By – Divyanshu Jindal;
Speaking at an online event, India’s National Cyber Security Coordinator Lt. General Rajesh Pant recently remarked that considering the current geopolitical situation where cyberspace is becoming increasingly bipolar, India needs to decide its position. He emphasised on how the East is looking at solutions to break away from the long-standing frameworks dominated by the West, and how the West itself is now focusing on ‘non-China solutions’ to counter a revisionist China. In this context, building India’s transformation into a successful stalwart in the global cyberspace governance discourse requires immediate focus.
However, one of the key emerging concerns for India to achieve such a goal is the widening gap between the West (encompassing states like the US and Europe, and ideologically including Japan, South Korea, and Australia), and the East (Russia, China, Central Asian nations, and developing nations from Africa and Southeast Asia due to growing economic dependence on China). The ‘West’ and ‘East’ demarcations in the realm of cyberspace governance have been broadly created based on the fundamental conceptual differences the model rather than geography.
Considering recent events, India is still far from reaching a decision on taking sides in the growing bipolarity; on the contrary, India has sought to balance each side as per its national interests. India’s approach at the recently concluded ‘Summit for Democracy’ and the ‘Russia-India-China’ Foreign Minister’s meeting provide insights into the dilemma that India is facing in the cyberspace domain.
Decoding the ‘Global Cyber Divide’
The discourse on global cyberspace governance is divided between the concepts of ‘cyber security’ and ‘information security’. While the US and the western partners propound free speech and global access to information through freely flowing information across the internet, China and Russia have been at the forefront of advocating ‘information security’, which entails ‘content protection’, beyond that of ‘data protection’.
Through this approach, China and Russia have pushed for a cyberspace governance model which stresses on ‘ ‘state sovereignty’ in cyberspace. The two have also pushed this paradigm through multilateral mechanisms like the Shanghai Cooperation Organisation (SCO) and the ‘International Code of Conduct for Information Security’ proposal submitted to the United Nations General Assembly (UNGA) in 2011 with a revision in 2015. Both proposals did not receive global support due to its emphasis on a multilateral system for Internet governance, rather than a multistakeholder one, as desired by the west.
As India attained SCO’s full membership only in 2017, and was not a signatory to the proposal, it remained unclear whether India supported the two proposals.
The emphasis towards establishing the state apparatus as the primary actor in cyber space is visible in China’s ‘Great Firewall’ which allows the government to control the flow of data in Chinese cyberspace by filtering websites deemed unfit, and the 2016 ‘Yarovaya law’ in Russia which mandated the telephone and internet providers to store all communications data for six months and all metadata for three years.
While this approach is advocated to secure the national cyberspace from foreign influences and security risks, it has also helped governments to crackdown on online anonymity and suppress criticisms directed at governmental functioning and policies, thus threatening the ‘freedom of speech’ held dear by the democratic West. For its part, India has for long stood against the west-led ‘Budapest Convention’, the sole binding legal agreement on cybercrime coordinated by the Council for Europe. India argues that the convention was formulated without India’s participation. Instead, India voted in favour of the Russia-led UN resolution on cybercrime in 2019, (titled ‘Countering the use of Information and communications technologies for criminal purposes’) which aims at creating a new treaty through which nations can coordinate and share data to prevent cybercrime. Ultimately, however, India’s take on the topic remains delicately nuanced.
India’s approach has witnessed a gradual transition over the past two decades.
While India had been a supporter for a multilateral approach with primary role of governments and supporting roles of other actors like private organisations and civil society till 2015, India’s stance after 2015 tilted towards a multi-stakeholder approach which envisions active participation by non-governmental actors and civil society. However, this tilt as well has not been definite and remains unclear in absence of a concrete policy.
But clues from India’s engagement for cyber cooperation provide an insight into India’s evolving policy.
India has had a longstanding engagement with the west on cyber security. India has cooperated with the US from way back in 2002, when the two formulated the US-India Cyber Security Forum. A decade later in 2011, both signed a Cybersecurity Agreement for a closer cooperation and timely exchange of information between the cyber security related organization of their respective governments. The agreement aimed at establishing the best practices for exchange of critical cybersecurity information and expertise between the two governments.
The same year, India met for the first time with the EU, for cyber policy consultation. The mechanism was transformed to a strategic Cyber Dialogue in 2015; India and EU held the sixth version of this dialogue in 2020 and focused on identifying convergences in the diplomatic positions on future negotiations, on an open, free and secure cybersapce. The consultations also emphasised on building bridges between multiple stakeholders in European and Indian cyber diplomacy, by including non-governmental voices in the norm-building process.
Similarly, India has engaged with other nations from the west, like Australia. In 2021, India and Australia held the first Joint Working Group on Cyber Security cooperation and a senior officials’ cyber dialogue. The dialogue built upon the already existing Australia-India Framework Arrangement on Cyber and Cyber-Enabled Critical Technology Cooperation, signed an year before in 2020.
This highlights India’s focus on establishing cyber security cooperation with the western partners, while reserving room for conceptualising a separate governance approach.
In recent years, there has been an emphasis on India reaching out to various stakeholders in the global cyberspace governance, ranging from the western governments to the eastern heavyweights. India has also formulated interaction mechanisms with developing countries and tried to find consensus over a universally acceptable cyberspace governance model through multilateral institutions, groupings, and organisations like the United Nations (UN), G20, BRICS, and the SCO.
The Indian government introduced a ‘Data protection bill’ in 2019 for ‘data localisation’– requiring data generated in India to be stored on Indian territory (similar to the Russia’s Yarovaya law). However, in light of displeasure attracted from the west, especially the US (where the major tech and social media giants are based), and from India’s own ICT (Information and Communications Technology) sector as well, the proposal was stayed for more scrutiny and recommendations. The proposed bill is now under review, having been reformed by limiting the scope of requirement of data localisation to ‘sensitive data’, and is expected to make in appearance again in the coming weeks.
In a further attempt to present India’s leadership role towards a universally acceptable cyberspace governance model, India highlighted the increasingly ambiguous nature of jurisdiction of ICT infrastructure during the UN Open-Ended Working Group (OEWG)discussions in 2020 and proposed a new governance model. This model bases sovereignty on ‘ownership of data’ and advocates that the ownership of data would be that of the person who has created the data and the ‘territorial jurisdiction’ by the country which the owner belongs to, irrespective of the place where the data is stored physically.
But India’s approach does not exist in silo with the global geopolitical developments.
The joint communique of the 18th meeting of the Foreign Ministers of India, Russia and China convened on 26 November 2021 underlined the consensus among the three sides on the central coordinating role of the UN in forging common understandings area of ICTs and security. The ministers reiterated that a multi-polar and rebalanced world based on sovereign equality of nations and respect for international law which reflects the contemporary realities is required to strenghten and reform the multilateral system. The three sides also agreed that imposition of unilateral sanctions beyond those adopted by the UNSC were inconsistent with the principles of international law.
This emphasis on UN centrality sheds light on the growing complexity and divergence in consensus over cyberspace between the ‘east’ and ‘west’. The west has long used non-UN forums for consensus-building and norm formulation. Budapest Convention which stands as the lone binding treaty in cyberspace till now, stands as a glowing example of this fact. On the other hand, as states remain the primary actors at multilateral platforms like the UN (thus retaining the power to articulate on the global governance models), the ‘east’ led by China and Russia has sought consensus at already existing platform like the UN instead of new non-UN platforms.
In 2018, Russia and US had put forth their separate resolutions regarding cyberspace. While Russia tabled ‘Development in the field of Information and telecommunications in the context of International Security’ highlighting the Russo-Sino perspective (opposed by the western partners), the US advocated the ‘Advancing Responsible State Behaviour in Cyberspace in the context of International Security’, encapsulating the western perspective (opposed by some South American and the Middle Eastern countries, besides China-Russia).
India however, voted for both.
But a similar approach going ahead seems to be increasingly difficult. On one hand where China is pushing its ‘Digital Silk Road’ and vying to build a consensus among the developing nations towards the ‘information security’ approach (aided by infusion of infrastructural investments), the new US’ administration under Joe Biden is planning to re-strengthen the western approach by a reinvigorated push towards attracting others through it democratic values. The US plans to launch a new ‘Alliance for the Future of the Internet’ in a bid to rally the world’s democracies around the western model of free and open cyberspace. The recently concluded ‘Summit for Democracy’ can be seen as an initial step towards this push.
At the ‘Summit for Democracy’, Indian Prime Minister stated that there is a need to jointly shape global norms for emerging technologies like social media and crypto currencies, so that they are used to ‘empower’ democracy, and not to undermine it. With the cyber domain now capable of deeply impacting politics, society, and economies of any nation, cyber diplomacy has emerged as an absolute necessity to balance the offensive and defensive capabilities across nations in current global geopolitical landscape.
With concerns around rising authoritarianism and falling democratic standards (quantified by various reports like the Freedom House Index), it is being argued that the core values of the liberal order like human rights and freedom of expression, are now under stress, giving rise to a post-liberal cyber order which emphasizes on cyber sovereignty and state’s dominant position.
Ultimately, the eastern order is being led by China and Russia who are vying to establish a consensus among developing nations for the ‘information security’ model. The western order is being led by US and Europe, who now consider their ‘cyber security’ model as a necessity for democratic credentials of any nation. In a manner similar to its non-aligned approach during the Cold War, India is focused on its strategic autonomy. However, as history stands witness, non-alignment is not a permanent solution, and sooner or later, a decision will have to be made.
This time, India should be the stalwart and come up with an ‘Indian way’ out of this cyberspace dilemma. Although many steps have already been taken in recent years, the need of the hour remains a determinative step.
Divyanshu Jindal is a Doctoral Student at OP Jindal Global University, India and a Research Intern at Manohar Parrikar Institute for Defence Studies and Analyse, New Delhi, India. He is a postgraduate in International Relations with a specialization in economics and foreign policy. He has worked at Fidelity Investments as an Associate Systems Engineer after completing B. Tech in Computer Science from SRM University, India. His writings have appeared at The Lowy institute, BRICS Information Portal, The Quint, 9Dashline, Eurasian Review, Modern Diplomacy, The Geopolitics, among other online platforms. His areas of interests include India-Russia relations, India’s foreign policy, cyber diplomacy, and cyber politics.
(The views expressed in the article are personal)