Delivering us from surveillance

NSA surveillance is an area where rare consensus has emerged among the BRICS countries. At the U.N. General Assembly session in New York last week, BRICS Foreign Ministers “expressed concern” at the “unauthorised interception of communication and data,” without calling out the NSA in specific. But there exist no international regulations to protect civilians from such surveillance because the U.S., the United Kingdom and Israel in particular are opposed to any cybersecurity treaty. In 2010, Russia — backed by Brazil and China — tabled a draft convention on cybercrimes at the U.N., only to be shot down by the West. The Russian proposal specifically targeted intrusive technology and cyber attacks — the sort of stuff the NSA is adept at. But the U.S. successfully spun the narrative around to suggest autocratic countries like Russia and China wanted to clamp down on the Internet. A year later, The New York Times would reveal the U.S. and Israel had used precisely this technology to infect nuclear reactors in Iran with the Stuxnet virus.

The U.S. used the same pretext last December in Dubai when the U.N. deliberated an international communications treaty under the auspices of the International Telecommunication Union (ITU). The Obama administration, however, refused to sign the International Telecom Regulations and asserted that cybersecurity be kept out of the treaty’s mandate. It insisted the Internet be unregulated to leave it “free and open.” Months later, leaked NSA documents courtesy Edward Snowden would reveal how the U.S. arm-twisted telecom companies and Internet service providers for confidential user data. Had the U.S. signed on to the ITRs, the NSA’s PRISM programme would have amounted to a gross breach of its treaty obligations.

At the ITU negotiations, India chose regrettably to side with the U.S. This July,The Hindu disclosed how India’s Central Monitoring System (CMS) intercepts private communication in the same vein as the NSA. Given that India and the U.S. signed a Memorandum of Understanding in 2011 to share “cybersecurity information and expertise,” it would not be surprising to learn that much of the CMS’ capabilities stem from our cooperation with the U.S.

Yet, with all its reservations about publicly airing grievances with the U.S., India still has a good opportunity to help rein in the NSA’s mandate. Diplomacy offers enough avenues to do so without substantially affecting India-U.S. ties.

Three steps

For starters, India could revive an IBSA (India-Brazil-South Africa) proposal from 2011 to set up a U.N. Committee for Internet- Related Policies (CIRP), and submit it again to the U.N. General Assembly. CIRP would comprise a rotating group of 50 countries serving in an advisory capacity on Internet governance policies. This committee would be positioned ideally to highlight egregious surveillance schemes of the U.S. and other countries. First tabled at the 66th UNGA session, this idea met with opposition from the West and advocates of Internet freedom. But in light of new circumstances, and great resentment against the U.S. and NSA’s practices, mooting CIRP is sure to generate much discussion at the U.N. The IBSA proposal should be coupled with a draft resolution for the General Assembly to adopt: one that strongly denounces practices of global surveillance and use of interceptive technologies against governments.

Second, when Parliament convenes for the winter session, the Congress party — or any party or independent legislator, for that matter — could table amendments to the National Security Act and the Official Secrets Act. Broadly, the amendments would stipulate it is a punishable offence for Indian or India-based Internet and telecom companies to share confidential information about Indian citizens, public-sector institutions, and officials with foreign governments. The enforcement of these provisions, if enacted, would be supervised by a parliamentary committee. The chances these amendments are passed by Parliament are frankly slim. But the parliamentary debate that would ensue will surely include sharp and critical comments on U.S. surveillance programmes, all of which go on the record as the opinion of India’s sovereign body.

Third, India could help formulate a BRICS Charter for Internet Governance, given that there is substantial agreement among member states. Among the provisions in the draft charter could be an idea adapted, ironically, from the George W. Bush administration — the Proliferation Security Initiative. The PSI was a mechanism set up by the U.S. and endorsed by “volunteer” countries to target the shipment of arms to Iran and North Korea. The simple idea behind PSI was this: while the West could do little to influence policy in Tehran and Pyongyang, it held all the economic cards to ensure these policies were not implemented. BRICS countries retain a trump card when it comes to Internet governance: their massive consumer base. To be sure, the charter should not punish or sanction Internet companies that collaborate with the U.S. government for surveillance. BRICS members would circulate an annual “name and shame” list of such companies to multilateral avenues and civil society forums across the world. The negative publicity would do more than its fair share to make IT companies rethink their surreptitious collaboration with the U.S.

These are modest, but not conclusive, proposals that India could articulate to help check the NSA’s surveillance programmes.

They are not aimed at setting back India-U.S. ties — in fact, pursuing such policies would only boost India’s reputation as a pursuer of independent foreign policy.