Non-Traditional Security

The European Union as a Security Actor

View from India

Bundeszentrale für politische Bildung Logo

Original link is here

Das Bild zeigt die Glastüren des Haupteingangs zum Europapalast in Straßburg, Sitz des Europarats. Die Türen sind mit Euro-Sternen verziert.

Euro-Sterne auf den Glastüren des Hauptportals zum Palais de l’Europe, Sitz des Europarats in Straßburg. (© Ulrich Baumgarten/vario images)


 

What is a security actor and how is it different from being a great or major power? In many ways, this question is central to understanding the lack of appreciation of the European Union (EU) as an actor in the security arena in India and certainly in some other parts of Asia. The use of the word ‘security actor’ by EU agencies and research institutes is itself perhaps a neutralisation of the phrase ‘major power’. This reveals the ambivalence of the EU to power in contemporary times, despite having given the world several great powers in the past. This ambivalence, and the hesitant Asian comprehension of the EU’s role in the security domain shape the current debate.

However, to move beyond this general understanding and to try and understand the Indian perspective on this issue, three key enquiries are essential. First, does the EU have the agency to be a security actor? Second, does it have the capability and capacity to follow through in this role? And, finally, does the EU, or a significant part thereof, see itself as a Security Actor?

Agency: Who do I call?

The EU is a great economic power and is central to the construction of any polycentric order. In spite of this, it is not viewed as a security actor. Perhaps this can in part be explained by what Henry Kissinger once famously said, in an interview with Der Spiegel, ‘Who do I call if I want to call Europe?’. While the EU now has a number of structures that deal with security its security policy has not evolved to the point where it can shape emerging international security scenarios.

The principal issue is that of integration. Collectively, it appears that the EU thinks of itself more as a civil and economic power, viewing military instruments as an option of last resort. Within the EU, France and the United Kingdom have a different approach in which use of force, or the threat of the use of force is a prominent instrument in their toolbox. Some others like Germany tend to take the opposite view and are generally more reluctant to sanction the use of force.

This can have consequences like France declaring that its permanent membership of the United Nations Security Council will remain a French seat and will not be ceded to the EU. France has also rejected the validity of a UN veto when humanitarian crises loom (as was the case in Syria)[1]. These two French positions have led to both disappointment and alarm in other members of the EU. Damagingly for the EU, the latest crisis in Europe, i.e. the occupation and annexation of the Crimean Peninsula by Russia, has only confirmed this apprehension. The lack of a coordinated EU response is disconcerting, as what we have is a set of nations individually condemning Russian actions and others staying silent.

Trade and commerce across the EU is now so integrated that it allows for similar perceptions and ideas on most macro and several micro economic policies. This allows the EU far greater cohesion and therefore, weight in trade talks. On the other hand, political approaches and realities in each member country vary dramatically. This dissonance between a cohesive economic union and a relatively divided political union has a significant impact on the perception of the EU in a continent like Asia where the realist paradigm dominates. The EU is likely to be seen as a ‘hyper-successful’ regional trading and economic arrangement, but not a unified security actor or a ‘great power’. It is also seen to be creating a large political and security bureaucracy, which churns out some strategic and security objectives, without seeking to possess the hard power elements to realise these set of goals.

Capacity: Acute Deficit

Capacity is the key element that will define the EU’s ability in the Asian theatre. In 2012, as per the International Institute of Strategic Studies’ (IISS, London) estimates, Asian defence expenditure exceeded Europe’s. Indeed within the EU, member states are increasingly hesitant to commit towards defence expenditure. Additionally, the focus of current expenditure is on capabilities that are not decisive in the Asia-Pacific theatre or suitable for hard power projection in the classic sense. There is little political and public support for defence expenditure when social spending is deemed a higher priority.

As a result, the EU’s ability to play a role in the international system is going to be far more constrained than ever before. This is perhaps evidenced by the fact that not a single European or EU action has been carried out without US support even when taking on vastly inferior militaries like those of Serbia or Libya.

This acute capacity deficit means that if the EU chooses to act by itself, it comes up against the various perceptions among the EU member states on its role as security actor. On the other hand, if it chooses to act through the agency of NATO to bypass this internal dissonance, it is fundamentally dependant on the US for capacity.

Self-View: “Empire of Norms”

The recent description of the EU being an ’empire of norms’ is another important facet of the view of the EU as a security actor.[2] It connotes a renunciation of the modes and methods of traditional empires in favour of one that leads by example and rules, largely renouncing the use of force and prioritising economic integration. In this, the EU has something to teach the world; the postmodern construction of international relations. But beyond the EU, the post 1989 sense of euphoria, has not translated into political evolution that suggest support for any such new approach to sovereign relations.

The EU firmly believes it has entered a post modern world, whereas in reality much collective action today is directed towards pre-modern situations like Afghanistan, Iraq and Libya. To use an Americanism, ‘when you don’t have dirty work to do you can be dressed in white clothes’. As a result, when the EU piggybacks on US hard power, it can well afford to play the ’empire of norms’ role. This harks back to India in the 1950s and 1960s when India was ‘preachy’[3], telling Europe to peacefully coexist with the USSR, substituting rhetoric, largely to compensate for acute structural weaknesses. Today, India and Europe have traded places and the projection of EU rhetoric is seen as a sign of weakness, borne out by the structural factors discussed earlier.

View from Asia 1: Largely favourable

Immediately after World War II, the main goal was peace and stability and hence there was the need for a specific role for the set of actors who could provide this. But in the 21st century, the narrative has changed. Economic growth and prosperity, in an age of stagnant industrial growth, is the overarching political priority of these times. Even though the world may have moved beyond the post-war quest for peace, to the singular objective of greater economic vibrancy, the EU’s role in securing this objective cannot be denied given its economic agency. However, political stability is a necessary condition for sustainable growth and economic well-being. This stability is to be created and preserved collectively by the old and new powers. Therefore in Asia, in countries such as India, there exists a largely favourable view of the EU’s role in the world. India sees a decisive security role for the EU, albeit as an agent of ‘The Asian Century’.

Following from this, if the EU is a decisive player in the contemporary context, European hard power is not necessarily viewed unfavourably and is a situation that India can negotiate well. A strong EU is good for the balance of power and stability in Eurasia and therefore favourable to India. In fact, a not so uncommon view in India is that if there is a decline in the EU’s hard power, it might contribute to flux in the balance of power in Eurasia, leading to instability. Thus, the EU is still seen as a decisive actor in the security dynamics of Asia. And a real example is the EU’s arms embargo on China, which could be said to contribute to stability in Asia.

However, in India, the EU is also seen as hypocritical in its application and espousal of rules and norms. This is sometimes inimical to the larger objective of stability and prosperity because the EU is perceived to be trying to impose normative frameworks on societies, which are not yet ready to accept them. This is not necessarily an EU-specific flaw. Every country has displayed this hypocrisy where its core interests are at stake. India itself follows a very different set of rules in its own neighbourhood than in the rest of the world. For example, India intervened decisively in 1971 in Bangladesh and for much of the 1980s and 1990s in Sri Lanka. But where its core interests are not at stake, it adopts a very different stance.

While largely hypothetical, India’s main concerns, should the EU decide to play the role of a security actor would be: where and how does the EU want to operate? Does it merely look at its periphery? Or does it seek to project out? If it operates for longer periods of time in Asia, will it be in a continental or a maritime role? Given that the naval dimension and the security dynamics of the Indian Ocean have largely driven much of India’s strategic realignment post 1990, India would almost certainly welcome EU as an offshore balancer. This is evident from the fact that India welcomed the EU-led operation Atalanta aimed at controlling piracy off the coast of East Africa. Similarly, India voiced no concerns at the build up of a formidable projection force off the proximate Myanmar coast following cyclone Nargis, and actively cooperated with US and European navies in the wake of the Boxing Day tsunami in 2004.

View from Asia 2: Geography and Sovereignty Matter

Multiple path dependencies, along with the overarching economic prosperity objective mean that the EU’s cost-benefit analysis of engaging in Asia, for example, is very different from India’s. The EU would have more to lose economically in any prolonged military engagement in Asia and therefore prefers economic tools such as sanctions. Of course geography matters not just to the EU. This is evident in how India perceived Bangladesh in 1971 and how it perceives the situation in Syria today. In the case of the former, the instability in India’s neighbourhood had a direct impact on India’s demography and security and the cost-benefit analysis of action was very different to the likely costs of EU’s action in the region. Syria, on the other hand, was more of a normative issue for India on how it balanced humanitarian intervention against a breach of the Chemical Weapons Convention (CWC); whereas Syria had a more proximate impact on Europe and subsequently on its cost-benefit analysis of action.

Lastly, in a continent like Asia that has a history of being colonised, sovereignty is an important consideration. From this perspective, the EU’s rather relaxed interpretation of sovereignty, partly used in its explanations for humanitarian interventions, can be seen as unsettling. Moreover, the selective use of sovereignty can erode the credibility of the EU as a whole. For example, defence sales such as those of the Rafale, Gripen or Eurofighter are carried out under sovereign flags and these in turn guarantee certain sovereignties to recipient countries. However, when uncomfortable decisions are taken such as the arms embargo on China, the EU is used as the shield, effectively a policy of safety in numbers.[4] This means bilateral brownie points accrue to individual sovereign constituents of the EU, without translating into advantages to the EU as a whole. However, disadvantages and the resultant negative perceptions are spread across the board and impact on the image of the collective.

Conclusion: Going Forward

Going forward, there are four central cleavages between the Indian and European worldviews.

The first has to necessarily be language and the principle source of information that shapes Indian understanding of Europe and EU. Not having a core of experts trained in European languages, a disproportionately small foreign service and a structural incapability to collect primary data[5], much analysis of Europe and the EU rests on secondary source analysis of a euro-sceptic English language press. Consequently, the nature of the EU’s decision making remains even more of a mystery to Indian audiences.

The second is that the EU (for reasons already discussed) is not viewed in India as a credible security actor. In fact, Europe’s recent humanitarian interventions are seen as creating dangerous precedents in Asia, changing the security dynamics in the region and creating fresh security challenges which the EU does not have the capability to deal with. This is where India and the EU are on a collision course. India wants Europe to be more cognisant of its hard security role. In addition, India wants the EU to be responsive to emerging security issues, which will be shaped by new specificities and geographies of conflict. Local understanding and localised responses would be in order and Europe must begin to engage from within and not from outside.

The third is with regard to global governance. European institutes tend to securitise the global commons and global public goods discourse.[6] Every economic and social service provision is being subsumed under a security discourse. This approach may be useful to galvanise public opinion in the Euro-Atlantic community; but in Asia, where societies are still evolving and discovering a balance of narratives between the political and military discourse, it could be dangerous and counterproductive. In countries like Pakistan and Bangladesh, if water, environment and trade become security narratives, discussions within and among these regional countries would essentially become zero sum games. Additionally, the preponderance of the military architecture and defence bureaucracy diminishes the role of democratic institutions and the role of civilian governments. This is counterproductive to the liberal democratic value system that EU espouses. It may appear that in order to compensate for its lack of military heft, the EU seeks to overbalance through the securitisation narratives.

Finally, the central division between the EU and India is the tyranny of grammar. Europe and the EU pursue their interests under the grammar of values, which is sought to be achieved through ideological underpinnings. India has sometimes also couched many of its strategic interests in its own grammar of ethics. Till a new language is discovered where the two can negotiate their individual interests (doing away with ideological sermonising), common ground (based on core interests of prosperity, growth and liberal market framework) will be lost to a rather unnecessary battle of perceived virtues.

Fußnoten

1.
Opinion expressed by French Foreign Minister, Laurent Fabius, 5 October 2013, »ambafrance-in.org«.
2.
Jan Zielonka, »Europe as a Global Actor: Empire by example? (PDF)«, International Affairs, 84(3), 2008.
3.
Bhaskar Roy, ‘Tharoor questions Nehruvian line’, 10 January 2010, »timesofindia.indiatimes.com«
4.
‘Tharoor for overhaul of Foreign Service Recruitment System’, 8 October 2012, »thehindubusinessline.com«
5.
For example, when Finland wishes to raise uncomfortable issues with Turkey, »finnbay.com«.
6.
See, for instance, ‘The securitisation of climate change in the European Union’, »climateandsecurity.org«

Samir Saran is vice president at the Observer Research Foundation, India’s premier public policy think tank. Besides heading the business of the foundation, he writes extensively on and researches issues such as south-south cooperation, role for BRICS, cyber governance, economic and politics of climate change and trans-boundary water governance.

 

Dieser Text ist unter der Creatie Commons Lizenz veröffentlicht. by-nc-nd/3.0/de/
Der Name des Autors/Rechteinhabers soll wie folgt genannt werden: byc-nd/3.0/de/ Autor: Samir Saran für bpb.de

Knowing India’s nuclear credentials

Original link is here

SSAIM

The HinduThe civil nuclear deal, hinged on one clear principle that India’s military programme would irrevocably be separated from the civilian one, was based on arriving at an outcome that would benefit all parties and enhance the global order. Picture shows the Jaitapur nuclear power project site. Photo: Vivek Bendre


Manufactured Western outrage ignores the reality that under the landmark 2005 India-U.S. agreement, the IAEA has unprecedented access to Indian nuclear facilities

There has been a concerted attack on India from the usual suspects in recent days even as it was entering into negotiations to formally accede to the Nuclear Suppliers Group. As if on cue, Jane’s Intelligence Review carried out a “(non)-exposé” of an Indian military nuclear facility in Karnataka. As exposés go, it was lame even by Jane’s standards. The nature of the facility and location have been publicly available since 2010. Yet, this new “exposé” was carried by all mainstream print news outlets and predictably sensationalised with everyone feigning alarm and anxiety. This manufactured outrage culminated with a sanctimonious editorial in The New York Times that was remarkable for the sheer incoherence of its own arguments. As the designated chief of the non-proliferation ayatollahs (with blinkers) and representative of a motley anti-India group in the U.S. that is shrinking ever so rapidly, this too was on expected lines.

Assault on credentials

Nevertheless, it is important to dismantle the uneasy arguments of this concerted assault on India’s credentials. The first proposition that must be taken issue with is the propagation of a falsehood that Pakistan and its reckless build-up of nuclear stockpile is somehow driven by India’s posture. While Pakistan’s careless impulse may be a result of more than one central factor, it is important to understand that this may have a lot to do with its suspicion of American intentions. The oft-quoted argument is that Pakistan seeks to equalise the conventional mismatch with India through a misguided reliance on numbers of strategic and tactical warheads. The irrationality and illogic of this behaviour has been proven by the fact that a country like North Korea has deterred both the U.S. and South Korea with explosions that may not even have been nuclear. Pakistan’s vertical proliferation has no mooring to India’s strategic programme — only to its own paranoia. The question is what fuels this? There is no denying the fact that Pakistan was able to obtain “nuclear immunity” for its sub-conventional activities against India with even 10 warheads. It may well be the fear of the U.S. that motivates its build-up today.

 

New Delhi is already providing support to FMCT negotiation; its signature on the CTBT is linked to similar commitments by the U.S. and China”

 

One motivator is the pressure the U.S. has been applying on Pakistan (without success due to the China factor) to sign onto the Fissile Material Cut-off Treaty (FMCT), which will forever cap the Pakistani arsenal. Contrary to what the commentary would have us believe, the FMCT, instead of curbing fissile material, has demonstrably accelerated Pakistan’s programme. So much for flawed logic. The second is the fear of the American “Plan B”, which involves the seizure and confiscation of much of Pakistan’s nuclear arsenal. The former has driven Pakistan to enrich their extant stockpile of radioactive material to weapons grade at breakneck speed. The latter has ensured that Pakistan is rapidly weaponising its fissile stock, in order to disperse and complicate any such weapons seizure plans. These facts are well understood in Washington policy circles. The exposés and op-eds of the past weeks are for most just another edition of Aesop’s fables.

The second issue has to be the demonstrated lack of understanding of the reality that shaped the landmark civil nuclear agreement between the U.S. and India. This nuclear deal was based on one clear principle — that India’s military programme would irrevocably be separated from the civilian programme. This was not an optimal solution for India or for the P5, but like all international agreements it was based on arriving at an outcome that would benefit all parties and enhance the global order. International Atomic Energy Agency (IAEA) Director General Mohammed El Baradei in an op-ed in the Washington Post, specifically welcomed the deal without reservation, his rationale being “either we begin finding creative, outside-the-box solutions or the international nuclear safeguards regime will become obsolete.” This is now accepted wisdom. The IAEA has gained unprecedented access to India’s nuclear facilities. India has accepted additional protocols this June, and has strengthened its own export laws. Significantly, the same journals and reports confirm that India’s own arsenal has remained stable over the period with no increases despite the turbulence in the neighbourhood. The benefits of bringing India inside the ‘non-proliferation tent’ are therefore vast, visible and tangible.

While these editorials and reports may very well have got their facts and numbers right, the analysis is so convoluted that the facts they quote cease to be relevant. The argument goes that India needs to sign the FMCT, the CTBT, and agree to mutual weapons reduction with China and Pakistan, since it is the nuclear deal with the U.S. that has set the cat amongst the pigeons. Here then is some measure of reality. India is already providing active support to the FMCT negotiations — it is a work in progress, not yet a concrete treaty. It has been Pakistan that has been blocking the work at the conference on disarmaments negotiations.

Additionally, India’s signature on the CTBT is explicitly linked to a similar U.S. and Chinese commitment. As long as they do not ratify these two treaties, India has a voluntary unilateral moratorium on testing. What is holding up Indian accession is U.S. and Chinese accession.

Experts in Beijing claim that China’s expansion and modernisation of its nuclear forces is being driven by the ill-advised and deeply destabilising withdrawal of the U.S. from the Anti-Ballistic Missile (ABM) treaty. This has nothing whatsoever to do with India.

India, therefore, is first being made the whipping boy for the failure of the American non-proliferation lobby in their own country and then it has to accept blame for the complex relations the U.S. shares with Pakistan and China that is driving these Asian allies to increase their arsenals. Can we get real, please?

(Samir Saran is vice-president and Abhijit Iyer-Mitra is programme coordinator at the Observer Research Foundation.)

 

 

 

 

 

 

Reframing the Cyber Governance Debate for India

Seminar Magazine, Monthly Symposium, March 2014

Original link is here

THE Snowden affair and the vocal debate on surveillance and cyber espionage have redefined the mostly benign and attractive imagination of the Internet. This medium, which has connected the world like never before, is now witnessing a growing contest among nations. If not addressed and managed, a divisive debate on the control and management of the digital global commons, could not only undermine the huge gains that have accrued from interconnectedness, but might well become a basis for conflict and instability in the real world.

The stakes are high. The idea of the ‘global village’, the efforts to create a global economy and emerging global digital marketplace, are all likely to be impacted if nations and communities do not find it within themselves to agree to norms and laws that would apply to this realm. The process of discovering the ‘rules for the road’ is highly contentious. Not only is an ‘international digital treaty’ unlikely in the near future, the world cannot even agree to who should be negotiating such an arrangement. Yet, this debate must take place with earnestness if common ground is to be discovered at the earliest.

It is crucial to strengthen such a debate, to bring together perspectives from a range of countries and sectors on key facets of the digital discourse – ranging from national priorities and strategies to international treaty frameworks, the role of the private sector to issues such as individual privacy and freedom of expression.

At the outset, we must ponder over some larger issues that are shaping the current global and domestic conversations and inquiries in the digital domain. These can be broadly captured within a few meta-narratives, also key to discerning how a digital India develops, how a vibrant digital society governs itself, and how India must seek to interact with the world in this digital century.

The first narrative is one of development and security. It is a debate on how we create policies and conditions that would allow for the rapid development and spread of cyber infrastructure in the country. On how we could develop tariff and cost regimes that would allow and encourage people to connect to and with it. On the variety of social and economic activities we seek to conduct over the medium and, therefore, the nature and form of regulation and security that must align these networks.

Our decisions on some of these would affect pricing and business models, the rate of penetration and growth of connectivity, our approach to intellectual property rights, and the nature of access available on the Internet to those residing in different economic and social classes. In a number of recent statements and policy pronouncements, the Government of India has indicated its preference to use the digital medium as a means of delivering governance and social services to its citizens. Cash transfers, correspondence and approvals, banking and insurance, health and education services, are all likely to ride on the digital last mile. Therefore, ‘digital access to all’ must be a national imperative.

India’s experience with the telecommunication sector tells us that ‘access’ closely follows ‘price of service’ and proliferation of the Internet and IT infrastructure would be dependent on ‘price points’ that are unprecedented. Connecting ‘another billion’ citizens to the Internet in the coming decade or two would, therefore, be influenced by business models, tariff regimes, content generation and entrepreneurship at the proverbial ‘bottom of the pyramid’.

India’s contemporary experience with Internet services also demonstrates that penetration growth is a function of services and content that is offered to the user. It is an open secret that pirated movies, music and entertainment content are significant drivers of Internet penetration. Alongside, applications that assist farmers and SMEs and offer health services and a variety of education and skills also encourage users to connect to the Internet. Content generation, for the potentially huge Indian user base, offers great opportunity with its unique price specificity.

This discussion invariably throws up some interesting posers. While it would be impossible to capture all of them, a few merit attention. The first must be the fundamental tension between the affordability of service and best in class technology and security. We need to achieve both, as business, governance and social security would ride on this medium. The other would be the approach to content generation and intellectual property rights. While India must seek to encourage low cost content creation that caters to its myriad needs, can this be done while it allows (though weak IPR regimes) pirated material that is so essential to rapid proliferation of the Internet? We must ask how much regulation and legislation is ideal before it encroaches on the fluid nature of the Internet, a feature that makes the medium attractive in the first instance. Finally, given the degree of global interconnectedness, would India be able to make these decisions independent of external pressures and global conventions?

This brings us to the second narrative – India’s engagement with the world on Internet governance and cyber security. This engagement will have a compelling impact on its domestic socio-economic development and on its ability to secure prosperity for its people from the digital marketplace.

India is one of the biggest beneficiaries of the IT and communications revolution with roughly 25% of India’s GDP growth over the past two decades having been created in the IT and ITES sector. There is little doubt that a larger share of India’s future growth will originate from or be dependent on this digital medium. Therefore, India must be at the Internet governance high table when agreement is reached on managing this most vital global commons. Would India shed the reticence, characteristic of its 20th century approach to multilateralism and reimagine itself as part of the ‘global management’ with attendant responsibility and rights? Or will the perceived virtuosity of nonalignment continue to see India lead the global outliers and minority stakeholders in this global governance debate?

How this unfolds will be crucial. Will India be oppositional, critiquing the major powers for their unilateralism and interest based approaches, or will India be propositional and articulate its own interests and negotiate the space and role that it must have, representing as it would (in the days ahead) the largest bloc of Internet users from a largely liberal and vibrantly democratic nation?

It must also be understood that while the world sees a significant role for India at this juncture on Internet governance and security, it will not wait beyond a point. The major powers – US, Russia, China and EU – are all engaging and negotiating the rules for the road with each other and with a larger group of nations. India is a party at some of these conversations and not at others. Trade talks, climate negotiations and other multilateral experiences tell us that ‘democracy’ within global governance is inefficient and overrated. The relative success of TRIPS and FTAs over a global trading arrangement and the predominance of the arms control architecture of the 20th century, devised between the US and Soviet Union, are all indicative of how a future Internet governance arrangement may emerge. Will it be an arrangement shaped by the conversations among the ’Big 3’ (Russia, China and the US), or will it be relatively more inclusive and take into account perspectives from a larger set of countries? Will there be a ‘gridlock’ or will these countries manage to agree to sets of norms that will allow the Internet to remain a global commons? Any which way India would need to find the means and resources to be an effective contributor to any new arrangement and find its place on the high table.

This discussion on global governance leads us to the third meta-narrative that engages most thinkers and practitioners today – who should engage on the subject and with whom? Unlike arms control treaties such as SALT and the NPT, trade treaties such as GATT and the WTO, or international treaties in force or being negotiated such as the space code and laws of the seas, the Internet involves and affects each one of us individually more than it does states. Each one of us is a contributor and beneficiary, and each one of our actions has the ability to influence the entire cyber sphere.

Therefore, the central question that arises is whether the ‘nation state’ is the most inclusive and efficient interlocutor on Internet governance and cyber security? This leads to discussions on the tension between multi-stakeholderism (the participation of individuals, academics, citizen groups and non-governmental organizations in the debate) against multilateralism (a largely state to state debate that characterized the architecture of the 20th century). Can they coexist? Can they be aligned constructively? And if so, how?

For instance, should a nation state conduct an internal debate within itself, create a domestic consensus, and (only) then represent this multi-stakeholder proposition at the global forums? Alternatively, should various stakeholders communicate with each other across national boundaries and at international arenas? The former is somewhat more ordered while the latter is far more cumbersome but also more democratic. This issue currently sees different treatment in different countries. More developed democracies see merit in letting their NGOs and corporations into the debate and are in fact clever in using these voices in order to secure national interest. Other countries including India are far more reluctant to include corporations and citizens in governance conversations. While we can debate how best to include views and voices from the private sector and the private citizen, there is no doubt that security and stability of the Internet would be largely dependent on the participation of all stakeholders, particularly the private sector that owns and operates cyber infrastructure.

This brings us to the fourth issue that must be debated in detail – the role of the private sector. On one hand they are the primary service providers and owners of much of the critical infrastructure; on the other they have a sizable vested interest. How may one give the private sector weight in Internet governance decisions without shifting the balance of the narrative away from the users and governments will be a central enquiry of our times.

Banks, for example, want a secure and heavily regulated Internet, which would allow them both reach of this medium and keep transactions safe and secure. Security companies would want to perpetuate a certain appreciation of the Internet architecture that maximizes their ability to leverage the Internet as a business opportunity. On the other hand a plethora of companies, start-ups and SMEs, that see immense opportunity in the fluidity and reach of the Internet, would like to see cyberspace remain loosely regulated, open and free.

What then is the private sector voice to heed? Indeed, should they be on the table or should we be guarded in our approach as we include them in the debate? Balancing private sector participation in governance decisions, while protecting the interests of small companies and individuals, will be a key consideration for most governments.

Engaging with these four ‘big issues’ is vital. It is even more important for countries like India where the infrastructure and business models are still being developed. There are no clear and globally acceptable positions and propositions that have emerged. And most questions still remain unanswered. Let us look at two sets of questions that would be most critical to any global and domestic policy arrangement.

First, how do we reconcile sovereign constitutional positions on issues such as freedom of expression, free speech, political jurisdiction and state capacity and intervention to arrive at a formulation that works across a medium that is not restricted by territoriality and borders? Is this achievable? And in the absence of such ‘universalism’, do we face the prospect of the world, as discussed earlier, being railroaded down a path decided by a few?

The second, more fundamental question emanates from the rapid evolution of the digital sphere. This is bringing into question traditional laws, norms, means of communication andmodes of trade and commerce. The fundamental assumptions of the previous era are being challenged and changed by the digital (dis)order. Would we now be required to develop legal frameworks sui generis to accommodate new realities? Will nations have to become far more tolerant of expression than their individual constitutions allow? Will notions of extraterritoriality, jurisdiction and sovereignty have to be radically re-imagined? Or will an obstinate defence of the old paradigm lead to a polarization of the web, in effect turning the world wide web into the world divide web, where traditions and ossified power structures lead to a balkanization of the cyber-whole? Then, will the future of the web be one of multiple gateways and access points?

This possibility already looms. The great firewall of China seems more or less effective. Despite some breaches it has succeeded in ‘islanding’ China and given authorities the ability to clamp down quickly and efficiently. Digital China, therefore, engages with the outside world on a ‘need to’ and ‘convenient to’ basis. Is that the future of the Internet then? Or can we recast some of the global assumptions that have defined the realist world of the 20th century to accommodate the digital world of the 21st century? Is a new United Nations of digital media possible? Who would be in its General Assembly and who in its Security Council? Or would the very use of the word ‘nation’ doom it to be stillborn?

This issue of Seminar does not offer all the answers, but it does raise a series of questions and provides analysis that will allow us all to engage more deeply with this most important element of our contemporary lives.

SAMIR SARAN

* Several papers in this issue were presented and discussed at ‘CyFy 2013’ – The India Conference on Cyber Security and Internet Governance’ – hosted by the Observer Research Foundation and Federation of Indian Chambers of Commerce and Industry.

A ROADMAP FOR RIC

ORF POLICY PERSPECTIVE, Issue # 1, FEBRUARY, 2014, OBSERVER RESEARCH FOUNDATION

ORF Faculty members Nandan Unnikrishnan, Samir Saran and Uma Purushothaman have provided inputs for this Policy Perspective.

The Russia-India-China (RIC) grouping is the only body that brings together the three largest Asian countries at a time when there is a churning in the existing security architecture in the region. But, RIC seems to have lost steam amidst the alphabet soup of
multilaterals in which the three countries are engaged, despite some efforts lately to rejuvenate the forum.

Together, Russia, India and China occupy around 50 percent of Asia’s landmass. The three countries constitute some of the largest economies in Asia. They certainly also have the largest political stakes in the region. There are a lot of potential synergies among the three countries, making a compelling case for their collaboration. Therefore, it is natural that they should have a significant say in the emerging governance architecture in their neighbourhood and be an influential voice on issues of global governance.

Given the commonality of strategic goals, the RIC forum appears to be an appropriate platform that should now identify a unique roster of issues, which would differentiate it from other multilateral organisations, like BRICS and SCO, as well as allow the three powers to specify common objectives in the region and at global forums.

The first task would be to flag important issues in which the forum should engage. This exercise needs to be ambitious as well as steeped in a degree of realism. Congruent interests must also be accommodated in this effort. The three countries need to spell out some of the nuanced yet converging positions on key issues. Keeping these twin objectives in mind, some of the potential areas of engagement at the RIC forum may include:

1. AFGHANISTAN

Afghanistan is an area of interest for the three countries. Moscow, Delhi and Beijing want Afghanistan to be stable and each of them has a significant stake in ensuring that Afghanistan is not a refuge for terrorism or a haven for terrorist organisations. This can build on previous discussions held among the three National Security Advisors trilaterally and among other officials bilaterally. The three could work on projects for the economic development of Afghanistan and integrating the country into the regional economic mainstream, making it a subset of the SAARC effort to create a common South Asian market. Afghanistan can potentially become the geographic trade bridge between South Asia and Central Asia. Towards this end, it would help if Russia is brought into SAARC as an observer. This may have the added benefit of providing a
certain equilibrium to the RIC platform.

2.COUNTER-TERRORISM AND CYBER SECURITY

There are some global issues on which prima facie the three countries should have similar positions. India, Russia, and China could pursue a dialogue on counter-terrorism issues—starting with the exchange of information. Moreover, the forum could discuss cyber-security and develop a common understanding on cyber-governance. This is important given the growing online populations as well as the rise of digital commerce in all three countries; much of the discourse on management of cyber-space currently emanates from the West. It is important that RIC maintains
the distinction between cyber-governance and cyber-security.

3. STRATEGIC DIALOGUE

RIC can take up strategic issues, including the emerging security architecture, the situation in West Asia and Central Asia. At the multilateral level, they could discuss coordinating positions within the BRICS and SCO. India should lobby within RIC to promote reforms in the United Nations, including the Security Council, and specifically get RIC to endorse India’s candidature for the Security Council. The three countries should also work towards a consensus on pushing reforms
in institutions of global governance.

4.CONVERGENCE ON CENTRAL ASIA

There are sufficient synergies between Russia, India and China in Central Asia to justify deep cooperation. The three countries have ongoing bilateral dialogues on Central Asia. They could expand this engagement by also having a trilateral dialogue on the region. RIC must work towards thwarting the rise of Islamic extremism, providing political stability in the region and extending such stability to Afghanistan. The Indian subcontinent could be connected with Russia and Central Asia by developing transportation and telecommunications links via China.

5. THE RUSSIAN FAR-EAST

RIC could develop a roadmap for joint collaboration projects in the Russian Far East, which
Moscow is keen on developing. India and China could pitch in with their respective skill and labour competencies as well as investments.

6. EXPANDED SECURITY COOPERATION

RIC countries can cooperate in non-traditional areas such as disaster management, human trafficking, and drug trafficking by developing joint guidelines on these issues. They could also
enhance their cooperation in counter-piracy and humanitarian relief in the Indian Ocean.

7. NUCLEAR COOPERATION

The nuclear non-proliferation regime is witnessing dramatic changes with the temporary deal and talks between the West and Iran. RIC needs to engage with this emerging global nuclear order. Additionally, RIC countries could look at means to enhance civil nuclear cooperation among themselves. India and Russia are already partners and China has long to mid-term plans to enter this space commercially. This would offer India and China the chance to further their claim to play a strategic role in shaping the new nuclear order. It could buttress India’s entry into the four nuclear export control regimes, i.e. the Australia Group, Wassenaar Arrangement, Missile
Technology Control Regime (MTCR) and the Nuclear Suppliers Group.

8. ENERGY COOPERATION

The three countries should discuss energy security in Asia as they form the core of much of the energy supply and demand of the world. India and China are two of the largest importers of energy and Russia is one of the largest exporters of energy. According to IEA estimates, by 2030, China is projected to consume 200 bcm of gas while India is projected to consume 116 bcm. At the same time, Russia’s gas production is expected to reach 727 bcm while Central Asia is expected to produce around 323 bcm. The three countries could discuss the creation of an Asian energy grid. This would go a long way in ensuring energy security for the region as well as allow these
countries to determine prices suitable to them.

9. TAPPING THE SOCIAL SECTOR

Russia, India and China can broaden joint research, cooperation and exchanges in education, agriculture, healthcare and science. They could also work towards a common understanding on global governance issues like maritime spaces and outer space.

10. COMMERCE AND TRADE

RIC could also discuss a multilateral currency swap arrangement on the lines of the Chiang Mai initiative. They could discuss the possibility of the establishment of a framework for enhanced cooperation among Chambers of Commerce of the three countries and improvement of the exchange of information on commercial opportunities and specific trading conditions in order to boost trade and investment. The RIC should discuss ways and means of promoting bilateral trade—using the trilateral to strengthen bilateral trade ties. Joint projects, for example, in aerospace should also be on the agenda.

The Indo-Russia relationship is one with hardly any differences at the political level. India and Russia should leverage this special relationship in order to deepen China’s integration into the RIC format.

To conclude, RIC stands at a historic moment when it can further Asian integration at a time when the region is seeking to redefine itself. RIC can also significantly influence the development of the new rules of global engagement. This moment must not be lost. To this end, the following specific suggestions may help give the RIC forum greater relevance in the near future:

• Establish an annual RIC summit level meeting;

• Start a RIC dialogue on Central Asia;

• Intensify the RIC Dialogue on Afghanistan;

• Institutionalise a Dialogue of National Security Advisors on Cyber Security and Counter Terrorism;

• Create a joint working group on energy cooperation;

• Create a joint working group on drafting joint guidelines for cooperation in disaster management in the
region.

Nandan Unnikrishnan, Vice-President & Senior Fellow Samir Saran, Vice-President & Senior Fellow Uma Purushothaman, Associate Fellow February, 2014, Observer Research Foundation

ORF Policy perspective

Fledgling anti-corruption party puts wind up India’s old order

Original link is here

Nicola Smith, Delhi Published: 23 February 2014

Shazia Ilmi, a former TV presenter, says the nation has had enough (Hindustan Times)
Shazia Ilmi, a former TV presenter, says the nation has had enough (Hindustan Times)

A NEW anti-corruption movement threatens to disrupt India’s mainstream political parties in May’s general election by tapping into the urban middle class’s weariness with fraud and nepotism.

The Aam Aadmi, or Common Man party (AAP), was formed only in November 2012 but up to 50,000 supporters are expected to flock to a rally with which it is kicking off its election campaign in Haryana, near Delhi, today.

Shazia Ilmi, a member of the party’s national executive, claimed last week that it was already a “game changer” in Indian politics.

“The AAP is making waves and capturing people’s imagination,” she said.

Ilmi, 43, a former presenter with Star News, is typical of the well-educated urban Indians who are turning to the party as an alternative to Congress and the Bharatiya Janata party (BJP), which have both become watchwords for corruption, nepotism and inefficiency.

“Every time I read about [political] scams I felt that we as a nation are being taken for a ride,” said Ilmi, who has become a poster girl for the new party and is considering running for a seat in Delhi.

Explaining why she had joined the AAP, she said: “I felt enough is enough, I’m going to jump in.”

The party is banking on the votes of the aspirational middle classes whose hopes are regularly thwarted by corruption and bureaucracy.

“We’re talking about some very serious issues which other parties aren’t — how pricing is done, how policy-making is done, why there should be transparency,” she said.

“We’re questioning crony capitalism, which no other parties are. So we stand out.”

Fighting corruption in politics lay at the heart of all the party’s policies, she said.

“In India everything is very politicised. We won’t get ahead if we don’t fix this. Everything stems from politics, whether it’s roads or sanitation or education.”

The AAP has received nearly 9,000 applications from prospective candidates over the past six weeks after it announced plans to challenge for more than 350 of the 545 Indian parliamentary seats being contested in May.

Political analysts believe the party is shaking up Indian politics to the point where it poses a serious threat to Narendra Modi, the leader of the opposition BJP, who is the current favourite to become the next prime minister.

The AAP was born on the back of anti-corruption protests in 2012, in which thousands of middle-class Indians took to the streets in support of Kisan “Anna” Hazare, 76, who had gone on a hunger strike in a bid to clean up politics.

Arvind Kejriwal, 45, Hazare’s former protégé, set up the party, which shocked the political classes with a decisive victory in the Delhi elections last December.

Many believe Kejriwal is an astute politician who has gained instant popularity by tapping into the national disillusionment with mainstream politicians. Others dismiss him as an inexperienced rabble-rouser.

After being elected chief minister of Delhi last month, Kejriwal made radio broadcasts urging the public to record corrupt officials secretly with their mobile phones.

He made headlines by sleeping on the streets and resigned after just 49 days in office having failed to see through his promises to cut electricity and water tariffs.

A poll last month by the news magazine India Today found that 38% of voters wanted Kejriwal to be prime minister, second only to the BJP’s Modi.

Samir Saran, a fellow at the Observer Research Foundation, a Delhi think tank, said Kejriwal was “running circles” round the main parties in message and in strategy.

“Modi should be terrified, because assuming the AAP gets 20 or 30 seats, then half of them are going to come from the gains the BJP would have made,” he said.

“Those are gains that could be decisive in whether Modi becomes prime minister.”

Internet realpolitik

Samir Saran | February 11, 2014 10:35 am, Opinion

Internet
The stakes are too high for India to adopt self-aggrandising idealism. Reuters.

Issues of multilateral internet governance must be kept separate from cybersecurity and espionage.

In his article ‘In strategic interest, and for self-respect’ (IE, January 30), Hardeep S. Puri has underscored why we need to discuss internet governance, cybersecurity and related issues threadbare, and among a much larger set of stakeholders. This intrinsically democratic and most accessible medium has witnessed a disappointingly muted debate within India on its governance and regulation. Some key aspects highlighted in Puri’s article must be discussed further.

First, it must be understood that from a practice and policy perspective, surveillance, cybersecurity and internet governance are immiscible. Espionage is unlikely to cease irrespective of who governs the internet, who allocates domain names and who assigns addresses. The existence of PRISM and other such programmes is not a reflection of the state of global internet governance, but rather demonstrates the political intent, technological capability and institutional capacity of nations to interlope, acquire and illegally monitor information and data.

India’s subdued opposition to the revelation of PRISM was because, as the external affairs minister put it, “we have similar systems in place” called NETRA and the Central Monitoring System. All countries with means and capacity will keep tabs on adversaries and on activities they perceive as threats. No international agreement or legislation will change that. When such attempts to spy are exposed, as by Snowden, there will be a degree of furore and then it will be business-as-usual. Therefore, even as India rightly seeks greater voice and weight in institutions that manage the internet, it must be very careful not to conflate internet governance with either cybersecurity or cyberespionage.

Second, on internet governance, the Tunis Declaration of 2005 is indeed important. We must strive for “multilateral, transparent and democratic” systems of governance as against ceding disproportionate weight and voice to one nation. Unilateralism, or even plurilateralism, is unacceptable, and countries like India and Brazil must ensure the digital world does not get carved up among a group of US-led Western nations on the one hand and the Chinese and Russians on the other. India, in a manner of speaking, is a “swing state” and how it acts now may influence the narrative decisively. India needs to do more. It will be the most digitally engaged actor among the liberal and democratic nations that seek a free and fluid internet. There must be no governance veto for the US, Russia or China and any framework must have India at the high table. At the same time, there must be no G-77 for the digital world with India at its helm. The stakes are too high for India to adopt self-aggrandising idealism. We need to engage on realistic terms with the key stakeholders.

Alongside this realism, we also need to accept another fact. This is no longer just a debate on unilateralism, plurilateralism and multilateralism; it is as much a debate on multistakeholderism and multilateralism. The Tunis Declaration, when first written in 2005, had a very different context. There were less than a billion internet users compared to 2.7 billion today, and there were less than two billion mobile users as against seven billion today. In 2005, Google was in its early years, Facebook had not moved out of the college campus, and Twitter had not even been conceived. Today, these and other corporations and civil society collaborations are arguably weightier than nation states and may arguably have a greater impact on the future of the digital medium. How India engages with this new landscape is the most relevant question. Does India see the internet as an aid to emancipate its people or a means to control them? Does it see this medium as an opportunity to create wealth and reach prosperity and services to its people, or should we imagine it as another 20th century security discourse? Does it see its private sector as offering the country greater agency, or does it view the private sector in contention with the state?

If the answer is the former to each of the posers, then any governance framework must accommodate the voice of consumers, private-sector companies and other stakeholders. It also implies India help shift the discourse towards multistakeholderism. Telecom companies and IT enterprises have been India’s interlocutors in these sectors at a time when government was ill-equipped to be the voice. These corporations created jobs, ensured growth and connected India to the world under governance regimes emanating from Western centres that were also their markets. They must be co-opted as India engages on these issues today. The consumers/ users must also have a significant voice. This is logical and achievable, as long as we do not mix our approaches to espionage, security and governance of the internet.

Our “strategic interest” will be served when we acknowledge where our current and future interests lie, in terms of economy and politics. Thereafter, we must negotiate India’s role at institutions that govern the internet, be it ICANN, IANA or any other body. Our “self-respect” will be enhanced when we negotiate this role from a position of strength, a factor of our economic weight, which in turn is a factor of our private-sector successes, entrepreneurship and large consumer base. The government, like some other smart nations, must let its enterprises and people speak for it, as it will lend it greater credibility.

CyFy 2013: THE INDIA CONFERENCE ON CYBER SECURITY & CYBER GOVERNANCE

OUTCOME STATEMENT

Original link

Cyberspace transcends boundaries to provide unprecedented levels of connectivity and empowerment to states, institutions and individuals across the globe. This fluidity of the cyber- spheres pawns ‘cyber-gangsters’, necessitating cyber-security on the one hand while raising the spectre of a ‘big brother’ state on the other, according to the Minister for Communications and Information Technology, Mr. Kapil Sibal. Inaugurating the 2-day workshop he emphasised cyber governance as something of an oxymoron and a re-imagined notion of sovereignty was essential to develop an effective cyber security paradigm. The Indian National Security Adviser, Mr. Shivshankar Menon, who delivered the keynote address, said that the Internet is also the government’s chosen platform for socio-economic empowerment schemes. This makes India uniquely dependent on the cyber-sphere for its development – while at the same time exposing it to heightened vulnerability.

If the past is any indication, India’s growth and economic prosperity will be inextricably and intricately tied to the digital sphere. Hence, India’s proactive engagement in the global norm making process is important. India can and must be a rule maker and ensure that global norms pertaining to the cyber-sphere align with the opportunities this space has to offer its people. Additionally, the boundlessness of the cyber-sphere must be protected, but not at the cost of pluralism or access. Policy objectives must aim to build infrastructure and provide security and must seamlessly align with the inexorable logic of providing greater access through enhanced penetration.

Consequently, the Internet, for India and many countries indeed, is a means and medium of greater freedom and democratisation. Therefore discovering the median between access and security becomes a global imperative. Given India’s democratic ethos and the sheer volume of cyber-sphere it does (and will) account for, India’s policy responses which will inevitably shape the future of cyberspace, its management and governance.

It was in this background that the inaugural and most comprehensive ‘India Conference on Cyber Security and Cyber Governance – CyFy 2013’ was held at New Delhi on 14th& 15th October, 2013. Supported and guided by the National Security Council Secretariat, Government of India, Raytheon and the Bombay Stock Exchange, the event saw two days of engrossing debate, capturing the perspectives of over 250 international experts, parliamentarians, academics, industry leaders, media practitioners and representatives of the civil society.

The following key conclusions emerged from the discussions:

• The tension between “multistakeholderism” and multilateralism should be resolved to further a cooperative framework in formulating cyber-security strategies. It is only with the participation of diverse stakeholders that refined, legitimate and nuanced policy shall emerge. A unilateral approach without systematic and periodic consultations with, and inputs of, these multiple sets of stakeholders will be deeply counterproductive and can undermine the democratic nature of the cyber-sphere. Multistakeholderism is the mantra for devising articulate policy pathways.

• International cooperation is a must in responding to cyber-security threats and governance challenges. Conventions and treaties ensure agreed definitions on security issues, acceptable set of norms, confidence building measures and will eventually shape an international framework to manage cyberspace.

• Cooperation is beneficial in managing inter-dependencies that are inherent while seeking cyber-security, for which regional and bilateral cooperative measures can also be devised successfully. For instance, Internet fraud and related crimes can be a potential area of cooperation given the minimal political underpinnings.

• It was emphasised that cooperation could be compromised by the national strategic interest of major powers and by viewing this space as a new ‘zero sum game’. The tensions between great powers can undermine a multilateral approach to cyber-security and will have an asymmetrically negative impact on lesser powers.

• Public and private sector partnership (PPP) in policymaking is essential as the bulk of communications and certain critical information infrastructure networks are managed by the private sector. An information sharing mechanism should be created to ensure timely responses.

• The bulk of cyber-security costs are currently being borne by the private sector. Like all issues related to national security, the government must take the lead, incentivise and guide developments in this sector, and allocate specific funding. This funding should be spent on awareness campaigns, education, stakeholder consultations and capacity building initiatives in the near to medium term. Similarly governments should invest in initiatives that improve cyber hygiene and data protection. A critical skills shortage exists and there should be an emphasis on training ‘cyber builders’ rather than ‘cyber warriors’. PPP models and certifications regimes should be rapidly introduced to ensure both quality and numbers.

Governments must standardise security measures, protocols and surveillance processes in order to ensure that they are neither sector-specific nor applicable only to individuals or companies. Greater transparency around security processes will also increase user confidence and allow greater vibrancy in spread and adoption of cyber platforms. This is important as the Government of India, like many other national governments, sees digital last mile connectivity as the most efficient mode for government-citizen interface in social and related sectors.

• There is today a collision of narratives on National Security and Individual Privacy. While this debate is important to have, the ideal for any security policy must be safeguarding the private space of individuals and their freedom of expression. Governments have been unable to define and agree to a universal definition of “privacy” and due to the borderless nature of the Internet there will be contests and hence there are concerns voiced by many stakeholders that need to be addressed.

• Additionally, collective security often gets an unfair advantage over individual privacy. Some questioned the efficacy of these security measures and if the gains from surveillance are worth the costs to privacy and whether there are alternatives to safeguarding national security while keeping privacy sacrosanct.

• It did appear from the discussions that privacy and national security concerns do not necessarily have to compete with one another. Concerns over security measures can be addressed by embedding privacy presets into surveillance mechanisms ab-initio. Targeted surveillance has proven effective, but too much surveillance is demonstrably counter- productive. More investment is needed to ensure privacy enhancing technologies along with sensitising the personnel who deal with the data while conducting surveillance.

• Certain core ideals must be preserved and propagated in respect of privacy. And creating a universal common and robust approach to privacy should be a key global objective to work towards. Such a definition would necessarily be the basis for any future rules based cyber- sphere governed by internationally accepted norms.

The issue of verifiable cyber-identity is also a contested one – on one hand being necessary to prevent crime but on the other being prone to abuse. The issue of identity is intricately linked to the notion of anonymity. A third party management of identity verification is a possible solution but one that requires extensive trust building between the various stakeholders.

• Transparency and accountability in formulating cyber policies, empowering NGOs as pressure groups, widespread consultation, research initiatives, public participation, and a robust media are all needed in order to help formulate effective cyber governance and security architecture. An international cyber management framework can establish best practices and norms. This framework can also analyse risks and create deterrence mechanisms and alliances.

To quote the Deputy National Security Adviser of India, Mr. Nehchal Sandhu, “India has a national cyber-security policy, not a national cyber-security strategy.”Policy is the route to building strategy but strategy is the articulation of an assessment of objectives, needs and aspirations of what citizens seek in a secure and democratic cyberspace. CyFy 2013 is a first step in this process. It has initiated a plural and honest attempt to discuss, contest and discover contours of a national cyber strategy by bringing together domestic and international stakeholders and specialists, initiating the right conversations and encouraging debates that are critical to the formation of an enlightened cyber strategy for India.

SAMIR SARAN
Vice President, Observer Research Foundation

VIRAT BHATIA
Chair, Communications and Digital Economy
Committee, FICCI

CYFY Conference Secretariat
20, Rouse Avenue, Institutional Area, New Delhi – 110032
Ph: +91-11-43520020 | E-mail: cyfy@orfonline.org

Internet architecture can’t be left solely in hands of developed world

Global Times | 2013-11-7 19:58:01

Original link is here

According to World Bank estimates, India and China together account for more than 700 million Internet users. Citizens in both countries have embraced the digital sphere enthusiastically, and mobile phones and the Internet are the preferred platforms for anything and everything, from expressing opinions to conducting business.

Indian and Chinese stakes in cyber governance are already significant, and are only likely to increase as both continue connecting even the most rural hinterlands, which still suffer from lack of efficient physical connectivity.

Much future global wealth generation will be deeply integrated with the online sphere on account of access to new markets, online supply chains, services and Internet-based financial flows. Hence, India and China, as they seek to raise the incomes of their citizens, will need to transform into sustainable and secure digital economies. Digital governance, norms and rules, and International conventions must see India and China as rule-makers and not rule-takers.

The West, in the wake of the Edward Snowden revelations, is witnessing a new wave of support for discussing and negotiating a certain “code of conduct” for this global commons.

Although the current discussion is more on privacy and surveillance, there are other aspects that must also be vigorously debated.

New Delhi and Beijing must take the lead and articulate their positions and core interests on these issues, and see to it that they are addressed adequately. It is in no one’s interest to see a “virtual gridlock” and the World Wide Web becoming a “World Divide Web.”

The region’s success and prosperity are so closely linked to its successful integration that a divided digital domain may be detrimental to the region.

In fact, both India and China must learn from their predicament of dealing with the border legacy, and should ensure that discussions on cyberspace are not held prisoner to old notions of boundaries and rigid ideals of statehood.

The common prosperity of the two nations is linked to the digital future, and even lifeline provisions such as social security schemes, health and education among others are likely to be delivered through virtual means. Therefore, it is important for India and China to ensure that the world does not witness the birth of “digital sovereignty” where states contest, or of “digital capitalism” where commercial interests prevent this medium from being a global commons.

There are certain historic biases already. Technology, services and access reside with Western corporations and in Western capitals. The Internet must remain technology and geography-agnostic. Any global architecture for both hardware and software must ensure this.

Despite these converging objectives, the conversations between India and China on this subject, much like in other sectors, have been limited and impeded by suspicions and historic security concerns. It is time that the two nations go beyond these.

China seeks to be an influential player in telecommunications and the digital economy in India. And Indian IT companies are looking for a more hospitable environment.

A positive atmosphere and confidence building are a must for realizing these ambitions. In fact, Indian and Chinese companies can jointly lead the way in providing hardware and software solutions to developed and developing economies across the value chain.

To create an environment conducive to business and in order to shape an Asian discourse on cyber governance and cyber security, the two governments must seriously consider the following ideas.

One possibility is to create “cyber hot lines” between nodal agencies, such as between the Computer Emergency Response Teams in the two countries. They should also establish mechanisms for threats and vulnerability reporting and sharing information on gateways and access codes where required.

The two sides can also discuss responses and solutions to counter hacking and malware that threaten economic operations and businesses between and among parties in the two countries. Experiences on protecting critical infrastructure should also be shared. And, finally, they need to undertake joint development of low-cost digital access to, and affordable technologies for, the underprivileged segments of society.

Privacy, property and sovereignty in the cyber age

Privacy, property and sovereignty in the cyber age
Seminar 650, October, 2013

L’affaire Snowden did not tell us anything we did not already know – that
governments spy on us. What is new, however, is how heightened perceptions
of national security and sophisticated technology are combining to
allow these activities by the ‘state’ to go unnoticed and unchallenged. This
paper first examines the three categories of national attitudes that become
apparent from the Snowden affair –specifically with regards to privacy
and, thereafter, attempts to explain how these attitudes and lack of public
awareness are leading to far more dangerous and insidious undercurrents
that challenge the foundations of civil liberties, notions of property and definitions
of sovereignty as we know them.

All indications are that certain checks and balances were/are being
observed – if only on paper – by the United States government in the surveillance
of its citizens. No such checks, however, seem to have been
applied to foreigners, be they resident in America or their respective countries.
What is pertinent, however, is how far America has strayed from its
founding principles governing personal freedom and political liberty. It appears
that the pendulum has swung so far that the debate is no longer about
whether the government should have any right to monitor citizens but rather
what the standards and procedures for extraordinary intrusive surveillance
should be. The debate in the public sphere has become so securitized that
‘national security’ is now an open ticket to trample on every right and
freedom the US once held sacred. If former President George W. Bush Jr.
jeopardized individual liberty with the Patriot Act, President Barack Obama
has bestowed on his government the right to be a virtual presence in the lives
and bedrooms of billions of people around the world – without care,
remorse or debate.

Another disappointment – indicative of this attitudinal shift
in America on the subject of privacy – is the stand of the American press on
the issue. Far from Snowden’s revelations igniting a debate on privacy versus
security, the media seems to have bought the security narrative lock, stock
and barrel. Evidently the memory of 1971, when Daniel Ellsberg was feted
as a hero of liberty by the US media for his leaks exposing ‘Vietnam Lies’
and forcing a policy reversal on the part of the US government, has long since
faded. Every US media outlet has gone to great length to explain the legality
and due process of the PRISM spying apparatus and has, almost uniformly,
painted Snowden in a poor light.

The second ‘state attitude’ is that of the EU, where several governments,
unlike the US government, led their citizens to believe that they were
in fact protected. The EU released its cyber security doctrine earlier this year.

* This essay draws on two previously published op-ed articles, Samir Saran and
Abhijit Iyer-Mitra, ‘No to Peeping Sams’, The Hindu, 18 July 2013 and Samir Saran,
‘Keep Cyberspace Free’, Times of India, 12 September 2013.

71

It repeatedly referred to the EU’s core values of freedom of expression
and privacy. The document was ostensibly developed around these ‘core
values’.1 But this now sounds like a hollow claim, because even as the
document was being released, many EU countries were actively colluding
with the US and prying into the private lives of their citizens. Unlike the US
government which ostensibly protected its own citizens by some form
of due process, the European governments allowed blatant violation of
their own citizens’ privacy. However, most European press outlets, unlike
the American media have been savage in their criticism of their own governments;
perhaps a more sensitive media ensures the balance of narrative
in the EU.

India, however, represents a curious case, unable to secure its citizens
either through legislation or by the vigilance of its fourth estate. The country
released its National Cyber security Doctrine around the same time that the
Snowden issue came into public focus – paying mere lip service to privacy.
The word ‘privacy’ found mention twice in the whole document,2 appearing
as an afterthought. India ostensibly already has a privacy regime that
is built into the outsourcing bill, not to protect Indians but to keep the outsourcing
industry viable and competitive by promising protection to foreigners
and their data. Barely a few weeks after the release of the document,
CCTV footage from the Delhi metro of couples getting intimate were found
on a pornographic website. No one was held to account, no heads rolled
and no apology was forthcoming from any quarter. This episode summarizes
India’s casual approach to its citizens’ privacy – little concern about privacy,
on the one hand, and a complete lack of enforcement, on the other.

On the Snowden issue as well, the Indian foreign minister played down
reports of US surveillance on Indian citizens, calling it ‘cyber-scrutiny’,
while other members of the government nonchalantly chirped in that ‘we
too have similar systems in place’, as if two wrongs make a right. The Indian
media is another story altogether. Far from being a balancer, a competitive
hunt for eyeballs has ensured that broadcast and other media are themselves
guilty of infringing on private spaces of citizens. Some high profile
court cases are in progress and perhaps their outcomes may decide the
future of boundaries that the press and media may need to adhere to. The citizen
in India in the mean while has no respite.

This analysis invariably will lead us to another set of discussions, three
among which are perhaps most vital today. The first is that governments,
everywhere, snoop and pry on the lives on their own citizens. This is equally
true of authoritarian governments like Russia or China, of new democracies
like India, securitized democracies like the US, and the ‘so called’ liberal transparent
democracies of Europe that ostensibly do not prioritize security
over liberty. Privacy certainly is not a universal or timeless quality.3 It is
defined by who one is talking to, or by the expectations of the larger society
in a given context. And, privacy is not the same as security or anonymity.

It is the ability to have control over one’s definition within an environment
that is fully understood. Something, arguably, no one has any more. As
Danah Boyd, senior researcher at Microsoft research says, ‘Defaults
around how we interact have changed.A conversation in the hallway is private by default, public by effort. Online, our interactions become public by default, private by effort.’

The issue is largely one of societal norms complicated by the fact
that most personal use is marked by low levels of computational, data and
media literacy contributing to heightened fears. This is best exemplified by
how different governments and societies reacted to the Snowden revelations.
Somehow, there is a misplaced notion that private data and information
stored on the cyber cloud is less private than in files in a locker. Possibly
this is why breach of privacy in the digital sphere seems more acceptable.

The second issue is that the lack of public (cyber)awareness and literacy
is allowing governments to get away with a whole host of actions that would
have been unimaginable a decade ago. It is not just dangerous that governments
want to police or spy on us; that is something governments have
always done. However, until recently such action was more often than not
visible; there was a policeman on the road, a camera on the kerb, and so on.
But now what is scary is not just the stealth, but that the lack of avenues to
challenge and question such surveillance has created a new asymmetry
between the government and its subjects. This asymmetry is now
redefining privacy norms, property and sovereignty.

The third is that people tend to trust private companies with personal
information – usually in blocks – but not governments.

1. ‘Cybersecurity Strategy of the European Union: An Open Safe and Secure Cyberspace’,
European Union, Brussels, 7 February
2013.
2. ‘National Cybersecurity Policy’, Ministry
of Communications and Information Technology
– Department of Electronics and Information
Technology, 2 July 2013.
3. Parts of this paragraph have been paraphrased
from Q. Hardy, ‘Rethinking Privacy
in an Era of Big Data’, The New York Times,
4 June 2012.

72

Yet, the government, with the collusion of private companies,
is easily able to triangulate such information to build up a comprehensive
picture of individuals. For example ones’ Facebook, Twitter and LinkedIn
personalities can all be different based on the target audience. Yet the government,
with the active collusion of each of these platforms, can build these
disparate packets into a comprehensive whole.

In many ways the history of datamining and the public’s acceptance of such data mining for advertising purposes
presaged this acceptance of data-mining for security purposes. Data-mining is a complex interdisciplinary
operation that involves computers processing vast amounts of information, matching them against preset algorithms, and finding intersections, what are euphemistically referred to as ‘points of interest’.4 In
the marketing industry, data-mining helps businesses target individuals for
the sale of specific products that they might be interested in. In the domain
of security, this becomes the basis for a warrant to allow, for example, a
human agent to start scanning personal correspondence. It was in effect the
public’s acceptance of this in marketing and the private sector that has now
exposed them, both practically and normatively, to unprecedented personal
surveillance by the government. The private sector has turned out to be the governments’ Trojan Horse.

Perhaps the most dangerous outcome of public laxity over data-mining
is how legal standards for intrusion have been diluted. Up to a decade back,
law enforcement agencies had to painstakingly construct a case of probable
cause and present it to the judge.

Probable cause is defined as ‘information sufficient to warrant a prudent
person’s belief that the wanted individual had committed a crime (for an
arrest warrant) or that evidence of a crime or contraband would be found
in a search (for a search warrant).’5 This then resulted in warrants for
further surveillance to acquire information. Today, given that the information available without the warrant is
already so vast, that it is not a legal process that is required to gauge intent,
but rather a computer code or programme. We are well and truly entering
a stage of ‘Minority Report’ style pre-crime,6 where mere intent –whether actioned or not, is prosecutable
and even worse punishable.

For instance, a husband telling a wife over a casual conversation that ‘the
president should be shot’ would first of all not have been picked up, and second,
it would not have been a crime. However, if this same exchange happens
over email – not only is it intercepted,but it also falls under a class D
felony under United States Code Title 18, Section 871 ‘Threatening the
President of the United States’. So what exactly has changed to merit this
conversation to (a) being overheard and (b) treated as a crime? The latest
example of this slippery slope to precrime and intent is of the Massachusetts
teenager and wannabe rap artist Cameron D’Ambrosio facing 20 years
for intent.7

This ‘intent’ is decided again by the data modelling devised by marketing
agencies where they targeted a particular customer for a particular
product the customer would in fact buy or be very interested in acquiring.
While this probabilistic determination is good for ‘sales’, it cannot be an
acceptable basis for conviction and punishment without a date in court.
For example – drone strikes can be ordered based on intercepted cyber
chatter that determines the so called malafide intent. Such drone strikes
effectively blur the line between legally sanctioned pre-emptive actions8 as
opposed to illegal preventative action.9

The second Trojan horse is how people’s behaviour in the cybersphere
has been changing accepted notions of property. The ease of use, and the
reach of cyber media, have fundamentally changed both consumer behaviour
and created an asymmetric balance of power in favour of the vendor. For
example a decade ago, it was possible to buy a book, lend it to friends, photocopy
sections of it and more under the fair use exceptions to the copyright act.
However, publishing and content houses are today actively underpricing
hard copy versions to make soft copies seem attractive, but with overriding
controls. For example, most commercial e-books cannot be printed,
or even lent to friends. In effect, fair use has been completely removed
from the scope without so much as a discussion. The notion of property
and right to the property has altered dramatically.

What is happening is the enforcement of commerciality through
legislation to force just one kind of transaction which favours the vendor.

4. U. Fayyad, G. Piatetsky-Shapiro and
P. Smyth, ‘From Data Mining to Knowledge
Discovery in Databases’, Artificial Intelligence
Magazine, Fall 1996.
5. Oxford Companion to American Law,
Oxford University Press, 2002.
6. ‘Minority Report’ is 2002 blockbuster
movie starring Tom Cruise in a future where a
special police unit is able to arrest murderers
before they commit their crimes.
7. ‘Bail denied to Massachusetts teen accused
of Facebook terror post’, Reuters, 25 May
2013.
8. D. Shue and H. Shue, Preemption: Military
Action and Moral Justification. Oxford
University Press, New York, 2007.
9. For an in-depth exploration of the legality
of preemption and the illegality of prevention
see M. Doyle, Striking First: Preemption
and Prevention in International Conflict,
Princeton University Press, 2008.

73

Legislation though is not meant to support a commercial transaction, as
law has to be neutral between contracting parties. Even the option of differential
pricing – where different usages can be bought for different rates – is
limited. For example, on the iTunes store, very few songs – priced higher
– give one the authority to transfer to another device. Most songs are restricted
to the one playback device.

In effect, while benefiting from the unprecedented mass reach of cyber
media, content producers are preventing consumers from benefiting similarly
from the same. One does not tame the oceans just because one wishes to use
the oceans for transport. Rather, the risks are recognized and suitable maritime
insurance is procured. Yet, in the cybersphere, instead of dealing with
the risks and devising the concept of cyber-insurance, companies are
effectively trying to mould this dynamic environment to suit their commercial
interests. Our last mile, our user behaviour and our infrastructure is
now sought to be regulated, monitored and controlled so as to create ‘safe
cyber oceans’ for the ‘virtual ships’ to sail on. Private property is now global
commons.

This raises several debates about what constitutes property in
cyberspace? Contrast the free use exception to copyright laws on hard
copies of books described earlier with the case of Megaupload, where the
US government insists that since it owns much of the cyber-infrastructure
of the world, companies operating outside the US must follow US law.
Effectively this is a restating of the ‘possession is nine tenths of the law’
cliché. On the other hand, it has through legislation stemming from the Trojan
horses described earlier, been progressively disenfranchising consumers
from claiming similar rights. In fact, not only is property being redescribed, territory
and by implication sovereignty itself has acquired a new meaning.

The US has been using cyclic logic to in its attempts at strong-arming to
itself cyberspace ownership by mingling civil and criminal complaints
and using one to justify the other without proving either. A recent example
of such an action by a state on a foreign company is the United States
Department of Justice’s takedown of the website Megaupload. The site’s
owner, the now-famous Kim Dotcom, is a resident of New Zealand and a
German citizen. Megaupload itself is run out of Hong Kong. So far there
does not seem to be any connection to the US. The justification used to go
after Megaupload was that the company had leased several servers which
were located in Virginia, and was allegedly storing and distributing
copyright-infringing files. It has not been proven that any files infringing
copyright were being held on the servers in Virginia. Furthermore,
Megaupload’s users are located throughout the globe, not solely in the
United States.

As of now, the rules, which govern the process by which the US serves
criminal complaints (the Federal Rules of Criminal Procedure) require an
address in the United States where the complaint can be delivered. Despite
the fact that the company in question did not have any such address (being
registered and run out of Hong Kong), the US was able to proceed. The Justice
Department is now recommending that the rules be amended to
remove the clause, allowing them to serve complaints on companies
with no physical presence in the US. Megaupload’s case, United States v
Dotcom.

So on one hand while the government is forcing its jurisdiction on
cyberspace through claims of physical ownership it, at the behest of the private
sector, is denying the same freedom to consumers on their home
computers and other media devices. In fact, never before in human history
has a corporation enjoyed this much intrusive influence in human lives as
the internet has today enabled. And yet, it is the corporation that is sought
to be protected.

However, just as private sector datamining proved to be a Trojan horse to
intrusive surveillance, there are signs that such assertion of property laws
will at some point undermine the Westphalian concept of a nation state
and of sovereignty. Sovereignty has further implications of extra-territoriality
which are bound to raise serious hackles in the developing world. For
example, in the Megaupload case, US courts are seen demanding that companies
which operate in the US must follow US law in their international
operations. The argument then is for national sovereignty to be absolute
over such infrastructure, where the placing of virtual property in the physical
domain of another country necessitates the author of such information
to follows the laws of said country. Worryingly, this is a modern example of what European imperial powers
did in the 19th and early 20th centuries, imposing their laws, often through
coercion, on other nations.

Europe has traditionally been comfortable with notions of extraterritoriality
and takes a liberal view of sovereignty. This is evident in its
response to the Snowden episode.The European Union (EU) is after all
formed on the basis of a slow surrender of sovereignty and most EU states
are also members of the North Atlantic Treaty Organization (NATO), allowing
US troops stationed there to be governed by US laws. Extra-territoriality,

74

therefore, is perfectly legal when it happens with the acquiescence of
the host government. What is surprising though is India’s subdued reaction. This is a
country that gets riled up by interference in its internal affairs or insults
to its sovereignty, perceived or real, owing to its colonial past. Accounts of
how the East India Company ended up controlling most of India by acquiring
properties through crook and stealth rankle. Yet, in the case of the Snowden
revelations, where a foreign government has used stealthy/crooked means
to violate Indian laws and penetrate deep into the lives of its citizens, the
Indian government has brushed it off. This sets a precedent because, for
better or worse, what India has tacitly accepted is US extraterritoriality.

Thoughtless transposition of laws is, however, a recipe for all kinds of
disasters. For example, several strategists have argued that much of the tension
in the South China Sea is caused by the People’s Republic of China
extending its understanding of territorial laws based on it being a continental
power out to sea. The maritime domain though is a very different beast,
requiring very different laws. No analogy is perfect, but this one helps illustrate
how concepts imbibed from customary laws in the pre-Internet era
are bound to cause significant governance blunders. Now take the accepted
paradigm for cyber-sovereignty.

For example, the currently accepted definition is: ‘When those
infrastructure elements are emplaced within the terrestrial boundaries, territorial
waters, or exclusive airspace of a nation-state, it can exert its sovereign
authority over them.’10 However, in light of the Megaupload case, this
now seems a patently hollow assertion. This reinforces the position that old
paradigms that were relevant to the nation state are no longer relevant in
cyberspace and as such the issue needs to be dealt with sui generis.
There is no room for any retrofitting here. And people, communities, states
and institutions must begin a new conversation to address these new
age posers.

Cyberspace is a free-wheeling mindspace at the cutting edge of innovation
precisely because of the absence of sovereignty and artificial barriers.
Declaring sovereignty here is as absurd as extending one’s jurisdiction
deep into the minds of others. One reason for the phenomenal growth of
the Internet has been the easy flow of information. In many ways it brings
the proven scientific synergies of physical megacities into the virtual
world, allowing seamless interaction and massive increases in productivity.
If the property and sovereignty debate is not resolved soon, it will result in a
fracturing of the cyber-whole, destroying much of what has made the
Internet a dynamic force.

There are no solutions that present themselves but certain parting
questions are in order: First, can we agree on a common definition of
privacy and defaults assumptions on what is private? Can we create private
bedrooms and modes for private conversations in the virtual rooms? Second,
should commercial interests allow the idea of property to be redefined?
Why should the exploitation of the web for business and commerce allow
privacy, freedom of expression and property rights to be compromised?
And, third, is cyber a ‘zero-sum game’ and will nations indulge once again in
establishing, capturing and redefining sovereign spaces? Or, will this digital
age bring an end to the over two centuries of Westphalian existence

10. A. Casesse, International Law 81 (2nd edition), 2005.

Keep cyberspace free

SAMIR SARAN | Sep 12, 2013, 12.00 AM IST

It is a global commons that cannot be controlled by any government or corporation.

History today stands on the cusp of a technological pivot much like it did 160 years ago. When US commodore
Matthew Perrysailed into Tokyo Bay in 1853, he found a Japan so fossilised in time by its technophobic bureaucracy and protectionist businesses that the very sight of his steam-belching ships was enough to make the nation capitulate.

This same moment is playing out today in the realm of cyberspace where the surge of collective technological creativity of the masses has deeply dented the power of governments and institutions that were once the drivers of innovation.

Consequently one finds a steady stream of Goebbelsian propaganda to create a phantom enemy intended to terrorise a population into giving up its rights and privileges. The government and big private players are the last and only line of defence between civilisation and a complete descent into anarchy — or so the argument goes. Not true. Anarchy and technology go hand in hand; technology and innovation owe their existence to anarchy.

Anarchy and technology must continue to contest and cooperate to shape cyberspace. This is a process as old as the universe and evolution itself, where each new development brings both danger and opportunity. This is humanity’s technological evolution. There must be no space for sovereign or business interests to control, securitise or regulate this evolving virtual space. This is, after all, the only genuinely free market place ever since the advent of capitalism, a market offering equal opportunities, stakes and roles for everyone.

Counterposing national security and cyberspace or making international cooperation dependent on cybersecurity is both pompous and misplaced. Cyberspace is a free-wheeling mind-space at the cutting edge of innovation precisely because of the absence of sovereignty and artificial barriers. Declaring sovereignty here is as absurd as extending one’s jurisdiction deep into the minds of others.

For example, Libya in 2010 decided to seize .Ly URL shorteners, while the US has recently seized URLs of companies operating abroad because their servers were in the US and American law was at odds with the laws of those countries. This is evidently not about security. It’s about control. It’s about testing the waters to see how far one can go and how far people will cower down. Cyberspace is therefore on the frontline of the battle between freedom and control in the 21st century.

Governments though aren’t the only ones throwing a fuss. Some of the strongest proponents of greater regulation and control over the cybersphere are in the private sector. On the one hand they want to use the seamless fluidity, innovation, reach and speed of this space — the ultimate capitalist ideal — to their advantage. On the other, like the very worst kind of communists, they want to lay down the rules for how this space works, but expect everyone to pick up the tab for their security.

If these companies wish to use cyberspace, they need to be willing to accept the attendant risks and costs, just like they are for road or sea transit. Transfer loss and copyright theft are all part of this. To claim that such losses then entitle one to regulate these cyber pathways is about as nakedly imperialistic an argument as the great European powers used to justify their land-grabs in response to any law and order situation in the 19th century. It is critical that the information age does not turn into an age of ‘digital imperialism’.

So, if governments and corporates don’t decide the rules, who does? The reality is that no corporate house or government has the organisational nimbleness to lay the rules here — technology’s moving too fast for that. Technology is both the problem and the solution. Just as every virus results in an antivirus and for every hack there emerges an anti-hack, technology must compete with technology and creativity must be matched by counter-creativity. Ultimately the needs of order cannot and must not be allowed to stifle creativity. Far from it, creativity must decide order.

Some forms of data do need protection though, such as security operations, banking details etc. Wonderful, so the owners and collators of such information should build their own secure parallel systems unconnected to the global commons that they are free to police, patrol and regulate as they see fit. If they want security they need to build their own infrastructure with its own fences. The commons cannot be fenced off, and neither can the property of others.

Cyberspace, however, fits into no single category — it is an intensely personal extension of one’s deepest thoughts and secrets. An extension of the mind, this makes it both private property as well as an outlet of expression, while at the same time being a global common open to everyone. Cede but a little on the right to property in this space and one loses the right to one’s freedom of expression. This debate is also the frontline between personal liberty and authoritarianism.

Every time the interests of the state and the freedom of the individual collide, the balance of the narrative in the cyber-world must lie with the individual. That is what is truly at stake here; the personal liberty of six billion people.

The writer is vice-president, Observer Research Foundation.

Original link is http://timesofindia.indiatimes.com/home/opinion/edit-page/Keep-cyberspace-free/articleshow/22493280.cms