India and the global governance of cyberspace
Interview with Ambassador Asoke Mukerji, former Permanent Representative of India to the United Nations.
At the United Nations and other international organizations, what is your sense of the coverage and importance that emergent technology issues like cyber security, digital rights and data, and the role of ICTs in development received? Was there a tipping point when these debates became salient?
I think that emergent technology issues that you mention, including the role of Information and Communication Technologies (ICTs) in development, have become more prominent in the agenda of the United Nations and its specialized agencies over the past three decades. These issues have been placed on the negotiating agenda of the World Trade Organization (WTO) since 1997 onwards, underlining the desire to provide a legal framework for trade in emergent technology products and services. Obviously, so far, there has been no attempt to converge these activities into a holistic framework, which I feel is necessary to ensure the integrity and resilience of cyberspace activities.
In the UN system, the International Telecommunications Union (ITU) took the lead since 1992 to focus on access to ICTs on an equitable basis. This motivated wider discussions within the UN General Assembly (UNGA) on how to harness the immense potential of emergent technologies for meeting the objective of socio-economic development based on international cooperation described in the UN Charter.
The UNGA adopted its first resolution on ICTs in December 1998. This resolution noted the use of ICTs for both civilian and military purposes. It is worth emphasizing that this UNGA resolution prioritized ‘civilian applications’. The three broad areas that governments have taken up since 1998 to develop international cooperation in cyberspace, relate to norms for cyber security, measures to counter cyber-crime, and agreeing on cyber policies for accelerating effective governance. One part of the 1998 UNGA resolution mandated the definition of ‘basic notions related to information security’, while ‘developing international principles’ to enhance cyber security. This was also prioritized by another UNGA resolution adopted in 2002 on the ‘global culture of cyber security.’ That is why I believe we have an uneven implementation of the original balance of the 1998 UNGA resolution. Of course, in 2003 and then in 2005, the UN held the World Summit on an Information Society (WSIS), first in Geneva and then in Tunis. This process created the platforms for discussing internet governance issues through an Internet Governance Forum (IGF), including digital rights such as affordable and easy access, upholding fundamental human rights online, etc.
A third impulse in the UN came with the mandate given by the 2012 UN Summit in Rio de Janeiro to negotiate the sustainable development goals (SDGs). By 2014, it was clear that the scope of the SDGs would touch on all aspects of human activity, including on climate change issues, and that ICTs would be an integral means of implementing these SDGs. I think that the tipping point for the United Nations process was the adoption of Agenda 2030 in September 2015 with the 17 SDGs at its core. This event was followed in December 2015 by the UNGA agreeing to converge the WSIS Tunis Agenda with Agenda 2030. All stakeholders in the Agenda 2030 and Tunis Agenda process, i.e. governments, businesses, academia and civil society including youth and women, must take this convergence forward.
In the context of this discussion, I think it is important to focus public attention on another parallel process underway in the WTO that deals with emergent technologies including ICTs in multilateral institutions. Here, emergent technologies like ICTs became a part of the WTO Agreement in 1997, when a set of ‘regulatory principles’ were agreed to during the Basic Telecoms negotiations. These principles include the use of ‘scarce resources’ such as spectrum and laid down clear guidelines on how these are to be allocated, viz. the process should be ‘timely, objective, transparent and non-discriminatory.’ The Basic Telecoms negotiations ushered in the era of global mobile telephony, as we know it, based on multilateral trade rules. Rapid developments in the technologies behind mobile telephony which created smartphones, and the transition from an ICT-driven world to a digital world, will throw up demands for broadening the way the WTO regulates trade in digital products and services.
This links with the concept of electronic commerce. The WTO became involved in electronic commerce discussions after the publication of an ‘Electronic Commerce Strategy’ paper by the United States in 1997. Two specific results have been the negotiation of an Information Technology Agreement (ITA) and adoption of an Agreement on Global Electronic Commerce of July 1998.
The ITA committed participating member-states who agreed to a zero-tariff for import of computers and related peripherals. The ITA was considered a catalyst for India’s global ambitions in export of software especially with Y2K looming in December 2000. It opened the door for the WTO to look at issues relating to emergent technologies. The WTO has already issued legal rulings on issues relating to cyberspace involving both goods and services. These include rulings on tariffs levied on use of local-area-network (LAN) equipment and multimedia personal computers; alleged market access restrictions on electronic payment services; voice telephony services, among others.
The Agreement on Global Electronic Commerce committed WTO member states not to levy customs duties on electronic communications, which will be reviewed at the 2020 WTO Conference. I believe this will become a tipping point for emergent technology issues in the WTO. Today, there is a growing convergence and interest among major trading nations that the subject must be reviewed, and the WTO must begin negotiations to create a framework for Electronic Commerce. By its very nature, Electronic Commerce will raise the issues related to emergent technologies, and countries should be prepared to engage in this process if they want to be part of, and relevant to, the global digital economy.
Cyberspace debates, especially governance, are often painted as a binary between the US with their NATO/OECD partners, who prefer an open border-less internet, pitted against China and Russia who prefer more control, restraints and order. Is this binary an accurate depiction of global governance debates around cyberspace?
When we look at multilateral debates on the governance of cyberspace, the perception of there being two options based on democratic or authoritarian political systems is often spoken about. However, the nature of control and governance of cyberspace is much more complex. It involves both governments as well as corporations. More than the nature of governments, this debate needs to focus on data flows.
Participants need to speak more of how cyber data flows around the globe including through fibre optic cables and using root-servers. Once you look at this core infrastructural dimension, it becomes clear that both governments and corporations play a major role in regulating cyberspace governance issues. Of course, this activity is being conducted without an agreed multi- lateral framework, which makes it vulnerable to individual priorities whether of governments or corporations.
Some major corporations active in cyberspace also seek to control the flow and storage of data, or impose restraints on access etc. They use emergent technologies to do so, including Artificial Intelligence, and Cloud Computing. Multinational corporations in cyberspace know that government policies regulating their access to the market of a country can restrict their profits, including from the collection and sale of data. This awareness has not prevented such corporations from cooperating with governments considered authoritarian to ensure revenue streams from their market access. A new dimension to this activity is the emergence of clearer data privacy laws by some major players, such as the European Union, which will impact corporate policies regarding the flow and storage of data.
General discussions on the ‘binary’ between democracies and authoritarian states miss this dimension altogether. There is another dimension to this issue. Debates on the governance of cyberspace tend to ignore the views of developing countries of the ‘Global South’, especially those countries which have prioritized the use of cyberspace for realizing their national development objectives.
Stakeholders have discussed cyber governance issues within the Tunis Agenda framework of the United Nations. At the core of the Tunis Agenda is the functioning of the Internet Governance Forum (IGF). The IGF became a platform to enable multi-stakeholder discussions on how society should respond to the potential of cyberspace. The Forum witnessed a spirited debate between advocates of a business driven model, whose policies would conform to the market-driven priorities set by the growing number of cyber technology corporations (often referred to as the ‘multi-stakeholder’ model), and votaries of a more assertive role for government policies, i.e. both for law enforcement as well as for empowerment of societies, in order to bridge ‘digital divides’ (referred to as the ‘multi-lateral’ model).
The fact that both approaches were convergent was finally acknowledged when the UNGA conducted its High-Level Review of the implementation of the Tunis Agenda in December 2015. The Review emphasized the importance of the need for effective international cooperation in cyberspace to achieve globally agreed goals of sustainable development. This included using cyber technologies to bridge the digital divide; equitable access to cyberspace; the creation of an enabling cyberspace environment for development; public-private partnerships in financing the growth of cyberspace; the protection of human rights online including the freedom of expression and privacy.
On the management of the internet, the agreed multilateral approach is that its governance is a ‘multilateral, transparent, democratic and multi-stakeholder’ process with the ‘full involvement of governments, the private sector, civil society, international organizations, technical and academic communities and all other relevant stakeholders in accordance with their respective roles and responsibilities.’
The UN has set up the sixth iteration of the Group of Governmental Experts (GGE) through a resolution sponsored by the United States; in addition, there exists a more inclusive Open Ended Working Group (OEWG), a more consultative framework to discuss growing cyber threats. Where do you see these norms formulation processes ending up? Are there key issues both frameworks do not cover?
The focus for developing norms for cyber security through the GGE is to focus on the responsibilities of UN member states to ensure the resilience and integrity of critical national infrastructures used for cyber activities. The discussions in the GGE since its inception in 2004 (following the 2002 UNGA resolution on global cyber security), was to agree on a normative framework, which would be implemented through mutually beneficial international cooperation. However, due to the emerging polarization between the United States and China on these obligations, the GGE norms which were agreed to in 2015 are now back on the drawing board.
In terms of current GGE meetings, new areas include the emergence of new cyber technologies and platforms for the application of technologies such as social media. Obviously, these technological developments may require the GGE to review the relevance of some of the norms it recommended in 2015. Apart from its core mandate for recommending norms for cyber security, the GGE discussions encouraged the identification of voluntary confidence-building measures and capacity building to enhance cyber security. The outcome of this GGE is to be reported to the UNGA in 2021 underscoring the increasing urgency being felt by governments for effective international cooperation in securing cyberspace.
In response to growing criticism that a majority of UN member states and other stakeholders in cyberspace were being excluded from contributing their perspectives to a global dialogue on cyber security, the UNGA also adopted a resolution in December 2018 establishing an Open-Ended Working Group (OEWG) to make the discussions ‘more democratic, inclusive and transparent.’ The OEWG established by the UNGA has met from June 2019 onwards. The OEWG is scheduled to hold its final substantive session on 6-10 July 2020 in New York.
Besides governments, the OEWG discussions on cyber security have brought in businesses, non-governmental organizations and academia. The multi-stakeholder discussions held so far have revealed important gaps in securing cyberspace on the ground. These include ‘lack of data sharing and informed awareness of cyber threats’, as well as ‘lack of will at the highest political levels.’ The discussions have noted that the GGE process had not fully considered the impact of new technological developments in cyberspace, which significantly enhanced cyber threats. Advocating a ‘holistic’ approach to enhance cyber security, participants have drawn attention to the linkages between economic and cyber security. Most significantly, discussions on cyber security have emphasized ‘a human-centric, rights-based approach that also emphasizes shared responsibility and accountability.’
This is the broader context for the popular debates over new ICT technology like 5G, issues of ethics in applying Artificial Intelligence for cyber activities, and assertions of sovereignty over the flow of data derived from traditional national jurisdictions (‘data localization’). It is important to recognize the explicit incorporation by the UNGA of a ‘multi-stakeholder’ approach. As highlighted by the Chair of the OEWG to member states, such a multi-stakeholder approach can potentially integrate such issues into ongoing UNGA discussions on international cooperation in cyberspace.
Of course, both the 6th GGE and the OEWG are restricted by their mandate, which is given by the First Committee of the UNGA. The charter of the First Committee is ‘disarmament, global challenges and threats to peace that affect the international community’ and ‘solutions to the challenges in the international security regime.’ In that sense, the broader application of emergent technologies on issues of fundamental human rights and sustainable development are not addressed by either of these two processes. Nor are the outcomes of the GGE or OEWG expected to lead to any comprehensive framework under the UN for regulating cyberspace.
It is in this context that the UNGA resolution of December 2019 launching a process for negotiating a legal framework to counter cybercrime is significant. It is the first step within the UN system for a legal framework on one aspect of cyberspace activities. However, it must also be recognized that this initiative, laudable as it is, will not address the vulnerabilities of cyberspace in a holistic manner. At some point, the UNGA must bring in the possibility of using discussions on a cybercrime legal framework to broaden the mandate to negotiate a comprehensive convention on cyberspace.
India is yet to advocate a clear position on these technology issues except being stridently against ‘data colonialism’ and unrestricted data flows across borders. A 2018 report by the New America Foundation has regarded India as a ‘digital decider’ in global governance and India’s stance is therefore critical in navigating the ostensible binary between democracy and ‘digital authoritarianism’. Can India carve a leadership role for itself on cyber governance and how?
In my view, looking at global cyber governance in terms of a binary (either democracy or authoritarianism) is not sustainable on the ground. In the case of India assuming a leadership role in the global cyber governance framework, it is necessary to look at the factors that favour such a role for India.
One is India’s self-interest in upholding effective international cooperation for the continued growth of her exports of information-technology enabled services. The current instability in the world due to Covid-19 has perhaps created an opportunity for India to increase her share of the global market for such services. India’s revenues from the information-technology enabled services sector in 2017 were estimated at more than $140 billion annually, of which export earnings are close to $120 billion.
Second, India has prioritized the associated movement of skilled Indian manpower to cyber markets abroad, who contribute to developing cutting edge technology in cyberspace through research and innovation in major transnational businesses. Remittances from this highly paid group are an integral part of the annual inflow of almost $80 billion in remittances to households in India in 2018. India is uniquely placed to be an advocate for issues relevant to this rich pool of global human talent in cyberspace governance.
Third, India has a huge volume of data derived from her prioritization of using ICTs for accelerated socio-economic development. India’s Digital India platform, with its twin impacts on bridging digital divides and empowering citizens, has been multiplied significantly with the increased use of Aadhaar, which is the world’s largest national biometric database. This makes India a sought-after market for foreign partners, who want to use this pool of data for traditional and digital market activities. India can influence the way in which global digital trade rules are written based on the size of her digital data resources.
Such a leadership role can come if India joins in the formulation of global policies and rules on the digital economy. One such platform, which already exists, is the impending WTO negotiations on electronic commerce. India can join hands with her strategic allies among her major trading partners, like the United States, the European Union and Japan, to influence a rules-based framework on global e-commerce. It may be of interest to recall that when the WTO was being created, India did play such a leadership role in the negotiations on the General Agreement on Trade in Services (GATS) along with the United States and European Commission.
As a major repository of the global pool of digital data, India can take the lead in some areas. One such area is in proposing the creation of a Harmonized System of Nomenclature for Digital Data, which would encompass both digital products and services. The importance of the use of the existing Harmonized System for goods has been amply demonstrated, whether for reducing costs to international trade, internal taxes, trade policies, monitoring functions, dispute settlement, economic research and analysis etc. As the world moves into a digital economy, it is necessary for countries active in this new economy to encourage the creation of such a Harmonized System of Nomenclature, which will act as an incentive for all stakeholders.
Will non-state actors (private sector and civil society) become more influential in shaping multilateral and domestic debates on internet governance? How do you see this trend affecting technology policy-making in India given the range of institutions involved in regulating technology matters?
The experience so far on cyberspace discussions in India and abroad illustrates that it is necessary to involve a range of stakeholders. Of course, the government is at the heart of this activity, but significantly governments have themselves acknowledged the role and influence of other stakeholders in contributing to cyberspace activities.
At the national level, the most recent example of the importance and relevance of multi-stakeholder participation was during the consultations for the Justice Srikrishna Committee on the Data Protection Bill in 2018.
At the global level, apart from our multi-stakeholder participation in the meetings of the Internet Governance Forum, we need to build on our contributions to the Global Conferences on Cyber Space. This is important because the importance of effective international cooperation has been raised by the five multi-stakeholder Global Conferences on Cyber Space held so far, beginning with the London Conference in 2011 and ending with the New Delhi Conference in 2017.
Five broad themes for international cooperation in cyberspace have been identified by these multi-stakeholder Conferences. These are economic growth and development, social benefits, international security, tackling cybercrime and ensuring safe and reliable access to cyberspace. In addition, the importance of capacity building in cyberspace, the linkage between internet security and internet rights, as well as the role of civil society in cyberspace policies, and universal access to cyberspace to accelerate development have been prioritized.
It is worth recalling how India converged her national priorities in cyberspace governance with her role as host of the 2017 New Delhi Conference. In her vision statement, India emphasized that the goal of this multi-stakeholder meeting was to ‘promote the importance of inclusiveness and human rights in global cyber policy, to defend the status quo of an open, interoperable and unregimented cyberspace, to create political commitment for capacity building initiatives to address the digital divide and assist countries, and to develop security solutions in a balanced fashion that duly acknowledge the importance of the private sector and technical community.’ This needs to be followed up by us to institutionalize multi-stakeholder participation.