Distinguished Lectures Distinguished Lectures

International Cooperation on Cyber Space: India's role.

  • Distinguished Lectures Detail

    By: Amb (Retd) Asoke Mukerji
    Venue: National Academy Of Customs, Indirect Taxes And Narcotics (NACIN), Faridabad.
    Date: April 04, 2018

Introduction

While discussing issues of war and peace, the pervasive impact of technology-driven change on these issues, which impacts on us as individuals, societies and countries cannot be ignored. These technologies, especially information and communication technologies or ICTs, are an integral part of the new man-made environment of cyberspace.

At the heart of this environment is data. Collecting, transmitting and using data has become the new norm for countries, visible in varying degrees. Every day, we become more aware of the inter-dependent linkages of this activity. Countries have acknowledged that international cooperation in cyberspace is necessary for accelerating socio-economic development while ensuring the integrity, predictability and security of cyberspace.

Due to the trans-border nature of cyberspace, and the contributions made to its evolution by different sections of society, the most sustainable approach for effective international cooperation is a multi-stakeholder approach.

International cooperation in cyberspace, in addition to drawing upon traditional principles of international law, needs to address the strengths and vulnerabilities of cyberspace. This requires a focus on the kinds of technologies and applications that lie behind what is loosely called the internet. Wireless and fixed broadband, smartphones, the mobile Internet, cloud computing, open data, big data and social media, and linked "critical national infrastructures” are the staple of global conversations on cyberspace.

Emerging concepts related to the application of cyber technologies, like the Internet of Things or IOT, Artificial Intelligence or AI, and Robotics are expected to significantly impact on cyberspace in the next few years. While these developments may be currently concentrated within a few countries, their impact is felt globally. The normative framework for international cooperation in cyberspace needs to reflect this complex and dynamic reality.

Some countries have positioned themselves at the forefront of the global discussions on the need for effective international cooperation in cyberspace, driven by their national economic and security interests. These include the United States, the Russian Federation, China, the European Union, Japan, the Republic of Korea, Brazil and India.

India and Cyberspace

In the case of India, the first driver for greater international cooperation in cyberspace was the need to ensure the continued growth of information-technology enabled services, which have resulted in the country’s global profile in areas such as exports of software development and applications. As part of a Faustian trade-off to significantly expand its exports of cyber services, India entered into the zero-tariff import regime for computer and peripherals as part of the Information Technology Agreement or ITA two decades ago.

India’s revenues from the information-technology enabled services sector are estimated at more than $140 billion annually, of which export earnings are close to $120 billion. Apart from looking at technology and its applications, India has also prioritized the associated movement of skilled Indian manpower to cyber markets abroad, who contribute to developing cutting edge technology in cyberspace through research and innovation in major transnational businesses. Remittances from this highly paid group are an integral part of the annual inflow of over $65 billion of remittances to households in India.

A second driver for India is the prioritization of using ICTs for accelerated socio-economic development using the Digital India platform, with its twin impacts on bridging digital divides and empowering citizens. The impact of the Digital India platform has been multiplied significantly with the increased use of Aadhar, which is the world’s largest national bio-metric database.

A third driver is an emerging dimension of electronic commerce or E-Commerce, especially with respect to the formulation of international trade rules in the digital domain. India’s major trading partners, including the United States, the European Union and Japan have announced their objective to create such a rules-based framework, which requires India with its ambitious digital economy platforms, both for goods and services, to engage on this issue. India’s hosting of the Fifth Global Conference on Cyberspace in November 2017 symbolizes India’s recognition of the stakes in effective international cooperation in cyberspace.

Multi-stakeholder approaches to Cyberspace

The four main stakeholders in cyberspace today are acknowledged to be governments, businesses, academia and civil society. These stakeholders exist within all the member states of the United Nations, though the roles of individual stakeholders vary within individual countries.

Of these four, governments have the primary responsibility for cyberspace policies and the application of cyber technologies for public services within their national jurisdictions. In an inter-linked global cyber domain, governments have the responsibility and interest in ensuring effective international cooperation.

Businesses, due to their focus on innovation, and the application of cyber technologies which they have patented or copyrighted, have a major impact on how governments formulate cyber policies nationally, and how they approach international cooperation on cyber issues globally.

Academia, which plays a key role in research and development, innovating and conceptualizing theories regarding cyberspace, often partners businesses to bring the results of its activities to the wider world.

Civil society focuses on the impact of the activities of governments, businesses and academia in cyberspace with a special focus on the human dimension, both individually and collectively.

All four stakeholders are involved in generating greater awareness of cyber issues from their own perspectives, highlighting the strengths and vulnerabilities of cyberspace.

Four Initiatives for International Cooperation

Against this background, what has been achieved so far on ensuring effective international cooperation in cyberspace? Four initiatives stand out.

First, in a purely government-led initiative, attempts to create an international framework for cooperation in cyberspace were discussed in the United Nations General Assembly or UNGA. A draft UNGA resolution proposed by the Russian Federation was adopted in 1998.

Second, governments led a multi-stakeholder process for creating a framework through the UNGA to harness cyberspace for development. The outcome of this was the "Tunis Agenda” adopted in 2005.

Third, in 2015, governments led a multi-stakeholder process in the UNGA to prioritize the use of cyber technologies as a means for implementing the sustainable development goals of Agenda 2030 and reiterated this during its High-Level Review of the Tunis Agenda in December 2015.

Fourth, in an attempt to protect the growing vulnerabilities of cyberspace and investments in this domain, business proposedin February 2017 that governments adopt a "Digital Geneva Convention”.

(i) The United Nations General Assembly

Most of the progress on creating a normative framework in cyberspace has been dominated by the first initiative, taken by governments, to agree on cyber norms for the security of cyberspace. The basis of this initiative was the UNGA resolution of 1998, which had emphasized that "progress in science and technology for civilian applications needed to be maintained and encouraged”. In order to place norms on securing cyberspace in the context of international security, governments adopted a UNGA resolution in 2002 on the "global culture of cybersecurity”.

Global Culture of Cybersecurity

This approach highlighted 9 elements which could contribute to such a global culture. These elements included awareness, responsibility, response, ethics, democracy, risk assessment, security design and implementation, security management and reassessment.

Subsequently, governments mandated the UN Secretary General through a UNGA resolution in 2003 to seek the assistance of a Group of Governmental Experts or GGE to take this initiative forward. The GGE was given the mandate to formulate recommendations in the context of "disarmament, global challenges and threats to peace that affect the international community …and challenges to the international security regime”.

The United Nations GGE Process

The work of the GGE since it was established in 2004 has been impacted by the decision of the UN Secretary General on nominating governmental experts. In the absence of a roster of such experts in the United Nations, the Secretary General followed the principle of appointing individuals on the "basis of equitable geographical distribution and with the help of Member States in a position to render such assistance”. However, in deference to the great powers identified by the UN Charter in 1945, long before the dawn of the cyber era, the Secretary General also ensured that the governmental representatives of the five permanent members of the UN Security Council (China, France, the Russian Federation, the United Kingdom and United States of America) were constantly nominated to successive editions of the GGE, while rotating representatives from other countries. The predictable consequence of this was to make the GGE’s already narrow security-oriented mandate for international cooperation in cyberspace hostage to the emerging interests and priorities of the five permanent members of the UN Security Council.

United Nations GGE Cyber Norms

The GGE has identified 11 cyber norms for securing cyberspace in its report in 2015. These include norms for ensuring a stable and secure cyberspace, attribution of cyber-attacks, responsibility of states not to let their territory be used for cyber- attacks, cooperation between states on exchanging information on terrorist and criminal use of cyber technologies, respect for human rights in cyberspace, inviolability of cyber infrastructure for public services, protection of critical national infrastructure, cooperation between states to counter malicious operations in cyberspace, maintaining the integrity of the supply chain, reporting of vulnerabilities in cyberspace, and the sanctity of national computer emergency response teams or CERTs.

Since identifying these norms, the GGE process has become embroiled in the increased hostility between the great powers represented in it. The focus of this dispute is the issue of attributing attacks in cyberspace, and consequent counter measures. The deadlock in the UN GGE process has aroused concerns regarding the prospects for effective international cooperation to ensure the security of cyberspace.

India’s response has been to initiate a national multi-stakeholder study for designing cyber norms for India, including looking at the norms identified by the 2015 UN GGE for international cooperation on cybersecurity. India’s approach towards combining both the security and developmental aspects into suggested norms for cyberspace builds upon the parallel work done in the UNGA on the use of cyber technologies for implementing the specific goals of Agenda 2030 on Sustainable Development.

(ii) The Tunis Agenda

Several of the critical goals of Agenda 2030 depend on India’s implementation of its national socio-economic development plans, especially for poverty eradication, health, education, gender equality and empowerment, clean water and sanitation, employment, infrastructure construction, inclusive growth, smart cities, renewable energy generation, and a Blue Economy. Transforming India through the platform of Digital India and the mechanism of the Aadhar biometric database depends on the resilience of cyberspace. India’s multi-stakeholder approach gives coherence to India’s initiative, positioning her to play a leadership role in the eventual creation of an equitable international normative framework for effective cooperation in cyberspace.

(iii) Sustainable Development Goals of Agenda 2030

The agreement on a global sustainable development framework, endorsed by the UNGA in September 2015, focuses on the 17 Sustainable Development Goals or SDGs. The SDGs are universal in nature, applicable to both industrialized and developing countries. The targets for achieving each SDG were set through multi-stakeholder negotiations in a ground-up approach. In the negotiations, it was agreed that technology would be prioritized to accelerate the implementation of these Goals under a Technology Facilitation Mechanism. The SDGs include eradication of poverty; no hunger; good health and well-being; quality education; gender equality; clean water and sanitation; decent work and economic growth; industry, innovation and infrastructure; reduced inequalities; sustainable cities and communities; responsible consumption and production; climate action; life below water; life on land; peace, justice and strong institutions; and partnerships.

While reviewing the implementation of the Tunis Agenda in December 2015, the UNGA emphasized the importance of the need for effective international cooperation in cyberspace to achieve globally agreed goals of sustainable development. The review emphasized using cyber technologies to bridge the digital divides; equitable access to cyberspace; the creation of an enabling cyberspace environment for development; public-private partnerships in financing the growth of cyberspace; the protection of human rights online including the freedom of expression and privacy; and the management of the internet as a "multilateral, transparent, democratic and multi-stakeholder” process. It extended by another 10 years the Internet Governance Forum, the multi-stakeholder platform set up by the Tunis Agenda for discussions on cyberspace.

(iv) Microsoft’s "Digital Geneva Convention”

The emergence of a clutch of major transnational businesses, many of whom are headquartered in the United States, has so far driven the evolution of cyberspace. Among these, Microsoft has taken the lead in proposing a framework for international cooperation in cyberspace through a "Digital Geneva Convention”. This idea was suggested by Microsoft in 2017 to bring governments together to protect cyberspace, which companies like Microsoft believe "is owned and operated by the private sector”. The objective of a "Digital Geneva Convention” would be for "the world's governments to pledge that they will not engage in cyberattacks on the private sector, that they will not target civilian infrastructure, whether it's of the electrical or the economic or the political variety.” Microsoft has given the responsibility of creating such a framework to governments.

The Global Conferences on Cyberspace

The impact of these four initiatives on the ground has generated greater awareness about the need for effective international cooperation in cyberspace on the specific issue of cybersecurity. Similar awareness regarding the larger issues in cyberspace which require effective international cooperation have been raised by the five multi-stakeholder Global Conferences on Cyber Space held so far, beginning with the London Conference in 2011.

The London Conference identified five broad themes for international cooperation in cyberspace. These were economic growth and development, social benefits, international security, tackling cyber-crime and ensuring safe and reliable access to cyberspace. Subsequently, similar global conferences have been hosted by Budapest (Hungary) in 2012, which highlighted the importance of capacity building in cyberspace, the linkage between internet security and internet rights, as well as the role of civil society in cyberspace policies; Seoul (South Korea) in 2013, which highlighted the need for universal access to cyberspace to accelerate development; and The Hague (Netherlands) in 2015, which established a Global Forum on Cyber Expertise or GFCE to promote capacity building.

5th Global Conference on Cyberspace, India 2017

The Fifth Global Conference on Cyber Space was hosted by India in 2017, with a focus on "a secure and inclusive cyberspace for Sustainable Development”. The intent of the Conference was to "promote the importance of inclusiveness and human rights in global cyber policy, to defend the status quo of an open, interoperable and unregimented cyberspace, to create political commitment for capacity building initiatives to address the digital divide and assist countries, and to develop security solutions in a balanced fashion that duly acknowledge the importance of the private sector and technical community.”

Civil Society Issues

Contributions by representatives of civil society to discussions on international cooperation in cyberspace came to the fore during the Fifth Global Conference on Cyber Space held in India. A sample of the ideas contributed by civil society was contained in the inputs to the Conference provided by the Association for Progressive Communications. The concerns of civil society in an eventual international framework for cooperation in cyberspace revolve around people-centric issues, including meaningful access to cyberspace for all individuals, the existence of an open and dependable internet, and an inclusive and transparent process for setting cyberspace policies and norms.

Towards an International Convention on Cyberspace

Many of the issues, both technical as well as policy-related, in cyberspace need to be addressed in a predictable framework, based on transparent principles and provisions. To create a viable framework for effective international cooperation in cyberspace, the UNGA would first need to discuss and adopt a resolution mandating negotiation of a comprehensive treaty for cyberspace, which will bring together the key technical and policy issues raised in the various initiatives described so far.

The most relevant precedent for a viable international legal framework on cyberspace is the discussion and negotiation of the United Nations Convention on the Law of the Sea or UNCLOS, which already has within its scope the critical cyber infrastructure for the free flow of data transferred by underwater cables along the ocean floors. Beginning with a call in the UNGA in November 1967 for "an effective international regime over the seabed and the ocean floor beyond a clearly defined national jurisdiction”, the UNCLOS process brought together "the freedom-of-the-seas doctrine with technological changes that had altered man’s relationship with the ocean.” This led to the Third United Nations Conference on the Law of the Sea in 1973, with the objective to negotiate a comprehensive treaty for the oceans. The outcome was achieved 9 years later in 1982 with the adoption of the UNCLOS.An international Convention on Cyberspace should include the 11 norms on cybersecurity proposed by the UN GGE, as well as the socio-economic developmental issues highlighted in the implementation of the Tunis Agenda and the Global Conferences on Cyber Space. In view of the multi-stakeholder nature of cyberspace, enforcing such a treaty would require an innovative dispute settlement mechanism, combining the structure and practice of dispute settlement in the UNCLOS with that of the World Trade Organization, which has been adjudicating disputes involving governments and businesses since 1995.

International relations are currently being churned by unexpected disruptions and growing protectionist sentiments. The need for a predictable, secure and rule-based structure for cyberspace is a priority for a technology-driven global process of socio-economic development, whose overarching objective is the eradication of poverty within a generation. In this context, ensuring effective international cooperation in cyberspace has become a major objective for Indian diplomacy.