Dr Subi Chaturvedi, Senior Public Policy Professional
There is nothing that has captured more newsprint and online space over the past month than reams and reams of written pieces calling for a better, more cohesive, resilient, and robust data privacy framework and data protection regime across the world. With a focus on protecting the public core of the internet, user privacy, and national security, the world is now looking upon all multilateral and multistakeholder bodies to fix what is now broken. At the heart of the internet lies digital trust. The events that have come to light involving Cambridge Analytica, have truly meant that the cookie does crumble and fast. Scaling up and moving fast, failing early, to scale up rapidly have long been the buzz words of the technology community; a fraternity that is closely knit. In a world where numbers, daily active users, and monthly active users translate into inflated valuations, the users are now left asking uncomfortable questions. A sharp focus is also now on creating a culture of accountability and transparency, of educating the users, of seeking consent, repeatedly, of ensuring that trust is rebuilt. For the internet to succeed and for nations and businesses to succeed this is an imperative.
Internet governance for long was understood mostly by people, as governments, governing the net, often also wrongly and interchangeably replaced with regulation of the net. Stakeholders worked in silos, and like the famous parable of the blind men and an elephant, understood internet governance as their best bits and bytes of the apple. The global community has now developed a broad understanding of internet governance, now, after over 12 years, since the iconic WSIS meeting in Tunis in 2005, as all the evolving policies and mechanisms under which the internet community’s several stakeholders arrive at decisions about the development and use of the worldwide web.
Why does the Internet matter? If you were to look at some numbers in India alone now there are over 950 million mobile connections, over 440 million internet users, and roughly over 300 million smartphones. Mobile penetration has however barely managed to touch 40 percent, which still includes many urban users with multiple connections. India now has several milestones: the highest data consumption, with rapid increase in data uptakes, after Jio rolled out commercial services on September 5, 2016, offering voice free for life and dirt-cheap data rates. The others rapidly followed suit. We now also have the second largest user base in the world of internet users, second only to China. It is a globally accepted fact that for every 10 percent increase in broadband connectivity, in developing countries the GDP can show an increase by 1 percent. This is a huge indicator and driver of economic progress and a shot in the arm for the digital economy. It is therefore now a no-brainer that all the key stakeholders, governments, private sector, intergovernmental organizations, media, academia, technical community, and the civil society need to play their rightful roles and shoulder their responsibilities in making sure that each nation can realize the true potential of the internet. As technology and the usage of the internet take rapid strides, so do the discussions and debates around how the internet should ideally be governed. On the back of increasing cyber-attacks and threats this occupies top mind space in every global leader’s strategy plans. As we move forward and become more digitally dependent, such threats and crimes are bound to snow-ball. Hence having a governance mechanism, which is light touch and responsive, is no more a matter of choice, but rather a matter of indispensability. At the same time, we need to protect the very essence of the internet – freedom, universality, interoperability, openness, permissionless innovation, and its ability to be a champion of human rights. In India, the internet is at the core of the JAM trinity and has driven financial inclusion and rapid mobile payments adoption.
Internet governance covers a range of issues – from technical and operational functions of the internet to public policy issues such as fighting cybercrime, and creating a safe and enabling space for global users of the net. Internet governance has clearly emerged as one of the top priorities in the geo-strategic battles among global powers. It is widely understood, that every world conflict has an internet-related component and there can be no international security without cyber security. The Indian government also gave a special impetus to Digital India and related areas in Budget 2018, doubling the earmarked allocation to promote artificial intelligence (AI), big data, internet of things (IoT), robotics, while also proposing to set up 5 lakh wi-fi hotspots. NITI Aayog, has also been tasked to establish a National Program to direct the government’s efforts in the area of AI toward national development. The Department of Science and Technology, will launch a national program for cyberspace with several centers of excellence being created.
The past year also saw some of the biggest global cyberthreats and attacks, like Wannacry ransomware and Petya. Therefore, it is but natural that, cyber security needs to be incorporated in every aspect of policy and planning. India is today a quintessentially digital and knowledge-based economy, with pioneering programs such as Aadhaar, MyGov, Government e-Market, DigiLocker, BharatNet, Startup India, Skill India, and Smart Cities transforming India, in ways, hitherto unfathomed. India’s ICT sector is projected to reach the USD 225 billion landmark by 2020. The startup ecosystem, which is also mostly IT and tech based, is growing rapidly in the country.
Seamless connectivity, increasing integration of telecom and technology in commerce and governance, technological advancements, have also made India the fifth most vulnerable country in the world in terms of cybersecurity breaches, as per the Internal Security Threat Report of 2017 by Symantec. As, technology and innovations evolve further, cyber crimes will evolve too and cyber criminals will also be coming up with newer and smarter ways to wreak havoc.
Key policy initiatives such as Digital India, Cashless Economy, Smart Cities, and others, hinge largely on internet-infrastructure and connectivity. Connected devices, IoT, and emerging technologies such as AI, VR, robotics, device agnostic tech solutions, etc. will further push the envelope for India becoming a truly digital economic superpower. The government has committed to equip all railway stations and trains with wi-fi, Niti Aayog to set up a national program to put in efforts in the domain of AI, Aadhar linking will be given further push, 5G adoption will be accelerated, and the Department of Telecom will support the establishment of an indigenous test bed at IIT Chennai. The budget also emphasized governments interest to invest heavily in robotics, big data, quantum computing, and the IoT. What is paramount now is – efficient and optimal internet governance and with a clear focus on cyber security – in the wake of growing incidences of ransomware, malware, etc. and the like. The recent data leak, which affected millions a week ago, puts the spotlight firmly on the vulnerabilites of nations, individuals, and businesses. A connected world with a connected home running on connected devices is as strong as the weakest link in the chain.
Data-driven innovation cannot be scaled up without adequate privacy safeguards and gaining users’ trust. Data protection and privacy need to be dealt with, at length, through wide and extensive public consultations for a complex landscape such as India. Adequate legislation after a long and wide deliberative process, coupled with an efficient implementation ecosystem is the need of the hour. Governance mechanisms such as checks and balances, rooted in principles of due and proportionate, effective grievance redressal systems, citizen’s awareness, strongly enforced light touch laws – can play a pivotal role in protecting the country from cyber security breaches and eroding digital trust.
Also, considering the scale, volume, and complexity of transactions that happen on digital platforms and the number of people involved in such trades, it may not be feasible to create an ex ante compliance system. Hence, the policy must take into account the fact, that apart from government’s intervention, organizations need to adopt best practices and demonstrate that they are accountable to their users. In developing countries, governments must incentivize business and SMEs for upgrading and adopting cyber best practicing, starting with good practices. Businesses see them as costs not value, in the long food chain. It is also upto the sector regulators to show empathy and work with business in upskilling them.
Last year cyber criminals stole information via phishing emails, watering hole attacks, and ransomware. Organizations lost cash, reputation, and sensitive information and individuals faced financial crisis due to breaches in bank accounts. Data security and privacy are growing concerns these days, be it individuals or enterprise, everyone with a device or on a network is at risk. The good news is that, most of these incidences can be prevented or at least managed, through better governance of the internet (both at policy as well as organizational levels), public–private partnerships based concerted efforts, and awareness at the end-consumer level. Consumers can better secure their environment by using two-factor authentication when conducting sensitive online transactions on their mobile devices, instead of using static passwords; observe proper security protocols when using public wi-fi networks, be cautious while conducting wireless transactions where data encryption is not there – making data vulnerable to be intercepted and misused.
Moreover, many smartphones today contain malware that consumers download unknowingly. These are often disguised as games, security patches, and other utility applications. Amalgamate it with lack of data encryption, your mobile and the sensitive information it contains, are in, for unauthorized access and misuse. Other issues include dearth of legitimate and well-crafted security software, outdated operating systems, lack of regular security updates, outdated software patches, use of unsecured wi-fi network and lack of firewalls.
The government can take steps to fight cybercrime, by launching reformative measures, come up with industry friendly policies and regulations, and upskill people and organizations as a part of the National Digital Literacy Mission. An increased investment in research and development for the digital economy and a responsive and legal framework is also the need of the hour. Organizations should also be allowed to craft their own privacy programs, based on broad principles and specific requirements, instead of prescribing privacy practices in the form of cumbersome regulatory compliances, administrative requirements, or imposing on them audit and assessment standards. The aim should be to improve internal governance mechanisms in organizations without introducing red-tapism and bureaucracy.
Organizations should also be permitted to self-regulate, but at the same time, will be held accountable for any breach of trust. A multistakeholder consultative model is best-suited for a country like India where all stakeholders can work with the government and do their bit for a safe and secure India.
Lastly, India needs an updated cyber security policy, good infrastructure, and collaboration between stakeholders to establish a secure cyberspace. Minister of Communications, Manoj Sinha emphasized on the need to adhere to the norm provided by CIGI and reinforced a global call to action for all United Nations member nations to not attack the core of the internet, even when in a state of war at the Global Conference on Cyberspace 2017. Cyber warfare driven by both state and non-state actors is no longer science fiction. And there is a clear and urgent need for a Geneva like convention at the global stage coupled with rapid investments in digital literacy and capacity building of our citizens, especially the youth and the elderly who are coming online rapidly.