G20: India Is Now the Vishwaguru of Digital Authoritarianism

The new data protection Bill, IT Rules, internet shutdowns and poor cybersecurity record seen together are ominous. The citizen, not government and Big Tech, should be at the centre of a healthy digital ecosystem.

Certainly since this millennium clocked in, India has had a romance with an idea of itself as an ‘IT nation’ – this is from the times when ‘Y2K’ was the world’s biggest digital problem. India’s software Business Process Outsourcing units or BPOs popularised the phrase ‘Bangalored out’ in the world. It was said that India would hog all the jobs from the West. India’s call-centres, the emergence of companies like Infosys and success of TCS, and legends that timetables for the London tube were drawn up in Bangalore were the stuff of TV soaps. Typical characters in The Big Bang Theory and Silicon Valley had distinct ‘Indian’ accents, they were geeks who knew their 0s from their 1s. At Cupertino in the canteen, Telugu is said to be the second-most popular language after English. Indian-origin persons heading several Big Tech ventures added to this ‘India is about digital’ mythology.

So then is it not natural for a ‘Vishwaguru’ nation to try and use this, like Yoga and Ayurveda, for purposes of publicity, market itself as a model for democracies for the best handling of data and the net?

It was at the end of last year that the first attempts to mine the G20 into an internal PR coup and spin a routine rotational presidency into a personalised, crowning glory moment for the Indian prime minister were put into motion. A different push, outward, of owning a term called ‘techade’, trying to get India to grab centrestage and be a model for how data and the digital world was organised, was also set in motion last winter.

Niti Aayog’s Amitabh Kant spoke in a style now perfected by the government, of double-speak mashing buzz words in vogue globally, but standing for the opposite (like the ‘Freedom of Religion Bills’ are designed to do the exact opposite). Kant spoke of the data “gold standard”, which he said “emphasises on nations to invest in self-evaluation of their data governance architecture, calls for modernisation of national data systems to incorporate citizen voice and preferences regularly, advances principles of transparency for data governance and finally brings to the forefront the need for strategic leadership on data for sustainable development”.

Serious limitations on handling data

India’s date with data and the digital ecosystem it is creating have serious limitations and, far from trying to be what the G20 should aspire to do, may well be an index of the opposite.

The latest Personal Data Protection Bill was brought in by the Union government – supposedly to protect citizen data – last year, when a parliamentary committee examined it and suggested several changes. But it was withdrawn abruptly without giving any reasons. A reinvented Bill was introduced this year and rushed through parliament. Bloomberg described it as “a boon for global enterprises such as Google and Meta, as it eases data flows and reduces their compliance burdens”. The Bill offers little protection for citizens, and exempts the biggest data fiduciary in the country, the government (and any other company it may decide to exempt, without having to cite reasons) from accountability. The Union minister misleadingly compared the Bill to EU’s landmark General Data Protection Regulation (GDPR). Claiming that the GDPR gives “16 exemptions”, he said that the DPDP Bill gives only “four exemptions”. But as was pointed out in the Tech Policy podcast by technology journalist Aditi Agrawal, “in India’s version of the Bill they’ve used commas. So, that’s why you have six listed exemptions. But, if you look at each of the sub-clauses, there are actually many more.”

Also read: Digital India Has Run Out of Freedoms

Privacy is the lens through which the task of protecting citizens’ data from misuse is framed in the GDPR. But in India, the shift from the first draft Bill that the Justice B.N. Srikrishna Committee put out in 2018, a year after the Supreme Court ruled on the right to privacy being a fundamental right, is drastic. The draft has seen at least five versions. The thrust is now on allowing government and companies the ease of mining citizens’ data. There is no independent data protection authority provided for. India’s deployment of facial recognition technology without proper consultation and the rampant use of cameras in public places makes it among the most surveilled and data-hungry systems in the world.

India’s cybersecurity record has been a cause of grave concern. Health data, regarded as the most sensitive, was leaked from COWIN, the government’s centralised portal for COVID-19 vaccines. A bot via Telegram is said to have been able to made public personal details like names, Aadhaar numbers and passport details upon entering phone numbers. Such break-ins were said to have happened at least thrice, though the last time in June got an acknowledgement this summer. The most worrying thing is that there is no process to address breaches or reveal who has been held accountable. There is no record of any investigation being carried out by CERT-In. Earlier this year, India’s premier medical institute, the All India Institute of Medical Sciences in Delhi, was down for 19 days as the system was hacked by cybercriminals and as the minister later admitted, one TB of encrypted data from the hospital taken. No process, follow up or confidence inducing measures. Again, no process established for the hacks or accountability.

There are other pieces that make for India’s ‘digital’ universe.

For a start, internet penetration in India is way behind the world penetration of 63%. It was 46% in 2021, which places it at rank 120 in the world, as per a Mint analysis.

The rules for social media and technology platforms, Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which were firmed up in April this year, encompass websites of all kinds. They controversially and deliberately confuse government control with regulation. A ‘fact-checking unit’ of the Union government has the powers to decree anything online as not true and it can be taken down. A stand-up comedian, Kunal Kamra, as well as media bodies have challenged the rules and spoken of their power to silence voices. “They are following the diktat ‘Rome has spoken’ which implies that whatever the government speaks is final and no one has the right to express their views,” Kamra’s counsel argued in the Bombay high court.

Big Tech: Intimidated or happy to help?

Big Tech’s relationship with the Indian government must face serious scrutiny. WhatsApp has teamed up with a billionaire, the Ambanis, putting paid to any ideas Silicon Valley may have nursed about being seen as disruptive or with the average Joe. Meta’s inability to produce an honest report about fake news and hate speech in India and its impact have been written about in detail. The Washington Post has also run investigations about Big Tech feeling pressured to not take down posts they deem as harmful, false or spreading hate. “In India, where the Hindu-nationalist Bharatiya Janata Party — part of the coalition behind Modi’s political rise — deploys inflammatory rhetoric against the country’s Muslim minority, misinformation and hate speech can translate into real-life violence, making the stakes of these limited safety protocols particularly high,” it wrote in 2021.

Twitter’s founder, Jack Dorsey said in June that the Narendra Modi government made “many requests” to Twitter during the farmers’ protests for the deletion of content by journalists critical of official policy and also threatened to shut down Twitter in India and raid its employees’ homes. The IT minister dismissed his claims as baseless, but the very public sparring between government and Twitter in 2021 saw the police being deployed in two cities, and this is a matter of public record, as The Wire reported at the time.

Podcast: India Has Been the Leading Country in Internet Shutdowns for 5 Years. That’s Alarming.

The cyber-world being soaked with misinformation is something The Atlantic pointed to in 2019; “Many of India’s misinformation campaigns are developed and run by political parties with nationwide cyberarmies; they target not only political opponents, but also religious minorities and dissenting individuals, with propaganda rooted in domestic divisions and prejudices.” A Study by the Oxford Internet Institute of Oxford University found that “over a third of visual content (predominantly images) shared in BJP WhatsApp groups (34.5%) was “divisive and conspirational”, with the figure at 28.5% for the Congress”.

The internet and democracy

How societies and governments treat the internet is emerging as a shorthand for freedoms and the status of democracies, the world over. Much is written about how the digital world in China (firewalled), Iran (restricted) or Russia (bot farm-filled) is. But there is little scrutiny of India, as it tries to sell its digital payment infrastructure or its public digital infrastructure as elements the world should emulate.

But India is also the world’s internet shutdown capital. Last year, 45% of all internet shutdowns were in India. For the past five consecutive years, India has topped the global list of states that cut off the internet for their citizens. Manipur this time saw 100 days straight minus the internet, curbing information and also the rights of those seeking redress or help. Education and utilities suffer greatly too. In India, the casualness with which this is done must ring alarm bells about how the internet can be controlled.

In January, the Modi government was able to invoke ‘emergency powers’ to knock a BBC documentary on the Gujarat violence in 2002 which the prime minister presumably found unflattering off the internet, without giving any reasons or explanations.

That was only a sign or a symptom of the serious issues citizens of India face online. Far from a “gold standard”, India is writing a manual for digital authoritarians globally. How to dodge the worst of both worlds, an authoritarian government intent on surveillance as well as Big Tech as it draws each ‘data principal’ into its net, is among the biggest challenges Indians face today.