In the absence of equity in cyber space globally, India may continue to be a non-signatory to the Budapest convention (2001) on cybercrime, communications minister Kapil Sibal indicated on Tuesday, while speaking at the India Knowledge Summit organised by ASSOCHAM and the ministries of communications, HRD and science and technology.

The Budapest convention is the only multilateral convention on cyber security – considered critical to economic and national security of a country. Developing countries including India have not signed it stating that the developed countries lead by the US drafted it without consulting them.

The convention calls for cooperation among signatory countries in investigation of cyber crime/attacks originating from abroad. It, however, doesn't mandate the requested country (from whom information has been sought) to share information. As most servers are based in the US and other developed countries, virtually all information in the cyberspace is in the custody of these countries.

“I doubt we will have a resolution,” he said referring to the lack of consensus among countries on a global cyber security treaty. Urging for greater equity in international cooperation on cyber security, he said, "Most of the internet servers are based in the US (and other developed countries) which also decide what kind of information should be on the table for global consumption."

Citing issues of jurisdiction and global redressal mechanism in the cyberspace, he said that India will neither go with the inter-government committee of the UN, which is advocating government control over the internet, nor with the Internet Governance Forum, which favours private sector control over the net.

"The countries have to formulate cyber regulations based on how they deal with their citizens," he said, adding that it is unlikely to be decided at an international forum.

Admitting the lack of consensus among countries on a treaty on cyber security, Markko Kunnapu, head of cybercrime convention committee, Council of Europe, said that even if there is some sort of agreement it will take at least five years to finalise a treaty.

Justice AP Shah, former chief justice of Delhi high court, elaborated on the need for privacy in the present age of increasing government surveillance, citing the dystopian scenario envisaged by George Orwell in his novel ‘1984’.

As the government is working on a privacy law it should formulate broad guidelines to cover interception and surveillance, said justice Shah, who headed a government appointed committee on privacy.

Justice Shah said that India is among a very small group of countries where government listens to people's telephonic and digital conversation without a judicial order.

Speaking about formulation of standards for cyber security, Dr Kamlesh Bajaj, CEO, DSCI, said that the standards framework should be informational and not prescriptive. The standards have to be looking at the risk management, he said. In the US, the industry is leading the efforts, relying on best practices, he said.

India too has formed a joint working group (JWG) of experts from government and industry for a public-private partnership on cyber security. The JWG, working under the national security advisor, has formed sub-groups including one on certification and testing. The subgroup has already submitted its report to the government. Its two key recommendations include the setting up of two centres of excellence, one on cyber security research, and one called cyber security professionals of India, on the lines of the body for chartered accountants.

Speaking about the "global price of consumer cybercrime", Digvijaysinh Chudasama, director, India and SAARC, Symantec, said that due to cyber crime the world has lost $113 billion. The US was the worst affected, losing $38 billion, while China lost $37 billion India lost $4 billion.