Reply: Refer to the IDSA Task Force Report titled, “India's Cyber Security Challenges”; and, the Edited Transcript of IDSA Cyber Security Report Release & Panel Discussion, including the Keynote Address by Amb. Shivshankar Menon, National Security Advisor, May 16, 2012, at http://idsa.in/system/files/Transcriptcybersecurity.pdf

Also, refer to the following:
Arvind Gupta, “CBMs in Cyber Space: What should be India’s Approach?”, IDSA Web Comment, June 27, 2012.

Cherian Samuel, “Emerging Trends in Cyber Security”, IDSA Web Comment, March 28, 2012.

Amit Sharma, “Cyber Wars: A Paradigm Shift from Means to Ends”, Strategic Analysis, 34 (1), January 2010.

Subimal Bhattacharjee, “The Strategic Dimensions of Cyber Security in the Indian Context”, Strategic Analysis, 33 (2), March 2009.

Cherian Samuel replies: Signing the ITRs would have made very little difference within India since there is comparatively very little regulation within the country. However, it could have provided a fig leaf to the actions of governments that have tried to tightly control internet content in other countries.

In and of themselves, the proposed ITRs are quite innocuous, with even the contentious provisions, such as, the Article (5A) on the "Security and robustness of networks" and Article (5B) on "Unsolicited bulk electronic communications" or spam being, on the face of it, necessary for the well-being of cyberspace. At the same time, the apprehensions that these provisions would be liable to misuse through deliberate misinterpretation are also well-founded given attempts at controlling the Internet by several countries. The passing of these ITRs would have legitimised such efforts and this was the reason why there was opposition on the part of other countries to bring the Internet within the ambit of the ITRs and giving a greater role to the International Telecommunication Union (ITU).

India, with the third largest Internet user base, is increasingly seen as a swing state on matters of internet governance. The Indian Government decided to take a considered view on signing the ITRs and is one of the 45 countries that have deferred that decision. Countries have to ratify the ITRs by January 1, 2015.

Cherian Samuel replies: To recap the sequence of events leading to Bangalore, on the 20th of May 2012, a 26 year old woman was murdered in the Rakhine State of Myanmar. The ensuing riots that started in Myanmar around the 3rd of June left 80 dead and 80,000 displaced. Pages were created in Pakistan and West Asia, and even as far as Australia, containing misleading information and morphed pictures and placed on Facebook, and other social networking sites and websites, primarily to incite the population in those countries to rise up in protest. These had the desired effect not just in those countries but also in India where they were juxtaposed with unconnected incidents in Assam to inflame passions and threat of violence against people from the North-East of the country.

Detection of misinformation on social media of the type that led to the events in Bangalore is not possible without the creation of considerable investment in different capabilities. If one considers the data flowing through the social media networks, as per statistics, Facebook gets 5 billion pageviews a month in India alone, and Youtube gets about a billion pageviews. On a global scale, 60 hours of video are uploaded to youtube every minute and 4,000 tweets are sent every second. Moreover, there is a very thin line between monitoring data and monitoring content and there is a big question mark as to whether monitoring data alone will be sufficient. There are many issues to be resolved before an efficient monitoring mechanism can be put in place.

Cherian Samuel replies: Internet based social media is per se not a threat to security. It follows in a long line of technological innovations that have enhanced human interaction, enabling both the conveying of information, news and opinion at a rapid pace, as well as widening and deepening the democratic discourse. Like any other advancement in technology, its use comes with challenges, making it a double edged sword, in this case, for those involved with safeguarding public security. They are concerned by its potential for disrupting public order, either involuntarily through the unchecked spread of rumours, or deliberately through the propagation of misinformation with the intent of creating enmity between groups. A combination of the two was witnessed recently and has led to calls for regulating social media. However, the nature of the medium is such that it has raised valid questions as to whether such regulation is possible without infringing on the fundamental rights of the citizen relating to freedom of speech and privacy.

Even as that debates continues, there are many other steps that the government can take to get in front of the problem. In the first instance, the authorities can use the same medium to provide correct information and nip rumours in the bud. Existing technologies and laws provide sufficient leeway to the authorities to effectively monitor internet traffic, including social media, in real-time, but are under-utilised for a variety of reasons, largely to do with coordination. In fact, along the matrix of cyber security challenges, social media pales in comparison to other challenges, such as securing critical infrastructure and countering cyber espionage, which are much more pressing and can have greater negative consequences.