The last few days have seen some explosive news in the realm of digital privacy in the country. First, there was the allegation from a whistleblower that Twitter had agents of the Indian government on its payroll who could access user data. Then there was an update from the Supreme Court hearing of the Pegasus case that the Government of India did not cooperate with the appointed investigation committee.
While both these events are largely unrelated, the only connecting factor between both remains the Government of India. And this is where there is the most cause for concern.
In China, Russia too
Because in the midst of the Twitter news, one of the things that has not been focused on so much in the Indian media is that the whistleblower also alleged similar accommodations were made for governments in Russia and China as well. In Russia, the allegation is that it proposed making concessions that would allow the Russian government to censor content more broadly in return for allowing the company to grow in the region. Similarly in China, the allegation is that it shared information that could potentially help the government identify Chinese users who had circumvented the censorship firewalls.
This is all part of a rising trend where governments around the world are trying to control what the internet looks and feels like within their regions. This could be more akin to China’s more insular approach wherein the expectation is of having local versions of services, such as Weibo instead of Twitter, and Baidu instead of Google search. Or it could be the more altruistic-seeming GDPR approach of the EU that mandates specific user data storage processes.
Balkanisation of the internet
Regardless, what was once considered a universal connector — the internet — is seemingly breaking down into smaller, walled-off conclaves, each with its own rules and regulations. This phenomenon is known as the Splinternet (i.e. the splintering of the internet). The term, first coined in 2001 in a positive sense for parallel autonomous networks, has now taken on a more ominous definition with experts increasingly fearing a balkanisation of the internet services based on each local government’s view on privacy and democracy.
The Indian government’s handling of the Pegasus scandal and its approach towards Twitter moderation in the past clearly indicate that it views individual privacy as secondary to national security and, increasingly, political security. This high-handed approach is not unique to the Indian government (think of how the US government has responded to the snooping revelations by Edward Snowden), but as Indian citizens, it is their actions that concern us the most.
Era of cyber warfare: What should Indian government do?
The government’s concerns are not without basis though. As proven by the Russian interference in the 2016 US elections and the increasing concern of Chinese snooping through apps, which led to their ban in the last couple of years, it is clear we are living in an era of cyber warfare and data manipulation. To deny this truth is to deny obvious threats.
Instead, taking these into consideration the government needs to clearly formulate policies that put the citizens’ interests at the heart of the matter and not obfuscate everything behind the veil of national security.
While recent provisions in the proposed data privacy law such as asking for data localisation make sense, the government needs to make sure it is not overreaching its ambit. For example, asking VPN and cloud service providers to store user data for five years is grossly overburdening the service providers while also putting user privacy at risk. The ease with which Razorpay recently had to give up the Alt News donor list to the government is a case in point that shows easy access to user data is a major cause for concern.
Hence, it is imperative that the Indian government puts aside its short-term political goals and crafts rules that suitably guard user information from both external and internal actors. Unfortunately, in our current political climate, the incentive to do so is limited. So the chances of this situation worsening are quite high.
What should tech companies do?
This is where the tech companies need to stand up and be counted. Technologists have often claimed to be flagbearers of democratic and equitable growth, and now need to live up to those lofty claims.
The expectation and/or hope is that given the focus on user privacy in the West, especially the EU, these firms will be forced to standardise these best practices across all the countries they operate in. Further, increasing Congressional hearings in the US and the like might put pressure on the tech companies to be more transparent about their practices in other regions also.
Unfortunately, here too, there is little incentive for major tech firms to push for more user privacy and transparent governance. With their leadership and boards being dictated by profit margins and share prices, the overriding need for all the firms is to grow their user base and expand into new markets, in whatever ways possible. If this means having different standards of user privacy and moderation based on the country of operation, it is likely they will opt for this as the alternative might be a complete loss of business in the region.
For example, if Twitter feels like it can be easily cut out of the Indian market and be replaced by Koo, similar to how TikTok was replaced by a slew of local video-sharing apps, then there is little incentive for them to challenge overreaches by the Indian government.
What can we the users do?
Regrettably, we the users are the weakest stakeholder in this situation. We are mostly at the mercy of the decisions the government and tech companies make. Even supporting open source/non-profit platforms such as Signal is of little benefit if, at the end of the day, they are required to operate in hostile local regulatory environments, and at the same time compete with for-profit competitors who have the financial pull to attract the best talent and the ethical ambiguity to modify their policies based on regional policies to maximise profits.
With increasing political polarisation between the West, Russia, and China, a Splinternet is all but an inevitability. We are already seeing aspects of this play out in terms of companies launching different versions of their products in different markets, regional app and content blockages, the localisation of user data, and the inability to find consensus on new financial instruments such as cryptocurrencies.
Given this, the only option left for general citizens is to strongly lobby for meaningful and healthy legislation in their own countries.
In India, this might involve us staying educated and vocal about any new data privacy laws the government tries to implement, and strongly pushing back on unhealthy legislation. We can also aid the cause by supporting activist organisations such as the Internet Freedom Foundation and critical media publications that are actively calling out government overreaches. While we might still end up having our own version of the internet in India, through proactive lobbying we can ensure it is one that supports our ideals of free speech and democracy.
(Sidharth Sreekumar (he/him) is an advocate of ethical technological advancement, and is interested in exploring the confluence of technology and societal impact. He is currently a Senior Product Manager at the Economist Intelligence Unit. These are the personal views of the author)
