Rajeev Chandrasekhar: Need to relook laws to de-risk Indian internet, make it difficult for Big Tech to be weaponised – The Indian Express

Soon after the Russian invasion of Ukraine began on February 24, Big Tech firms and intermediaries announced either partial or total stoppage of services for Russia and its citizens. This, Minister of State for Electronics and IT Rajeev Chandrasekhar believes, is a dangerous precedent, and brings back focus on the power that such platforms wield. Edited Excerpts from an interview with Aashish Aryan and Liz Mathew:

How do you view the events in Russia and Ukraine vis--vis the internet companies?

The recent events in Ukraine and Russia have again in a lot of ways drawn the attention to the power of platforms on the internet, the power of some governments to direct platforms on the internet to take decisions that are partisan and effectively what I call the weaponisation of the internet.

Two phenomena are very visible. One is the weaponisation of the internet, of which we were aware in some sense as we discussed user harm etc in the past. The second is what I call the phenomenon of the splinter-net. The internet is now increasingly being splintered driven by the power of some western countries.

The internet started as this Utopian space for people to connect and exchange ideas with each other. Therefore, the role of the state always was very minimal. And over time, the conversation around internet and companies on the internet was always about innovation, who is doing the next big thing, what is the next big idea on platforms etc. Therefore, regulation and laws never really came into the picture at all. Because it was never envisaged that internet could be for anything but public good.

Our understanding of internet has moved from saying that it is only for public good to also saying that it also has user harm. There are many aspects of criminality and user harm now. The jurisprudence and law must also evolve to address this. These platforms have become so big, the power of these platforms and therefore the power that they represent on the internet is so dominant, that in the event of a conflict between two sovereigns, these platforms are playing roles and therefore are being weaponised.

There have been no laws and rules that have prevented this or seen this coming and prevented this from happening. Now you have all the other things that have developed around internet. You have app stores that are duopolies, search engines that are monopolies, data and data economy is growing at a very fast rate. Obviously there are reciprocal issues of data privacy and protection. And also the startup innovation ecosystem that is growing very fast.

The basic principles of net neutrality, which is the openness of the internet that was the founding idea of early days, where we said that these telecom service providers cannot become the gatekeepers of the internet is now manifesting in the form that these big intermediaries are becoming gatekeepers of the internet. So the whole argument of net neutrality was in context of the telecom companies because they control the pipeline to the internet.

Now while the pipelines may be diversified and there is no control there, the platforms are now controlling access to the internet in many dangerous ways such as duopolies of app stores, monopolies of search engines, devices, ad tech. The underlying dynamics of the internet today on cybersecurity, dark internet and things that are going there in terms of identity theft, wallets being taken over, people being identified, all point to the need for us to have an overall data governance framework and have legislative principles established by a series of laws.

It is clear today that we need Aatmanirbhar internet which says that dont depend only on these platforms that have now demonstrated during the Russia-Ukraine war that they are not removed from state influence for all of the narrative they put out. They are absolutely subject to sovereign influence and it can make them weaponised against a country or for another country. We have to completely relook at our legislative and jurisprudential framework in that context.

There are draft laws with respect to data and cybersecurity pending? What does a re-look mean?

We must first create a national data governance framework, establish some principles of law, define the role of these intermediaries and what should be the nature of the relationship between the intermediaries and the user. We must define what should be the consumer rights. Are they more than the fundamental rights that they have? Do we need a magna carta of consumer rights on cyberspace so that every man, woman and child can consider the internet to be a safe, trusted and open space?

So the jurisprudential legal principles have to be built on that before we go on saying that we need to come up with this law or that. We will be belling the cat on one corner without addressing the overall piece. We have framed issued, such as ad tech. We have to de-risk our Indian internet and that de-risking urgency has, in a sense, been amplified by what we are seeing in Ukraine-Russia. It is validating our thinking, what we have been talking about in terms of a new digital law, the need for a data governance framework. We will create a framework, which will have the data protection law, the digital law and the cybersecurity statutes.

So we are now planning an architecturally-built cyberspace jurisprudence, rather than doing it piecemeal and a catch-up mode. Our approach now is exactly in keeping with the Aatmanirbhar Bharat principles and the success we have had in the fintech space and replicating it in other areas.

We are not averse to Big Tech. But we have to make sure that our rules and laws in India do not permit Big Tech platforms to be weaponised deliberately, wittingly, unwittingly, by any other force. For example, US-based platforms are not immune from US-government influence. A US platform will listen to the US government, just like a Russian platform will listen to the Russian government and a Ukrainian platform will listen to its government.

The weaponisation of the splinter-net impact of these platforms due to the sovereign influence on them has become visible during this conflict. We cannot allow our cyberspace and digital economy to ever be undermined by any body or any force outside our borders. That is the point of Aatmanirbhar internet.

Until such a governance framework is put into place, how will the government protect the cyberspace?

You cannot. With a law that is 20 years old, you cannot do it. You have to accept that. That is why the urgency to become an Aatmanirbhar cyberspace that you need an overarching framework, data protection law, cybersecurity policy, along with the basic ecosystem, toolkits and capabilities for cybersecurity.

Newsletter | Click to get the days best explainers in your inbox

Then the question of ease of doing business and clamping down on such weaponisation of the internet comes into the picture?

There is no clamping down. Nobody clamps down on such weaponisation. I use the phrase weaponisation to understand the implication if you do not create an Aatmanirbhar Bharat and cyberspace. That is a real issue today that all policymakers should be concerned about.

For example, today there is a discussion on cryptocurrency or bitcoin. The Reserve Bank of India (RBI) is not wrong. The RBI is not wrong to say that if you allow bitcoin to be unregulated and you allow cyrptocurrencies of a foreign jurisdiction to be used here in India without the proper understanding of how those will be managed or how the exchange controls would be addressed, you will create havoc. If that is a normal chaos, that is still okay. But if it is a havoc that can be weaponised tomorrow by somebody, that is a real problem.

So what I am saying is that the weaponisation of the internet and the use of the internet where the biggest and most dominating platforms are of an external jurisdiction is an area of concern for public policymakers. Therefore, we have to ensure that the internet is diversified and is open, safe and trusted, as well accountable.

How do you achieve that? Through a series of new legislation, laws, rules and additional policy framework that addresses the issue of security, data governance as an overarching framework. I do not have an instant gratification response on what will we do tomorrow.

The fact is that the world of internet is today in chaos. Because governments across the world for a long time allowed them to pretend that they were innovators. All public policymakers must see internet as innovators and startups on one hand and as areas that require deep public policy interventions to ensure user safety, and non-weaponisation of internet.

As of today how prepared are we against such a weaponisation?

Our neighbours and state actors are actively using the internet against us. Kargil War was televised. Russia-Ukraine is now becoming a conflict where the internet is actively weaponised by both sides. I am not commenting on the Russia-Ukraine dispute. What I am saying is that when two nations have gone head-to-head in conflict, they have, in addition to using tanks, bombs, jets and drones, actively used the internet. And that weaponisation means that it can tomorrow be used by anybody against anybody, unless there are safeguards in terms of policy.

We have some experience as a nation where the internet has been used to foment trouble, whether it is state actor behind it or not. This today is a wake up call for us in the sense that as we move towards Web 3.0 and all these other kinds of dis-aggregated kind of internet which is further decentralised, we have to be clear that unlike in the past where laws lag innovation, here law should be in lock-step with innovation.

That is the only protection we can have. The domestic laws must make it very difficult for the intermediaries who are jurisdictionally present in India, to be weaponised against the interest of India and its citizens. That can only be done through laws. So it is not about picking up a phone and calling up some platform and telling them do not do this or that.

I say this as an entrepreneur who has seen internet evolve from the early days. For a large part of the travel of the internet, the internet and the innovation around the internet was kept outside the government purview totally by saying to the government that you do not understand what we are doing, so do not come and interfere.

All of these things that have happened are intrinsic part of internets nature and power. So Web 3.0 is even more powerful. So to prevent the weaponisation and splinter-net of the kind that we have seen today and to prevent big influence, monopolisation and cartelisation is an equal public policy imperative. For that we need policy to keep pace rather than play catch up.

Link:

Rajeev Chandrasekhar: Need to relook laws to de-risk Indian internet, make it difficult for Big Tech to be weaponised - The Indian Express