- Copyright 2016
Debates around internet policy have taken centre stage in domestic politics and international relations alike. While national debates are shaped by local priorities, politics and contextual ambitions, cyber diplomacy differs from traditional diplomacy in two important respects. First, the stakeholders invested in internet policy include not just states and governments but industry and civil society as well. Second, the norms that define conduct over cyberspace remain diverse, divergent and fluid. Creating a universal set of norms to guide policymaking on digital spaces is further complicated as individual sovereign assessments are significantly implicated by regional and strategic tensions unique to them.
Concurrently, the world is also witnessing two parallel sets of conversations on digital policy. One is largely focused on translating rights from the offline world to the online world. This conversation is premised on a clear understanding of what the rights entail in the offline world; the central task that remains is focussed on demarcating the contours of those rights online. The other, related, conversation attempts to negotiate the very nature of, and need for, these rights. For instance, the European Union holds data protection in the highest regard, enshrining it within the European Charter of Fundamental Rights. At the same time, India, the largest democracy in the world, is yet to explicitly recognise a right to privacy within its constitution. The difference in these approaches transcends legal regimes. The social contract in Europe, a product of legal, cultural and political factors, pried access to data away from the regulators and ceded agency over it to the private citizen. This equilibrium is today reflected in the EU data protection norms. In India, where norms of social behaviour are evolving concurrently with lawmaking, there is no national consensus on a ‘right to privacy’, with some constituencies alleging that a ‘Western’ model may not be fully appropriate, or would need significant redefinition when applied to the Indian context. In India as in other emerging economies, cyberspace regulation has shouldered the additional burden of delineating and guaranteeing rights that are not necessarily available in offline spaces.
The real challenge therefore lies in creating a public sphere and a digital public sphere that attends to the integrity of both conversations.
Ironically, both these conversations are coloured by concerns about security and access. In the developing world, even as countries strive to ensure affordable access, the proliferation of unsecured devices has lowered the overall standard of digital security. Attempts across the world to enhance cyber security through online intelligence gathering has often had the effect of watering down the right to privacy and stifling free speech, and in some instances even comprising hardware and network integrity. Even though issues around access are largely missing from Atlantic debates, security (motivated by unique and different circumstances) has become an all-encompassing and opaque hindrance in the realisation of the full potential of the internet.
The unique challenge of digital policy is addressing the ‘trilemma’ of reconciling security, rights and access. When we explore both the sets of conversations as discussed above, it becomes evident that while all three are present in policy formulation on most occasions, one or two are often given more importance. What we must instead strive towards is a re-imagination of these challenges as a equal-sided triangle, where each issue is given the same importance as the other.
Access to the internet is not an end in itself. In India, it is the means for social and financial inclusion. The Indian government has announced plans to slowly transition to a cashless economy while the market remains inundated with cheap and unsecured devices. This, however, is not a central concern to those who remain without access. For instance, individuals in rural India who own smartphones to access government services are often dependent on a family member or another second generation internet user to ‘go online’. Often enough their phones serve as communal devices with one source managing many connections and many accounts. Neither privacy nor security is deliberately accounted for in their daily transactions, leaving them entirely to the mercy of technologies available on the device. To the state that is attempting to foster financial inclusion and digital payments, this ‘human’ component of cyber security is extremely important. How does policy formulation that is still informed by trans-Atlantic notions of privacy contend with these radical realities that defy information or device management?
Of the rights envisaged in the Universal Declaration of Human Rights, many are implicated online. However, the imperative for maintaining the balance between these, sometimes conflicting, rights is more complex online. For instance, the mandate of states to make digital spaces more inclusive and less hostile is often at odds with the overarching imperative to foster freedom of expression. Prominent social media companies like Twitter that were created to allow internet users to voice their opinions online must also constantly attempt to reduce – if not eliminate – online harassment and gender based violence. The translation of offline rights to the digital space is often less than perfect. More often than not it ends up clamping down on one or more rights. For countries that do not have the resources to monitor and tackle online extremism, the restrictions on an open internet are not always imposed by choice but rather by compulsion. How does the objective of maintaining a marketplace of ideas, free of hostility, contend with the universal recognition of free speech?
The threat to an open internet, however, is not only from online radicalisation and hate speech. Opportunities for access – to knowledge, to markets and to people – available online must never cost more than those available offline. Exclusionary mega free trade agreements could potentially render vast swathes of knowledge and data inaccessible to emerging economies. On the one hand, countries and regulators are criticised for heavy-handed censorship or imposing restrictions on an open internet; on the other, restrictive provisions aimed at the digital economy — which in India is yet to fully bloom — could convert the open internet into a luxury. If draconian laws and oppressive governments cannot be allowed to dismantle the openness of the internet neither should commercial arrangements and mercantilist considerations.
Security presents the greatest challenge of the three vertices of this invisible triangle. Cyber security involves the protection of both infrastructure and information. Difficulties arise when in the name of security, governments start to dictate norms of behaviour in cyberspace. This raises the philosophical question of whether the enhancement of a nation’s cyber security automatically means an enhancement of the individual security of every internet user. Or as a corollary, does enhanced individual online security result in higher national security in this sphere? We must also ask: do internal security and cyber security complement each other or will the resolution of one lead to the dilution of the other? This is perhaps best exemplified by the ongoing tussle between the United States government and Silicon Valley. It has been well documented that technological alternatives to bypass government-monitored means of communication are readily available. Keeping this in mind, it seems unlikely that allowing governments access to certain modes of communication will greatly enhance the internal security of a country. The overall security is rather affected by the individual strength of devices and modes of communication available to the citizens.
The common thread that runs through all three issues is data integrity – both national data and individual data. Managing data integrity can serve as the golden median that helps strike a balance between the needs to ensure affordable access, secure cyberspace and enhance rights. Ensuring the integrity of citizens’ data can protect them from commercial exploitation by private entities, intrusion into their lives by the state, and from criminal exploitation by hackers. It can strengthen privacy and foster free expression and exchange of ideas over the internet. Maintaining the integrity of data is therefore something that all states must aspire to. This, and digital anonymity are preconditions to ensuring a safe, discursive space online.
As net exporters of data, Asia and Africa are locked in an uneasy relationship with Western companies that provide most services over the internet. The digital trilemma is acute for emerging economies: access is a ‘here and now’ concern, but is also a factor of the individual security and human rights. A major cyber attack on financial networks could have the consequence of weaning first generation users away from the internet altogether. Regular and unchecked instances of harassment and gender-based violence online could constrain the rights and contribution of women to digital spaces, further skewing inequalities based offline. Platforms purporting to offer affordable internet access should not emerge as walled gardens that restrict the freedoms of speech or expression. Managing the three vertices, therefore, is a delicate process that should eschew dramatic or heavy handed regulation.
The resolution of this invisible triangle, far from being a purely national concern, is central to the stability of digital spaces, which are global commons. Access, rights and security, must be weighed in their own respects and given equal degrees of importance. While responding to the threat of climate change, for instance, all countries recognised that growth, employment and environment were equally important to everyone. A similar realisation must be arrived at in relation to digital policies.
(This essay originally appeared in the third volume of Digital Debates: The CyFy Journal)
PRIVACY & DATA PROTECTION
A specialist neurology clinic in Japan has this revealing signage with its website address prominently proclaiming its function (photo courtesy:...
Abstract Critical information infrastructure (CII) is a pillar on which modern nations function. The revolution in information and communication technologies...
PRIVACY & DATA PROTECTION
Abstract Encrypting communications enhances privacy and the security of information services. This, in turn, incentivises innovation in the ICT sector...
Only eight years after India passed the Information Technology Act, did the term cybersecurity appear in a statute through a...
No longer the subject of science fiction, Artificial Intelligence (AI) is profoundly transforming our daily lives. While computers have been...