India’s rapid integration into the Digital Economy has been driven by her financial and telecoms sector reforms. The growth of trade, manufacturing, services and investment sectors have generated a $3 trillion economy. The concerns over sustainability of this growth have turned India’s interest in a stable and secure international digital environment into a priority. International trade contributes 40% of India’s GDP, and the EU is a major trade partner. The expected addition of the digital economy as an area of cooperation (and competition) in the Indo-Pacific, adds an important dimension to India’s aspirations. Issues such as the vulnerability and resilience of digital infrastructure are therefore priorities for India.
From India’s perspective, the most pressing cyber diplomacy challenges fall into three areas. First is the challenge of applying cyber technologies effectively in support of the development objectives building on the 2015 Digital India platform with the world’s largest biometric database, Aadhar, at its centre. Building on this link will be critical to eradicating poverty and overcoming inequalities which constitute the overarching goals of multilateralism in the coming decade. But responding to this challenge will also require a multi-stakeholder approach as showcased during the past five years of implementing Agenda 2030 in India. The focus on cyber technologies for development in India is clearly human-centric, and India must find her way to bridge the digital divides within the country: divides of physical connectivity, of income disparities and between genders. An additional challenge is the use of digital technologies by different linguistic groups, which creates its own issues of equitable access, application and bridging of digital divides.
The second challenge is to ensure a supportive external environment for the smooth operation of the Digital India platform, including its security. Threats to India’s digital ecosystem come from a variety of sources, including technical vulnerabilities and conscious attacks on India’s critical national infrastructure by external malicious actors, including proxy terrorist organisations operating in other jurisdictions. The November 2008 attacks in Mumbai are a good illustration of this problem. It is also one of the reasons why during the review of the Tunis Agenda in December 2015, India supported the primary role of the governments in securing cyberspace while also acknowledging an important supporting role of other stakeholders.
The third challenge is that of grounding India’s core national interests in peace, security, and development in the digital domain. This aspect highlights the risks associated with India’s dependence for the operations and services on the critical cyber infrastructure located elsewhere. The question of India’s equitable access to the global digital infrastructure and technologies is a key. Nowadays, Western companies still control most of the digital infrastructure connecting India to the outside world, digital platforms critical for trade and investments, and the social media platforms that are essential for rapid information flows as well as “soft diplomacy”. India is committed to international multistakeholder cooperation, including private companies, to meet her national priorities for the digital domain.
For all these reasons, India, home to 18% of the world’s population, needs to voice clearly its positions on Internet governance, data flows and data privacy, as well as promoting a predictable international framework for cyberspace.
A New Form of Sovereignty and the UN’s Role
The recent outcome of the UNGGE on the implementation of the norms for security in cyberspace is significant for India. India has previously recommended to explore a possibility of establishing a broader organisation, or an international body under the ambit of UN, that will:
a) provide guidance for supporting and enabling implementation of the agreed norms for securing cyberspace;
b) work on future norms and CBMs; and
c) support states in reliable attribution of threats to their cybersecurity from a technical but not legal perspective.
This recommendation must be seen in the context of developments in the digital domain, such as the rise of cloud infrastructure, which imply that computing, storage, data, or platforms are often physically located in different jurisdictions. In that respect, the integrity of the digital supply chain is of primary importance for India.
Consequently, India has proposed a new form of sovereignty based on ownership of data. At the UN OEWG discussions in 2020, India observed that territorial jurisdiction and sovereignty are losing their relevance in contemporary cyberspace discourse, due to the increasingly ambiguous nature of jurisdiction of ICT infrastructure and specifically data. India’s written submission to the OEWG recommended “a new form of sovereignty which should be based on ownership of data i.e. the ownership of the data would be that of the person who has created it and the territorial jurisdiction of a country would be on the data which is owned by its citizens irrespective of the place where the data physically is located located”. This new notion of jurisdiction based on the ownership of the data would essentially be based on the aspects of privacy and ownership of data, thus reaffirming the universality of the right to privacy. This new concept of data-oriented sovereignty extends beyond the classical territorial-based jurisdiction. Such recommendations and ideas should be taken to the UN General Assembly, including through the newly established OEWG process for the period 2021-2025, to enable thematic multiple stakeholder sub-groups discuss the potential negotiation of an international framework for cyberspace by 2025 when the UN marks its 80th anniversary. This proposal is grounded in the UNGA resolution 75/240 adopted on 31 December 2020.
EU’s Added Value
From India’s perspective, the biggest opportunity for cooperation with the EU in cyber policy areas would be the conscious inclusion of a human-centric dimension in international activities on cyberspace. Such an approach could be implemented through three concrete and important initiatives in line with the recent India-EU Summit (8 May) agreement on digital cooperation:
- Cooperation in the creation of digital connectivity infrastructures and development of digital technologies for sustainable development. This will build on the two existing major fibre-optic submarine cable links between Europe and India.
- Convergence in creating globally accepted norms for digital data flows and data protection based on the EU’s GDPR and the Justice Srikrishna Report for amending India’s IT legislation.
- Building an architecture for digital activity that will support global efforts, including in the WTO, to regulate electronic commerce on a transparent, predictable and principled basis.
About the Author
Asoke Mukerji retired as India’s Permanent Representative to the United Nations in 2015. His diplomatic assignments include the UK, Russia, the USA, the UAE, Central Asia, and the former Yugoslavia. The Ambassador’s involvement with cyber issues began with the World Trade Organization’s negotiations on Telecoms (mobile telephony) and Information Technology Agreement (trade in computers/peripherals) in the 1990s. He led India’s first multi-agency delegations for international cooperation on cyber issues with the USA, UK, Russia, Japan, and the EU between 2011-2012. He chaired a multi-stakeholder Study Group under India’s National Security Council Secretariat during 2017-2018 mandated to recommend cyber norms for India. His priorities are using cyber technology for sustainable development under the UN’s Agenda 2030 and advocating the need for an International Convention on Cyberspace. He is on the faculty of the Geneva-based Diplo Foundation.