Tuesday, March 10, 2015

The State is using the law to hide the truth

Today it is the Government vs the BBC. Tomorrow it could be the State vs people of India

YouTube is blocking the BBC documentary India’s Daughter thanks to a request by the government. The move is also in compliance with the order passed by the Delhi High Court, which has said that the video cannot be “uploaded, transmitted and published” since it could trigger law and order problems in the country.

Clearly, the Internet-savvy Indians seem to disagree with the court order. Restricting the flow of information, either by stopping broadcasts or banning physical books, is today an analogue problem. Given the porous digital borders, the government would find it difficult to block the documentary. Users will continue to upload the film, with many file names using the word ‘banned’ in the titles. Yet, the government could block entire websites like it did to restrict pro-ISIS content in 2014, invoking Section 69A of the Indian Information Technology Act 2000, which allows blocking public access to Internet content when India’s sovereignty, or public order, is threatened. The J&K government had resorted to similar measures in 2012 when it tried to stop online circulation of the controversial anti-Islamic video The Innocence of Muslims. At that time, the government used Section 5(2) of the Indian Telegraph Act, another instrument to maintain public order. Indeed, India could potentially shut down the Internet as Egypt did in 2011 when President Hosni Mubarak grew nervous of growing protests against his government.

India’s Daughters isn’t about terrorism, communal disharmony or political protest. The brutal rape it refers to had brought the country to a standstill. And now, outraged that they are not allowed to watch the documentary, Indians are using the Internet to challenge the ban.

Such public support could trigger consequences for netizens individually. Legally, under Section 66A of the Indian Information Technology Act 2000, anyone who sends an ‘offensive message’ (such as a link to the video) through communication services, causing ‘annoyance, inconvenience, danger, obstruction, insult… or ill will’ is liable to be arrested. One could face up to three years in prison and a fine.

That brings us to an interesting conundrum. Recent headlines have highlighted the face-off between the government and the BBC, which went ahead and aired the documentary in Britain. Though the BBC, a foreign media channel, will not broadcast it in India pursuant to the court order, reports suggest that the government may ‘take further action’ against the BBC for broadcasting the documentary. India might even try to restrict it from being telecast in other countries. How that will play out will be interesting. Indian court orders do not apply in the international jurisdiction. But they do here. So the next question to ask is, how will India react within its own borders and bandwidth, with its own citizens?

In India, freedom of expression is guaranteed by the Constitution, albeit with reasonable restrictions, and it is not a right that ought to be restricted so easily. Unfortunately, in our democracy, the unfolding India’s Daughter incident certainly feels like yet another instance of hiding the truth behind the law. Resorting to a ban puts a positively active and engaged citizenry highly susceptible to arrests. Are these the fights we want to fight?

Mahima Kaul is head, Cyber and Media Initiative at the Observer Research Foundation, New Delhi
The views expressed by the author are personal


Tuesday, February 24, 2015

New digital age and importance of privacy of data

Privacy should not be limited to headline grabbing revelations about surveillance, Snowden and Sony; these conversations need to be mainstreamed to every citizen-consumer.

A few months ago, I was invited to sit on a jury looking at innovative uses of social media platforms and community-oriented apps. The awards criteria included originality, implementation, scalability and impact. The ideas ranged from community based apps that serve as a local Google to online campaigns asking netizens to share their experiences

about sensitive issues. While I returned feeling very hopeful about the positive potential of the internet, there was a nagging feeling that something was missing. The issue of privacy, so very central to the "high brow" conversations we have around the internet, had simply not been addressed in this initiative.

The central business model of the internet is data collection, and much rides on the successful analysis and use of that data. Its growing importance can be gauged from the fact that today "big data" is an industry in itself. It is no wonder that questions of privacy of the data that users are supplying (often inadvertently) are rising to the fore. Globally, the terms of service between consumer and developer are in the spotlight; often users have no idea the degree of personal information they are signing away with a simple click. Worse, is the lack of understanding about privacy concerns in the internet age - which part of your data legitimately belongs to these companies whose services you are using, and what are they attempting to claim ownership over? Will these companies share this data with the government? Are they going through your hard drive and contact list? Who will they sell your data to and will they anonymise it before selling it? Will you be informed of a data breach?

Flagging these concerns in India today can avoid a lot of complications later, and certainly lessons can be drawn from societies who have been through similar experiences. The myth of techno utopia has been around since the early 1990s, when there was hope in the US that new technology would bring universal wealth, enhanced freedom, revitalise politics, and satisfy community and personal fulfillment. Is this true of India today? Consider how the internet is sold to the average Indian - from the wonderful ways in which an internet search can add value to your life, or multiple safety solutions for women which ask them to blithely allow these apps to track their location and movements. Google CEO Eric Schmidt was not wrong when he told the audience at the World Economic Forum at Davos that the internet would simply disappear into the background as it will become so common - a recent report revealed that millions all over the world did not even realise they were using the "internet" when they were using Facebook!

"Code is law" - the idea which Lawrence Lessig fielded in 1999 - believes that it is the code of the software and hardware we use that will determine how much privacy, free speech, anonymity and individual control we are afforded. This certainly rings true today as well, especially in a country like India where we are still operating in the shadow of concepts like privacy, data security and certainly data collection. Unless the apps, platforms and websites being developed and disseminated in India are held to a higher standard - even as they win awards for popularity and sustainability - a billion Indians will find themselves at the short end of the stick due to the proliferation of the uncritical use of these technologies. Are start-up competitions, innovation and entrepreneur funding, and even technology journalists addressing this crucial issue? Are they helping to implement the privacy provisions to India’s Information Technology Act and rules? Look for yourself: Do any of the tech forums seem to betray this concern?

The internet is growing faster than we realise - the internet of people is giving way to the internet of things. Voice-controlled televisions that can "listen" to your information and share with third parties, and weighing scales which could sync your information with your phone, laptop and cloud through your home Wi-Fi network. Before we buy into the vision of a new digital age, one in which technology will save us, let the buyer beware. Is it completely unimaginable in India that our online identities could be linked to a digital "profile" culled from information gathered from digital wallets, websites, and social media chatter?

It’s time developers, funders and users alike start paying more attention to the privacy implications of the techno-utopia they are so eager to participate in.


Tuesday, January 27, 2015

Book Review – “The Electronic Silk Road: How the Web Binds the World Together in Commerce”

The argument for an electronic silk road, promoting free trade and by extension, harmonious global values and laws, is an inherently appealing idea to all digital natives used to an ‘open web’ experience. Dr Anupam Chander, himself a product of parents who migrated from India to the US in search of a better life, expertly lays bare the changes in global trade patterns – and the resulting complications – in his book ‘The Electronic Silk Road: How the Web Binds the World Together in Commerce,’ released in 2014 in South Asia. Aside from the easy narrative exploring complicated developments, Chander’s book is especially pertinent for an Indian audience, looking to profit off this free trade, often without reading the fine print.

The promise of Trade 2.0 is enormous, begins Chander, but he quickly delves into the real world complications that arise out of these new exchanges. Unlike with goods trade, where a well-defined port of entry and exit serves as points for regulation and new jurisdictions, digital exchanges of services, prove to be far trickier. He raises a metaphysical question: where does an event in cyberspace occur? Simply put, whose jurisdiction extends to these digital transactions – the region where the company providing the services is registered, or the region where these services are consumed?

The real-life examples of the ‘pirates of cyberspace’ are easier understood. For example, the gambling sites operating out of Antigua, where it is legal, were sorely contested in the USA, where, for the most part gambling is illegal. This particular case went to the WTO where the gambling sites argued that they were simply providing entertainment services while the US argued that this sort of activity would promote fraud, money laundering and underage gambling. The WTO sided with the US. Another case, familiar to most young people, is of the file-sharing site, The Pirate Bay, which is under constant legal threat from copyright holders because of the “illegal” downloading of materials that include movies and music. The founders have even been convicted of copyright infringement under Swedish law, and have since moved their domain name from .org to the Swedish address .se to avoid the risk of seizure of their domain name by the US authorities.

 This move too, speaks to the parallel jurisdictions that exist in cyberspace, complicating its ‘free flow.’ In fact, the domain name system is described by Chander as ‘choke point’ in an essentially end-to-end system. What this means is that the body that sets rule for domain names, Internet Corporation for Assigned Names and Numbers, ICANN, can function as an otherwise elusive chokepoint for domain registries such as .com, .net and others. However, this privately held body has so far only chosen to apply its authority on behalf of trademark holders. The recent bitter fights over who would be granted the domain of .vine and .wine saw France lash out against ICANN, and India too expressed its concerns at private companies being awarded domains like .indian and .ram, for fear they could be misused. Another ‘choke point’ is the root server, which serves as the registry for domain names. Who maintains these is a pertinent question. For example, VeriSign maintains the .com and .net root servers, and is based in Virginia, USA. Therefore, that is where its jurisdiction lies. More recently, some root servers have been distributed across multiple jurisdictions, making it harder to locate and attack. However, keeping these root servers under one authority such as ICANN is seen as crucial to many, as it allows web users based in different countries to ‘talk’ to each other. While countries can create a parallel internet system, as China and Russia have done, it would mean that users across the world would have to modify their computers to point to the alternative DNS rather than ICANN DNS. This is seen as a serious affront to the seamless nature of the current, dominant, internet experience.

 Ultimately, the book is an examination of trade and law, and its new avatars in the cyber realm. A new global division of labour – where US legal documents are being prepped by lawyers based in India, and phone calls to big American companies are being answered by Filipino workers – also means countries will display protectionist behavior. For example, in the light of increasing medical images review (including radiology)moving from the US workforce to India, the US Congress restricted Medicare reimbursements for services that were subcontracted to providers located outside the country. This dichotomy between wanting free trade but protecting ones country from the same has come up during Trade 1.0 and continues to be a theme in Trade 2.0

 Chander also flags newer scenarios that are emerging. For example, ‘cloud computing’ is essentially the act of ‘moving a computer service to remote computers, typically with the user both largely unaware of the jurisdiction or jurisdictions from which the service is actually supplied.’ This is important. For companies such as Google, the cloud exists across various techno-legal-economic jurisdictions, which he fears could become a ‘legal black hole’.

 The legal aspects of this new silk road,and how they should be shaped, form the crux of Chander’s book. After going into some detail about one of the biggest companies to exist thanks to the internet – cheekily called Facebookistan due to its billion citizens – Chander quotes founder Mark Zuckerberg acknowledging its special role: “We exist at the intersection of technology and social issues.” But what has this meant? Differing privacy standards across the world, where facial recognition features might not be welcome in some regions as they are in others; differing free speech environments where governments might want to step in to censor content their believe is inflammatory; and different regulatory climate with some states moving to tax Facebook on its growing advertising revenues.

 What does this lead up to? A few steps are outlined by Chanderto ensure trade across cyberspace remains ‘free’. The first is legal glocalization – where sites are localized to conform to varying rules in different jurisdictions. However, Chandertempers this suggestion, warning that excessive interventions will hamper the worldwide nature of the web. This scenario harks back to an earlier question – whose law applies? The choices here are the following: country of origin; country of reception; UN or a treaty-based law; self-regulation by the private companies involved and finally, user-based regulation. There are problems with each scenario. The country of origin suggestion might spark what is called a ‘race to the bottom’ with companies trying to register themselves in places with minimal regulation. An international treaty seems difficult, given that speech, privacy, defamation and a few other concepts are difficult to create consensus around. The country of reception principle would make it very difficult for corporates trying to enter many different markets, and both regulation by users and/or the companies themselves might lead to problems later, given that consumers often lack knowledge about the services they use. All these problems lead Chander to suggest adopting the principle of ‘harmonization’ where one should imagine a regulatory ‘race to the top’; with regulatory competition among countries leading to a global welfare-maximizing ideal. This, coupled with companies abiding by the ‘do-no-wrong’ principle – for example, not assisting authoritarian regimes to suppress free speech and human rights –would help countries across the world reach their goal to manage overlapping jurisdictional authority. Courts could decide on applicable jurisdiction according to the state with the closest connection to the dispute. The creation of international standards and the increasing difficulty of enforcing differences would, according to Chander, encourage the emergence of global best practices.

 Chander’s book is a knowledgeable and a timely intervention in a world increasingly relying on the information society to move it forward. India too, speaks the language of ‘Digital India’ and everywhere one looks e-commerce websites are capturing the public imagination. Start-ups are the order of the day; complementing the already established IT services industries. Global commerce is changing the world, and the internet is now termed a ‘global commons’ – it has achieved as much importance as the seas and space! In this scenario, some of India’s own unique problems in this domain are addressed by this book: that of jurisdiction over transnational data flows. In the past, Indian ministers have offered the opinion that jurisdiction should extent to the country of reception. Currently, India is exploring the idea that data flows originating and ending in one jurisdiction should only be routed through that country, and not through international servers. This does not address the problem of jurisdiction of international data flows, but it is a start. Further, India believes that the routing of internet traffic and their numbering need not be carried out by a private body such as ICANN, but that the role can be shared by governments under bodies such as the International Telecommunications Union. These are suggestions on the table, but strike at the heart of the debates being carried out about the future of the internet – which is also the future of international trade.

 There is only one weak point in the book. Chander wonders if international trade law could encourage political freedom around the world. Human rights in cyberspace do end up in debates about not the production, but the consumption of knowledge. Many in the West want the internet to adopt common values of free expression. Yet, this can often be the point of departure for many countries. Some are authoritarian and want to impose censorship. Others, and India can fall into that category, is not interested in foreign elements dictating national policy. This is the reason why foreign funded bodies often come under the scanner in India. The argument is tricky, and opens up more questions than what this book seeks to answer.

 Ultimately, Chander’s informative book engages the reader. It is recommended for those who want to peek into the nuts and bolts of the internet, understand the application of the law that guides it, and finally, follow the smell of money!

 The author heads the Cyber and Media Initiative at the Observer Research Foundation.

Tuesday, October 21, 2014

ORF-Heritage Report: Indo-US Cooperation on Internet Governance and Cybersecurity

State Responsibility in the Cyber Commons: Deepening the India-US Relationship


Two countries which share so many common values―democracy, rule of law, freedom of expression, liberty, multiculturalism, freedom of religion―have not yet been able to operationalise a strategic partnership that would define the 21st century. That ‘big idea’, which could form the basis for the next phase of the US-India relationship, has seemed elusive. Strategic thinker C. Raja Mohan suggested in 2010 that this need not be the case, and the basis of this partnership could be protection of the global commons―the oceans, air, outer space and cyberspace. In the backdrop of the instability of these commons, and the growing pressure on the US’s ability to secure these spaces, Raja Mohan maintained that since free flow of information and trade across the global commons is vital for both economies, India could serve as a natural ally for the US.[1] Admittedly, this is not an easy task, especially in the cyber domain. Misapprehensions about US dominance, its capabilities and intent as revealed by the Edward Snowden disclosures, cast a shadow over common areas of interest. Yet, both countries seem to understand there is much to be gained from closer collaboration, especially given the increasing intensity of threats to their digital boundaries and the state’s responsibility for controlling the proliferation of such activities.

Globally, accusations citing cyber attacks from across borders are becoming increasingly common. In fact, many countries which have been vocal about being victims of cyber attacks, have been at times perpetrators themselves. For example, the United States, which in May 2014, indicted members of the Chinese military for engaging in acts of hacking and spying on US businesses and entities, has itself been accused of launching the virus Stuxnet in 2010 (in collaboration with Israel) on Iran’s nuclear centrifuges, destroying one-fifth of them. And in turn, Iran has been accused of ‘non-stop cyber attacks’ on major computer systems in Israel.[2] There is also the 2014 case of Russian hackers attacking US bank J.P. Morgan and stealing sensitive data to sell in the global black market. Some analysts suggest that these actions are in retaliation to Western economic sanctions against Russia. Therefore some common, global understanding of the rules of state behaviour in cyberspace is needed.

Currently, under Article 51 of the UN Charter, states, individually or collectively, have the right to defend themselves against an ‘armed attack’ in cyberspace.[3] There is much work being done in the area of international law to understand the terms ‘armed act,’ ‘acts of aggression’ and ‘force’ when they relate to the cyber world, as there is no international consensus on the issue. As witnessed in the US case, acts of espionage (which have been attributed to a state, in this case China) fall short of a cyber attack, but are still considered to have significant consequences on the economy. Under these circumstances, and others that have preceded it, the global conversation has been veering towards chalking out rules of cyberspace.

Two schools of thought have emerged. The first is a solution put forward by China, Russia and a few other countries: have an international code of conduct with a view to protecting information security. This has been formalised in the Eurasian grouping called the Shanghai Cooperation Organisation (SCO). The members are China, Russia, Uzbekistan and Tajikistan, among others. India has observer status at the SCO and is up for full membership. Their 2009 Yekaterinburg Declaration stated: “The SCO member states stress the significance of the issue of ensuring international information security as one of the key elements of the common system of international security.” In 2013, Russia and China submitted an ‘International Code of Conduct for Information Security’ to the UN.[4] The code dwells on information security in a few parts, including “…curbing the dissemination of information that incites terrorism, secessionism or extremism or that undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment.”

This is the point of departure for many other nations, which are less concerned with ‘information security,’ often seen as securitisation of free speech. Instead, they prefer to focus on ‘network security’―that is, keeping the critical resources that keep cyberspace functioning, protected. This is also the stated point of view of the US. To that end, some experts have pointed out that countries should share, to some extent, their military doctrines on how they will use cyber techniques for offensive purposes to achieve international stability in cyberspace.[5]
This also leads to the very pertinent question of what constitutes an act of war in cyberspace. Here, an argument has been made for the international community to set ‘norms’, to shape behaviour and limit conflict in cyberspace. This view has been worked on at the United Nation’s Group of Governmental Experts meetings, and has included the US and its NATO allies, India and even China. The report of the third meeting of the GGE in June 2013 concluded that “international law and in particular the United Nations Charter, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment.”[6] The non-binding exercise seeks to derive norms from existing laws. It also says that states must meet their international obligations regarding wrongful acts attributable to them. States must not use proxies to commit internationally wrongful acts. States should seek to ensure that their territories are not used by non-state actors for unlawful use of information and communications technologies (ICTs).
Presently, the Tallinn Manual, produced by the NATO in 2013, seeks to examine how existing international norms apply to cyber ‘warfare’. It states in Rule 11 that “a cyber operation constitutes a use of force when its scale and effects are comparable to non-cyber operations rising to the level of a use of force.” These operations are to be measured taking into account a variety of factors: severity, immediacy, directness, invasiveness, measurability of effects, military character of the cyber operation, the extent of state involvement, and presumptive legality.[7]
However, some experts have criticised its narrow view of state responsibility, saying that it gives the initiative to attackers, sending the message that huge numbers of cyber-intrusions are possible with impunity. The question they ask is whether this encourages cyber-aggressive states to push the envelope[8]. The growing concern is understandably protection of their critical infrastructure, which is vulnerable to cyber attacks from all quarters. This is a concern for the US and India alike.

The reality is that even if digital forensics could trace the origin of a cyber attack, it can be extremely difficult to get states to even acknowledge there is non-state activity emanating from their territories. Indian security experts feel that in some cases, there will be a genuine lack of capacity to control cyber events on one’s soil; in other cases, some states could deliberately build ambiguity to mask their role. Another question worth considering is whether the state is complicit in a cyber attack, either by financial or other forms of assistance.

Offline, India’s own experience with Pakistan, while trying to control international terrorism, has not been very positive. The country maintains plausible deniability about its support to terror groups operating in Afghanistan and India, and the international system has been unable to compel Pakistan to change its behaviour.[9] Add to this scenario a statement made by India’s Minister for Communications and Information Technology to the Indian Parliament in July 2014: cyber attacks on India originate in the UAE, Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the US.[10]

The question then, for India and the US, is how the global governance regime can induce other states to reduce threats from within their borders. Norms that constrain cyber attacks is one strategy. This is also where their ‘big idea’―of protecting the cyber commons―could, in part, be met with another strategy. Closer cooperation for technological solutions will complement the political solutions. Knowledge exchanges between their Computer Emergency Response Teams (CERTs), war games, educational, scientific and research cooperation, and other safeguards could help build formidable digital borders that rogue states and groups would not want to risk infiltrating.

Cooperation also includes strengthening the India-US Counter Terrorism Initiative, established in 2009, which is continuing through India-US strategic dialogue meets. However, there are some bottlenecks that need to be ironed out. As was visible in the investigations that followed the horrific November 2008 terror attacks, fissures can crop up between intelligence agencies of the two countries. At first, Indian intelligence agencies cried foul saying the US had not shared information about terrorist David Headley with them. Later, India’s limited access to Headley revealed how much these information exchanges are susceptible to sovereign immunities. Both countries need to make a definite push to fix national legislation in order to share data about terrorist activities, unhindered by domestic laws. This is essential to safeguard the growing digital partnership.

Closer cooperation on digital forensics―and identifying the source of attacks―would, in the longer term, help simplify the application of international law in cyberspace. It would also provide a much-needed deterrent to states indulging in economic espionage and cyber crimes. A framework of cooperation is the order of the day to keep the networks both countries so heavily rely on stable and secure.

[1] C Raja Mohan, “India, the United States and the Global Commons.” Centre for a New American Security. October 2010, at  http://www.cnas.org/files/documents/publications/CNAS_IndiatheUnitedStatesandtheGlobalCommons_Mohan.pdf.

[2]Iran ups cyber attacks on Israeli computers: Netanyahu”, Reuters, June 9, 2013, at http://www.reuters.com/article/2013/06/09/us-israel-iran-cyber-idUSBRE95808H20130609.

[3] UN Charter, ‘Chapter Vii: Action With Respect To Threats To The Peace, Breaches Of The Peace, And Acts Of Aggression,‘ Article 51, at http://www.un.org/en/documents/charter/chapter7.shtml.

[4] International code of conduct for information security. UNGA, 66th Session, Item 93 on Provisional Agenda, at http://www.rusemb.org.uk/data/doc/internationalcodeeng.pdf.
[5] Jim Lewis, “Multilateral Agreements to Constrain Cyberspace,” Arms Control Today, June 2010.
[6] Report of the Group of Governmental Experts on Development in the Field of Information and Telecommunication in the Context of International Security, submitted to the UN General Assembly 68th Session, June 24, 2013.
[7] Michael N. Schmitt, Tallinn Manual on the International Law Applicable to Cyber Warfare, ed. Michael N. Schmitt (Cambridge: Cambridge University Press, 2013), 13.
[8] Peter Margulies, “Sovreignity and Cyber Attacks: Technology’s Challenge to the Law of State Responsibility,” 2013, Melbourne Journal of International Law, Volume 14, University of Melbourne, at http://www.law.unimelb.edu.au/files/dmfile/05Margulies-Depaginated.pdf
[9] C Raja Mohan, “Negotiating Cyber Rules,” in the Cyber Debates special issue of Seminar Magazine March 2014, at: http://www.india-seminar.com/2014/655/655_c_raja_mohan.htm.
[10] Shauvik Ghosh, “Govt looks to beef up cybersecurity before Independence Day,” August 9, 2012, at http://www.livemint.com/Politics/hpNSiKsZcwu3Ldy8TslOsL/Govt-looks-to-beef-up-cybersecurity-before-Indepence-Day.html?utm_source=copy.

Thursday, October 02, 2014

Global Policy publishes my Issue Brief on Internet Governance + India

The Observer Research Foundation’s Mahima Kaul unpacks India’s approach to internet global governance.

Governments around the world seem to be straddling the dichotomy the internet has brought into our lives: the endless possibilities of innovation, commerce, expression, big data, along with the challenges of cyber crime, security, disinformation and surveillance. The weight given to each of these outlooks ends up determining a governments approach towards internet governance. And since global internet governance itself is distributed across various foras, governments are free to change their strategy to suit their outlook, depending on the topic being discussed. The same government might approach the management of critical resources with a strict nationalistic outlook, yet look to forge agreements on cyber crime bilaterally, create norms of state behavior multilaterally, and discuss human rights and free expression via a multistakeholder process. This is also the reason that democracies need not necessarily agree on global governance mechanisms even if they converge on values.

It must be kept in mind that the internet has fundamentally changed over the years. Its potential to cross barriers and serve as a platform for the free exchange of goods and knowledge remains immense, and some of those who have seen the development of the internet from its inception are fighting bitterly to keep it such. But, the reality is that is not quite the version of the internet that many new users experience. They have inherited an internet fraught with crime such as hate speech and cyber bullying, it is an internet where net neutrality is being threatened in the very country that created it, an online world where big corporations are pushing stringent intellectual property regimes and where ‘free trade’ over the internet seems to be a well crafted narrative to promote the supremacy of US companies. Navigating these waters, for people and governments alike, can be complex.
Currently, the US dominates the global internet governance architecture and pushes a multistakeholder system that banks on the participation and maturity of all stakeholders. Countries like India, tiptoeing into many of these foras, do not share the same enthusiasm for these governance mechanisms. The vast majority of Indian citizens are not yet online. In fact, the Indian government is most concerned about the current management structure of critical internet resources, the uncoordinated national approaches to determine cyber jurisdiction over transactions that span multiple territories, and ensuring universal access through affordable (and secure) devices. With this background, it can be understood why the world’s most diverse democracy has resisted “multistakeholderism” as a global governance mechanism, a system inherently democratic in its description, but not yet suited to its objectives.

Yet, for a people famously called argumentative by Nobel laureate Amartya Sen, Indians have been curiously lacking in explanations about these particular decisions. The international press, confused by the government of India’s contrarian views, simplistically bunches it along with authoritarian countries who oppose the US’s global governance framework.

The below Issue Brief attempts to unpack India’s approach to global governance, and its attempt to seek a new global governance paradigm: http://www.globalpolicyjournal.com/blog/30/09/2014/global-internet-governance-indias-search-new-paradigm

Sunday, September 21, 2014

Digital strategies for disaster management: Lessons from Kashmir

In a passionate letter explaining his government’s failure to coordinate relief efforts in Jammu and Kashmir, Chief Minister Omar Abdullah stated that a breakdown in connectivity due to unprecedented flooding caused a ‘missing government’ in a time of crisis. Recounting the chain of events in a newspaper, he wrote: ‘Initially I was relieved to find that broadband Internet services and BSNL cellphone services were functioning, but that relief was a short-lived one because a few hours later, we were effectively cut off from the rest of the world — no phones, no Internet, no roads and, once electricity went off, no access to TV stations either.”

The floods of Jammu and Kashmir, in time, crippled all modern modes of communication. Phone lines and internet connections were down as telecom infrastructure was severely damaged. At a point, only network operator Aircel managed to provide service as its mobile centers were on high rises. All telephone exchanges were submerged save one. Authorities estimated it would take a few days, at the minimum, to repair connectivity. A week later, the army and local administration are working on restoring 2G services. Add to that, electricity lines were severely damaged, hampering restoration of normal services.

Those who managed to find signal briefly called friends and family to be rescued. Others, who were fortunate enough to be rescued, informed people, many of whom were stationed outside Jammu and Kashmir with full connectivity, of the whereabouts of stranded neighbors. Quickly, as people have started doing in times of crisis, reports of those who needed rescuing and those who had been rescued started making their way onto social media platforms. Google released a ‘Person Finder’ page which allowed people to feed in names of those they were looking for, or add information about those they knew had been found. Facebook communities like ‘Kashmir Flood Information Channel’ had over 22,000 people on it, adding pictures, tidbits, hopes and prayers along with real-time information about loved ones. Soon enough the process became formalized, making the connection between information and where it needed to go. A top executive at Twitter India offered to organize information on flood victims and feed it directly to the Army. At the same time senior army personal used Whatsapp to feed information to senior commanders, so as to direct them on where to go next for rescues. Some reports say that over 12,000 people were helped thanks to social media.

The army, on its part, was able to connect to social media content because it was using satellite phones. These phones do not use terrestrial cellular sites like the ‘normal’ phone that most of us use, but instead are linked to satellites in geostationary orbit, which is essentially a fixed position in the sky.  These phones are generally not made available to the general public because of security concerns, as they use encryption and are hard for the authorities to intercept. Therefore, satellite phones in India, can only be used after obtaining a license. According to reports, the army has begun sharing satellite phones with civil administration, along with 100 Mobile Cell Communication Sets, to enable the relief efforts. Plans also include setting up STD booths as connectivity is restored, as well as moving generator sets into the state. In fact, satellite phones have been used in disasters when regular mobile networks have failed, ranging from Hurricane Katrina to the Haiti Earthquake, and interestingly, are even used by reporters in war zones for safe and assured communication. On another note, there are cases of people with solar chargers for their phones who were able to maintain battery levels despite the lack of electricity, and connect with the outside world as soon as they found signal. And now, sending shipments of solar lamps are being sent to the state to help with the relief effort.

So, the situation as it were is this: in the worst natural disaster Jammu and Kashmir has seen in recent memory, all phone and internet connections were down, causing a communication blackout. Friends and well wishers, mainly using the internet (therefore, based outside the state for the most part), had organized themselves in a manner that they were able to tunnel information to the Indian army which could connect to these people through their satellite phones. A week later, connectivity is slowing getting restored, either due to receding water, new communication equipment brought in from the outside and the work of engineers.

At this juncture, a few questions must be asked. Firstly, why is there no disaster management plan in the case of a communication blackout? This is perhaps even more pertinent given that the remote corners of India, be they coastal, mountainous or otherwise, are not well connected to modern telecom networks. The most recent figures (July 2014) from the Telecom Regulatory Authority of India for Jammu and Kashmir reveal that teledensity in the state is at 69.31% with wireless subscriptions growing at a rate of 0.33%.  In this case, it is fortunate that Jammu and Kashmir has a significant deployment of army personnel who had access to satellite phones so that some communication channels were open even as telecom infrastructure is down. However, disaster management cannot be left to luck. And given rising dependence on technology, which has in fact rendered a government completely paralyzed without it, special focus needs to be given to creating a parallel communication technology network that can be used without telecom infrastructure and electricity.

The second question is, what are the current limitations of social media in rescue efforts and how can that be changed? It would seem that those who were able to send messages to friends using social media benefitted from this effort. But, does this leave people out? What about those in smaller villages who might not have friends using Facebook or Twitter? Data based analysis is hard to come by, but perhaps one can ask, anecdotally, why the 2008 Bihar floods saw no such significant social media campaign to coordinate rescue efforts (especially from urban pockets like New Delhi/Mumbai) while in contrast in the same year, Mumbai used social media extensively to disseminate information about missing persons and rescue efforts during the Terror Attacks. Socio-economic factors, access to the internet, and personal networks could well be tied to social media usage in times of emergency. If anything, the benefits of last mile connectivity and digital literacy have been made all too clearly with the Kashmir floods.

The final question that should be answered is, to what extent is India leveraging ICTs in disaster management efforts? Has a disaster communication system that integrates phone, internet, television and radio outputs been designed to warn people? It might surprise some to find out that the Ministry of Home Affairs, has a National Policy on Disaster Management (2009), which alludes to the important role ICTs can play in such a scenario. A document called ‘ICT for Disaster Risk Reduction’ has also been released. An online inventory of resources by district is being built. The plan also seeks to deploy a VSAT network to connect states to the center, and also to connect them to medical centers. As witnessed in Kashmir, this is indeed needed as satellite phones were moved in to help the civilian administration function again. GIS – Geographic Information System – technology, that integrates data from topographical maps, aerial views and satellite imagery, used to predict natural disasters has also been flagged as an important technology to be leveraged. Where this has reached can be traced by looking at disaster management from the 2004 Indian Ocean tsunami, to the 2008 floods in Bihar, to the 2014 Kashmir floods.

Ultimately technology is as effective as the people who use it. Individual and institutional efforts alike have shown us glimpses of its potential in disaster management. It is time India goes beyond the planning stages to the implementation stages. Lives depend on this.

Mahima Kaul is Head of the Cyber and Media Initiative at the Observer Research Foundation, New Delhi.

Wednesday, September 03, 2014

BBC interview on Indian politics, PM Modi and social media

I was on BBC World Service's radio show "Click" last evening, talking about Modi, Twitter and the media. Have a listen: