India’s Digital Path: Leaning Democratic or Authoritarian?

Digital authoritarianism, defined broadly as wielding technology to enhance or enable authoritarian governance, is spreading around the world. While the Economist Intelligence Unit’s annual Democracy Index found that, on a global level, “democracy stopped declining in 2018” for the first time in three years, the researchers cautioned that it may be merely a “pause.” In 2019, the volatility in states’ governance is likely to be exacerbated, as more countries adopt China’s methods of using technology for oppressive social control.

As the two largest democracies in the world, India and the United States should be working together to combat this abuse of technology. But India, by far the larger of the two with a population of 1.3 billion that is second globally only to China, has recently made some troubling changes to its technology policies.

The results look more Chinese than American or European, and risk reverberating more widely. Former Facebook chief security officer Alex Stamos wrote recently on Twitter, “India…will set the boundaries within which the developing world will interact with the US tech giants.” 

India in 2018 

In a couple of aspects, 2018 appeared to be a positive year for technology policy in India. A framework for protecting the privacy of data came closer to passage, and the government approved net neutrality rules to ban “any form” of data discrimination. That prohibition stands out particularly in comparison to digital authoritarians like Iran that allow providers to hike the cost of access for certain sites.

At the same time, India made a number of worrisome changes. India led the world in imposed internet blackouts last year. At least 100 times, by Freedom House’s count, authorities “temporarily shut down mobile networks or blocked social media apps” during political unrest (riots, protests, etc.). That was not a good sign for internet freedom in India.

This is a growing trend. In more and more countries, authorities can exert control relatively easily over parts of the internet or other communications infrastructure, whether because infrastructure is centralized or the government has extraordinary authority, or both.

India, under the nationalist government of Prime Minister Narendra Modi, also has taken more positions at the United Nations that support restrictions on internet openness. In November, the U.N. General Assembly adopted a Russia-backed cybercrime resolution that was opposed by every country that explicitly favors a global and open internet. (Russia, China, and other authoritarians have a history of claiming they are “bolstering cybersecurity” or “fighting cybercrime,” as Russia asserted in this case, to tightly control and censor the web.) India voted with Russia, China, Iran, Syria, and a number of other authoritarians on the proposal, despite previously voting in favor of both authoritarian and democratic cyber norms.

India also heightened use of artificial intelligence-enabled facial recognition in urban centers for identifying criminals and tracking persons of interest. While perhaps a useful tool for law enforcement in certain instances, such capabilities—without appropriate checks and balances—can easily be turned against the likes of political dissidents and rights activists.

And while the messaging application WhatsApp, which the New York Times reports has a quarter billion users in India, played an increasingly important role in aiding information-sharing during the Indian elections, it also became an insidious mechanism for spreading misinformation, so much so that it sometimes resulted in riots and even fatalities. Unfortunately, to address the issue, the government relied even more frequently on internet blackouts.

The government even floated a plan to create a hub for monitoring all social media activity in the country. Authorities dropped that proposal after a public backlash and a Supreme Court justice’s comment that it seemed a move toward creation of a “surveillance state.”

Still, the Supreme Court upheld the government’s use of a massive biometric identification system, Aadhaar, which was rolled out as early as 2010 but “retroactively legalized” in 2016. Deployed, purportedly, to help with delivery of public assistance programs, experts expressed fears that its effect would be similar to that of the national identity card program that China seems to be exporting to Venezuela. Aadhaar has been criticized for posing a similar threat of social control.

Even India’s draft data-privacy law isn’t as it might first appear. As Chinmayi Arun of National Law University in New Delhi points out, it contains a data localization clause requiring information on Indian citizens to be stored within India’s borders. While sometimes touted as a way to keep data away from prying foreign eyes (although it’s unclear if that works in practice, in any case), data localization also can make it easier for law enforcement to access that information.

Of course, this could be a positive in many cases for combating crime and terrorism. But sometimes, authorities using data localization have a more insidious motive. In China and Russia, data localization is used as top cover for law enforcement and intelligence services to attain better access to user data, encryption keys, and other important information that may normally be hosted on servers outside the country’s borders. Furthermore, Arun adds, the data privacy law would expand the government’s right to view information for “security” reasons and would establish regulatory structures with insufficient independence.

India in 2019 

Just a few weeks into the new year, the Indian Supreme Court is considering a challenge to a sweeping surveillance order that was passed in December 2018. It gives 10 government agencies the authority to “tap, intercept, and decrypt all personal data on computers and networks.”

Such a power would be deployed in a country that already lacks robust oversight mechanisms for data use by law enforcement and intelligence services. Indeed, many problems from the order stem from a provision in the parent Information Technology Act (2009). As one of many voices harshly criticizing the proposal, the president of India’s Congress has called Modi an “insecure dictator” for his apparent need to spy on citizens.

Even more recently, India’s telecommunications regulator, the Information Technology Ministry, has asked for feedback on rules to access encrypted messages sent over services like WhatsApp. The rules also include specifications by which the government could mandate these same companies to “trace and remove objectionable content” within 24 hours.

China and Russia both have a history of demanding access to—or at least trying to indirectly access—encryption keys, effectively creating their own “backdoors” into digital systems and devices. India’s proposal is similarly dangerous for human rights, and rings quite similar.

The same goes for India’s stance on censorship. Netflix and other companies recently have “bowed to pressure [from the Indian government] and promised not to show content that disrespects the national flag or religions or that promotes terrorism.” This once again rings similar to practices in China and Russia, where the government asks companies to censor content on its behalf. Netflix recently complied with a similar censorship request in Saudi Arabia. While there may be legitimate concerns about viral misinformation within a country, the authority to censor with little oversight is dangerous on its face.

The Future 

India still has democratic processes in place, but it slipped from 32nd place globally in 2016 to 42nd place in 2017 on The Economist Intelligence Unit’s Democracy Index, and stayed about the same at 41st in 2018. The country was classified as “partly free” in Freedom House’s 2017 Freedom on the Net report, and while it remained that way in the 2018 report, the organization noted increases in limits on internet content and obstacles to internet access.

On Jan. 18, Shashi Tharoor, an opposition member of India’s parliament and former under-secretary general of the United Nations, wrote that recent technology policy incidents are “not isolated” and instead “are part of the Modi government’s pattern of seeking more and more digital control over and surveillance of its people.” He cited a pattern of looking to use biometric identification systems and other surveillance programs to enable social control. In other words, India’s recent actions aren’t promising for advancing democratic global norms for the internet and the role of digital technology in society.

Ideally, the United States and India would work together to realize and advocate the economic value of a global and open internet. In the meantime, Western tech companies operating in India should work with the government to fight misinformation in ways that do not lend themselves to arbitrary or unchecked government censorship. India has been known to push back against the influence of American tech giants. Given its unclear stance on internet governance, it’s particularly important to track tech policies coming out of the country.

India and the United States hold important influence over global norms for the use and regulation of contemporary technology in society. Their joint leverage would make them world leaders in countering China’s model of digital authoritarianism.

IMAGE: Supporters of the opposition Shiromani Akali Dal (SAD) party block road traffic as they protest against the Punjab government and police for allegedly fraudulent votes being cast in local elections, outside a polling station in Naushera village on the outskirts of Amritsar on Dec. 30, 2018. (Photo by NARINDER NANU/AFP/Getty Images)

 

About the Author(s)

Justin Sherman

Cybersecurity Policy Fellow at New America, and a Fellow at the Duke Center on Law & Technology.