Before that, India needs to clearly define national security and ensure data protection within the country
The debate to relocate offshore servers of internet and social media firms including Google, Facebook and Twitter has revived. Home minister Rajnath Singh has requested the social media companies, located outside India, to maintain servers in the country, in order to expedite the process of getting information on accounts which spread mischievous messages posing a threat to law and order situation. The move has come in the backdrop of delayed or no response to the government’s requests to these companies, for extracting information of some of its users on security grounds.
In February, the minister claimed Jamaat-ud-Dawa chief Hafiz Saeed’s involvement in the anti-national slogans that were allegedly raised in the campus of Jawaharlal Nehru University (JNU). The claim was based on a tweet that appeared on a fake twitter account of Saeed (@HafeezSaeedJUD), which was later deactivated by Twitter. But the US-based social media company has still not replied to the Indian government as to who was running the account.
It is interesting to note here that India shares mutual legal assistance treaty with the US, wherein, the duo can share information for the purpose of criminal investigation, via judicial route. The process, however, is lengthy.
“Given the nature of the content, sometimes the government cannot afford to wait. The process of issuing direction to get information or blocking certain content from public view is lengthy. The Indian government under the IT law is empowered to ask these companies to maintain servers in India,” says senior advocate, supreme court, and cyber law expert, Pavan Duggal, terming it as a legitimate concern related to national security. As India is a big market for all these companies, it shouldn’t be a problem for them to have servers in India, he says.
“If the police or security agencies want information from these companies, it becomes tall orders since they are not operating from India. They step back and say they are not accountable,” says Virag Gupta, a senior supreme court lawyer, adding that ministries of telecom and finance must join the home ministry in its request and spearhead the matter.
Gupta has filed a petition in the Delhi high court asking such offshore companies to register themselves under the Indian law.
On the other hand, Pranesh Prakash, policy director at center for internet and society (CIS), a non-government research organisation supported by Google, feels that instead of requesting these companies to maintain servers in India, it is best for the government to figure out ways to speed up judicial process of the treaty, when it comes to internet governance.
From July to December 2015, India issued 141 requests to Twitter to retrieve information of its users’ accounts for criminal investigation purpose, as per the company’s transparency report. But the compliance rate was only 42 percent, the report says.
While India seeks information on national security grounds, the law here does not clearly define national security, which is still vast and ambiguous.
“I do believe that there is a need for a much clear definition of national security. If the government really wants to have servers of these companies in India then appropriate guidelines must exist, so that companies should not be taken by surprise,” says Duggal.
Security concerns
Data localisation is witnessing a growing trend among many countries. Last year, Russia enforced law to mandate internet companies to store its citizens’ data within the country. The move is generally taken in fear of losing country’s data to hackers. It also means that it would be easier for the government to get information from these internet companies.
And so protecting data and privacy of individuals within the country is also a matter of concern. Not having a strong data privacy law in place could lead to violation of internet rights of citizens.
“Privacy is a legitimate concern but at the end of the day the government is well empowered in the interest of protecting cyber security under the IT Act. But it is necessary for the government to look at the issue from a holistic perspective. There is a need for balancing privacy and security of an individual on one hand and national security on the other hand,” adds Duggal.
[email protected]
(The article appears in the April 16-30, 2016 issue)