During Prime Minister Narendra Modi’s visit next week, India and the United States could be wrapping up the first bilateral document on cyber space cooperation, with New Delhi hoping that this will prod Washington into framing new rules to speed up action on requests from security agencies for information from Internet majors.
Sources told The Wire that India and the US are working on an agenda to encompass cyber cooperation – which will be the first such document that either country will be signing with any other nation.
The last time US President Barack Obama and Modi met during a state visit, India and US issued a separate document on the Asia-Pacific, which was seen as a turning point in India’s intensified interest on South China Sea.
The proposed bilateral framework – on which discussions are still ongoing – is a result of the India-US cyber dialogue chaired by the two deputy national security advisors, who met for the first time last August.
The document will cover aspects of internet governance, cyber security and building of norms of state behaviour, The Wire learned.
From the Indian government’s perspective, the bilateral document is a necessary step to goad the US into fast-tracking requests of “cooperation” from security agencies.
On internet governance, India and the US are more or less on the same page after India finally threw down the gauntlet on the side of ‘multi-stakeholderism’ at the ICANN meeting in June 2015.
Incidentally, there were eyebrows raised in Washington over the recent Russia-India-China joint statement issued in Moscow in April after a meeting of the foreign ministers.
The statement talks of internet governance with both “multilateralism” and “multi-stakeholders”, which had apparently led to the US to take it up with India. Indian officials pointed out that it was a trilateral document which required compromise, with Russia and China being proponents of the ‘multilateral’ model. It was also pointed out that the United Nations General Assembly’s adoption of a resolution reviewing the outcomes of World Summit for Information Society had also mentioned both ‘multilateral’ and ‘multi-stakeholder’ in the same sentence.
However, while the ‘multi-stakeholder’ model is accepted by both India and the US, there is a bit of a distance on the role of state in handling cyber crime. India believes that the state has a “primary role” in the cyber security architecture, though it allows for players like private firms and NGOs to have some responsibility too.
On the other hand, the US considers the state to have a less intrusive role. This was reflected in the G20 leader’s statement last year in November, which was based on US terminology. “In the ICT environment, just as elsewhere, states have a special responsibility to promote security, stability and economic ties with other nations,” said the G20 Turkey summit communique.
This difference between states’ “special” (US) and “primary” (India) role is only a “matter of degree”, insist sources. However, it does have an influence on the next important motivation for India entering the arena of global cyber politics – cooperation from the international community for its security agencies.
With the primary data centres of most American technology companies being located in the US, Washington is naturally New Delhi’s target.
“We have problems now,” admitted a government official on “cooperation” from the US government.
Currently, India can make requests under the Mutual Legal Assistance Treaty (MLAT), which requires a judicial process. It often stumbles at the first step, where the request is rejected if it is not framed as per the legal requirement of that country.
Once it passes the first stage, the receiving country has to move the court to get the company in question to provide information – which is a relatively long and uncertain process. For Indian security agencies, the MLAT is unable to keep pace with the needs of a digital age.
India has made request to nearly all internet majors – Twitter, Facebook, WhatsApp – over the years, but has found compliance levels to be rather low.
In the last six months of 2015, compliance to Indian law enforcement requests by Facebook and Twitter was 42% and 19% respectively. With Apple, it was 19% for device requests, but a higher 67% for account requests, for the same period. Yahoo had a much higher compliance rate for Indian requests – 62% for account data and 50% for account removal.
As per the latest transparency figures released by Google for the period of January to June 2015, the percentage of Indian requests in which some data was released was 44% – down from 61% for the second half of 2014.
“For US, the compliance levels are about 70-80%, which we want to achieve too,” the official said.
More than the compliance percentage, it is the ‘criticality’ of the request which is more important, sources asserted. For example, Whatsapp has apparently yet to furnish any data related to the Muzaffarnagar riots which occurred in August 2013.
So far, the United States has said that the it cannot go against its own laws, which mandates a judicial process.
Sources said there are discussions on to “reach a solution”, like e-MLAT being discussed within Interpol. Washington has also suggested that India should join the Budapest Convention, which is the only legally binding treaty which sets norms for cooperation on cyber crimes between states and provides for faster response time. India has so far refused to join the convention as it was not party to the drawing up of the treaty.
The proposed framework document, if it is unveiled during Modi’s US visit, will “reinforce” the ongoing dialogue. At the last meeting of the India-US cyber dialogue, over four dozen action points were reportedly framed, claimed sources, which showed the extent to which both sides were working “very strongly to find solutions”.