Friday, October 25, 2013

India challenges cyber governance and security

Just days before the United Nation’s led Internet Governance Forum in Indonesia, India, held its own – and first of its kind – conference on cyber governance and cyber security.

With the support of the National Security Council Secretariat of the Government of India, the two-day conference was organized by private think-tank Observer Research Foundation and industry body, Federation of Indian Chambers of Commerce and Industry, (FICCI). Speakers were from a host of countries including Estonia, Germany, Belgium, Australia, Russia, Israel, and of course, India.
It was ironic, that in a post-Snowden world, buried under allegations of the extent of the NSA’s spying, US officials were unable to attend the conference due to their government’s shutdown. Instead, other views took center stage, and India also visibly demonstrated the various positions its stakeholders take around the questions of governance and security.

Right at the kickoff, India’s Minister for Communications and Technology, Kapil Sibal, challenged the question of sovereignty and jurisdiction in cyberspace. “If there is a cyber space violation and the subject matter is India because it impacts India, then India should have jurisdiction. For example, if I have an embassy in New York, then anything that happens in that embassy is Indian territory and there applies Indian law.”

India has, over the last few years, flirted with the idea of an UN-lead internet governance structure, and subsequently backed away from it. Minister Sibal said that India believes in “complete freedom of the internet”, however, at the same time needs to acknowledge that along with cyber freedoms come cyber gangsters, and the state and its citizens need to be protected from them.

India, with its 860 million mobile subscriptions (although, the numbers of users would be lower than this figure) is looking more and more to the internet as a delivery platform of socio-economic programs and a tool to boost the economy. That the internet can raise GDP by 10% is a much favored figure for those who promote the internet for economic reasons. The fact is that as the remaining unconnected population of India begins to acquire net connections through desktops and smart phones, the government is increasingly looking at security and surveillance over the internet as a necessary and inevitable route. This also means that the government needs to rely on industry to help them with this gigantic task.

The possible synergy between businesses and government in India was a central theme for discussion; as industry bodies asked the government to invest in training more cyber security specialists and also start moving towards uniform security standards and protocols. In fact, Indian industry most certainly wants to be relived of the financial burden of training personnel, and to an extent, investment in security R&D, and is keen to partner with the government to achieve both ends. Indian industry is often in the news because it appears almost universally under prepared for cyber attacks, both from within the country and externally. Suggestions of a government-led cyber awareness program were made as well, with calls to allocate funds for these exercises in the budget.

However, as has been the case in India, the real source of friction still lies between civil society and the government over the question of surveillance and monitoring. In a session entitled ‘Privacy and National Security’; perhaps the only India-centric panel of the entire conference, the debate became overheated. The panel consisted of a senior police officer involved in surveillance, India’s director-general of CERT (Computer Emergency Response Team), a representative from the mobile industry and a privacy expert. The government official was pushed by civil society members and journalists to explain the workings of the Central Monitoring System, still very opaque to the public, and later the official definition of privacy. He did neither. Unsurprisingly, India is yet to really define what privacy is, leading to simultaneous furor in the room and twitter (#cyfy13) about why this hasn’t been done as yet.

The sense in the room was that surveillance, while necessary to protect citizens, is only really effective when it is conducted in a targeted manner. Mass surveillance leads to self-censorship and is, in the end, counter productive. The other bone of contention was the question of identity, with the government making arguments that verifiable cyber identity is a possible solution to cyber crime. However, other participants found the issue troubling, as anonymity is necessary for a number of reasons, including as we have seen around the world, political dissent.

Finally, panelists discussed how best to inculcate a multistakeholder approach when legislating the internet. It was pointed out more than once that the internet was a product of private enterprise, made on open standards and principles, but now governments are attempting to control this resource. However, while public calls for multistakeholderism were made for many reasons; human rights, protection of privacy and even to benefit business in the long run (as they would not risk being caught up in lengthy court cases in the future if they took civil society on board from the start), there was still an elephant in the room. Offline, many official participants wondered why Chatham House Rules were not observed, or why there were no closed-door meetings only for government officials. It was clear that much of the weighty – and honest – discussions still don’t involve the public. Perhaps not where the question of governance is, but certainly when the question of security is.

Ultimately, there are two broad outcomes of this conference. The first is that India has indicated its willingness to start shouldering discussions to do with the global cyberspace. The other is, as India’s National Security Advisor put it, — ““India has a national cybersecurity policy not a national cybersecurity strategy.” This is certainly a start to building a consensus for that strategy.

Monday, October 07, 2013

Social media becomes the scapegoat in India

The regulation of social media in India has been a subject of great controversy

India’s National Integration Council met in the last week of September 2013 to discuss the threat of communal violence in the country. The council, first set up in the early 1960s, gives senior Indian politicians and public leaders a platform to discuss issues that could divide the country along caste, communal, language and regional fault lines. This September, with the backdrop of violent communal clashes that have seen over 50 killed and 40,000 displaced in India’s most populous state, Uttar Pradesh, Prime Minister Manmohan Singh sat with some of the Chief Ministers, to discuss how to resolve these issues.

There were early reports that the meeting was going to discuss the ‘misuse’ of social media, as news reports have indicated that the violent clashes in Uttar Pradesh were spurred on by false videos on YouTube. In India, the regulation of social media has been a subject of great controversy. The government has, in the past, used the IT Act’s Section 66(A) to arrest people for irresponsible posts that they claimed could cause ‘communal tension’. However, as the famous case of the Palghar girls demonstrated, many early arrests under this Section were politically motivated. Similarly, while the government has in the past asked social media companies to take down controversial posts, it has been revealed that most of the requests were again to take down criticism against the government.
However, at the same time, social media and MMS (multimedia messages through texts) have indeed been known to cause real damage. Last year, false rumours spread through MMS resulted in the exodus of northeastern migrants from south India, as the threat of violence seemed imminent. At the time, the government had to ban bulk text messaging, and ultimately restricted messages to 5 a day to curb any more rumours. Meanwhile, with global violence in the aftermath of the YouTube video, The Innocence of Muslims, the government of Jammu and Kashmir decided to suspend the internet for a few days to prevent any incidents.

Only about 164.81 million Indians have access to the internet, and only 143.20 million over mobile phones according to official figures released by the Telecom and Regulatory Authority of India in March 2013. Given this scenario, both the reach in terms of positive and negative impact, is still quite limited in India.

The prime minister, however, chose to focus on social media’s role on fanning communal violence in his address at the National Integration Council. His views on hate speech on social media were echoed by many others, including Uttar Pradesh Chief Minister Akhilesh Yadav, Maharashtra Chief Minister Prithviraj Chavan, Assam Chief Minister Tarun Gogoi, Jharkhand Chief Minister Hemant Soren, Haryana Chief Minister Bhupinder Singh Hooda and Meghalaya Chief Minister Mukul Sangma. The majority of chief ministers, then, favour social media regulation. Ideas thrown forward included taking action within the current legal framework, setting up ‘social media laboratories’ to monitor posts under intelligence departments and even mobilizing NGOs and prominent citizens to counter social media rumours.

There are a few important points to keep in mind while looking at this debate: the real need for regulating social media, scapegoating by politicians and finally, preserving freedom of expression and an open internet.

Given India’s experience with hate speech online, and reports about gender targeted abuse, along with abuse based on political, caste, community and regional affiliation, there is a valid point raised for some kind of regulation of social media. However, the real question is the kind of regulation India chooses to favor. In China, a new law can charge people with defamation if a false rumor started by them gets reposted over 500 times. In India, current laws allow citizens to go to court over information that has even caused them “annoyance” under Section 66A of the law. To ensure this is not abused, the government has now mandated that a senior police officer looks at individual cases before allowing charges to be filed to avoid nuisance cases. In the aftermath of the Muzzafarnagar riots of Uttar Pradesh, some citizens are urging the National Human Rights Commission to ask the Department of Telecom to screen and remove inflammatory posts on social media. However, when looking at cases where mass impact can cause damage (such as the exodus of northeasterns from south India), the government relied immediately on technology to solve the problem. The same can be said of the Jammu and Kashmir government, which switched off the internet, at the slightest hint of trouble.

However, both responses need to have legal sanctity. We already know the Indian government monitors its citizens’ communications, and much like many other governments across the world, and the legal basis for these programmes are still dubious. The government may want to come up with a plan for targeted control of certain communication channels should a particularly disastrous video or message surface over social media, and clearly contributes to an inflamed environment and damage on the ground. Social media is already being used to recruit terrorists. Perhaps some communication channels will be used to organize riots, as have been seen before in London. These will become bigger concerns when more than a sliver of India is connected to the internet. The debate will undoubtedly be seen through the prism of security instead of the freedom of expression, as we are currently witnessing the world over.

In a predominantly uneducated country, rumours run rife, and the result is not violence alone. For example, in 2006, polio campaigns in India have failed in Muslim communities, because of rampant rumours that the polio campaigns were a method to sterilize the community. In 2008, despite warnings, rumours that an apparition of the Virgin Mary would appear to devotees after staring into the sun caused dozens to go blind. Earlier in June 2013, three men were lynched to death in the state of Assam because of a rumour that a group of “naked men” were raping women. This does not mean every misguided or even damaging video needs to be censored immediately.

The constitution of India allows for freedom of expression, although with restrictions. However, any plan to take reasonable action in light of clear and present danger, should be drawn up with the help of civil society organizations and lawyers, and cannot be made and implemented unilaterally. The potential for abuse is too great.

Unfortunately, as it seems today – social media has become become the target of scapegoating by politicians. For example, the violence in Uttar Pradesh may or may not have been caused/spurred by a YouTube video. There is no empirical evidence for that. What isclear is that the Muzzafarnagar riots started with two Hindu boys stabbing a Muslim youth because he stalked their sister. Not YouTube. However, it would appear that instead of focusing on other causes of communal tensions in a neighbourhood, which include poverty, development, and unemployment, senior politicians vilified social media.

With elections looming, can one guarantee that any gap in planning, law and order management or inflammatory campaign speeches won’t be blamed on a tweet or Facebook update? Will the outward calling for “regulating social media” will substitute for real change on the ground?
Finally, the most important point remains. Hate speech, law and order, and mass panic are realities India’s states have been living with for years. It would appear that, in dealing with free expression on the internet, India’s politicians seem to err on the side of control. Perhaps the next election is not just about the economy, but equally about the Indian citizens freedom of expression and freedom from control.