CYBER GOVERNANCE: IS INDIA APPROACHING CYBER SOVEREIGNTY?
By: Advyay Goyal & Nisarg Bhardwaj * |
Internet governance is an important issue in the 21st Century and has formed the substance of many debates raging around worldwide. The Working Group on Internet Governance (WGIG) in 2005 after considering certain adequate, generalized and process oriented criteria along with the mechanisms on internet governance available therein proposed the following working definition, “ Internet Governance is the development and application by governments, private sector and civil society in their respective roles, of shared principles, norms, rules, decision-making procedures and programs that shape the evaluation and the use of internet”.Lately, the debate around internet governance has intensified and the governments worldwide appear to be polarized on the choice and the mode of internet governance. The models for internet governance can be broadly classified into two categories namely the Multistakeholder Approach and the Multilateral Approach. The Multistakeholder approach captures the historic evolution of internet governance and represents distributed governance whereas the multilateral approach is more government-centric and seeks for government oversight of the internet. However, it is important that the debate around internet governance be rights oriented. The Internet Principles and Rights Dynamic Coalitions (IPRD) has identified various areas and principles which will ensure a “rights based internet.” Some of the rights and principles identified include Universality and Equality, Rights and Social Justice, Accessibility, Expression and Association, Privacy and Data Protection, Life, Liberty and Security etc. The purpose of this article is to introduce to the readers, in brief, the two approaches and compare them solely on the grounds of human rights and consequently determine the approach favored by India in practice.
THE TWO APPROACHES TO INTERNET GOVERNANCE
The present section aims at giving the readers a brief about the forms of internet governance with special emphasis on the concept of ‘Cybersovereignty’ as propagated by China. ‘Cybersovereignty’ could be considered as a form of Multilateral Governance. The Multilateral approach seeks for governments to have the power to regulate the Internet and guide its policies solely as a sovereign right vested in them because of the belief that they are the legitimate representatives of all actors under their jurisdiction. The approach seeks to regulate the internet with a ‘top-down consultative’ approach through multilateral agreements and treaties approved by an intergovernmental entity. International Telecommunications Union (ITU) is an important example of a body governed by this approach. A Russian analyst describes it as follows, “reasserting state sovereignty over the internet in shifting of the balance of participation from a network to network system to a government to government system”. China’s concept of ‘Cybersovereignty’ which found its mention in a 2010 policy paper is on similar lines and can be identified from the following attributes: the sovereignty of the state to manage information-flow inside the territory, the power to make independent cyber policy, every state should have equal representation in global cyberspace governance, and respect for sovereignty should be paramount in dealing with cyber related issues internationally.
On the other hand, the Multistakeholder Approach is characterized by an open-ended unleashed innovation process, decentralized governance, inclusive and open governance. John Kerry words echo the core of the Multistakeholder approach, “Unlike many models of governments that are top-down, the internet allows all stakeholders- the private sector, civil society, academics, engineers, and governments to have seats at the table”. An important initiative that sought to reinforce the Multi-stakeholder approach along with guaranteeing rights over the internet was the NET-Mundial initiative taken by Brazil in 2014. The Internet Corporation for Assigned Name and Numbers (ICANN) also serves as a living example of the approach, though its working has been criticized for various political reasons.
From the perspective of rights, the use of multilateral approach may lead to the ‘balkanization of the internet’. The real threat being authoritarian regimes, and many states in the guise of ensuring IPR Rights and local economic policies may control the flow of information inside and outside the state. Under the current political circumstances, an important motive behind nation-states embracing ‘cyber-sovereignty’ seems to control dissent and censor internet. Thus according to William Dutton, the use of the multilateral approach will be self-defeating for the developing nations which aggressively used internet technologies to cement their economic positions. Milton Mueller rejects the multilateral approach on three grounds namely, there are domains where cyber-sovereignty is not available; that internet is a global common, and there is no monopoly on the use of legitimate force on the internet. He believes that the use of Multistakeholder approach will strengthen the private sector and increase the outreach of the civil societies. For Dutton, the use of the multilateral approach will lead to ITU like governance and the key question would be therefore the protection of the internet from undue governmental and commercial interferences. An increasing number of civil organizations and declarations like the Internet Society, Global Network Initiative, Human Rights Watch and the European Parliamentary Resolution have touted the use of Multistakeholder approach to ensure effective protection of human rights. Many countries are finding the multilateral approach lucrative due to various political factors, increased disinformation campaigns and recent cybersecurity breaches which caused the nations a fortune. However, it is important to note that countries like Russia or China which have vociferously advocated for the approach have the most restrictive internet policies in the world endangering important rights of citizens like the right to knowledge and political dissent. These real-life examples cement the apprehensions which various leaders in the sector have expressed and were discussed before in brief.
DISCUSSION IN THE INDIAN CONTEXT
In this section, we will further the discussion on the issues of cyber governance with respect to India specifically. Under this section, we shall discuss the stance portrayed by the Indian government at various international cyber governance fora and the domestic cyber governance policies adopted by the Indian government to analyse whether India is approaching cyber sovereignty.
Stance of the Indian Government on various international fora
India has been switching positions between Multistakeholderism and Multilateralism on various international cyber governance fora since last few years while finally residing upon a unique approach couple of years back, termed as ‘nuanced multilateralism’ by various observers.
There have been numerous efforts internationally in the last decade to decide upon an approach and set of rules to govern cyberspace. Various meetings on fora like Internet Governance Forum (IGF), UNGA and UNGA’s Working Group on Enhanced Cooperation, ITU’s World Conference on International Telecommunications, NETMundial Initiative, ITU’s Plenipotentiary meetings have been convened for dialogue on cyber governance. The moot point in almost every one of these meetings has been to fix upon either Multistakeholder or Multilateral approach towards cyber governance.
In the early years of the debate, India swung between Multilateral and Multistakeholder approach. Back in 2011 at the 68th UN General Assembly, Indian government being represented by the Ministry of External Affairs (MEA), in support of Multilateralism, introduced the proposal for a UN Committee on Internet-Related Policies (CIRP) calling for a ‘multilateral, democratic and participative global policymaking mechanism’, while relying on the Tunis Agenda for the Information Society. Although the proposal was both Multilateral and Multistakeholder in approach, in the spirit it was Multilateral. Similarly, in 2014 at various fora like NETMundial, 4th Meeting of the Working Group of Enhanced Cooperation (WGEC), ITU’s Plenipotentiary meeting, Indian Government being represented by the Ministry of External Affairs (MEA) vouched for a multilateral approach for internet governance. Whereas in various editions of Internet Governance Forum (IGF) held in 2011, 2012, 2013 Indian government being represented by Ministry of Communications and Information Technology (MCIT) voiced for a Multistakeholder approach with a desire to work with society and companies for governing internet. It can be discerned that whenever the Indian government is represented by the MEA, it has favoured the Multilateral approach whereas when it has been represented by MCIT or by its departments, it has favoured the Multistakeholder approach. Consequently, in the past couple of years, the two ministries have adopted a similar stance and have supported a form of Multilateral approach which includes stakeholders at the policy making decision, but places responsibility on the state while policy implementation. India supports this stance as it takes into account the accountability of a state towards its citizens, hence creating a responsibility on the state for policy implementation.
Indian Domestic Policies
India on international fora supports Multistakeholderism as far as policymaking is concerned, however domestic cyber policies do not reflect the same. We shall analyse the above assertion with the following examples.
India got its first data protection bill in 2019 after years of efforts, which was submitted by a committee headed by an ex-SC Judge, Justice BN Srikrishna. The committee formed for submitting the reports had various stakeholders, hence fulfilling the criteria for the involvement of stakeholders in policy-making as has been the stance of India. But after the submission of the report, the draft bill which was introduced in the Lok Sabha in December 2019 was in contrast to the Committee’s report and was devoid of many safeguards suggested by the Committee. The bill gives vague exemptions and overriding powers to the government from the provisions of the bill under the terms of “security of the state, public order, sovereignty and integrity of India and friendly relations with foreign states” and various other clauses. The bill has been criticised to be authoritative and violative of basic human and fundamental rights of Indians such as privacy and freedom of expression. Provisions similar to these are also seen in the highly-controversial Chinese cybersecurity law, which confers similar powers to the Chinese government. This could be the indication that under the guise of involving multi-stakeholders in policymaking, the Indian government is striding along full-fledged Multilateralism.
The Information Technology (Intermediaries guidelines) Rules, 2011 were amended by way of The Information Technology Intermediaries Guidelines (Amendment) Rules in 2018. These guidelines regulate the intermediaries in the cyberspace and curbs the problem of fake-news and disinformation. These guidelines, which were formed by an executive authority making it an act of delegated legislation, while implementing the legislative mandate of the parent act i.e. Information Technology Act, 2000 even created new harsher obligations for intermediaries. Subordinate legislation by nature cannot re-write or enlarge the scope of parent act, rather it can only fill in the administrative or procedural details of the Act, but these guidelines enlarged the scope of the parent act. The guidelines are an example of a one-way policy making approach without the inclusion of proper stakeholders, which has even evoked disapproval from stakeholders.
In 2018, RBI had passed a circular mandating localisation of payment data. Although this measure appears to protect local citizens’ data from foreign surveillance, the new Data Protection Bill gives the government power to obtain anonymised data from companies on vague grounds, thus increasing the state’s power on domestic cyberspace. This along with the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules, 2017, which is used extensively by the government to suspend telecom services in various parts of the nation, indicates towards increasing control of the state over cyberspace. The lack of reasoned orders and accountability under the current practices amplify the concern of violation of basic human rights of people like the right to freedom of expression, right to livelihood because in the modern-times internet has become the platform for earning for many people. The current regulatory practices of India bear resemblance to the features of cyber sovereignty discussed above which leaves us with the question, whether India is embracing the Chinese philosophy of cyber sovereignty?
The internet is a treasure trove for endless opportunities. Therefore, the governance of the internet should be people-centric and involve all stakeholders to ensure unhindered exploitation of the opportunities that internet offers. As Emmanuel Macron puts it, the governance of the internet cannot be entirely left to the market forces or authoritarian states alone. The requirement of the day is, therefore, to innovate our approaches to internet governance and include all stakeholders like civil societies, internet players etc. along with the governments.
For India to preserve its democratic values along with national security, it is important that the government includes all stakeholders in deciding national policy on the internet. To preserve the fundamentals of the internet which include universality, equality and freedom, the governments should adhere in spirit to identified and established principles of internet governance for benefits of their citizens.
* The authors are the students of Gujarat National Law University, Gandhinagar