-governance/blog/the-wire-arindrajit-basu-may-8-2019-will-the-wto-finally-tackle-the-trump-card-of-national-security</a>
</p>
No publisherbasuInternet GovernanceWTO2019-05-08T14:22:14ZBlog EntryResurrecting the marketplace of ideas
http://editors.cis-india.org/internet-governance/blog/hindu-businessline-february-19-2019-arindrajit-basu-resurrecting-the-marketplace-of-ideas
<b>There is no ‘silver bullet’ for regulating content on the web. It requires a mix of legal and empirical analysis.</b>
<p style="text-align: justify; ">The article by Arindrajit Basu was published in <a class="external-link" href="https://www.thehindubusinessline.com/opinion/resurrecting-the-marketplace-of-ideas/article26313605.ece">Hindu Businessline</a> on February 19, 2019.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">A century after the ‘marketplace of ideas’ first found its way into a US Supreme Court judgment through the dissenting opinion of Justice Oliver Wendell Holmes Jr <i>(Abrams v United States, 1919</i>), the oft-cited rationale for free speech is arguably under siege.</p>
<p style="text-align: justify; ">The increasing quantity and range of online speech hosted by internet platforms coupled with the shock waves sent by revelations of rampant abuse through the spread of misinformation has lead to a growing inclination among governments across the globe to demand more aggressive intervention by internet platforms in filtering the content they host.</p>
<p style="text-align: justify; ">Rule 3(9) of the Draft of the Information Technology [Intermediary Guidelines (Amendment) Rules] 2018 released by the Ministry of Electronics and Information Technology (MeiTy) last December follows the interventionist regulatory footsteps of countries like Germany and France by mandating that platforms use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.”</p>
<p style="text-align: justify; ">Like its global counterparts, this rule, which serves as a pre-condition for granting immunity to the intermediary from legal claims arising out of user-generated communications, might not only have an undue ‘chilling effect’ on free speech but is also a thoroughly uncooked policy intervention.</p>
<h2 style="text-align: justify; ">Censorship by proxy</h2>
<p style="text-align: justify; ">Rule 3(9) and its global counterparts might not be in line with the guarantees enmeshed in the right to freedom of speech and expression for three reasons. First, the vague wording of the law and the abstruse guidelines for implementation do not provide clarity, accessibility and predictability — which are key requirements for any law restricting free speech .The NetzDG-the German law, aimed at combating agitation and fake news, has attracted immense criticism from civil society activists and the UN Special Rapporteur David Kaye on similar grounds.</p>
<p style="text-align: justify; ">Second, as proved by multiple empirical studies across the globe, including one conducted by CIS on the Indian context, it is likely that legal requirements mandating that private sector actors make determinations on content restrictions can lead to over-compliance as the intermediary would be incentivised to err on the side of removal to avoid expensive litigation.</p>
<p style="text-align: justify; ">Finally, by shifting the burden of determining and removing ‘unlawful’ content onto a private actor, the state is effectively engaging in ‘censorship by proxy’. As per Article 12 of the Constitution, whenever a government body performs a ‘public function’, it must comply with all the enshrined fundamental rights.</p>
<p style="text-align: justify; ">Any individual has the right to file a writ petition against the state for violation of a fundamental right, including the right to free speech.</p>
<p style="text-align: justify; ">However, judicial precedent on the horizontal application of fundamental rights, which might enable an individual to enforce a similar claim against a private actor has not yet been cemented in Indian constitutional jurisprudence.</p>
<p style="text-align: justify; ">This means that any individual whose content has been wrongfully removed by the platform may have no recourse in law — either against the state or against the platform.</p>
<h2 style="text-align: justify; ">Algorithmic governmentality</h2>
<p style="text-align: justify; ">Using automated technologies comes with its own set of technical challenges even though they enable the monitoring of greater swathes of content. The main challenge to automated filtering is the incomplete or inaccurate training data as labelled data sets are expensive to curate and difficult to acquire, particularly for smaller players.</p>
<p style="text-align: justify; ">Further, an algorithmically driven solution is an amorphous process.</p>
<p style="text-align: justify; ">Through it is hidden layers and without clear oversight and accountability mechanisms, the machine generates an output, which corresponds to assessing the risk value of certain forms of speech, thereby reducing it to quantifiable values — sacrificing inherent facets of dignity such as the speaker’s unique singularities, personal psychological motivations and intentions.</p>
<h2 style="text-align: justify; ">Possible policy prescriptions</h2>
<p style="text-align: justify; ">The first step towards framing an adequate policy response would be to segregate the content needing moderation based on the reason for them being problematic.</p>
<p style="text-align: justify; ">Detecting and removing information that is false might require the crafting of mechanisms that are different from those intended to tackle content that is true but unlawful, such as child pornography.</p>
<p style="text-align: justify; ">Any policy prescription needs to be adequately piloted and tested before implementation. It is also likely that the best placed prescription might be a hybrid amalgamation of the methods outlined below.</p>
<p style="text-align: justify; ">Second, it is imperative that the nature of intermediaries to which a policy applies are clearly delineated. For example, Whatsapp, which offers end-to-end encrypted services would not be able to filter content in the same way internet platforms like Twitter can.</p>
<p style="text-align: justify; ">The first option going forward is user-filtering, which as per a recent paper written by Ivar Hartmann, is a decentralised process, through which the users of an online platform collectively endeavour to regulate the flow of information.</p>
<p style="text-align: justify; ">Users collectively agree on a set of standards and general guidelines for filtering. This method combined with an oversight and grievance redressal mechanism to address any potential violation may be a plausible one.</p>
<p style="text-align: justify; ">The second model is enhancing the present model of self-regulation. Ghonim and Rashbass recommend that the platform must publish all data related to public posts and the processes followed in a certain post attaining ‘viral’ or ‘trending’ status or conversely, being removed.</p>
<p style="text-align: justify; ">This, combined with Application Programme Interfaces (APIs) or ‘Public Interest Algorithms’, which enables the user to keep track of the data-driven process that results in them being exposed to a certain post, might be workable if effective pilots for scaling are devised.</p>
<p style="text-align: justify; ">The final model that operates outside the confines of technology are community driven social mechanisms. An example of this is Telengana Police Officer Remi Rajeswari’s efforts to combat fake news in rural areas by using Janapedam — an ancient form of story-telling — to raise awareness about these issues.</p>
<p style="text-align: justify; ">Given the complex nature of the legal, social and political questions involved here, the quest for a ‘silver-bullet’ might be counter-productive.</p>
<p style="text-align: justify; ">Instead, it is essential for us to take a step back, frame the right questions to understand the intricacies in the problems involved and then, through a mix of empirical and legal analysis, calibrate a set of policy interventions that may work for India today.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/hindu-businessline-february-19-2019-arindrajit-basu-resurrecting-the-marketplace-of-ideas'>http://editors.cis-india.org/internet-governance/blog/hindu-businessline-february-19-2019-arindrajit-basu-resurrecting-the-marketplace-of-ideas</a>
</p>
No publisherbasuFreedom of Speech and ExpressionInternet FreedomInternet Governance2019-02-22T02:18:53ZBlog EntryPrivate-public partnership for cyber security
http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-hindu-businessline-december-24-2018-private-public-partnership-for-cyber-security
<b>Given the decentralised nature of cyberspace, the private sector will have to play a vital role in enforcing rules for security. </b>
<p style="text-align: justify; ">The article by Arindrajit Basu was published in <a class="external-link" href="https://www.thehindubusinessline.com/opinion/private-public-partnership-for-cyber-security/article25821899.ece">Hindu Businessline</a> on December 24, 2018.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">On November 11, 2018, as 70 world leaders gathered in Paris to commemorate the countless lives lost in World War I, French President Emmanuel Macron inaugurated the Paris Peace Forum with a fiery speech denouncing nationalism and urging global leaders to pursue peace and stability through multilateral initiatives.</p>
<p style="text-align: justify; ">In many ways, it echoed US President Woodrow Wilson’s monumental speech delivered at the US Senate a century ago in which he outlined 14 points on the principles for peace post World War I. As history unkindly reminds us through the catastrophic realities of World War II, Wilson’s principles went on to be sacrificed at the altar of national self-interest and inadequate multilateral enforcement.</p>
<p style="text-align: justify; ">President Macron’s first initiative for global peace — the Paris Call for Trust and Security in Cyber Space was unveiled on November 12 — at the UNESCO Internet Governance Forum — also taking place in Paris. The call was endorsed by over 50 states, 200 private sector entities, including Indian business guilds such as FICCI and the Mobile Association of India and over 100 organisations from civil society and academia from all over the globe. The text essentially comprises a set of high-level principles that seeks to prevent the weaponisation of cyberspace and promote existing institutional mechanisms to “limit hacking and destabilising activities” in cyberspace.</p>
<h2 style="text-align: justify; ">Need for private participation</h2>
<p style="text-align: justify; ">Given the increasing exploitation of the internet for reaping offensive dividends by state and non-state actors alike and the prevailing roadblocks in the multilateral cyber norms formulation process, Macron’s efforts are perhaps of Wilsonian proportions.</p>
<p style="text-align: justify; ">A key difference, however, was that Macron’s efforts were devised hand-in-glove with Microsoft — one of the most powerful and influential private sector actors of our time. Microsoft’s involvement is unsurprising given that private entities have become a critical component of the global cybersecurity landscape and governments need to start thinking about how to optimise their participation in this process.</p>
<p style="text-align: justify; ">Indeed, one of the defining features of cyberspace is its incompatibility with state-centric ‘command and control’ formulae that lead to the ordering of other global security regimes — such as nuclear non-proliferation. The decentralised nature of cyberspace means that private sector actors play a vital role in implementing the rules designed to secure cyberspace.</p>
<p style="text-align: justify; ">Simultaneously, private actors such as Microsoft have recognised the utility of clearly defined ‘rules of the road’ which ensure certainty and stability in cyberspace and ensure its trustworthiness among global customers.</p>
<h2 style="text-align: justify; ">Normative deadlock</h2>
<p style="text-align: justify; ">There have been multiple gambits to develop universal norms of responsible state behaviour to foster cyber stability. The United Nations-Group of Governmental Experts (UN-GGE) has been constituted five times now and will meet again in January 2019.</p>
<p style="text-align: justify; ">While the third and fourth GGEs in 2013 and 2015 respectively made some progress towards agreeing on some baseline principles, the fifth GGE broke down due to opposition from states including Russia, China and Cuba on the application of specific principles of international law to cyberspace.</p>
<p style="text-align: justify; ">This was an extension of a long-running ‘Cold War’ like divide among states at the United Nations. The US along with its NATO allies believe in creating voluntary non-binding norms for cybersecurity through the application of international law in its entirety while Russia, China and its allies in the Shanghai Co-operation Organization (SCO) reject the premise that international law applies in its entirety and call for the negotiation of an independent treaty for cyberspace that lays down binding obligations on states.</p>
<h2 style="text-align: justify; ">Critical role</h2>
<p style="text-align: justify; ">The private sector has begun to play a critical role in breaking this deadlock. Recent history is testament to catalytic roles played by non-state actors in cementing global co-operative regimes.</p>
<p style="text-align: justify; ">For example, Dupont — the world’s leading ChloroFluoroCarbon (CFC) producer — played a leading role in the 1970s and 1980s towards the development of The Montreal Protocol on Substances that Deplete the Ozone Layer and gained positive recognition for its efforts.</p>
<p style="text-align: justify; ">Another example is the International Committee of the Red Cross (ICRC) — a non-governmental organisation that played a crucial role in the development of the Geneva Conventions and its Additional Protocols, which regulate the conduct of atrocities in warfare by preparing initial drafts of the treaties and circulating them to key government players.</p>
<p style="text-align: justify; ">Similarly, in cyberspace, Microsoft’s Digital Geneva Convention which devised a set of rules to protect civilian use of the internet was put forward by Chief Legal Officer, Brad Smith two months before the fifth GGE met in 2017.</p>
<p style="text-align: justify; ">Despite the breakdown at the UN-GGE, Microsoft pushed on with the Tech Accords — a public commitment made by (as of today) 69 companies “agreeing to defend all customers everywhere from malicious attacks by cyber-criminal enterprises and nation-states.”</p>
<p style="text-align: justify; ">Much like the ICRC, Microsoft leads commendable diplomatic efforts with the Paris Call as they reached out to states, civil society actors and corporations for their endorsement.</p>
<h2 style="text-align: justify; ">Looking Forward</h2>
<p style="text-align: justify; ">Private sector-led normative efforts towards securing cyberspace are redundant in the absence of three key recommendations. First, is the implementation of best practices at the organisational level through the implementation of robust cyber defense mechanisms, the detection and mitigation of vulnerabilities and breach notifications — both to consumer and the government.</p>
<p style="text-align: justify; ">Second, is the development of mechanisms that enables direct co-operation between governments and private actors at the domestic level. In India, a Joint Working Group between the Data Security Council of India (DSCI) and the National Security Council Secretariat (NSCS) was set up in 2012 to explore a Private Public Partnership on cyber-security in India , which has great potential but is yet to report any tangible outcomes.</p>
<p style="text-align: justify; ">The third and final point is the recognition that their efforts need to result in a plurality of states coming to the negotiating table. The absence of the US, China and Russia in the Paris Call are eerily reminiscent of the lack of US participation in Woodrow Wilson’s League of Nations, which was one of the reasons for its ultimate failure.</p>
<p style="text-align: justify; ">Microsoft needs to keep on calling with Paris but Beijing, Washington and Alibaba need to pick up.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-hindu-businessline-december-24-2018-private-public-partnership-for-cyber-security'>http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-hindu-businessline-december-24-2018-private-public-partnership-for-cyber-security</a>
</p>
No publisherbasuCyber SecurityInternet Governance2018-12-26T15:02:21ZBlog EntryCyberspace and External Affairs
http://editors.cis-india.org/internet-governance/files/cyberspace-and-external-affairs
<b></b>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/files/cyberspace-and-external-affairs'>http://editors.cis-india.org/internet-governance/files/cyberspace-and-external-affairs</a>
</p>
No publisherbasu2018-12-01T03:59:17ZFile