Wednesday, June 24, 2015

The ‘I’ in the Internet Must Also Stand for India

When the Snowden revelations brought American control over global communications into sharper relief,  the United States threw a curveball at the global Internet community. It proposed and backed a multi-stakeholder framework of governance to manage the critical logic layer of the Internet and offered to replace US oversight of key functions within the Internet Corporation for Assigned Names and Numbers (ICANN) to a body comprising all stakeholders. It was becoming apparent that while the net as we know it may well have been invented and seeded in the US, its continuing and overwhelming control of this common resource was untenable. But the US proposal was clever for two reasons. First, US corporations and US civil society groups (many funded by these corporates) are more than capable of managing core US interests even after Washington cedes control. Second, it was and is still quite improbable for a multi-stakeholder mechanism to  replace US control of the functions of the Internet Assigned Numbers Authority ( IANA), failing which the IANA transition process would continue to remain where it was. Indeed, this was precisely the outcome which loomed large as important digital nations such as India remained at a distance from this process.

Things changed dramatically on Monday when the Indian Minister for Communication and Information Technology, Ravi Shankar Prasad, in a video address to the ICANN gathering in Buenos Aires stated that, “the internet must remain plural, must be managed through a multilayered and multistakeholder system.” He added that “its strengths will lie in partnerships between like-minded nations and stakeholders, built on a platform which supports and will sustain a future of equity and innovation and collaboration and inclusion.”

Nuances in India’s stand

Even as this announcement is studied, digested and lauded, some nuances within the text need to be discussed further. First, it is clear that even as India has opted for the multistakeholder system of global governance, it is still pushing for reform of this system to ensure it becomes more plural, equitable, geographically representative and democratic. This is something the minister’s speech clearly highlighted. It is not business as usual for India and it will certainly not be business as usual for those occupying pride of place on the governance high table. This model requires greater plurality and diverse representation that will challenge much of the group thinking that dominates this sector. Prasad was categorical in his pronouncement if the subtext of his speech is properly understood. India was not merely seeking to blindly support a system of Internet governance dominated by the Atlantic countries but was seeking an imminent rebalance towards Asia.

The second message embedded within Prasad’s speech was that India is keen to engage with all forums . The fact that the Indian minister announced the policy shift at ICANN53 is a message in itself. That he is finalising his visit to ICANN in the near future is evidence of deeper engagement with a process that India had hitherto distanced itself from. The minister also alluded to something that has exercised the mind of many Indian stakeholders, that the country must host something that can match and surpass the scale and reach of the NETMundial hosted by the Brazilians. The development agenda and the framework for the digital economy that could change the lives of the ‘next billion’ must be crafted and co-developed by this billion, in their own neighbourhoods. The minister’s assertion that India will host an international conversation that will articulate India’s own motivations and objectives to the world and make the global community a partner in this mission must be understood in this vein.

The next billion

The Indian state has both committed to transforming itself through digital means and at the same time building a global system that can accommodate and allow for such a transformation. Access, Voice and Opportunity must not be more cumbersome for the ‘next billion.’ And, this also means more responsibility for the Indian government. By opting for multistakeholderism it has just signed up for a bag full of new responsibilities. The agency of the sovereign will now have to be secured by a variety of stakeholders who may be more acceptable in certain forums. The government will have to invest in building capacity among them, building greater diversity among those who participate and ensuring greater representation of these stakeholders at key Internet governance debates globally. Without this, for India and many others, the global multistakeholder system will continue to reinforce existing disparities of the real world even in the digital world.

The third significant message within the speech was the quest of India to seek partnerships with key countries and institutions. And it is here that India will be able to carve a space significantly different from others. A space that a country of the size of India needs, the room a diverse and developing democracy must have. The needs of a billion people impose a very different set of responsibilities on a political system which must deliver to remain relevant. This was a call to those on the governance high table, particularly the United States, to respond adequately to the Indian overture. That these two countries, the largest net communities in the democratic world, must cooperate is unexceptionable, essential and inevitable. The details of this cooperation now need to be fleshed out and could be based on three key strands of association.

What the US must do

The US has long considered the free flow of information and commerce a pre-condition to a healthy global economy. India, as it digitally connects, is looking to forge the right partnerships to ensure limitless economic opportunities for its citizens. The first pillar of the India-US cyber relationship should be to ensure that their consumers and producers are able to leverage the largest English-speaking digital markets in the world. For this, they need a digital space free from encumbrances of power politics and petty policy. This would mean rationalising tax regimes, expanding Internet connectivity, settling issues of Internet jurisdiction, developing contemporary approaches to intermediary liability and operation, agreeing on data collection, data ownership and data management, privacy and freedom of expression, as well as developing an eco-system that would allow for investments in technology and infrastructure, crucial for the development of these digital markets.

A strong security partnership is the second aspect of the India-US relationship. Both countries believe strongly in the role of national governments in shepherding their societies through a host of new challenges. For both, strong nation-states lie at the centre of a multistakeholder system and, unlike European countries, neither is seeking to aggregate or dilute sovereignty. Therefore, the bilateral partnership needs to be built on a realist paradigm. From information sharing on crime, to attacks on critical infrastructure to countering terrorism, the India-US relationship can rise to become the backbone on which the Internet stands strong. For the US, this partnership should form the central ‘I’ of the Internet. For India, the US is already its chief digital interlocutor.

There should also be close collaboration on the logic layer of the Internet. Any one who understands the Internet realizes that there is a certain reality of the logic infrastructure that the Internet runs on. This is the dominance of the United States of America. Though the international community may manage ICANN or some other institutions, oversight rests with the US government alone. US courts have jurisdiction over the entities, and disputes between countries and Internet institutions are tried under US law.


The India-US relationship must deliver space to India on this front. Even as the all-important debate over how best to internationalise these institutions continues, the US must find ways to provide India the comfort that it seeks for its huge digital community. This could be by way of a bilateral deal around digital jurisdiction and territory, more Indian presence in the corporations involved with running the internet – the ‘i’ family – as well as the eventual and desirable location of a root server in India. The argument that “if we give this to India, China will want it too” is disingenuous. The US policy community continuously reminds India that it must not side with a Russia or China, as it is different and democratic. Yet, the very same community is quick to create equivalence of these countries with India when the latter seeks unique treatment.

Carving out a place for India, proportional to its growing weight in the global Internet eco-system is crucial. If this does not happen, the celebrations around India supporting a multistakeholder system may be short-lived. The security and political hawks will strike back and prevail and the Indian state will find comfort in the old methods of the last century. The US must see this message from Ravi Shankar Prasad as an opening, a new opportunity to meaningfully engage India.
Even as Washington expects India to be a net security provider in the Indo-Pacific region, the country is offering itself as a key partner in managing the cyber oceans. This moment must not be lost. India has responded favourably to the post-Snowden Internet governance proposition, The US must now reciprocate.

Samir Saran is vice president and Mahima Kaul heads the cyber and media intiative at the Observer Research Foundation

Monday, June 22, 2015

Is the time ripe for a ‘Digital Magna Carta”? Thoughts after the BBC play...

You might remember the BBC play I critiqued recently:

Some thoughts....  


Even those who have railed against the historical effectiveness of the Magna Carta at the time of its signing must concede that it introduced into society a principle which holds true and powerful till today. That ‘no free man shall be seized or imprisoned...except by the lawful judgment of his equals or by the law of the land,’ has made this document an ‘emblem of  the long struggle of people everywhere against the excesses of an arbitrary ruler’ in the 800 years of its existence. The Magna Carta, incidentally, was signed under duress. In 1215, England’s King John had to sign a peace treaty with rebellious barons who had marched against him, a situation made dire by the threat of French invasion from across the sea.

Whatever be its historical truth, its myth precedes it. Its power lies in the idea that today, hundreds of years later, it can inspire a new ‘Magna Carta’ – a document for the digital age, crafting a new social contract between the State and its citizens – and of course, the big internet companies.

To celebrate its anniversary, the BBC broadcast a radio play, set in an imagined future where a crippling cyber attack on the world’s internet network forces the G20 and the I-5 (the most internet companies in the world) to negotiate a digital Magna Carta with a small band of engineers who can save the network. There are three main clauses to this Bill of Rights: an end to the weaponization of the internet; a universal charter to govern it: one network, one law; and guaranteed rights of access to all users.

Twenty-five years since the internet, and there can be no doubt that at least 3 billion of the world’s 7 billion population have seen their lives changed drastically because of connectivity. Agenda setting for shaping this digital society is at a feverish pitch, as processes, conferences, stakeholders and consensus-documents dot the line of the global internet governance system. The Digital Bill of Rights flagged in the BBC play are not simple concepts. Weaponization of space by both state and non-state actors is rampant, with parallel processes running out of the UN, Shanghai Cooperation Organization and the ‘London Process’ to develop norms of State Behaviour in Cyberspace. Ultimately, these documents might serve to guide responsible behavior, but a complete – formal -- ban on weaponization of cyberspace seems unlikely. Consider that the closest the world has come to genuinely ridding itself of nuclear weapons is when Superman collected all nukes from around the world and threw them into the Sun in a movie in 1987!

Similarly, the idea that the internet could be governed by one broad law – and clearly an ideal law that would protect freedoms, privacy and citizens from unnecessary surveillance -- is also unlikely in the near future. Today, the internet is governed by the individual laws of nations, with serious questions being asked about which laws apply in a transnational incident, often criminal in nature, when different parties are scattered in different geographies, made further complicated by the fluid nature of data in cyberspace. Given that commerce fuels much of the growth of the internet, a move to harmonize laws across like-minded countries seems a plausible way forward, however, even business cannot account for cultural and economic peculiarities of different regions.

The final demand set forth in the play is that users be guaranteed rights of access. What might sound reasonable given that buzzwords like ‘right to internet’, ‘public utility’ and ‘digital citizenship’ dot the media, however, the ideas might not be as universal as one might imagine. After all, imbibed in the idea of guaranteed access is that free expression is a fundamental right; one not particularly backed by authoritarian countries. Even democratic countries cite law and order problems as a reason to ‘switch off’ access to the internet. In fact, a ‘right’ could be said to be borne out an understanding of what the internet means to society. Does this right to broadband pre-suppose that the internet is key to enjoy the fundamental right to free expression? Or, is it a commercial network, one of many avenues of expression, that should reach citizen-consumers through the market?

These aren’t the only clauses that might make to a ‘Digital Magna Carta’ were it to be drafted today. A project in the UK called ‘My Digital Rights’ also threw open this question to the public. Around 3000 people aged 10-18 submitted around 5000 clauses. The top clause is “The Web we want will not let companies pay to control it, and not let governments restrict our right to information,” while the 10th clause is “the Web we want will not sell our personal information and preferences for money, and will make it clearer if the company/Website intends to do so.” These might change as the project is still open.

But one thing is clear. The ‘Web’ – with all its fibre optic cables, satellites, wi-fi zones, laptops, mobile phones and other infrastructure has been endowed with a certain positive quality to be protected. The system – this network of networks – is measured by average users more by its potential to be a force for good than any downside. To achieve this, netizens want freedom from surveillance from governments who are tasked from protect them, and freedom from data collection by internet companies whose services they use, often freely. This is because their personal data – often called the ‘new oil’ indicating its value in today’s world – is the new high-value currency in the digital world. The UN Human Rights Council has taken up this subject, and special reports on the Right to Privacy as well on encryption and anonymity have been released to ensure users are afforded the protections they need to operate in this ecosystem.  And along with this, their own responsibilities (or corresponding duties to their rights) is of crucial importance too. After all, hacking, stealing, harassing, bullying, and other anti-social, often criminal activities, also emanate from actors other than governments and business.

Is the time ripe for a ‘Digital Magna Carta’ is as compelling a question as any. In the play, ‘The Great Charter’, a massive cyber attack forced the hand of the world leaders to sign a document at the insistence of a small group, much like King John was forced to sign the Magna Carta by his barons. Today, global internet governance is on a different trajectory of sorts: consensus based documents crafted by multiple stakeholders is the order of the day. It is long process, fraught with challenges, nuances, compromises and legalities, and is still missing 4 billion offline voices. But certainly a process made inclusive by access to information, remote-participation, social media engagement and the free flow of ideas.

Perhaps “we” of the web will be able to save it, after all.

Friday, June 19, 2015

CyFy Journal: The Shifting Digital Pivot Time for Smart Multilateralism*

Dear all,

The CyFy Journal, a collection of essays by current experts in the field of internet governance is out today. It has been published by ORF, in collaboration with Global Policy Journal. I am very proud to have been associated with the editorial team behind its publication and have also the opportunity to publish a piece in it, co-authored with my colleague, Samir Saran, Vice President, ORF.
The entire journal is available here:

And pasted below is my piece:

The Shifting Digital Pivot Time for Smart Multilateralism*

Samir Saran, Chair, CyFy and Vice President, Observer Research Foundation, India Mahima Kaul, Head of Cyber and Media Initiative, Observer Research Foundation, India

As a decentralised and multistakeholder global internet governance system becomes institutionalised, countries like India need to build strategies to successfully navigate the ecosystem to achieve their national goals. Pursuing a policy of ‘smart multilateralism’— which is a mixed bouquet of bilateral, multilateral and multistakeholder arrangements— suits India’s goals to carve a niche role for itself and achieve Indian exceptionalism in cyberspace. 

 It is difficult to capture the shifting power centres and discourse of global internet governance in a single sentence, paragraph or even paper. The number of countries actively engaging in this debate is increasing at a steady pace, as is the number of stakeholders. Countries like India, at the periphery of these discussions although crucial to their outcomes, are actively strategising on how to engage with a decentralised and largely multistakeholder global system that does not simply rely on the state as the key interlocutor for its citizens. Who should the state engage with, and how? Which are the focus areas where the state should take the lead, and in which layers of internet governance should it rely on ‘digital ambassadors’ from academia, civil society, the private sector and activist groups to further its national goals? How must it decide these national goals, at a time when internet governance itself is being redefined? How must the state go about creating a pool of digital ambassadors to pursue these goals?

In this paper, we examine why and how sovereignty is slowly being redefined in the global internet governance ecosystem, and suggest that adopting a strategy of ‘smart multilateralism’ is the best way forward for India to carve out a niche role for itself and secure Indian exceptionalism in cyberspace.

Competing Agendas: The New Normal

The network of networks is not only expanding with every new device connected to the internet, but is today a resource as valuable in non-material terms as it is in material terms. This growth of the global cyberspace, and by extension the cyber economy, is adding $450 billion to the global GDP every year according to McKinsey Global Institute’s report ‘Global Flows in a Digital Age.’1 It argues that the flow of goods, services and finance reached $26 trillion in 2012, or 36 percent of global GDP, 1.5 times the level in 1990. This is expected to increase to $85 trillion by 2025, three times the value in 2012. Underneath these figures is the need for data and communication to flow freely—‘connectedness.’ The lack of real world tariffs and barriers has allowed the emerging economies to participate and profit from the world economy. India is currently ranked at 30, jumping 16 spots from the previous year, in McKinsey Global Institute’s Connectedness Index 2012.2

The clear benefits of this new ‘connectedness’ have allowed corporations to earn the trust of large sections of civil society. The rise of social media has also given the consumer-citizen a voice, which is exercised vigorously. A loss of confidence in public institutions across the world has bolstered these trends. The Snowden revelations3 were a watershed moment in internet history, eroding credibility in traditional powers like the US government and opening the door for new players—other governments, businesses and civil society alike— to assume a central role in managing the internet. NETmundial, the international internet governance conference hosted by the Brazilian government soon after the Snowden revelations, is one example. It demonstrated the collective weight of civil society, and both national governments and corporations have had to pay heed to it.

Take, for example, the letter written by Cisco chief executive officer John Chambers to US President Barack Obama,4 warning that America’s technological leadership will be impaired if a fragmented internet is the result of the Snowden revelations about mass surveillance by the US government. Similar misapprehensions surfaced across the world, particularly when countries like Brazil, Germany and even India reacted strongly to the news, to the extent of considering data localisation.5 Further, Germany has announced it is ending its long-running contract with Verizon communications in 2015 over concerns that it is legally required to hand over certain information to the US National Security Agency (NSA).6

US technology companies have begun to feel the consequences, as people around the world have begun to shun them for fear of their close relationship with the US NSA. Various research has pinned losses of US technology corporations over the next few years anywhere from $35 billion to $180 billion.7 Companies like IBM and Microsoft have plans to build data centres across the globe to pre-empt any economic damage they may suffer due to the political damage that has accrued post-Snowden.8 Big multinational companies like Microsoft admit that there is now a ‘value shift’ across the global cyber market, one that the incumbents need to familiarise themselves with.9 This is of particular significance, since US soft diplomacy is often carried out through its corporations, which have become assets to them in places where the American government is unpopular.

On its part, the US government seeks to back a decentralised, multistakeholder internet governance ecosystem at the global level. Currently, the transition proposed by the Internet Corporation for Assigned Names and Numbers (ICANN) away from US government oversight to a new, non-governmental, multistakeholder body is underway. By encouraging this transition, the US government hopes to regain some of its lost credibility and also establish the current ecosystem as the dominant and stable alternative to a traditional UN based system or a US-controlled one. And while this new system certainly accommodates the growing legitimacy of many different groups and their competing interest, it does leave sovereign countries in a dilemma. How can they best leverage the current system to achieve their goals?

Sovereignty Redefined

Following the International Telecommunications Union’s plenipotentiary10 meeting in Busan, South Korea, in 2014, the official who led the United States’ delegation wrote a blog called ‘The Busan Consensus.’11 The title of this blog reveals as much as its content does. Today, the US’s preferred option for global internet governance decision-making is consensus-driven, where no single party has a veto over the process. This a direct reference to shedding the decision-making structures the UN offers, which have traditionally been a one-country-one-vote system. It may be instructive to add here that the NETmundial Outcome Statement was drafted by the multistakeholder community through a consensusbased process, and is the reason why it has global acceptability across a majority of stakeholders. For its part, ‘The Busan Consensus’ also notes with satisfaction that the International Telecommunication Union (ITU), a body under the auspices of the United Nations, is not going to become a platform to discuss internet public policy issues.

The victory is not a small one. This goal had been outlined quite clearly almost two years before the Busan meeting took place, and US diplomats and envoys travelled the world building consensus on the issue. The ITU resolutions are binding on countries in a way NETmundial is not. It was this gigantic effort made by the US that helped defeat India’s own draft resolution at the ITU plenipotentiary. India had made two suggestions: The first was that the ITU, a UN-led multilateral body, could absorb some key roles related to the critical functions of the internet because, according to the Indian proposal, the internet cannot be separated from telecommunications. The second suggestion built on the premise that regulating telecommunications is the sovereign right of states, and therefore, some features of internet governance would naturally fit into an expanded mandate of the ITU.

This final outcome might seem to be paradoxical at first glance. A move to keep global internet public policy discussions away from a platform where only sovereign countries have a vote is at the same time being claimed as a victory by a sovereign country in its quest to settle global internet governance mechanisms. The fact is that ‘The Busan Consensus’ certainly reads as an affirmation of US dominance, but it is in service of perpetuating the ‘multistakeholder’ consensus-based internet governance model that is currently the global system employed to discuss internet public policy issues. If this sounds confusing, it is because it certainly is. The current internet governance ecosystem can best be described as decentralised, with a number of platforms which range from multilateral to multistakeholder, that are each suited to discuss only particular aspects of internet governance.

What the US and some other countries have understood clearly is that governance of the internet—an entity which means different things to different stakeholders—cannot be regulated in a centralised manner. The old legacy institutions of the UN no longer carry the same weight they used to, and today are often sidelined by agreements in smaller multilateral groupings or bilateral agreements, and multistakeholder meetings.

This is how internet governance works: Those looking to regulate the internet’s technical working flock to ICANN, where engineers, diplomats, business leaders and civil society sit together, while at other forums like the Group of Governmental Experts constituted under the UN to discuss norms of state behaviour in cyberspace, only top government officials take a place at the table. Other meetings, like the Internet Governance Forum, are highly anticipated by civil society, governments and business, but produce non-binding outcomes which only carry moral weight in the internet governance world.

It would be a mistake to assume that the value of sovereignty has diminished in this new dynamic ecosystem. If anything, it has expanded to include participants in the pursuit of sovereign goals by including new stakeholders who are crucial for the growth and security of the internet ecosystem. Businesses, which predominantly own the physical infrastructure the internet is built on, and who run companies which are driving the growth of internet traffic, need to be accommodated in this discussion along with end users, civil society and the technical community, without whom innovative growth is not possible. Therefore, regulating porous digital borders from attacks, protecting the data and privacy of citizens, negotiating and helping to develop technical standards on which the internet is run, and inculcating a system of trust in this network of networks cannot be conducted on a single platform.

The nation-state must be smart and understand that consensus building with multiple stakeholders, including like-minded countries, has become the backbone on which this system is being built. Countries with big diplomatic corps and mature internet industries and civil society movements have been early adopters of the system. They are using the system to keep decision-making open and malleable, especially when it concerns core functions. Other, smaller countries have adopted issues of immediate importance to them—for example, building consensus on the norms of cyberspace—in order to build a safer cyberspace where they do not come under attack from larger powers. Emerging economies have much to gain by consensus building and some are certainly dipping their toes in the system.

For India, the assertion of sovereignty must straddle both worlds: One where governments are looking for a place in the critical resource management of the internet, and the other where other stakeholders are equally invested in the success of this enterprise and need to be accommodated in this high-stakes debate. India too must, as it is doing slowly, embrace this new digital complex. A country which has 300 million internet users (with the ‘next billion’ yet to be connected to the internet), large scale e-governance projects underway, an innovative and growing e-commerce market already generating sales of $16 billion in 2014, and is especially vulnerable to cyber threats given its scale and low-cost-low-security devices, has a unique set of issues it needs to address. The scale of India’s net population, the variety of services it seeks to supply and its social imperatives make India’s position special. Indian exceptionalism needs to be fulfilled in the internet era. What the country imperatively needs next is a strategy for the road ahead.

Smart Multilateralism

It is an unlikely scenario that India will carry the weight of a billion people in a single vote on a common platform like the UN. Such a situation is not desirable either. India cannot and should not have the same weight in internet discussions as countries with small internet populations and even smaller economies. It should take the lead in carving out rules of the road that are beneficial to the healthy growth of India’s cyberspace. The underlying question being asked here is: What is the best suitable platform for negotiations in order to achieve a positive result? Traditional multilateralism has to be tweaked to become ‘smart multilateralism’: The state must take the lead in core strategic areas of concern at platforms best suited to these discussions, while relying on other stakeholders to take the lead in other contemporary forums and institutions where the state has less sway and acceptability.

Smart multilateralism can be divided into four broad pillars. The first would be for India to institutionalise its exceptionalism through bilateral agreements with like-minded and relevant partners. Already there is momentum in India’s relationships with key countries, which can be strengthened further. In fact, bilateral agreements between countries can lead to changes in international arrangements and laws at the highest level. Take for example how the India-US nuclear deal, borne of a bilateral arrangement, is compelling the UN to change its rigid architecture. India was one of 23 founding members of the multilateral General Agreement on Tariffs and Trade arrangement, raising developing country concerns at the grouping which later grew to become the World Trade Organization, a body that today boasts of 123 signatory countries. India has far greater weight and participation at the G20 and even greater significance at the BRICS. This is because the former was a focused group created to respond to a specific economic task at hand, while the latter was made in response to an infirmity in the global governance system. Contrast this to India’s single vote—and not even a veto—at the UN. India could create a rule-making body—a new ‘Digital 20’—which could have members who are equally invested in the system. The key to success would lie in choosing the right partners, whose influence would be proportional to their ‘buy-in’ and stakes. This right mix of partners with real-world influence could come together to agree on digital norms and rules for the 21st century.

The second would be to engage with opportunities for rule making and norm shaping outside the UN. The state-led London process is one such avenue. The ICANN transition process is another. There are plenty of smaller gatherings, such as technical meetings, regional forums and high-level meetings organised by academic institutions and think-tanks, which help steer public policy thought in specific directions. These must be leveraged after careful selection. At the same time, one must add that there is still space for norm making within the UN system, most notably through the Group of Governmental Experts, which looks at shaping norms of state behaviour in cyberspace, and through interventions at the World Summit on the Information Society review meetings.

The third broad pillar to pursue is the creation of a platform that would manage and shape the discourse on managing the digital world. This is admittedly easier said than done, as the internet governance ecosystem is dotted with overlapping conferences in all parts of the world. However, not all attempts to create a platform have been successful. The recent example of a lukewarm response to the NETmundial Initiative spearheaded by ICANN, Brazil and the World Economic Forum comes to mind. Volunteers at ICANN too have complained of process fatigue. However, meetings which can take a fresh and honest look at problems from new perspectives are needed if the decentralised ecosystem is to work, and this gives emerging economies an advantage. Given that the next four billion to come online are going to be from their countries—reflecting a digital pivot to Asia—conversations crucial to the growth, freedom and security of these regions have automatically become pressing. Often, gatherings in the developing world do not reflect these concerns accurately, paying lip service to concepts like the ‘digital divide’ and ‘capacity building’ as they discuss issues important to emerging economies, such as intellectual property rights and a possible cyber arms race. This is where a country like India, representing all spectrums of the digital society—the uber-connected, the recently-connected and the completely unconnected—can present a legitimate platform to hold discussions on pertinent digital debates. Weight must be given to the platform by having the Prime Minister chair it, with the Minister for Communications and Information Technology co-convening, and it must give equal weight to the views of non-governmental stakeholders as it does to the government.

Finally, the fourth pillar must entail creating a robust multisectoral debate on the digital economy. India has already shown very positive first steps with the overwhelming response to the question of network neutrality. This engagement must be encouraged so that the resulting digital society is shaped by the concerns, suggestions and goals of the domestic stakeholders, to be then exported to global forums. One only need to look at the intermediary liability protections offered in the US’s domestic Digital Millennium Copyright Act of 1998 to understand how civil liberties groups, corporations and academics have successfully managed to fight for similar protections the world over. Not only have the European Union and other countries accepted this, Indian civil society groups too have taken up the cause of intermediary liability, drawing inspiration from what they see as successful examples like the US digital copyright act. A robust domestic debate will encourage an acknowledgement of India’s own larger goals in the global sphere, and allow it to rely on its digital ambassadors to pursue a positive agenda at platforms where the state has little influence or space.


Ultimately, there is no escaping the reality of our times. The decentralised, multistakeholder model of internet governance has broad global acceptance, even as its exact form is being worked out. The experiment at ICANN, i.e., handing over oversight of critical functions to a multistakeholder body, is an example of how this global governance system is being operationalised. Many countries around the world have openly declared their support for the multistakeholder system, including the US, the UK, the Netherlands and Brazil. Others are still learning to straddle the new system.

This is where the second reality comes into play. States will increasingly manipulate digital spaces to their advantage, and this control and manipulations will be managed through third parties, including corporations, civil society, scientists and academia. The strength of this will lie in domestic multistakeholder processes that will allow these different actors to work towards a common long-term vision of the internet, even as short-term goals may differ. The states which will succeed in meeting their broader internet policy goals in this age of ‘smart multilateralism’ will be the ones who are able to create strong partnerships with non-state stakeholders.

At the start of 2015, India’s Minister for Communications and Information Technology was famously quoted as saying that “India will decide on its internet governance model which will be consistent with the role private players play in the spread of internet and the pre-eminent role played by government in public welfare… to come up with a broad framework, we will need to consult various stakeholders.”12 This must also be the blueprint for India’s approach towards international internet governance. The objective, therefore, for India to pursue must be “how to retain agency with the government while leveraging the creative capacities outside.”13

1 James Manyika et al, “Global Flows in a Digital Age,” McKinsey Global Institute, April 2014,
2 Ibid.
3 In June 2013, Edward Snowden, a contractor working with the US National Security Agency (NSA), leaked classified documents to several media outlets around the world. The first batch of documents published revealed mass surveillance practiced by the NSA and other security agencies within the USA through programmes like PRISM and Boundless Informant. Later leaks revealed varying degrees of collusion with US agencies by foreign security agencies and private companies. Data was collected directly from fibre optic cables and through information sharing systems. As he leaked the documents, Snowden fled first to Hong Kong and then to Russia, where he remains.
4 Arik Hesseldahl, “In Letter to Obama, Cisco CEO Complains About NSA Allegations,” Re/code, May 18, 2014,
5 Jonah Force Hill, “The Growth of Data Localization Post-Snowden: Analysis and Recommendations for U.S. Policymakers and Industry Leaders,” Lawfare Research Paper Series 2, no. 3 (21 July 2014),
6 Kristin Bent, “German Government Ends Contract With Verizon Over U.S. Spying Concerns,” CRN, June 27, 2014,
7 Claire Cain Miller, “Revelations of NSA spying cost US tech companies,” The New York Times, March 21, 2014,
8 Ibid.
9 Aaron Kleiner, “Rethinking the Cyber Global Market,” Panel discussion at CyFy 2014: The India Conference on Cyber Security and Internet Governance, New Delhi, October 15-17, 2014, http://
10 The ITU Plenipotentiary Conference is the top policymaking body and supreme organ of the International Telecommunication Union. It is a meeting of ITU Member States and is held every four years. Plenipotentiary conferences adopt the underlying policies of the organisation, determine its structures and activities, establish the financial plan for the organisation and revise the Constitution and Convention when needed. They set the ITU’s general policies, adopt fouryear strategic and financial plans, and elect the senior management team of the organisation, the members of Council and the members of the Radio Regulations Board. The Plenipot is the key event at which ITU member states decide on the future role of the organisation, and determine the ITU’s position on issues such as convergence, telephone tariffs, the internet, universal service and electronic commerce.
11 Daniel Sepulveda, “The Busan Consensus,” U.S. Department of State Official Blog, November 10, 2014,
12 “India’s Internet Governance Model to Balance Public & Private Interests”, The Huffington Post, January 1, 2015, 6486234.html.
13 Samir Saran, “A Time to Lead”, The Indian Express, April 16, 2015, article/opinion/columns/a-time-to-lead/.

Wednesday, June 10, 2015

BBC Radio Play "The Great Charter"

I was lucky enough to participate in a wonderful project put together by the BBC. On the 800th anniversary of the Magna Carta (England’s King John and the country’s warring barons agreed on a peace treaty that would resolve future disputes and curb the king's power. It was called the Magna Carta – and is enshrined today as a democratic principle).

BBC Radio asked Matthew Solon to write a play - called the "The Great Charter" imagining "a scary future where civilisation as we know it is collapsing because the networks have failed. Only one man – an engineer - can bring the world back from the abyss. But there is a heavy price to pay. The Great Charter explores a range of contemporary issues such as information security and cyber-terrorism."

To reflect on some of its themes "Click" assembles a panel of experts including Matthew Solon who wrote the play, the computer scientist, Professor Dame Wendy Hall and Mahima Kaul who heads the Cyber and Media Initiative at the Observer Research Foundation in India.

Link to the actual radio play:

Link to the reflections on themes I participated in:
It was actually a very innovative and engaging idea and I really do urge you to listen to the play, and the discussion afterwards!

Monday, June 08, 2015

Strive for a Balance between Access & Price

Written for IAMAI's 'Thinking Aloud' Magazine. 

The TRAI consultation paper on Regulatory Framework for Over-the-top (OTT) services 2015, certainly revealed a few biases by asking what India could learn from ETNO or best-practices from other countries at the end of Chapter 4 on Regulatory Interventions for OTTs in Other Countries. ETNO, or the European Telecommunications Network Operators, put out a plan in 2012 to enable European telecom operators to negotiate pricing schemes with OTT providers. This included OTTs paying ‘fair compensation for traffic’, new models to provide Quality of Service, and non-interference by governments in such arrangements between the network operators and information services. The price of popularity would be settled privately, without intervention by the regulator in negotiations.

This chapter in the TRAI paper then goes onto summarize the regulatory frameworks and best practices from around the world. Briefly, these offer three distinct models: the first, offers separate regulatory regimes for communication services and non – communication services, as in the case of Germany and France. The second model is based on the use of price discrimination on traffic to ensure development of broadband infrastructure, as is followed in the UK and Korea. And finally, the third model that prescribes , a ‘fair, reasonable, and non-discriminatory’ approach to deal with regulatory issues, such as is the practice in Korea or with ETNO.

Thus, it would appear that the question seems to be asking, Should TRAI regulate OTTs or allow telecom companies to negotiate directly with OTTs service providers on the issue of charging them for growing data traffic?. Surprisingly, however, there is another model that has been spelt out in Chapter 4, but oddly, is absent from the list of Queries at the end. This is the model which the USA is attempting to chart out for themselves, i.e.: ‘bright-line rules’ for the internet which includes principles of ‘no blocking, no throttling, and no paid prioritization’ of data. In the US, ‘Reasonable Network Management’ is allowed, but the ISPs must ensure that network management have legitimate aims and are not used to provide ‘unlimited data’ or other anti-network neutrality practices.
Since the TRAI has looked to other countries for ideas and inspiration for developing an Indian model, it is fair to first examine the market that is being addressed. India has 12-15% internet penetration, with further rise expected via mobile phones. Today the country has 140 million smartphones, which are getting cheaper to buy, by the day, and 687 million GSM phones in rural areas. The internet is a vehicle of growth; outside of the acknowledged popularity of VoIP services, there is also the expectation that e-commerce will fuel internet growth as well. E-commerce generated sales of $16 billion in 2014, while overall the retail industry in India is valued at around $600 billion. Additionally, the government’s ‘Digital India’ initiative is also expected to fuel traffic; in fact, it already has in rural areas. Reports indicate that the first half of 2014 has seen 3.5 billion electronic transactions, of which 1.7 billion transactions were related to e-governance projects. 35% of these transactions came from rural areas. Broadly stated, content, commerce and e-governance will be drivers of the internet in India as much as infrastructure, availability of electricity, connectivity, access and pricing will be.

If one ignores the telecom arguments for paid prioritization and examines whether schemes like zero-rating would help promote internet penetration, a different set of questions emerge. Is it better for citizen-consumers to have access to some limited sites free of cost than to have no access at all? Can zero-rating, in some ways, be compared with “free sampling”, following which users might want to experience the larger internet? And, could paid prioritization packs be designed to become ‘Digital India’ packs, which could contain part commercial data, part news data, and part socially and locally relevant and useful data, thereby helping rural citizens to access both free content and also use e-governance apps at no cost? The answers cannot be simple, and perhaps they cannot be effectively answered by those who have no problem in paying monthly internet bills.

These questions are intriguing. A few years ago, internet users may remember, the expectation of users was that all content on the internet would be free. Some bigger brands attempted to start content-subscription based models, but actually, an advertising-based model today supports most of the freely available content. Internet users also pay for free content by surrendering their data . Ultimately, an innovative, even if a morally ambiguous model emerged, wherein consumers were connected to advertisers, which enabled ‘free’ content.

And this is when we start examining ‘free’ access that comes with its own caveat. Allowing citizen-consumers to access only certain websites for free, could over the long term, end up creating ‘walled gardens’ – a term which denotes a closed ecosystem in which the carrier or service provider has control over applications, content, and media, and restricts convenient access to non-approved applications or content. This goes against the principle of free and open qualities that have made the internet the tool it is today – an engine for economic growth and innovation. In fact, given that only those platforms which can afford to pay for prioritization would be offered for free, the entire exercise has an anti-competitive angle to it. And it must be noted that the conversation in India is looking at internet service providers breaching the network neutrality principle of ‘paid prioritization’ as opposed to a conversation about internet ‘fast lanes’ which have fuelled arguments in the US about preserving network neutrality.

If Indian ISPs were to offer varying degrees of speed to sites in a market already struggling with internet speeds, it would certainly mean that smaller and newer OTTs would be simply defeated by the internet wheel of time. Could this mean that the market leaders of today would simply institutionalize their leadership online, or could fundraising models for all future apps necessarily have to account for ‘zero-rating’ or ‘fast-lane’ charges?

So what should India do, going ahead? Create two competing versions of the internet; between those who would like to access the full spectrum of internet sites and those who would rather subscribe to digital packs which offer a few products at a zero-rating? Would this fulfill the government’s aim to achieve 50 crore internet connections by 2018, or is this what it means to have a ‘Digital India’? The Minister for Communications and IT has called the internet ‘the finest creation of human mind and it does not encounter any boundary and it does not get stopped by geography,” adding that it “must be owned by the entire mankind, not by a few.”

Perhaps, India should seek to strive for a balance between access and price, without surrendering on the network neutrality principles. Shouldn’t the telecom operators wait to see what new streams of revenues would develop for them as the internet grows in India? Shouldn’t companies be able to promote their brand in the country, but compromising on the key principles that has so far set the internet apart from other mediums of communication? And finally, shouldn’t people have a clear understanding of what the hidden costs of “free” really is, and if they are willing to pay for it?
One lakh emails to the regulator aside, this conversation is certainly not over. Ironically, what it has done is encourage 1 lakh people to engage with the bureaucracy, in a democratic system, by actually sending in their comments to the TRAI consultation paper. Now, imagine, if you didn’t even know about this because your internet pack only focused on cricket and movie songs?

Thursday, May 07, 2015

Rajya Sabha TV talking about France's New Surveillance Laws

I was on the "Big Picture" on Rajya Sabha TV talking about France's New Surveillance Laws and their Broader Implications ---

Do have a watch!


Wednesday, April 22, 2015

Net Neutrality and on BBC Radio

I was on BBC Radio "Click" talking about Net Neutrality and in India. Have a listen, I sound rather raspy .. ha ha.

Monday, April 20, 2015

India Could Use Its Historic Free Speech Judgment to Reset Its Position on Internet Governance. Will It?

“The global can never become meaningful unless it is linked to the local,” said Ravi Shankar Prasad, India’s Information and Technology Minister, speaking at 2014’s Cyfy Internet governance conference. For India, local is a billion aspirations. Local, in 2015, implies a constituency that carries greater demographic weight than Europe and the United States combined. Local is 800 million mobile phones, 140 million smart phones and 173 million Internet connections and growing. His statement begs the question—what is going on in India?
There have been five developments that have altered India’s domestic approach to Internet policy since the Minister’s statement. A closer look at these developments could provide some insight into how India should approach international Internet policy debates.
The first development is the historic March 2015 judgment by India’s Supreme Court, whichstruck down Section 66a of India’s Information Technology Act. Section 66a, widely criticized as restricting freedom of expression online, prohibited anyone in India from sending messages using a computer or communication device that could be deemed “grossly offensive,” contained “false information,” or which could “cause annoyance or inconvenience.” This victory, championed by young lawyers and Internet activists, has emboldened not just the small expert pool of people working on Internet policy issues, but also encouraged a wider audience to start participating in Internet debates.
The immediate effect of this new wave of engagement has led to the second development: the public’s unprecedented response to a consultation paper issued by the Indian Telecom Regulatory Authority seeking comment on the regulation of over-the-top services (e.g. multimedia content like Netflix that travels over lines provided by telecoms). Much like the net neutrality debate in the United States, the debate has pitted the telecom industry and some of the larger Internet companies against smaller players and public sentiment, which favor net neutrality.
The third development is the reconsideration of the role of Internet intermediaries in India. Section 79 of the Indian IT Act requires Internet intermediaries to take down content at the behest of a third-party complaint. In light of the recent Supreme Court decision, editorials have begun to appear in leading papers pointing out that blocking, intermediary liability and freedom of expression concerns need to be further balanced to avoid abuse.
The fourth development is the government of India’s decision to use open source software for all its applications and services, in order to bring transparency to the government’s IT procurement process and tackle corruption. The government believes that the ability for anyone to modify the source code of open source software will allow the tailoring of applications to local needs, royalty free. The policy does, however, leave the door open for proprietary software should open source not be available.
The fifth development is the Indian government’s ambitious “Digital India” plan. The plan aims to ensure the delivery of e-governance services to all, build digital infrastructure to enable Internet access, create jobs, and finally, increase electronics manufacturing in India. Interestingly, the government’s press release launching the plan refers to digital infrastructure as a ‘utility’ for every citizen, specifically aimed to deliver high speed Internet to villages, enable “cradle-to-the-grave” digital identities, facilitate mobile banking, create a shareable private space on a public cloud and finally, provide cybersecurity.
Freedom of expression, network neutrality, intermediary liability, open source software and a commitment to provide digital infrastructure as a utility to citizens have all become key points in India’s digital journey. For each of these, a uniquely “Indian” model will have to be sought. The absolutist notion of online free speech held by many U.S. proponents cannot translate to India. Further, India cannot blindly adopt network neutrality rules in a market where almost eighty-five percent of its population lives in the shadow of the digital divide, and may well permit Internet providers to offer services that allow for cheap online access by exempting certain traffic from data caps, a policy known as zero-rating. For emerging countries, accessing and building digital infrastructure are pressing questions, as much as it is important of putting principles like freedom, privacy, development and diversity, among others, into practice. Despite not being a signatory to the NetMundial principles, India, in effect, seems to be building a digital society that subscribes to those very values, in its own unique ways.
Suggesting a UN Committee on Internet Related Policies to handle Internet governance, looking to the International Telecommunication Union to absorb Internet public policy issues and even refusing to officially support the NetMundial Multistakeholder outcome document will undoubtedly remain key moments in India’s international engagement on Internet issues. But it is time to move forward. India must play a leadership role in the development of global Internet policy. The government needs to respond to the demands of its citizens and reset its position on international Internet governance issues, in line with the progressive developments that have occurred at home. In essence, India should be doing a better job at linking the local to the global.

Tuesday, March 10, 2015

The State is using the law to hide the truth

Today it is the Government vs the BBC. Tomorrow it could be the State vs people of India

YouTube is blocking the BBC documentary India’s Daughter thanks to a request by the government. The move is also in compliance with the order passed by the Delhi High Court, which has said that the video cannot be “uploaded, transmitted and published” since it could trigger law and order problems in the country.

Clearly, the Internet-savvy Indians seem to disagree with the court order. Restricting the flow of information, either by stopping broadcasts or banning physical books, is today an analogue problem. Given the porous digital borders, the government would find it difficult to block the documentary. Users will continue to upload the film, with many file names using the word ‘banned’ in the titles. Yet, the government could block entire websites like it did to restrict pro-ISIS content in 2014, invoking Section 69A of the Indian Information Technology Act 2000, which allows blocking public access to Internet content when India’s sovereignty, or public order, is threatened. The J&K government had resorted to similar measures in 2012 when it tried to stop online circulation of the controversial anti-Islamic video The Innocence of Muslims. At that time, the government used Section 5(2) of the Indian Telegraph Act, another instrument to maintain public order. Indeed, India could potentially shut down the Internet as Egypt did in 2011 when President Hosni Mubarak grew nervous of growing protests against his government.

India’s Daughters isn’t about terrorism, communal disharmony or political protest. The brutal rape it refers to had brought the country to a standstill. And now, outraged that they are not allowed to watch the documentary, Indians are using the Internet to challenge the ban.

Such public support could trigger consequences for netizens individually. Legally, under Section 66A of the Indian Information Technology Act 2000, anyone who sends an ‘offensive message’ (such as a link to the video) through communication services, causing ‘annoyance, inconvenience, danger, obstruction, insult… or ill will’ is liable to be arrested. One could face up to three years in prison and a fine.

That brings us to an interesting conundrum. Recent headlines have highlighted the face-off between the government and the BBC, which went ahead and aired the documentary in Britain. Though the BBC, a foreign media channel, will not broadcast it in India pursuant to the court order, reports suggest that the government may ‘take further action’ against the BBC for broadcasting the documentary. India might even try to restrict it from being telecast in other countries. How that will play out will be interesting. Indian court orders do not apply in the international jurisdiction. But they do here. So the next question to ask is, how will India react within its own borders and bandwidth, with its own citizens?

In India, freedom of expression is guaranteed by the Constitution, albeit with reasonable restrictions, and it is not a right that ought to be restricted so easily. Unfortunately, in our democracy, the unfolding India’s Daughter incident certainly feels like yet another instance of hiding the truth behind the law. Resorting to a ban puts a positively active and engaged citizenry highly susceptible to arrests. Are these the fights we want to fight?

Mahima Kaul is head, Cyber and Media Initiative at the Observer Research Foundation, New Delhi
The views expressed by the author are personal

Tuesday, February 24, 2015

New digital age and importance of privacy of data

Privacy should not be limited to headline grabbing revelations about surveillance, Snowden and Sony; these conversations need to be mainstreamed to every citizen-consumer.

A few months ago, I was invited to sit on a jury looking at innovative uses of social media platforms and community-oriented apps. The awards criteria included originality, implementation, scalability and impact. The ideas ranged from community based apps that serve as a local Google to online campaigns asking netizens to share their experiences

about sensitive issues. While I returned feeling very hopeful about the positive potential of the internet, there was a nagging feeling that something was missing. The issue of privacy, so very central to the "high brow" conversations we have around the internet, had simply not been addressed in this initiative.

The central business model of the internet is data collection, and much rides on the successful analysis and use of that data. Its growing importance can be gauged from the fact that today "big data" is an industry in itself. It is no wonder that questions of privacy of the data that users are supplying (often inadvertently) are rising to the fore. Globally, the terms of service between consumer and developer are in the spotlight; often users have no idea the degree of personal information they are signing away with a simple click. Worse, is the lack of understanding about privacy concerns in the internet age - which part of your data legitimately belongs to these companies whose services you are using, and what are they attempting to claim ownership over? Will these companies share this data with the government? Are they going through your hard drive and contact list? Who will they sell your data to and will they anonymise it before selling it? Will you be informed of a data breach?

Flagging these concerns in India today can avoid a lot of complications later, and certainly lessons can be drawn from societies who have been through similar experiences. The myth of techno utopia has been around since the early 1990s, when there was hope in the US that new technology would bring universal wealth, enhanced freedom, revitalise politics, and satisfy community and personal fulfillment. Is this true of India today? Consider how the internet is sold to the average Indian - from the wonderful ways in which an internet search can add value to your life, or multiple safety solutions for women which ask them to blithely allow these apps to track their location and movements. Google CEO Eric Schmidt was not wrong when he told the audience at the World Economic Forum at Davos that the internet would simply disappear into the background as it will become so common - a recent report revealed that millions all over the world did not even realise they were using the "internet" when they were using Facebook!

"Code is law" - the idea which Lawrence Lessig fielded in 1999 - believes that it is the code of the software and hardware we use that will determine how much privacy, free speech, anonymity and individual control we are afforded. This certainly rings true today as well, especially in a country like India where we are still operating in the shadow of concepts like privacy, data security and certainly data collection. Unless the apps, platforms and websites being developed and disseminated in India are held to a higher standard - even as they win awards for popularity and sustainability - a billion Indians will find themselves at the short end of the stick due to the proliferation of the uncritical use of these technologies. Are start-up competitions, innovation and entrepreneur funding, and even technology journalists addressing this crucial issue? Are they helping to implement the privacy provisions to India’s Information Technology Act and rules? Look for yourself: Do any of the tech forums seem to betray this concern?

The internet is growing faster than we realise - the internet of people is giving way to the internet of things. Voice-controlled televisions that can "listen" to your information and share with third parties, and weighing scales which could sync your information with your phone, laptop and cloud through your home Wi-Fi network. Before we buy into the vision of a new digital age, one in which technology will save us, let the buyer beware. Is it completely unimaginable in India that our online identities could be linked to a digital "profile" culled from information gathered from digital wallets, websites, and social media chatter?

It’s time developers, funders and users alike start paying more attention to the privacy implications of the techno-utopia they are so eager to participate in.

Tuesday, January 27, 2015

Book Review – “The Electronic Silk Road: How the Web Binds the World Together in Commerce”

The argument for an electronic silk road, promoting free trade and by extension, harmonious global values and laws, is an inherently appealing idea to all digital natives used to an ‘open web’ experience. Dr Anupam Chander, himself a product of parents who migrated from India to the US in search of a better life, expertly lays bare the changes in global trade patterns – and the resulting complications – in his book ‘The Electronic Silk Road: How the Web Binds the World Together in Commerce,’ released in 2014 in South Asia. Aside from the easy narrative exploring complicated developments, Chander’s book is especially pertinent for an Indian audience, looking to profit off this free trade, often without reading the fine print.

The promise of Trade 2.0 is enormous, begins Chander, but he quickly delves into the real world complications that arise out of these new exchanges. Unlike with goods trade, where a well-defined port of entry and exit serves as points for regulation and new jurisdictions, digital exchanges of services, prove to be far trickier. He raises a metaphysical question: where does an event in cyberspace occur? Simply put, whose jurisdiction extends to these digital transactions – the region where the company providing the services is registered, or the region where these services are consumed?

The real-life examples of the ‘pirates of cyberspace’ are easier understood. For example, the gambling sites operating out of Antigua, where it is legal, were sorely contested in the USA, where, for the most part gambling is illegal. This particular case went to the WTO where the gambling sites argued that they were simply providing entertainment services while the US argued that this sort of activity would promote fraud, money laundering and underage gambling. The WTO sided with the US. Another case, familiar to most young people, is of the file-sharing site, The Pirate Bay, which is under constant legal threat from copyright holders because of the “illegal” downloading of materials that include movies and music. The founders have even been convicted of copyright infringement under Swedish law, and have since moved their domain name from .org to the Swedish address .se to avoid the risk of seizure of their domain name by the US authorities.

 This move too, speaks to the parallel jurisdictions that exist in cyberspace, complicating its ‘free flow.’ In fact, the domain name system is described by Chander as ‘choke point’ in an essentially end-to-end system. What this means is that the body that sets rule for domain names, Internet Corporation for Assigned Names and Numbers, ICANN, can function as an otherwise elusive chokepoint for domain registries such as .com, .net and others. However, this privately held body has so far only chosen to apply its authority on behalf of trademark holders. The recent bitter fights over who would be granted the domain of .vine and .wine saw France lash out against ICANN, and India too expressed its concerns at private companies being awarded domains like .indian and .ram, for fear they could be misused. Another ‘choke point’ is the root server, which serves as the registry for domain names. Who maintains these is a pertinent question. For example, VeriSign maintains the .com and .net root servers, and is based in Virginia, USA. Therefore, that is where its jurisdiction lies. More recently, some root servers have been distributed across multiple jurisdictions, making it harder to locate and attack. However, keeping these root servers under one authority such as ICANN is seen as crucial to many, as it allows web users based in different countries to ‘talk’ to each other. While countries can create a parallel internet system, as China and Russia have done, it would mean that users across the world would have to modify their computers to point to the alternative DNS rather than ICANN DNS. This is seen as a serious affront to the seamless nature of the current, dominant, internet experience.

 Ultimately, the book is an examination of trade and law, and its new avatars in the cyber realm. A new global division of labour – where US legal documents are being prepped by lawyers based in India, and phone calls to big American companies are being answered by Filipino workers – also means countries will display protectionist behavior. For example, in the light of increasing medical images review (including radiology)moving from the US workforce to India, the US Congress restricted Medicare reimbursements for services that were subcontracted to providers located outside the country. This dichotomy between wanting free trade but protecting ones country from the same has come up during Trade 1.0 and continues to be a theme in Trade 2.0

 Chander also flags newer scenarios that are emerging. For example, ‘cloud computing’ is essentially the act of ‘moving a computer service to remote computers, typically with the user both largely unaware of the jurisdiction or jurisdictions from which the service is actually supplied.’ This is important. For companies such as Google, the cloud exists across various techno-legal-economic jurisdictions, which he fears could become a ‘legal black hole’.

 The legal aspects of this new silk road,and how they should be shaped, form the crux of Chander’s book. After going into some detail about one of the biggest companies to exist thanks to the internet – cheekily called Facebookistan due to its billion citizens – Chander quotes founder Mark Zuckerberg acknowledging its special role: “We exist at the intersection of technology and social issues.” But what has this meant? Differing privacy standards across the world, where facial recognition features might not be welcome in some regions as they are in others; differing free speech environments where governments might want to step in to censor content their believe is inflammatory; and different regulatory climate with some states moving to tax Facebook on its growing advertising revenues.

 What does this lead up to? A few steps are outlined by Chanderto ensure trade across cyberspace remains ‘free’. The first is legal glocalization – where sites are localized to conform to varying rules in different jurisdictions. However, Chandertempers this suggestion, warning that excessive interventions will hamper the worldwide nature of the web. This scenario harks back to an earlier question – whose law applies? The choices here are the following: country of origin; country of reception; UN or a treaty-based law; self-regulation by the private companies involved and finally, user-based regulation. There are problems with each scenario. The country of origin suggestion might spark what is called a ‘race to the bottom’ with companies trying to register themselves in places with minimal regulation. An international treaty seems difficult, given that speech, privacy, defamation and a few other concepts are difficult to create consensus around. The country of reception principle would make it very difficult for corporates trying to enter many different markets, and both regulation by users and/or the companies themselves might lead to problems later, given that consumers often lack knowledge about the services they use. All these problems lead Chander to suggest adopting the principle of ‘harmonization’ where one should imagine a regulatory ‘race to the top’; with regulatory competition among countries leading to a global welfare-maximizing ideal. This, coupled with companies abiding by the ‘do-no-wrong’ principle – for example, not assisting authoritarian regimes to suppress free speech and human rights –would help countries across the world reach their goal to manage overlapping jurisdictional authority. Courts could decide on applicable jurisdiction according to the state with the closest connection to the dispute. The creation of international standards and the increasing difficulty of enforcing differences would, according to Chander, encourage the emergence of global best practices.

 Chander’s book is a knowledgeable and a timely intervention in a world increasingly relying on the information society to move it forward. India too, speaks the language of ‘Digital India’ and everywhere one looks e-commerce websites are capturing the public imagination. Start-ups are the order of the day; complementing the already established IT services industries. Global commerce is changing the world, and the internet is now termed a ‘global commons’ – it has achieved as much importance as the seas and space! In this scenario, some of India’s own unique problems in this domain are addressed by this book: that of jurisdiction over transnational data flows. In the past, Indian ministers have offered the opinion that jurisdiction should extent to the country of reception. Currently, India is exploring the idea that data flows originating and ending in one jurisdiction should only be routed through that country, and not through international servers. This does not address the problem of jurisdiction of international data flows, but it is a start. Further, India believes that the routing of internet traffic and their numbering need not be carried out by a private body such as ICANN, but that the role can be shared by governments under bodies such as the International Telecommunications Union. These are suggestions on the table, but strike at the heart of the debates being carried out about the future of the internet – which is also the future of international trade.

 There is only one weak point in the book. Chander wonders if international trade law could encourage political freedom around the world. Human rights in cyberspace do end up in debates about not the production, but the consumption of knowledge. Many in the West want the internet to adopt common values of free expression. Yet, this can often be the point of departure for many countries. Some are authoritarian and want to impose censorship. Others, and India can fall into that category, is not interested in foreign elements dictating national policy. This is the reason why foreign funded bodies often come under the scanner in India. The argument is tricky, and opens up more questions than what this book seeks to answer.

 Ultimately, Chander’s informative book engages the reader. It is recommended for those who want to peek into the nuts and bolts of the internet, understand the application of the law that guides it, and finally, follow the smell of money!

 The author heads the Cyber and Media Initiative at the Observer Research Foundation.