Opinion A wider web of regulation

The Snowden revelations have strengthened the case for effective international oversight of the internet

July 12, 2013 12:45 AM IST First published on: Jul 12, 2013 at 12:45 AM IST

The Snowden revelations have strengthened the case for effective international oversight of the internet

Last month,Edward Snowden,a private contractor at the National Security Agency (NSA) of the United States disclosed that its programme,Prism,can systematically access information carried by internet giants like Microsoft,Google and Facebook,as well as details of calls carried by telephone operator Verizon,and probably others. There are other reports of optic fibre cables,often laid undersea and capable of carrying colossal amounts of data,being tapped for surveillance purposes,and that India too was a major target of such surveillance. According to the NSA chief,the leaks hurt US interests irretrievably,even as US President Barack Obama assured citizens that their rights were not breached. The companies have denied wrongdoing,claiming that US law requires them to share certain data requested by security agencies.

This intrusion on privacy,at this scale,has come in for well deserved global condemnation. Several articles have highlighted that Indians face assaults on privacy,not only from overseas,but also within,since Indias own Central Monitoring System (CMS) will reportedly snoop in on emails,phones etc much like Prism does. These and the Snowden revelations raise important questions about how (poorly?) countries manage the competing concerns for security and privacy. Importantly,they also highlight that,when it comes to security,the US,presumably like its peers,feels more answerable to its own citizens. Also,when it comes to translational businesses like telecom and Internet,it may not be sufficient for players to be legal. And,it matters where they are located.

It is understandable that the consensus such as it is on civil rights,for example,life,liberty,equality or even privacy,does not extend to matters of security or strategic importance. For instance,thanks to their history and geography,India and the US couldnt possibly have identical priorities when it comes to Pakistan or China. This is easy to see in the US reluctance to extradite David Headley,a key accused in the Mumbai attacks of 2008,or its restriction on the export of certain advanced technologies. The action,alliances and compromises that strategic goals demand would inevitably differ between countries.

US internet companies are right to invoke US law to justify sharing information with security agencies. However,it is little consolation to Indian security agencies,which claim that the companies deny them similar information,such as the identities of account holders involved in crime,by insisting that their assets and servers are located in the US,outside Indian jurisdiction. According to Pavan Duggal,who specialises in cyber law,the provisions of the Information Technology Act,2000 (including subsequent amendments) do apply to offences committed in India by foreign players,but may be difficult to enforce. This is worrying for India,faced with multiple security challenges,both internal and external.

So,the recent events expose a strategic vulnerability: The legal status of leading internet and telecommunications players and their key assets leaves them out of reach of those responsible for security. The demand for critical information assets like servers and keys to locate in India mitigates this gap.

A similar gap concerning physical infrastructure is sought to be plugged by recent proposals for preferential market access (PMA) to telecom products manufactured in India. They address two important strategic concerns. First,thanks to the growing use of electronic goods and services,the import bill for telecom products nears alarming levels and might soon become Indias highest,ahead of petroleum. Second,there is insufficient legal accountability of international internet majors,whose businesses play a key role in Indias economy and the lives of Indians at work and home.

The PMA proposals are admittedly imperfect and risk reducing flexibility in buying equipment in Indias fiercely competitive telecom markets. Luckily,the proposals currently cover only equipment with a bearing on security,or for exclusive government use,where commercial considerations would arguably be secondary. It makes sense that PMA avoids the distinction between Indian and foreign manufacturers of telecom equipment in India since,if assets are located in India,the incentive to comply with Indian law and the costs of defying it,are high for either type of player.

Non-physical assets like information on servers pose other concerns too. Social media and other internet players derive their revenues from processing user information,often using complex algorithms recall the customised ads on Gmail,or the uncanny recommendations that often surprise you on Facebook. Can this user data be compromised? Do all users or countries have similar recourse to law,if a user,staff or company goes rogue? The recent developments suggest no.

The Snowden revelations have strengthened the case for effective international oversight of the internet as it increasingly encompasses national economies and the lives of people at work and home. Internet governance is thus a strategic issue for all countries. The World Conference on International Telecommunications (WCIT) in Dubai in December 2012 considered controversial proposals for a greater role in the internet for the United Nations. The major internet players vehemently opposed this on the ground that rogue governments would abuse the new arrangement to undermine privacy and freedom of expression on the internet. That risk admittedly remains,but so does that of relying on the present arrangement,where the USs interests manifestly dominate.

The writer is a telecom consultant