Cyber Security

Telcos should train their sights on the application for data

18 April, 2017, Economic Times

Original link is here

Long at the margins of the telecom and internet revolutions, India is today moving towards pole position on data consumption. The recently released Boston Consulting Group-The Indus Entrepreneurs (BCG-TiE) report on India’s internet economy suggests the country is the ‘second highest’ in terms of mobile internet adoption, clocking at 391 million users.

India’s digital economy is expected to double its value to $250 billion, and contribute to 7.5% of the GDP in three years. The projected data consumption per average user: 7-10 GB a month by 2020. Contrast this to the findings of the 2016 Ericsson Mobility Report that suggested data usage in India is slated to increase five-fold by 2021, rising to 1.4 GB per active smartphone. The five to seven times difference in projected data consumption between the 2016 Ericsson and the 2017 BCG-TiE one can be attributed to a disruptive intervention and a data-hungry consumer.

Jio, Reliance Industries Ltd’s technology startup, provided that disruptive intervention. It is perhaps the most influential driver behind the new numbers, which are, however, only the tip of the iceberg. There are deeper transformations that await the digital sector.

Three such transformations will prompt traditional telecom companies to compete and create new revenue streams that can’t rely on connectivity alone:

* The Death of Voice: Telecom companies should acknowledge the reality that traditional voice-based communication is now a market utility, not a luxury. ‘Voice-based’ communication companies will be pressed to invest in new infrastructure and ecosystems that meet the demand for videos and data-driven apps.

In practice, this means investing in infrastructure, and a new cadre of experts who can not only build platforms but respond agilely to disruptive innovation. Unless they can create this new technology ecosystem, they will perish.

* An Internet of People: Unprecedented data connectivity in the hands of half-a-billion (and growing) Indians will create an ‘Internet of People’, with each user signifying multiple opportunities to generate value for the platform economy. GoI’s flagship Digital India programme is, perhaps, the biggest public sector effort in the world to create such an ecosystem.

The ‘Internet of People’, in turn, gives rise to a major challenge: will the innovations for Indians be created and hosted in India? Or will the biggest platforms all be based abroad, leaving little room for the Indian platform economy to grow? As custodians of data, Indian businesses should build capacities for Big Data analytics, create tailored services and products for local consumers in local languages and, in the process, generate employment, unleash entrepreneurial spirits, and catalyse technology-driven social transformation. So, the individual is the biggest driver of India’s platform economy.

Policies for the Platform Economy: As India moves to a $10 trillion GDP by the early 2030s, the fuel of choice will be ‘bits and bytes’. If data is indeed the new oil, how is India prepared to secure this valued commodity? Regulatory questions around cyber security and data protection, as these relate to civilian networks in India, remain woefully unaddressed.

Policy debates in this space have been ‘principle-heavy’, seeking a golden median for regulation — say, for encryption or net neutrality — that can be emulated nationally. Instead, digital economy regulation should be ‘function-heavy’, prescribing rules of conduct for businesses and governments based on the end uses that data is deployed for.

The three-way contract between the user, service provider and app provider will determine questions like: who shares access to data? Can service providers innovate as nimbly as small startups providing applications on their platforms? How should applications be priced? And should this be reflected in data tariffs?

Jio is only one example of the disruption that is set to reverberate across the digital sector in India. That a company like Reliance can bring its considerable resources to bear on a digital enterprise definitely sets Jio apart from others. But the reality is that its digital infrastructure will generate little to no value for Jio, its nearest competitor or the next entrant into this sector. Innovation at the top, at the level of the platform, will expand the digital economy pie in India.

Already, Jio has emerged as a big contributor to Facebook’s latest quarterly revenues from Asia. How can Indian platforms avail the same benefits? It is crucial that India’s businesses, entrepreneurs and regulators train their sights on the application of data, rather than the tubes that deliver them to consumers.

The writer is vice-president, Observer Research Foundation. He has worked with Reliance Industries Ltd since 1994

 

New Norms for a Digital Society

safe_image

While the state continues to exercise its regulatory capacity over digital spaces — a task it will likely keep in the coming years — the internet has magnified the rights and responsibilities of the private sector and end users across the world.

The interaction between states, non-state actors and transnational corporations necessitates the creation of a regime complex that clearly outlines their respective roles. This paper is a first step in that direction, articulating norms that may serve as the baseline for legal and political agreements on cyberspace. Inter-governmental gatherings like the UN Group of Government Experts have largely focused their efforts on the security of networks and ICTs. Multistakeholder organisations and platforms like the Internet Governance Forum, the Internet Corporation for Assigned Names and Numbers, and the Internet Engineering Task Force, have begun to re-orient their mandate, with a view to make their governance more inclusive and accountable.

The set of seven norms and their corollaries identified in this paper may inform the functioning of both intergovernmental and multistakeholder processes. This document also attempts to chart the role of the private sector in digital governance. The end user today is valuable to internet companies, since the data collected from consumers directly contributes to the creation of revenues. If user data is the basis of wealth generation, internet giants have a responsibility to invest in the user by offering local content and innovative technologies that are contextual. This is particularly true in the case of emerging economies and developing countries, where internet businesses should tailor to the unique needs of the next billion users.

This paper argues that effective internet governance requires shifting the locus of digital debates from the Atlantic to the Asia-Pacific and bringing in new voices and views of a new constituency of stakeholders. Similarly, all stakeholders must work towards building the capacity of growing digital economies and first-generation internet users. Efforts to fragment digital spaces by creating alternative “internets” must be avoided. Just as regimes that curtail the freedoms of internet users are undesirable, actions that raise the cost of local innovation and increase barriers to the unrestricted flow of technology, and thereby quality of access, should also be discouraged. These norms are a work in progress, and the author reserves the right to refine them through continued consultations with stakeholders across the spectrum.

1. Online = Offline + more

The protection of rights over the internet requires mechanisms that are unique, contextual and transformative. Rights on the internet should not be limited to those offline, and must build on the edifice of free speech and expression that already exists. Similarly, current regulatory frameworks must evolve in response to the digital medium. Just as traditional broadcasting regulations have become inadequate to regulate online speech, outmoded censorship laws often constrain free expression and impose a chilling effect. Contemporary conversations on privacy must reflect the need to protect sensitive data, while acknowledging its importance for technological innovations that benefit local communities.

NORM: Realising the transformative potential of the internet requires progressive online freedoms that move beyond rights granted offline.

COROLLARY: Real-world regulations must not constrain the advancement of technology; rather, they must evolve in response.

2. Let data flow

Affordable, universal and high-quality access to the internet is among the top policy prerogatives of governments today. Access will require substantial investments in the form of local data centres, internet exchanges and last-mile connectivity. As net exporters of data, developing countries represent a robust market for internet companies. For their digital economies to expand — thereby increasing the share of the global pie — the free flow of trans-boundary data must be coupled with the unrestricted flow of technology. Custodians of data should orient their research and development towards local solutions, and foster domestic entrepreneurship. Data flows, however, should respect the sovereign imperative of law enforcement and security.

NORM: The global free flow of information must necessarily lead to universal access to the internet in emerging economies that is affordable and qualitatively rich.

COROLLARY: Free flow of data must be complemented by free flow of technology that is tailored for local innovative solutions.

Saran_Corollary_2

3. Living in an encrypted world

Governments around the world are locked in debate with industry bodies and civil society for the right to access encrypted communications. Backdoors and forced localisation of data, however, can decrease the overall standard of security in the market, curtail free speech, and violate the integrity of data. Governments should welcome technological developments that incorporate security by design, with a view to preserve the integrity and stability of digital networks.

NORM: Encryption must be the norm.

COROLLARY: Decryption of data must be subject to rigorous standards of judicial review.

Saran_Corollary_3

4. The responsibility to inspect?

States are faced with increasingly dangerous and sophisticated threats from state and non-state actors in cyberspace. The technological and legal capacity for dealing with these threats is often disparate, caused in part by lack of access to proper forensic, investigative and prosecutorial tools. It is the sovereign function of a state to protect its own citizens and infrastructure from such threats, without undue interference or intervention in its affairs. The interconnected nature of the internet demands that governments and businesses across geographies cooperate towards norms of cooperation that mitigate the risk of conflict.

NORM: The responsibility of states to protect cyberspace is a sovereign function, commensurate to their capacity.

COROLLARY: The collective responsibility for protecting cyberspace requires global investments for building capacity in developing countries.

5. Strengthening the base

The ubiquity of low-end smartphones, the growth of affordable data networks in emerging economies, and the relative lack of awareness of cyber vulnerabilities among users leave networks and individuals vulnerable to exploitative practices. Enhancing cyber hygiene among internet users in emerging economies can help substantially decrease the vulnerability of the global digital space as a whole.

NORM: Cyber security must account for, and address technology limitations of the end user at the bottom of the pyramid.

COROLLARY: Local communities must be at the forefront of articulating policy solutions for cyber security.

Saran_Corollary_4

6. Three rules for internet governance

Despite attempts to decentralise and diffuse the management of global internet governance institutions, there are inadequacies in revised accountability mechanisms. The locus of internet governance must shift from big transnational corporations to start-ups, medium and small local enterprises, from governments to multistakeholder communities, and from trans-Atlantic conversations to Asia-centric debates.

NORM: Multistakeholderism should be institutionalised by accounting for diversity in gender, geography and sectors.

COROLLARY: International internet governance must undertake three transitions and accommodate new stakeholders:

  • States → Communities.
  • Trans-national corporations → Small & Medium Enterprises and Startups.
  • Atlantic → Asia and Africa

7. Against the Splinternet

The Domain Name System (DNS) represents a stable and contiguous platform of unique identifiers, comprising numbers and names. Attempts to fragment the internet by creating an “alternative” system or through interference in the functioning of the “root” should weigh its potential impact on internet users, businesses and governments. Just as technical efforts to create a parallel DNS should be discouraged, trade regimes around the digital economy should consider the effect of fragmenting the internet into differential pricing regimes. Affordable and universal internet access can be realised by removing policy barriers to the creation and strengthening of ICT infrastructure.

NORM: The internet should remain unfragmented.

COROLLARY: Differential trade regimes should not raise the cost of doing business in the digital economy nor impede low-cost connectivity to users in Asia and Africa.


ENDNOTES

  1. “Digital globalization: The new era of global flows” McKinsey Global Institute, February 2016, http://www.mckinsey.com/business-functions/digital-mckinsey/ourinsights/digital-globalization-the-new-era-of-global-flows