This piece on Cyber Sovereignty appeared on the 15th of November

All of us, citizens or businesses, in the real world are subject to some form or other of government regulation. There are checks and balances on our freedoms, and violations of the law are dealt with penalties However, when we look the digital ecosystem it almost seems like none of these matters.

At its core it goes back to the evolution of the internet as a disparate set of servers that allowed handles to interact with each other, in a completely decentralised, and independent manner. For the longest time the internet was free of corporations, government control, and different communities of interest thrived there. While conceptually most of us believe the internet is still that way, it isn’t.

In a world mediated by technology giants like Google, Amazon, and Facebook – there is an over centralisation of power in the hands of unaccountable corporates. Their platforms can be used to destabilise governments, cause a run on economies, foment trouble in troubled zones, be used to radicalise young men and women, and in general cause all kinds of mischief and mayhem.  We are not yet talking about massive invasions to privacy of individual citizens across the world, that imperils their security. And, yet these platforms  are not held accountable . And, over and above this, Facebook, YouTube and other platforms are asking governments to set the rules and regulate customers, instead of regulating the platforms.

With the internet becoming more ubiquitous in our lives, impacting every part of it, there are two questions before most governments. The first is who controls the internet? The second related question is how we get to control it. Countries like China take it one step further, and talk about Cyber Sovereignty – the control of the internet within its own borders. This policy is backed by the Great Firewall of China that doesn’t let ‘outside’ internet, allowing its own homegrown technology companies to bloom It isn’t that the Chinese don’t have social networking. WeChat, Weibo, Baidu are all companies that connect millions of Chinese with the same experiences that their counterparts in the rest of the world enjoy, but without being allowed to leave their walled gardens. The Chinese Internet authorities employ extremely sophisticated filters that can block words in real-time. It can also peek into private WeChats.

And, while this may sound terrible from the point of view of individual freedom of expression, and privacy – this is what many governments across the world are looking for. Russia too talks about cyber sovereignty, and calls its suppression of unfettered internet content, as an exercise of its sovereign rights over what goes on in its territory.

While India doesn’t have a formally stated cyber sovereignty policy, it flexes its sovereign muscles against platforms and, indeed, the internet itself. One simple way of exercising sovereignty is controlling access – and the internet blockade of Kashmir is just that. At the other level it is pulling down content that it doesn’t want people in its territory to see. The Indian Government leads the demand for content being taken down by social networking platforms – India had 77,620 requests for take down, followed closely by Russia at 77,162 requests.

There is another angle from which the Indian Government is approaching cyber sovereignty. It is asking for data localisation. At the first stage this is aimed at e-commerce companies and financial services companies based abroad. But, it is expected to extend to other sectors too – ecommerce, social networking sites, and the like. This essentially means that the data of Indian citizens who use digital platforms based elsewhere, will be collected, processed, and stored in India, in addition to it being transferred abroad. This is to ensure that the laws of the land are adhered to, especially those related to privacy and security.    

There is a schism between the developed nations, and the emerging economies when it comes to data localisation. The European Union despite its stringent privacy laws, embodied in GDPR, that requires data localisation opposes India’s demand for data localisation. The Americans too oppose this. 

However, in a world where unregulated technology giants gather, store, slice and dice, glean insights, and share your data without your consent – there is need for regulation to protect us from big technology. The problem that needs to be solved for is how do you protect us from a future government, who can use this data against us.  And therefore, in parallel with data localisation requirements we need work out ironclad guarantees for privacy and security, and what if scenarios. The starting point would be to strengthen cyber security – and not allow cyber terrorists from attacking strategic data.