Thursday, May 07, 2015

Rajya Sabha TV talking about France's New Surveillance Laws

I was on the "Big Picture" on Rajya Sabha TV talking about France's New Surveillance Laws and their Broader Implications ---

Do have a watch!

https://www.youtube.com/watch?a=&feature=youtu.be&v=auKAynCu75c&app=desktop

:)

Wednesday, April 22, 2015

Net Neutrality and Internet.org on BBC Radio

I was on BBC Radio "Click" talking about Net Neutrality and internet.org in India. Have a listen, I sound rather raspy .. ha ha.

http://www.bbc.co.uk/programmes/p02p466f

Monday, April 20, 2015

India Could Use Its Historic Free Speech Judgment to Reset Its Position on Internet Governance. Will It?

“The global can never become meaningful unless it is linked to the local,” said Ravi Shankar Prasad, India’s Information and Technology Minister, speaking at 2014’s Cyfy Internet governance conference. For India, local is a billion aspirations. Local, in 2015, implies a constituency that carries greater demographic weight than Europe and the United States combined. Local is 800 million mobile phones, 140 million smart phones and 173 million Internet connections and growing. His statement begs the question—what is going on in India?
There have been five developments that have altered India’s domestic approach to Internet policy since the Minister’s statement. A closer look at these developments could provide some insight into how India should approach international Internet policy debates.
The first development is the historic March 2015 judgment by India’s Supreme Court, whichstruck down Section 66a of India’s Information Technology Act. Section 66a, widely criticized as restricting freedom of expression online, prohibited anyone in India from sending messages using a computer or communication device that could be deemed “grossly offensive,” contained “false information,” or which could “cause annoyance or inconvenience.” This victory, championed by young lawyers and Internet activists, has emboldened not just the small expert pool of people working on Internet policy issues, but also encouraged a wider audience to start participating in Internet debates.
The immediate effect of this new wave of engagement has led to the second development: the public’s unprecedented response to a consultation paper issued by the Indian Telecom Regulatory Authority seeking comment on the regulation of over-the-top services (e.g. multimedia content like Netflix that travels over lines provided by telecoms). Much like the net neutrality debate in the United States, the debate has pitted the telecom industry and some of the larger Internet companies against smaller players and public sentiment, which favor net neutrality.
The third development is the reconsideration of the role of Internet intermediaries in India. Section 79 of the Indian IT Act requires Internet intermediaries to take down content at the behest of a third-party complaint. In light of the recent Supreme Court decision, editorials have begun to appear in leading papers pointing out that blocking, intermediary liability and freedom of expression concerns need to be further balanced to avoid abuse.
The fourth development is the government of India’s decision to use open source software for all its applications and services, in order to bring transparency to the government’s IT procurement process and tackle corruption. The government believes that the ability for anyone to modify the source code of open source software will allow the tailoring of applications to local needs, royalty free. The policy does, however, leave the door open for proprietary software should open source not be available.
The fifth development is the Indian government’s ambitious “Digital India” plan. The plan aims to ensure the delivery of e-governance services to all, build digital infrastructure to enable Internet access, create jobs, and finally, increase electronics manufacturing in India. Interestingly, the government’s press release launching the plan refers to digital infrastructure as a ‘utility’ for every citizen, specifically aimed to deliver high speed Internet to villages, enable “cradle-to-the-grave” digital identities, facilitate mobile banking, create a shareable private space on a public cloud and finally, provide cybersecurity.
Freedom of expression, network neutrality, intermediary liability, open source software and a commitment to provide digital infrastructure as a utility to citizens have all become key points in India’s digital journey. For each of these, a uniquely “Indian” model will have to be sought. The absolutist notion of online free speech held by many U.S. proponents cannot translate to India. Further, India cannot blindly adopt network neutrality rules in a market where almost eighty-five percent of its population lives in the shadow of the digital divide, and may well permit Internet providers to offer services that allow for cheap online access by exempting certain traffic from data caps, a policy known as zero-rating. For emerging countries, accessing and building digital infrastructure are pressing questions, as much as it is important of putting principles like freedom, privacy, development and diversity, among others, into practice. Despite not being a signatory to the NetMundial principles, India, in effect, seems to be building a digital society that subscribes to those very values, in its own unique ways.
Suggesting a UN Committee on Internet Related Policies to handle Internet governance, looking to the International Telecommunication Union to absorb Internet public policy issues and even refusing to officially support the NetMundial Multistakeholder outcome document will undoubtedly remain key moments in India’s international engagement on Internet issues. But it is time to move forward. India must play a leadership role in the development of global Internet policy. The government needs to respond to the demands of its citizens and reset its position on international Internet governance issues, in line with the progressive developments that have occurred at home. In essence, India should be doing a better job at linking the local to the global.

http://blogs.cfr.org/cyber/2015/04/20/india-could-use-its-historic-free-speech-judgment-to-reset-its-position-on-internet-governance-will-it/

Tuesday, March 10, 2015

The State is using the law to hide the truth

Today it is the Government vs the BBC. Tomorrow it could be the State vs people of India

YouTube is blocking the BBC documentary India’s Daughter thanks to a request by the government. The move is also in compliance with the order passed by the Delhi High Court, which has said that the video cannot be “uploaded, transmitted and published” since it could trigger law and order problems in the country.

Clearly, the Internet-savvy Indians seem to disagree with the court order. Restricting the flow of information, either by stopping broadcasts or banning physical books, is today an analogue problem. Given the porous digital borders, the government would find it difficult to block the documentary. Users will continue to upload the film, with many file names using the word ‘banned’ in the titles. Yet, the government could block entire websites like it did to restrict pro-ISIS content in 2014, invoking Section 69A of the Indian Information Technology Act 2000, which allows blocking public access to Internet content when India’s sovereignty, or public order, is threatened. The J&K government had resorted to similar measures in 2012 when it tried to stop online circulation of the controversial anti-Islamic video The Innocence of Muslims. At that time, the government used Section 5(2) of the Indian Telegraph Act, another instrument to maintain public order. Indeed, India could potentially shut down the Internet as Egypt did in 2011 when President Hosni Mubarak grew nervous of growing protests against his government.

India’s Daughters isn’t about terrorism, communal disharmony or political protest. The brutal rape it refers to had brought the country to a standstill. And now, outraged that they are not allowed to watch the documentary, Indians are using the Internet to challenge the ban.

Such public support could trigger consequences for netizens individually. Legally, under Section 66A of the Indian Information Technology Act 2000, anyone who sends an ‘offensive message’ (such as a link to the video) through communication services, causing ‘annoyance, inconvenience, danger, obstruction, insult… or ill will’ is liable to be arrested. One could face up to three years in prison and a fine.

That brings us to an interesting conundrum. Recent headlines have highlighted the face-off between the government and the BBC, which went ahead and aired the documentary in Britain. Though the BBC, a foreign media channel, will not broadcast it in India pursuant to the court order, reports suggest that the government may ‘take further action’ against the BBC for broadcasting the documentary. India might even try to restrict it from being telecast in other countries. How that will play out will be interesting. Indian court orders do not apply in the international jurisdiction. But they do here. So the next question to ask is, how will India react within its own borders and bandwidth, with its own citizens?

In India, freedom of expression is guaranteed by the Constitution, albeit with reasonable restrictions, and it is not a right that ought to be restricted so easily. Unfortunately, in our democracy, the unfolding India’s Daughter incident certainly feels like yet another instance of hiding the truth behind the law. Resorting to a ban puts a positively active and engaged citizenry highly susceptible to arrests. Are these the fights we want to fight?

Mahima Kaul is head, Cyber and Media Initiative at the Observer Research Foundation, New Delhi
The views expressed by the author are personal


http://www.hindustantimes.com/analysis/documentary-ban-the-state-is-using-the-law-to-hide-the-truth/article1-1324528.aspx

Tuesday, February 24, 2015

New digital age and importance of privacy of data

Privacy should not be limited to headline grabbing revelations about surveillance, Snowden and Sony; these conversations need to be mainstreamed to every citizen-consumer.

A few months ago, I was invited to sit on a jury looking at innovative uses of social media platforms and community-oriented apps. The awards criteria included originality, implementation, scalability and impact. The ideas ranged from community based apps that serve as a local Google to online campaigns asking netizens to share their experiences

about sensitive issues. While I returned feeling very hopeful about the positive potential of the internet, there was a nagging feeling that something was missing. The issue of privacy, so very central to the "high brow" conversations we have around the internet, had simply not been addressed in this initiative.

The central business model of the internet is data collection, and much rides on the successful analysis and use of that data. Its growing importance can be gauged from the fact that today "big data" is an industry in itself. It is no wonder that questions of privacy of the data that users are supplying (often inadvertently) are rising to the fore. Globally, the terms of service between consumer and developer are in the spotlight; often users have no idea the degree of personal information they are signing away with a simple click. Worse, is the lack of understanding about privacy concerns in the internet age - which part of your data legitimately belongs to these companies whose services you are using, and what are they attempting to claim ownership over? Will these companies share this data with the government? Are they going through your hard drive and contact list? Who will they sell your data to and will they anonymise it before selling it? Will you be informed of a data breach?

Flagging these concerns in India today can avoid a lot of complications later, and certainly lessons can be drawn from societies who have been through similar experiences. The myth of techno utopia has been around since the early 1990s, when there was hope in the US that new technology would bring universal wealth, enhanced freedom, revitalise politics, and satisfy community and personal fulfillment. Is this true of India today? Consider how the internet is sold to the average Indian - from the wonderful ways in which an internet search can add value to your life, or multiple safety solutions for women which ask them to blithely allow these apps to track their location and movements. Google CEO Eric Schmidt was not wrong when he told the audience at the World Economic Forum at Davos that the internet would simply disappear into the background as it will become so common - a recent report revealed that millions all over the world did not even realise they were using the "internet" when they were using Facebook!

"Code is law" - the idea which Lawrence Lessig fielded in 1999 - believes that it is the code of the software and hardware we use that will determine how much privacy, free speech, anonymity and individual control we are afforded. This certainly rings true today as well, especially in a country like India where we are still operating in the shadow of concepts like privacy, data security and certainly data collection. Unless the apps, platforms and websites being developed and disseminated in India are held to a higher standard - even as they win awards for popularity and sustainability - a billion Indians will find themselves at the short end of the stick due to the proliferation of the uncritical use of these technologies. Are start-up competitions, innovation and entrepreneur funding, and even technology journalists addressing this crucial issue? Are they helping to implement the privacy provisions to India’s Information Technology Act and rules? Look for yourself: Do any of the tech forums seem to betray this concern?

The internet is growing faster than we realise - the internet of people is giving way to the internet of things. Voice-controlled televisions that can "listen" to your information and share with third parties, and weighing scales which could sync your information with your phone, laptop and cloud through your home Wi-Fi network. Before we buy into the vision of a new digital age, one in which technology will save us, let the buyer beware. Is it completely unimaginable in India that our online identities could be linked to a digital "profile" culled from information gathered from digital wallets, websites, and social media chatter?

It’s time developers, funders and users alike start paying more attention to the privacy implications of the techno-utopia they are so eager to participate in.


www.dailyo.in/scitech/why-developers-and-users-need-to-pay-more-attention-to-privacy/story/1/2139.html

Tuesday, January 27, 2015

Book Review – “The Electronic Silk Road: How the Web Binds the World Together in Commerce”

The argument for an electronic silk road, promoting free trade and by extension, harmonious global values and laws, is an inherently appealing idea to all digital natives used to an ‘open web’ experience. Dr Anupam Chander, himself a product of parents who migrated from India to the US in search of a better life, expertly lays bare the changes in global trade patterns – and the resulting complications – in his book ‘The Electronic Silk Road: How the Web Binds the World Together in Commerce,’ released in 2014 in South Asia. Aside from the easy narrative exploring complicated developments, Chander’s book is especially pertinent for an Indian audience, looking to profit off this free trade, often without reading the fine print.

The promise of Trade 2.0 is enormous, begins Chander, but he quickly delves into the real world complications that arise out of these new exchanges. Unlike with goods trade, where a well-defined port of entry and exit serves as points for regulation and new jurisdictions, digital exchanges of services, prove to be far trickier. He raises a metaphysical question: where does an event in cyberspace occur? Simply put, whose jurisdiction extends to these digital transactions – the region where the company providing the services is registered, or the region where these services are consumed?

The real-life examples of the ‘pirates of cyberspace’ are easier understood. For example, the gambling sites operating out of Antigua, where it is legal, were sorely contested in the USA, where, for the most part gambling is illegal. This particular case went to the WTO where the gambling sites argued that they were simply providing entertainment services while the US argued that this sort of activity would promote fraud, money laundering and underage gambling. The WTO sided with the US. Another case, familiar to most young people, is of the file-sharing site, The Pirate Bay, which is under constant legal threat from copyright holders because of the “illegal” downloading of materials that include movies and music. The founders have even been convicted of copyright infringement under Swedish law, and have since moved their domain name from .org to the Swedish address .se to avoid the risk of seizure of their domain name by the US authorities.

 This move too, speaks to the parallel jurisdictions that exist in cyberspace, complicating its ‘free flow.’ In fact, the domain name system is described by Chander as ‘choke point’ in an essentially end-to-end system. What this means is that the body that sets rule for domain names, Internet Corporation for Assigned Names and Numbers, ICANN, can function as an otherwise elusive chokepoint for domain registries such as .com, .net and others. However, this privately held body has so far only chosen to apply its authority on behalf of trademark holders. The recent bitter fights over who would be granted the domain of .vine and .wine saw France lash out against ICANN, and India too expressed its concerns at private companies being awarded domains like .indian and .ram, for fear they could be misused. Another ‘choke point’ is the root server, which serves as the registry for domain names. Who maintains these is a pertinent question. For example, VeriSign maintains the .com and .net root servers, and is based in Virginia, USA. Therefore, that is where its jurisdiction lies. More recently, some root servers have been distributed across multiple jurisdictions, making it harder to locate and attack. However, keeping these root servers under one authority such as ICANN is seen as crucial to many, as it allows web users based in different countries to ‘talk’ to each other. While countries can create a parallel internet system, as China and Russia have done, it would mean that users across the world would have to modify their computers to point to the alternative DNS rather than ICANN DNS. This is seen as a serious affront to the seamless nature of the current, dominant, internet experience.

 Ultimately, the book is an examination of trade and law, and its new avatars in the cyber realm. A new global division of labour – where US legal documents are being prepped by lawyers based in India, and phone calls to big American companies are being answered by Filipino workers – also means countries will display protectionist behavior. For example, in the light of increasing medical images review (including radiology)moving from the US workforce to India, the US Congress restricted Medicare reimbursements for services that were subcontracted to providers located outside the country. This dichotomy between wanting free trade but protecting ones country from the same has come up during Trade 1.0 and continues to be a theme in Trade 2.0

 Chander also flags newer scenarios that are emerging. For example, ‘cloud computing’ is essentially the act of ‘moving a computer service to remote computers, typically with the user both largely unaware of the jurisdiction or jurisdictions from which the service is actually supplied.’ This is important. For companies such as Google, the cloud exists across various techno-legal-economic jurisdictions, which he fears could become a ‘legal black hole’.

 The legal aspects of this new silk road,and how they should be shaped, form the crux of Chander’s book. After going into some detail about one of the biggest companies to exist thanks to the internet – cheekily called Facebookistan due to its billion citizens – Chander quotes founder Mark Zuckerberg acknowledging its special role: “We exist at the intersection of technology and social issues.” But what has this meant? Differing privacy standards across the world, where facial recognition features might not be welcome in some regions as they are in others; differing free speech environments where governments might want to step in to censor content their believe is inflammatory; and different regulatory climate with some states moving to tax Facebook on its growing advertising revenues.

 What does this lead up to? A few steps are outlined by Chanderto ensure trade across cyberspace remains ‘free’. The first is legal glocalization – where sites are localized to conform to varying rules in different jurisdictions. However, Chandertempers this suggestion, warning that excessive interventions will hamper the worldwide nature of the web. This scenario harks back to an earlier question – whose law applies? The choices here are the following: country of origin; country of reception; UN or a treaty-based law; self-regulation by the private companies involved and finally, user-based regulation. There are problems with each scenario. The country of origin suggestion might spark what is called a ‘race to the bottom’ with companies trying to register themselves in places with minimal regulation. An international treaty seems difficult, given that speech, privacy, defamation and a few other concepts are difficult to create consensus around. The country of reception principle would make it very difficult for corporates trying to enter many different markets, and both regulation by users and/or the companies themselves might lead to problems later, given that consumers often lack knowledge about the services they use. All these problems lead Chander to suggest adopting the principle of ‘harmonization’ where one should imagine a regulatory ‘race to the top’; with regulatory competition among countries leading to a global welfare-maximizing ideal. This, coupled with companies abiding by the ‘do-no-wrong’ principle – for example, not assisting authoritarian regimes to suppress free speech and human rights –would help countries across the world reach their goal to manage overlapping jurisdictional authority. Courts could decide on applicable jurisdiction according to the state with the closest connection to the dispute. The creation of international standards and the increasing difficulty of enforcing differences would, according to Chander, encourage the emergence of global best practices.

 Chander’s book is a knowledgeable and a timely intervention in a world increasingly relying on the information society to move it forward. India too, speaks the language of ‘Digital India’ and everywhere one looks e-commerce websites are capturing the public imagination. Start-ups are the order of the day; complementing the already established IT services industries. Global commerce is changing the world, and the internet is now termed a ‘global commons’ – it has achieved as much importance as the seas and space! In this scenario, some of India’s own unique problems in this domain are addressed by this book: that of jurisdiction over transnational data flows. In the past, Indian ministers have offered the opinion that jurisdiction should extent to the country of reception. Currently, India is exploring the idea that data flows originating and ending in one jurisdiction should only be routed through that country, and not through international servers. This does not address the problem of jurisdiction of international data flows, but it is a start. Further, India believes that the routing of internet traffic and their numbering need not be carried out by a private body such as ICANN, but that the role can be shared by governments under bodies such as the International Telecommunications Union. These are suggestions on the table, but strike at the heart of the debates being carried out about the future of the internet – which is also the future of international trade.

 There is only one weak point in the book. Chander wonders if international trade law could encourage political freedom around the world. Human rights in cyberspace do end up in debates about not the production, but the consumption of knowledge. Many in the West want the internet to adopt common values of free expression. Yet, this can often be the point of departure for many countries. Some are authoritarian and want to impose censorship. Others, and India can fall into that category, is not interested in foreign elements dictating national policy. This is the reason why foreign funded bodies often come under the scanner in India. The argument is tricky, and opens up more questions than what this book seeks to answer.

 Ultimately, Chander’s informative book engages the reader. It is recommended for those who want to peek into the nuts and bolts of the internet, understand the application of the law that guides it, and finally, follow the smell of money!

 The author heads the Cyber and Media Initiative at the Observer Research Foundation.

Tuesday, October 21, 2014

ORF-Heritage Report: Indo-US Cooperation on Internet Governance and Cybersecurity



State Responsibility in the Cyber Commons: Deepening the India-US Relationship

MAHIMA KAUL

Two countries which share so many common values―democracy, rule of law, freedom of expression, liberty, multiculturalism, freedom of religion―have not yet been able to operationalise a strategic partnership that would define the 21st century. That ‘big idea’, which could form the basis for the next phase of the US-India relationship, has seemed elusive. Strategic thinker C. Raja Mohan suggested in 2010 that this need not be the case, and the basis of this partnership could be protection of the global commons―the oceans, air, outer space and cyberspace. In the backdrop of the instability of these commons, and the growing pressure on the US’s ability to secure these spaces, Raja Mohan maintained that since free flow of information and trade across the global commons is vital for both economies, India could serve as a natural ally for the US.[1] Admittedly, this is not an easy task, especially in the cyber domain. Misapprehensions about US dominance, its capabilities and intent as revealed by the Edward Snowden disclosures, cast a shadow over common areas of interest. Yet, both countries seem to understand there is much to be gained from closer collaboration, especially given the increasing intensity of threats to their digital boundaries and the state’s responsibility for controlling the proliferation of such activities.

Globally, accusations citing cyber attacks from across borders are becoming increasingly common. In fact, many countries which have been vocal about being victims of cyber attacks, have been at times perpetrators themselves. For example, the United States, which in May 2014, indicted members of the Chinese military for engaging in acts of hacking and spying on US businesses and entities, has itself been accused of launching the virus Stuxnet in 2010 (in collaboration with Israel) on Iran’s nuclear centrifuges, destroying one-fifth of them. And in turn, Iran has been accused of ‘non-stop cyber attacks’ on major computer systems in Israel.[2] There is also the 2014 case of Russian hackers attacking US bank J.P. Morgan and stealing sensitive data to sell in the global black market. Some analysts suggest that these actions are in retaliation to Western economic sanctions against Russia. Therefore some common, global understanding of the rules of state behaviour in cyberspace is needed.

Currently, under Article 51 of the UN Charter, states, individually or collectively, have the right to defend themselves against an ‘armed attack’ in cyberspace.[3] There is much work being done in the area of international law to understand the terms ‘armed act,’ ‘acts of aggression’ and ‘force’ when they relate to the cyber world, as there is no international consensus on the issue. As witnessed in the US case, acts of espionage (which have been attributed to a state, in this case China) fall short of a cyber attack, but are still considered to have significant consequences on the economy. Under these circumstances, and others that have preceded it, the global conversation has been veering towards chalking out rules of cyberspace.

Two schools of thought have emerged. The first is a solution put forward by China, Russia and a few other countries: have an international code of conduct with a view to protecting information security. This has been formalised in the Eurasian grouping called the Shanghai Cooperation Organisation (SCO). The members are China, Russia, Uzbekistan and Tajikistan, among others. India has observer status at the SCO and is up for full membership. Their 2009 Yekaterinburg Declaration stated: “The SCO member states stress the significance of the issue of ensuring international information security as one of the key elements of the common system of international security.” In 2013, Russia and China submitted an ‘International Code of Conduct for Information Security’ to the UN.[4] The code dwells on information security in a few parts, including “…curbing the dissemination of information that incites terrorism, secessionism or extremism or that undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment.”

This is the point of departure for many other nations, which are less concerned with ‘information security,’ often seen as securitisation of free speech. Instead, they prefer to focus on ‘network security’―that is, keeping the critical resources that keep cyberspace functioning, protected. This is also the stated point of view of the US. To that end, some experts have pointed out that countries should share, to some extent, their military doctrines on how they will use cyber techniques for offensive purposes to achieve international stability in cyberspace.[5]
This also leads to the very pertinent question of what constitutes an act of war in cyberspace. Here, an argument has been made for the international community to set ‘norms’, to shape behaviour and limit conflict in cyberspace. This view has been worked on at the United Nation’s Group of Governmental Experts meetings, and has included the US and its NATO allies, India and even China. The report of the third meeting of the GGE in June 2013 concluded that “international law and in particular the United Nations Charter, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible ICT environment.”[6] The non-binding exercise seeks to derive norms from existing laws. It also says that states must meet their international obligations regarding wrongful acts attributable to them. States must not use proxies to commit internationally wrongful acts. States should seek to ensure that their territories are not used by non-state actors for unlawful use of information and communications technologies (ICTs).
Presently, the Tallinn Manual, produced by the NATO in 2013, seeks to examine how existing international norms apply to cyber ‘warfare’. It states in Rule 11 that “a cyber operation constitutes a use of force when its scale and effects are comparable to non-cyber operations rising to the level of a use of force.” These operations are to be measured taking into account a variety of factors: severity, immediacy, directness, invasiveness, measurability of effects, military character of the cyber operation, the extent of state involvement, and presumptive legality.[7]
However, some experts have criticised its narrow view of state responsibility, saying that it gives the initiative to attackers, sending the message that huge numbers of cyber-intrusions are possible with impunity. The question they ask is whether this encourages cyber-aggressive states to push the envelope[8]. The growing concern is understandably protection of their critical infrastructure, which is vulnerable to cyber attacks from all quarters. This is a concern for the US and India alike.

The reality is that even if digital forensics could trace the origin of a cyber attack, it can be extremely difficult to get states to even acknowledge there is non-state activity emanating from their territories. Indian security experts feel that in some cases, there will be a genuine lack of capacity to control cyber events on one’s soil; in other cases, some states could deliberately build ambiguity to mask their role. Another question worth considering is whether the state is complicit in a cyber attack, either by financial or other forms of assistance.

Offline, India’s own experience with Pakistan, while trying to control international terrorism, has not been very positive. The country maintains plausible deniability about its support to terror groups operating in Afghanistan and India, and the international system has been unable to compel Pakistan to change its behaviour.[9] Add to this scenario a statement made by India’s Minister for Communications and Information Technology to the Indian Parliament in July 2014: cyber attacks on India originate in the UAE, Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the US.[10]

The question then, for India and the US, is how the global governance regime can induce other states to reduce threats from within their borders. Norms that constrain cyber attacks is one strategy. This is also where their ‘big idea’―of protecting the cyber commons―could, in part, be met with another strategy. Closer cooperation for technological solutions will complement the political solutions. Knowledge exchanges between their Computer Emergency Response Teams (CERTs), war games, educational, scientific and research cooperation, and other safeguards could help build formidable digital borders that rogue states and groups would not want to risk infiltrating.

Cooperation also includes strengthening the India-US Counter Terrorism Initiative, established in 2009, which is continuing through India-US strategic dialogue meets. However, there are some bottlenecks that need to be ironed out. As was visible in the investigations that followed the horrific November 2008 terror attacks, fissures can crop up between intelligence agencies of the two countries. At first, Indian intelligence agencies cried foul saying the US had not shared information about terrorist David Headley with them. Later, India’s limited access to Headley revealed how much these information exchanges are susceptible to sovereign immunities. Both countries need to make a definite push to fix national legislation in order to share data about terrorist activities, unhindered by domestic laws. This is essential to safeguard the growing digital partnership.

Closer cooperation on digital forensics―and identifying the source of attacks―would, in the longer term, help simplify the application of international law in cyberspace. It would also provide a much-needed deterrent to states indulging in economic espionage and cyber crimes. A framework of cooperation is the order of the day to keep the networks both countries so heavily rely on stable and secure.



[1] C Raja Mohan, “India, the United States and the Global Commons.” Centre for a New American Security. October 2010, at  http://www.cnas.org/files/documents/publications/CNAS_IndiatheUnitedStatesandtheGlobalCommons_Mohan.pdf.

[2]Iran ups cyber attacks on Israeli computers: Netanyahu”, Reuters, June 9, 2013, at http://www.reuters.com/article/2013/06/09/us-israel-iran-cyber-idUSBRE95808H20130609.

[3] UN Charter, ‘Chapter Vii: Action With Respect To Threats To The Peace, Breaches Of The Peace, And Acts Of Aggression,‘ Article 51, at http://www.un.org/en/documents/charter/chapter7.shtml.

[4] International code of conduct for information security. UNGA, 66th Session, Item 93 on Provisional Agenda, at http://www.rusemb.org.uk/data/doc/internationalcodeeng.pdf.
[5] Jim Lewis, “Multilateral Agreements to Constrain Cyberspace,” Arms Control Today, June 2010.
[6] Report of the Group of Governmental Experts on Development in the Field of Information and Telecommunication in the Context of International Security, submitted to the UN General Assembly 68th Session, June 24, 2013.
[7] Michael N. Schmitt, Tallinn Manual on the International Law Applicable to Cyber Warfare, ed. Michael N. Schmitt (Cambridge: Cambridge University Press, 2013), 13.
[8] Peter Margulies, “Sovreignity and Cyber Attacks: Technology’s Challenge to the Law of State Responsibility,” 2013, Melbourne Journal of International Law, Volume 14, University of Melbourne, at http://www.law.unimelb.edu.au/files/dmfile/05Margulies-Depaginated.pdf
[9] C Raja Mohan, “Negotiating Cyber Rules,” in the Cyber Debates special issue of Seminar Magazine March 2014, at: http://www.india-seminar.com/2014/655/655_c_raja_mohan.htm.
[10] Shauvik Ghosh, “Govt looks to beef up cybersecurity before Independence Day,” August 9, 2012, at http://www.livemint.com/Politics/hpNSiKsZcwu3Ldy8TslOsL/Govt-looks-to-beef-up-cybersecurity-before-Indepence-Day.html?utm_source=copy.