CCG’s Comments to the Ministry of Electronics and Information Technology on the Draft National Data Governance Framework Policy

Authors: Joanne D’Cunha and Bilal Mohamed

On 26th May 2022, the Ministry of Electronics and Information Technology (MeitY), released the Draft National Data Governance Framework Policy (NDG Policy) for feedback and public comments. CCG submitted its comments on the NDG Policy, highlighting its feedback and key concerns with the proposed Data Governance Framework. The comments were authored by Joanne D’Cunha and Bilal Mohamed, and reviewed and edited by Jhalak M. Kakkar and Shashank Mohan.

The draft National Data Governance Framework Policy is a successor to the draft ‘India Data Accessibility and Use’ Policy, which was circulated in February 2022 for public comments and feedback. Among other objectives, the NDG policy aims to “enhance access, quality, and use of data to enable a data-led governance” and “catalyze AI and Data led research and start-up ecosystem”.

“Mountain” by Mariah Jochai is licensed under CC BY 4.0

CCG’s comments to the MeitY are divided into five parts – 

In Part I, of the comments we foreground our concerns by emphasising the need for comprehensive data protection legislation to safeguard citizens from potential privacy risks before implementing a policy around non-personal data governance. 

In Part II, we focus on the NDG Policy’s objectives, scope, and key terminologies. We highlight that the NDG Policy lacks in  sufficiently defining key terms and phrases such as non personal data, anonymisation, data usage rights, Open Data Portal, Chief Data Officers (CDOs), datasets ecosystem, and ownership of data. Having clear definitions will bring in much needed clarity and help stakeholders appreciate the objectives and implications of the policy. This also improves  engagement from the stakeholders including the government in the policy consultation process. This also enhances engagement from the stakeholders, including the various government departments, in the policy consultation process.  We also highlight that the policy does not illustrate how it will intersect and interact with other proposed data governance frameworks such as the Data Protection Bill 2021 and the Non Personal Data Governance Framework. We express our concerns around the NDG Policy’s objective of cataloguing datasets for increased processing and sharing of data matching with the aim to deploy AI more efficiently.  It relies on creating a repository of data to further analytics, and AI and data led research. However, it does not take into consideration that increasing access to data might not be as beneficial if computational powers of the relevant technologies are inadequate. Therefore, it may be more useful if greater focus is placed on developing computing abilities as opposed to increasing the quantum of data used.

In Part III, we focus on the privacy risks, highlighting concerns around the development and formulation of anonymisation standards given the threat of re-identification from the linkage of different datasets. This, we argue, can pose significant risks to individual privacy, especially in the absence of a data protection legislation that can provide safeguards and recognise individual rights over personal data. In addition to individual privacy harms, we also point to the potential for collective harms from using aggregated data. To this end, we suggest the creation of frameworks that can keep up with the increased risks of reidentification posed by new and emerging technologies.

Part IV of our comments explores the institutional framework and regulatory structure of the proposed India Data Management Office. The proposed IDMO is responsible for framing, managing, reviewing, and revising the NDG Policy. Key concerns on the IDMO’s functioning pertain to the exclusion of technical experts and representatives of civil society and industry in the IDMO. There is also ambiguity on the technical expertise required for Chief Digital Officers of the Digital Management Units of government departments and ministries, and the implementation of the redressal mechanism. In this section, we also highlight the need for a framework within the Policy to define how user charges will be determined for data access. This is particularly relevant to ensure that access to datasets is not skewed and is available to all for the public good. 

You can read our full submission to the ministry here.

Analysing India’s Bilateral MOUs In the Field of Information and Communication Technologies (ICTs)

Sukanya Thapliyal


As per the latest figures released by the International Telecommunication Union (ITU), post-COVID-19, the world witnessed a sharp rise in the number of internet users from 4.1 billion people (54% of the world population) in 2019 to 4.9 billion people (63% of the world population) in 2021. However, the same report states that some 2.9 billion people remain offline, 96%  of whom live in developing countries. These stark differences emanate from several barriers faced by the residents of the developing countries and include lack of access because of unaffordability of ICT services, lack of strong technological and industrial bases, inadequate R&D facilities, and deficient ICT operating skills

Countries are increasingly exploring different ways to partner with other countries through multilateral, bilateral, and other legal arrangements. The countries often forge bilateral cooperation with other countries through signing Memorandum of Understanding(MOUs), Memorandum of Cooperation (MOCs) and creating Joint Working Groups, and Joint Declarations of Intent, among others. These are informal legal instruments as compared to typical treaties or international agreements, and promote international cooperation in strategic interest areas. India has a detailed Standard Operating Procedure (SOP) with respect to MOUs/agreements with foreign countries. The SOP lays down the Indian legal practice on treaty formation and detailed guidelines in respect to the different international agreements that may be signed by the countries. 

India has executed several MOUs, MOCs, Joint Declaration of Intent, and Working Groups to identify common interests, priorities, policy dialogue, and the necessary tools for ICT collaboration. These include a broad range of areas,  including the development of IT software,  telecom software, IT-enabled services, E-commerce services & information security, electronic governance, IT and electronics hardware, Human Resource Development for IT education, IT-enabled education, Research and Development, strengthening the cooperation between private and public sector, collaboration in the field of emerging technologies, capacity building and technical assistance in the ICT sector. 

Aims and Objectives

This mapping exercise lists the numerous bilateral MOUs, Joint Declarations and other agreements signed between India and partner countries to locate the nature and extent of international collaborative efforts in the ICT sector. Furthermore, this mapping exercise aims to understand India’s strategic interests and priority areas in the sector and evaluate India’s unique positioning in South-South Cooperation. The said mapping exercise remains a work in progress and shall be updated at periodic intervals. 


The mapping exercise includes an assessment of 36 MOUs and 5 other agreements subdivided into four categories: Fixed Term/ Renewed ICT MOUs (13), Open-Ended ICT MOUs (4), ICT MOUs with Pending Renewal/ Extension and Expired MOUs (19), and Joint Declaration and Proposals concerning ICT Sector (5). The relevant details of  such MOUs are derived from publicly available information provided by the Ministry of Electronics and Information Society (MeitY), Department of Telecommunication (DoT), Ministry of Communications (MOC) and the Indian Treaties Database by Ministry of External Affairs (MEA). The current analysis attempts to bring out the different MOUs, MOCs, and Joint Declarations of Intent executed by Indian authorities (MeitY, MOC and MEA), their duration of operation and the areas covered under the scope of such collaboration.   


Some of our key observations from the mapping exercise are as follows: 

  • India has entered into MOUs/ Joint Declaration of Intent and other agreements with both developed and developing countries. These include Bangladesh, Bulgaria, Estonia, Israel, Japan, South Korea, Singapore, United Kingdom, among others. 
  • Within India’s ICT cooperation and collaboration landscape, we have identified the following as priority areas: 
Building capacity of CERTs and law enforcement agencies1. Cybersecurity technology cooperation relevant to CERT activities.
2. Exchange of information on prevalent cybersecurity policies and best practices.
3. CERT-to-CERT Cooperation.
4. Exchange of experiences regarding technical infrastructure of CERT.
Technical assistance and capacity building1. Human resource development including  training of Govt. officials in e-governance.
2. Institutional cooperation among the academic and training institutions.
3. Strengthening collaboration in areas such as e-government, m-governance, smart infrastructure, e-health, among others.
Sharing of technology, standardization and certification1. Cooperation in software development, rural telecommunication, manufacturing of telecom manufacturing and sharing of know-how technologies.
2. Cooperation in exchanging and developing technology.
3. Standardisation, testing and certification.
B2B cooperation and economic advancement1. Enhancing B2B cooperation in cyber security.
2.Enable and strengthen industrial, technological and commercial cooperation between industry and research establishments.
3.Exploring third country markets.
4. Favourable environment for the business entities through various measures to facilitate trade and investment.
Key Priority Areas for India in ICT Sector

Mapping MOUs signed by India in the field of Information and Communication Technologies (ICT), created using

Building a Feminist Critique of Cybersecurity: Centering experiences of those at the margins


“Secure Home (pt. 2)” by Ren Wang is licensed under CC BY 4.0


Our everyday lives are increasingly being mediated by technology. Social networks are shaping our interpersonal communications, algorithms are driving our decisions and behaviours, and smart devices are modulating our home and workplace environment. Haraway postulated this rising penetration of technology in practically all aspects of life through the image of “cyborg bodies” entangled in its discourses and effects to the point where “who makes and who is made in the interaction between human and machine” is impossible to decipher. With the ever-increasing dependence of our everyday lives on technology, the internet directly interpellates subjects while also engaging with other social discourses that contribute to subject formation. As technology becomes fundamental in shaping not only our everyday lives but also our subjectivities, the question of security in cyberspace becomes increasingly personal. 

Although cybersecurity has been recognized as a global concern, there is no agreement on how it should be conceptualized.  The question of “who or what is to be protected” lies at the heart of these debates.  A growing body of literature moves beyond the protection of “cyberspace and the underlying ICT infrastructure”, and defines cyber security as the protection of those “who function in the cyberspace, i.e. individuals, organisations, and nations”. In practice, however, it is seen that the sovereignty of the state is considered as the dominant objective of cyber security and powerful actors like states, military and corporates drive the discourse at the risk of invisibilizing the ordinary user.

A feminist approach to cybersecurity must place humans at its centre. It must also recognize that our experiences in the online world are shaped by our identity and the power structures prevalent in society. Consequently, cybersecurity threats are perceived and experienced differently by minorities, women, non-binary people who are also routinely absent or underrepresented in such discussions. This blog argues that women’s experiences, particularly those at the margins, must be at the centre of how cybersecurity is conceptualized in technical design and legislation. The piece begins by examining questions of representation and its implications. It further probes how gender-blind design and the underlying assumptions of public/private dichotomy lead to gendered threats like technology-facilitated intimate partner violence being excluded from or trivialised in cybersecurity discussions. Finally, it looks at the case of intimate image abuse and examines the framework of bodily integrity as a key tool to centre womens’ experiences in cybersecurity. 

Women in Cybersecurity

Only 25% of the global cyber security workforce identify as women. The work culture of incident response teams which are predominantly staffed by men helps in reinforcing the association of technical expertise to masculinity. Feminist theory not only advocates for greater representation of women in cybersecurity design, defence and response but also questions the basis of how the epistemic authority is allocated. At the heart of a feminist approach to cybersecurity lies the question, “Who is considered the bearer of knowledge?”. Since, in both technology and law, technocratic expertise is the primary epistemic authority, experiences of ordinary citizens are invisibilized and often considered problems that need to be solved by experts through behavioural change or legislation from the top. It is this top-down approach to cybersecurity that is challenged by the feminist standpoint epistemology, where the subjective experience of those at the margins is the key source of knowledge.  

Another important aspect of feminist research is the centrality of political action and the dismantling of the separation between theory and practice. Thus, a feminist approach towards cybersecurity will actively engage with ordinary users, especially those who are marginalised through multiple axes of oppression, in building knowledge, understanding threats and bringing about change through political action and solidarity. Oxford Internet Institute’s Reconfigure Network consisting of a group of feminist cybersecurity practitioners and researchers is a step in this direction. Under this project, ordinary citizens, through a series of community workshops, engage in defining threats based on their understanding and experiences. 

The public/private binary

A gender-blind approach towards cybersecurity doesn’t take into account how threats are experienced differently by people depending on their social positions. This is because, contrary to popular belief, technical deliberation is not objective and value-neutral. The design, construction and regulation of technology are embedded with socio-political values. Often gendered threats faced by women and individuals of marginalised gender and sexual identities are overlooked or trivialized in design considerations. A common example of this is systems using personal information questions as backups to passwords, e.g. the name of your first pet or middle name of your parent. This assumes that the “bad actor” will always be a stranger and not an intimate partner/former partner. Similarly, Slupska has shown how threat modelling of major smart home systems does not take into account intimate partner violence(IPV). The owner of the device is never seen as a security threat to other users of the device in any use case. This is attributed to the public/private binary, where the home is constructed as a safe place in spite of the rising cases of gender-based violence facilitated by smart home devices. 

Feminist scholars have long critiqued the public/private binary which relegates the ambit of gendered violence to the domain of the private. Technology-facilitated sexual violence like intimate image abuse (commonly referred to as “revenge porn”) are often constructed as concerns of individual privacy instead of cybersecurity. Even the expectations for users are gendered; women are expected to maintain complete control of their digital footprint and activate privacy settings on social networks to protect themselves. Any failure to do so results in victim-blaming, thereby shifting the onus of ensuring cybersecurity completely onto the individual victims.

This is also evident in the language of “revenge porn” which reduces the scope of the crime and its severity by invoking narratives of relationship feuds and disgruntled partners. These issues have traditionally been placed in the domain of the private and emotional, which is constructed as inferior and less serious to the public domain of rational security. It can also become a limiting factor in legislative reforms as it considers the “intent to harm or harass” the victim a necessity to prove the crime. Not only does this narrow conception fail to take into consideration the economy surrounding the distribution of such imagery, but it also makes proving of intent to harass challenging. 

Centering Women’s experiences & Bodily Integrity in a digitally mediated world

Consequently, it is argued that “revenge pornography” be seen as a part of the “continuum of image-based sexual abuse”. This is based on Kelly’s seminal work on the continuum of sexual violence which challenges the “legal-analytical categorization” of sexual offences which often don’t focus on women’s experiences and also lead to a hierarchy of sexual offences. There is a range of abusive practices like revenge porn, sextortion, upskirting, voyeurism, deep fake pornography etc. that come under the umbrella of image-based sexual abuse.

Franks has advocated for the violation of privacy to be the fundamental harm that needs to be criminalised in these legislations under the rubric of non-consensual pornography. However, scholars have advocated going beyond models that look at intimate image abuse as merely content/information privacy violations to the framework of bodily integrity in terms of self-determination and inviolability. By circulating intimate images non–consensually, the victim’s right to self-determination is curbed. Centering womens’ experiences of bodily harm is captured in Durham’s essay, 

“Although virtual worlds offer a putative escape from the constraints of the corporeal, bodies still haunt the mediascape, and the experiential connections between symbolized and real world bodies must be acknowledged as central to feminism’s liberatory goals.”

Since the body is the site where gender is inscribed, bodily integrity provides a framework to understand what values and protections society attributes to different bodies. It is thus essential to note how the bodies of trans-persons, Dalits, Bahujan, Adivasis and minorities are most vulnerable as they are seen as sites to exert power.

It is also important to understand that online images of the body are not mere representations but act as digital prostheses embodying our subjectivity. That is to say; today we experience the world and our beingness through “an assemblage of organic body, conventional prostheses and digital prostheses”. This is fundamental to understanding the continuity of experience between the offline and online world which can prevent us from discounting the severity of intimate image abuse and the impact it has on the overall lives of the victims. Many victims experience a feeling of violation through unintended exposure that they liken to sexual assault and rape. Further, this framework can prevent a narrow definition of online intimate image abuse which excludes images that do not traditionally classify as “intimate”.  Thus, repeated instances of non-consensually sourced images of Muslim women put up for auction on apps should be recognized as targeted sexual harassment and intimate image abuse in addition to being a hate crime. Further, Deep fake nudes, which are not actual representations of the body but nonetheless impact the online subjectivity of an individual can be recognized as an important emergent form of intimate image abuse. 

Bodily integrity, thus, provides a framework through which womens’ diverse experiences can be placed at the centre of understanding and responding to a cybersecurity threat. Approaches like these can pave the way for centering the safety and well-being of human beings, especially those who have been historically marginalised, in cybersecurity debates and discussions. This can prevent us from replicating the same power hierarchies and patterns of exploitation in this new world of augmented subjectivity where technology is ubiquitous.

Works Cited

Bowles N, ‘Thermostats, Locks and Lights: Digital Tools of Domestic Abuse’ The New York Times (23 June 2018) <> accessed 13 February 2022

Deibert RJ, ‘Toward a Human-Centric Approach to Cybersecurity’ (2018) 32 Ethics & International Affairs 411

Desai A, ‘Trans Rights Activist Misgendered, Trolled After Starting Online Fundraiser’ (The Wire) <> accessed 13 February 2022

Durham MG, ‘Body Matters’ (2011) 11 Feminist Media Studies 53 <> accessed 9 February 2022

Flanagan M, Howe DC and Nissenbaum H, ‘Embodying Values in Technology: Theory and Practice’ (2008) 322 Information technology and moral philosophy

Franks MA, ‘How to Defeat “Revenge Porn”: First, Recognize It’s About Privacy, Not Revenge’ (HuffPost, 22 June 2015) <> accessed 10 February 2022

Franks MA, ‘Revenge Porn Reform: A View from the Front Lines’ (2017) 69 Florida Law Review 1251 <> accessed 8 February 2022

Haraway D, ‘A Cyborg Manifesto: Science, Technology, and Socialist-Feminism in the Late 20th Century’, The international handbook of virtual learning environments (Springer 2006)

hooks bell, ‘Sisterhood: Political Solidarity between Women’ (1986) 23 Feminist Review 125

(ISC)2, ‘(ISC)2 Cybersecurity Workforce Study,2021: A Resilient Cybersecurity Profession Charts the Path Forward’ (2021)

Kain D and others, ‘Online Caste-Hate Speech: Pervasive Discrimination and Humiliation on Social Media’ (Centre for Internet and Society (CIS) 2021) <>

Khan HM, ‘The Dread of Discovering I’m on an App That Auctioned Me | VIEW’ India Today <> accessed 7 March 2022

Kelly L, ‘The Continuum of Sexual Violence’, Women, violence and social control (Springer 1987)

Maschmeyer L, Deibert RJ and Lindsay JR, ‘A Tale of Two Cybers – How Threat Reporting by Cybersecurity Firms Systematically Underrepresents Threats to Civil Society’ (2021) 18 Journal of Information Technology & Politics 1 <> accessed 12 February 2022

McGlynn C, Rackley E and Houghton R, ‘Beyond “Revenge Porn”: The Continuum of Image-Based Sexual Abuse’ (2017) 25 Feminist Legal Studies 25 <> accessed 10 February 2022

Millar K, Shires J and Tropina T, ‘Gender Approaches to Cybersecurity: Design, Defence and Response’ (United Nations Institute for Disarmament Research 2021) <>

Slupska J, Duckworth SD and Neff G, ‘Reconfigure: Feminist Action Research in Cybersecurity’


Patella-Rey P, ‘Beyond Privacy: Bodily Integrity as an Alternative Framework for Understanding Non-Consensual Pornography’ (2018) 21 Information, Communication & Society 786 <> accessed 7 February 2022

Rey P and Boesel WE, ‘The Web, Digital Prostheses, and Augmented Subjectivity’ [2014] PJ Rey and Whitney Erin Boesel//Routledge handbook of science, technology, and society.–NY: Routledge 173

Salim M, ‘“Bulli Bai”, “Sulli Deals”: On Being Put Up for “Auction” as an Indian Muslim Woman’ (The Wire, 16 January 2022) <> accessed 13 February 2022

Slupska J, ‘Safe at Home: Towards a Feminist Critique of Cybersecurity’ (2019) 15 St Antony’s International Review 83

Tickner JA, ‘Feminist Perspectives on International Relations’ [2002] Handbook of international relations 275

Von Solms R and Van Niekerk J, ‘From Information Security to Cyber Security’ (2013) 38 computers & security 97

Cybersecurity and Trade: Understanding Linkages for the Global South

Sukanya Thapliyal*


Cybersecurity concerns are increasingly creeping into the international trade arena. Emerging technologies such as Big Data, Artificial Intelligence (AI), Internet of things (IoT), among others, have led to the digitalisation of the economy and society and has transformed our day-to-day lives. In addition, the COVID-19 pandemic has further accelerated the digitalisation process. As a result, countries, businesses and individuals worldwide are embracing this shift and are becoming increasingly reliant on digital technologies. The digital economy has significantly contributed to the increase in services trade, reduced trade costs, and increased participation of micro, small and medium enterprises (MSMEs) within international trade. The shift towards the digital economy has also empowered enterprises in amassing and analysing massive amounts of data. This helps businesses or organisations improve their operations and develop better products and services for existing and prospective consumers. 

However, ensuing interconnectivity and reliance on digital technologies exposes society/economies to several risks. These include threats of cyberattacks such as ransomware, political espionage, economic espionage, identity theft, and intellectual property theft.  These threats impact national defence authorities, critical infrastructures, commercial enterprises, and enforcement agencies alike. Such threats can emerge from both State and Non-State actors. However, countries vary greatly in their ability to understand and address these challenges. A recent study by Kaspersky Labs has identified Asia-Pacific Countries (APAC) as among the most prominent targets of cyberattacks owing to their rapidly increasing usage of digital technologies coupled with lack of awareness regarding cybersecurity, and limited resources deployed towards mitigation. India features among the top five countries most prone to cyberattacks along with China and Pakistan.

This piece seeks to map the dominant discourse on Cyber Security and International Trade. First, it examines the current World Trade Organization (WTO) framework and selects certain Free Trade Agreements (FTAs) to understand how cybersecurity concerns are presently understood only as related to national security or potential non-tariff barriers (NTB). Rooted in the fact that cybersecurity is inextricably linked to the technical capacity of a Member State to identify vulnerabilities, it argues that there is an urgent need to repurpose cybersecurity as an issue within the capacity building and technology transfer discussions.

image by geralt. Licensed via CC0.

Despite rising cybersecurity concerns, international trade rules have minimal engagement in this area. Prominent international trade organisations (such as WTO) and other legal instruments like Free Trade Agreements (FTAs) have primarily focused on setting rules for digital commerce and have addressed cybersecurity as an incidental and secondary issue.  Within WTO’s existing framework, cybersecurity issues do not fall within a single set of rules.1 Depending on the context and subject of the dispute, several WTO Agreements, including General Agreement on Tariffs and Trade in Goods (GATT), General Agreement on Trade in Services (GATS), Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) and WTO Agreement on Technical Barriers to Trade (TBT Agreement), can have some bearing on the result of the dispute. As a result, the emerging cybersecurity issues can only be understood and interpreted on a case-by-case basis.2 

Currently, countries impose cybersecurity measures that range from complete prohibition on the trade of goods or services, tariff and non-tariff barriers, imposition of certification requirements and imposition of domestic standards, among others. Although none of these cybersecurity measures has been challenged at the WTO’s Dispute Settlement System so far, concerns were raised against China’s imposition of cybersecurity measures on ICT products and services by the European Union, USA, Canada, Japan and Australia in 2017. In another instance, China raised concern over Australia banning Chinese companies from supplying equipment for a 5G mobile  network on the grounds of national security

Propelled by similar developments, where Member States imposed different types of cybersecurity measures (prohibition on trade in technology goods, imposition of certification requirements and domestic standards), the discourse on cybersecurity and trade primarily focused on the cybersecurity measures as potential non-tariff barriers. As WTO primarily focuses on strengthening economic cooperation and reducing or eliminating trade barriers (tariff and non-tariff), the primary discourse has been centered only around these concerns. Numerous studies have identified the need to distinguish between genuine domestic cybersecurity policy measures taken by the Member States from those that are merely disguised protectionism or purely political in nature. 

Scholars also highlighted that Member States might justify such actions based on national security exceptions articulated under the GATT (Article XXI), GATS (Article XIV bis), TRIPS (Article 73) and other WTO Agreements. The national security exception, as broadly understood, allows Member States to take measures as they consider necessary for the protection of their essential security interests. This is problematic from several perspectives. 

The security exception was long touted as a self-judging provision and outside the purview of judicial review of the Dispute Settlement Body (DSB). This understanding was substantially modified in the context of GATT’s security exception in Russia – Traffic in Transit by the WTO Panel Report in 2019. The Panel opined that Article XXI (b) is not totally self-judging and that the term “essential security interests” are restricted to specific scenarios related to military facilities, nuclear facilities and measures taken in time of “war” or “other emergency in international relations”. Further, the Panel also emphasised that such a measure must be invoked in “good faith”. While Russia – Traffic in Transit Panel Report does provide a straightforward interpretation of the scope of the provision, several scholars, including Sarah Alturki and Neha Mishra have examined the security exceptions laid down under GATT and GATS as problematic in addressing cybersecurity measures. They maintained that the existing security exceptions under the WTO framework provisions are dated and were not conceived to cover cyber conflicts. Although the DSB may undertake to read such provisions in an evolutionary manner, the ambiguous nature of cyber-threats coupled with the lack of international consensus on cybersecurity governance makes it extremely challenging to resolve cybersecurity-related disputes. 


Besides security exceptions under the WTO framework, some Free Trade Agreements, in their digital trade/e-commerce chapters, have dedicated provisions concerning inter-State cooperation in cybersecurity. For instance, Article 14.16 of the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) recognises the importance of capacity building and collaborating mechanisms to identify and mitigate malicious intrusions or dissemination of malicious code that affect the electronic networks of countries which are Party to the Agreement. Article 12.13 of the Regional Comprehensive Economic Partnership (RCEP) features an identical provision. Further, Article 19.15 of the United States-Mexico-Canada Agreement (USMCA) features an expanded version of this condition. The provision obligates the Member States to share information and best practices and employ risk-based approaches that rely on consensus-based standards to detect, respond to, and recover from cybersecurity events.

To contain the misuse of cybersecurity measures that can harm free trade and economic cooperation among participating countries, several FTAs have included a provision to deter such behavior. Such provisions include the prohibition on disclosure of source code3, prohibition on the requirement to locate computing facilities in a specific jurisdiction4 and provisions mandating cross-border transfer of information by electronic means5. The measures relating to prohibition on disclosure of source code, restriction on mandating location of the computing facilities and others often find themselves in the cross-fire of a host of concerns emanating from economic development, transparency and cybersecurity. 

It is also important to note that these provisions also target policies restraining the free flow of cross-border data (data-localisation policies) prevalent in a number of countries including India, China, Vietnam, among others. 


Beyond the above mentioned concerns, cybersecurity is also a question of technical competence and resources available for several developing and least-developed countries. Several studies and reports, including the recent Kaspersky projections for 2022, indicate a wide gap in countries’ ability to detect, assess and effectively respond to cyber-attacks. There has been a steep rise in the adoption of digital tools often outpacing the establishment of necessary state institutions, legal regulations and capacity to manage new challenges.  Digital solutions are seen as the gateway to economic growth and social development. These developments should not be seen in isolation from cybersecurity capacity building. The unbridled adoption of digital solutions without being secured can have far reaching implications for the economy and can lead to poor infrastructures and hollow digital development for countries in the global south. 

As mentioned above, the current provisions, under the FTAs and discussions at the WTO surrounding cybersecurity concerns for international trade, extend only up to sharing information and best-practices. Such glaring vulnerabilities can only be addressed through development assistance that includes technology transfers and offering cybersecurity capacity building and requires active cooperation from the developed countries. The discussions around digital development must be embedded in digital security. Developing countries, including India, should leverage their positions in economic forums and constructively channel the discussions around tech-transfer and technology facilitation mechanisms (TFM) on cybersecurity, as they have done in the past in the context of drug development and climate change. Existing tools for developing and least-developed countries incorporated under Article 66 and 67 of the TRIPS Agreement are insufficient, have seen weak implementation, and are unlikely to bridge this gap. As India is assuming the G20 presidency on December 1, 2022, it can lead the path for such momentous changes and offer the global south perspective the world needs.

*The author is grateful for the comments and contributions by Ms Garima Prakash, Deputy Manager, NASSCOM.


  1. It is important to note that the WTO Agreements dates back to 1994 did not treat cyber issues specifically, but their rules nevertheless have application to cyber-related policies. See: Kathleen Claussen, ‘Economic cybersecurity law’ in Routledge Handbook of International Cybersecurity, pp.341-353 (Routledge, 1, 2020). See also: Dongchul Kwak, “No More Strategical Neutrality on Technological Neutrality: Technological Neutrality as a Bridge Between the Analogue Trading Regime and Digital Trade” World Trade Review (2021), 1–15.
  2. Post-2017, around 70 WTO Member States spearheaded by the USA and other developed countries have initiated “exploratory work together towards future WTO negotiations on trade-related aspects of electronic commerce.”  India and South Africa are not part of this initiative. Nevertheless, the result of these discussions shall have some bearing on the future of cybersecurity and trade.
  3.  Article 19.16 of USMCA (Similar provisions are incorporated under other trade agreements including CPTPP and RCEP).
  4. Article 19.12 of USMCA. (Similar provisions are incorporated under other trade agreements including CPTPP and RCEP).
  5. Article 19.11 of USMCA. (Similar provisions are incorporated under other trade agreements including CPTPP and RCEP).

Technology and National Security Law Reflection Series Paper 12 (B): Contours of Access to Internet as a Fundamental Right

Shreyasi Tripathi*

About the Author: The author is a 2021 graduate of National Law University, Delhi. She is currently working as a Research Associate with the Digital Media Content Regulatory Council.

Editor’s Note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law.  Along with a companion piece by Tejaswita Kharel, the two essays bring to a life a fascinating debate by offering competing responses to the following question:

Do you agree with the Supreme Court’s pronouncement in Anuradha Bhasin that access to the internet is an enabler of other rights, but not a fundamental right in and of itself? Why/why not? Assuming for the sake of argument, that access to the internet is a fundamental right (as held by the Kerala High Court in Faheema Shirin), would the test of reasonableness of restrictions be applied differently, i.e. would this reasoning lead to a different outcome on the constitutionality (or legality) of internet shutdowns?

Both pieces were developed in the spring semester, 2020 and do not reflect an updated knowledge of subsequent factual developments vis-a-vis COVID-19 or the ensuing pandemic.


Although it did little to hold the government accountable for its actions in Kashmir, it would be incorrect to say that the judgment of Anuradha Bhasin v. The Union of India is a complete failure. This reflection paper evaluates the lessons learnt from Anuradha Bhasin and argues in favour of access to the internet as a fundamental right, especially in light of the COVID-19 pandemic. 

Image by Khaase. Licensed under Pixabay License.

Perhaps the greatest achievement of the Anuradha Bhasin judgement is the fact that the Government is no longer allowed to pass confidential orders to shut down the internet for a region. Moreover, the reasons behind internet shutdown orders must not only be available for public scrutiny but also be reviewed by a Committee. The Committee will need to scrutinise the reasons for the shutdown and must benchmark it against the proportionality test. This includes evaluating the pursuit of a legitimate aim, exploration of suitable alternatives, and adoption of the least restrictive measure while also making the order available for judicial review. The nature of the restriction,  its territorial and temporal scope will be relevant factors to determine whether it is proportionate to the aim sought to be achieved. The court also expanded fundamental rights to extend to the virtual space with the same protections. In this regard, the Court  made certain important pronouncements on the right to freedom of speech and expression. These elements will not be discussed here as they fall outside the scope of this paper. 

A few months prior in 2019, the Kerala High Court recognised access to the internet as a fundamental right. Its judgement in Faheema Sharin v. State of Kerala, the High Court addressed a host of possible issues that arise with a life online. Specifically, the High Court recognised how the internet extends individual liberty by giving people a choice to access the content of their choice, free from control of the government. The High Court relied on a United Nations General Assembly Resolution to note that the internet “… facilitates vast opportunities for affordable and inclusive education globally, thereby being an important tool to facilitate the promotion of the right to education…” – a fact that has only strengthened in value during the pandemic. The Kerala High Court held that since the Right to Education is an integral part of the right to life and liberty enshrined under Article 21 of the Constitution, access to the internet becomes an inalienable right in and of itself. The High Court also recognised the value of the internet to the freedom of speech and expression to say that the access to the internet is protected under Art. 19(1)(a) of the Constitution and can be restricted on grounds consistent with Art. 19(2).


In the pandemic, a major reason why some of us have any semblance of freedom and normalcy in our lives is because of the internet. At a time when many aspects of our day to day lives have moved online, including education, healthcare, shopping for essential services, etc. – the fundamental importance of the internet should not even be up for debate. The Government also uses the internet to disseminate essential information. In 2020 it used a contact tracing app (Aarogya Setu) which relied on the internet for its functioning. There also exists a WhatsApp chatbot to give accurate information about the pandemic. The E-Vidya Programme was launched by the Government to allow schools to become digital. In times like this, the internet is not one of the means to access constitutionally guaranteed services, it is the only way (Emphasis Added)

In  this context, the right of access to the internet should be read as part of the Right to Life and Liberty under Art. 21. Therefore, internet access should be subject to restrictions only based on procedures established by law. To better understand what shape such restrictions could take, lawmakers and practitioners can seek guidance from another recent addition to the list of rights promised under Art. 21- the right to privacy. The proportionality test was laid down in the Puttaswamy I judgment and reiterated in  Puttaswamy II (“Aadhaar Judgement”). In the Aadhar Judgement  when describing the proportionality for reasonable restrictions, the Supreme Court stated –

…a measure restricting a right must, first, serve a legitimate goal (legitimate goal stage); it must, secondly, be a suitable means of furthering this goal (suitability or rational connection stage); thirdly, there must not be any less restrictive but equally effective alternative (necessity stage); and fourthly, the measure must not have a disproportionate impact on the right-holder (balancing stage).” –

This excerpt from Puttaswamy II provides as a defined view on the proportionality test upheld by the court in Anuradha Bhasin. This means that before passing an order to shut down the internet the appropriate authority must assess whether the order aims to meet a goal which is of sufficient importance to override a constitutionally protected right. More specifically, does the goal fall under the category of reasonable restrictions as provided for in the Constitution. Next, there must be a rational connection between this goal and the means of achieving it. The appropriate authority must ensure that an alternative method cannot achieve this goal with just as much effectiveness. The authority must ensure that the method being employed is the least restrictive. Lastly, the internet shutdown must not have a disproportionate impact on the right holder i.e. the citizen, whose right to freedom of expression or right to health is being affected by the shutdown. These reasons must be put down in writing and be subject to judicial review.

Based on the judgment in Faheema Sharin, an argument can be made how the pandemic has further highlighted the importance of access to the internet, not created it. The reliance of the Government on becoming digital with e-governance and digital payment platforms shows an intention to herald the country in a world that has more online presence than ever before. 


People who are without access to the internet right now* – people in Kashmir, who have access to only 2G internet on mobile phones, or those who do not have the socio-economic and educational means to access the internet – are suffering. Not only are they being denied access to education, the lack of access to updated information about a disease about which we are still learning could prove fatal. Given the importance of the internet at this time of crisis, and for the approaching future, where people would want to avoid being in crowded classrooms, marketplaces, or hospitals- access to the internet should be regarded as a fundamental right.

This is not to say that the Court’s recognition of this right can herald India into a new world. The recognition of the right to access the internet will only be a welcome first step towards bringing the country into the digital era. The right to access the internet should also be made a socio-economic right. Which, if implemented robustly, will have far reaching consequences such as ease of social mobility, increased innovation, and fostering of greater creativity.

*Views expressed in the blog are personal and should not be attributed to the institution.

Technology and National Security Law Reflection Series Paper 12(A): Contours of Access to Internet as a Fundamental Right

Tejaswita Kharel*

About the Author: The author is a 2021 graduate of National Law University, Delhi. She is currently working as a lawyer in Kathmandu, Nepal. Her interests lie in the area of digital rights, freedom of speech and expression and constitutional law.

Editor’s Note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law. Along with a companion piece by Shreyasi Tripathi, the two essays bring to a life a fascinating debate by offering competing responses to the following question:

Do you agree with the Supreme Court’s pronouncement in Anuradha Bhasin that access to the internet is an enabler of other rights, but not a fundamental right in and of itself? Why/why not? Assuming for the sake of argument, that access to the internet is a fundamental right (as held by the Kerala High Court in Faheema Shirin), would the test of reasonableness of restrictions be applied differently, i.e. would this reasoning lead to a different outcome on the constitutionality (or legality) of internet shutdowns?

Both pieces were developed in the spring semester, 2020 and do not reflect an updated knowledge of subsequent factual developments vis-a-vis COVID-19 or the ensuing pandemic.


The term ‘internet shutdown’ can be defined as an “intentional disruption of internet or electronic communications, rendering them inaccessible or effectively unusable, for a specific population or within a location, often to exert control over the flow of information”.1 It has become a tool used by States against residents of the country in question when they are faced with some imminent threat to law and order or a certain breakdown of law and order. It is used with the belief that a blanket shutdown of the Internet helps restrict misinformation, spreading of fake news,  incitement of violence, etc. that could take place. 

Image by Ben Dalton. Copyrighted under CC BY 2.0.

Due to the suspension of mobile and broadband internet services in Jammu and Kashmir on August 4, 2019 before the repeal of Article 370 of the Constitution of India, a petition was filed at the Supreme Court by Anuradha Bhasin (a journalist at Kashmir Times). The petition challenged  the Government’s curb of media freedom in Jammu and Kashmir as a result of the blanket internet and communications shutdown. On 10th January 2020, the Supreme Court’s judgement in Anuradha Bhasin v. Union of India, held that the internet has been deemed as a means to realise fundamental rights under Article 19 of the Constitution. The Court’s decision specifically applied to the right to freedom of speech and expression and the right to carry on trade or businesses. 

The Court did not explore or answer the question of whether access to the internet by itself is a fundamental right since it was not a contention by the counsels. However, the Court did state that since fundamental rights could be affected by the measures applied by authorities (which in this case was an internet shutdown), a lawful measure which could restrict these fundamental rights must be proportionate to the goal. 

One reading of the Supreme Court’s decision in Anuradha Bhasin is that the case could act as an enabler which legitimises government-mandated internet shutdowns. Nevertheless, the Court does explicitly hold that the curtailment of fundamental rights affected by internet access restrictions must be proportionate. In pursuance of this restrictive measures need to be the least restrictive in nature. However, determining what constitutes the least restrictive measure is a subjective question and would vary on a case by case basis. There is no guarantee that internet shutdowns would not be the opted measure. . 

  1. Critiquing the Rationale of the Anuradha Bhasin Judgement

It is important to investigate why the Court was hesitant to not deem internet access as a fundamental right. One major reason could be due to the fact that access to the internet is not possible for all the citizens of India in the current situation in any case. At the time of writing this paper, approximately half of India’s population has access to and uses the internet. Where such a visible ‘Digital Divide’ exists, i.e. when half of the Indian population cannot access the Internet and the government has not yet been able to provide such universal access to the internet, it would not be feasible for the Court to hold that the access to internet is in fact a fundamental right. 

If the Court were to hold that access to the internet is a fundamental right in the current situation, there would be a question of what internet access means ? Is access to the internet simply access to an internet connection? Or does  it also include the means required in order to access the internet in the first place? 

If it is just the first, then deeming access to the internet as a fundamental right would be futile since in order to access an internet connection, electronic devices (e.g. laptops, smartphones, etc.) are required. At a purely fiscal level, it would be improbable for the State to fulfil such a Constitutional mandate. Moreover, access to the internet would be a fundamental right only to those who have the privilege of obtaining the means to access the internet. The burden on the State would be too high since the State would be expected to not just provide internet connection but also the electronics which would be required in order to access the same. In either case, it does not seem feasible for access to the internet to be deemed as a fundamental right due to the practical constraint of India’s immense digital divide.  


At a future point where it is feasible for more people to access the internet in India (especially in rural/remote areas), it may be appropriate to deem access to the internet as a fundamental right. However, at this juncture to argue that the access to internet is a fundamental right (knowing that it is primarily accessible to more privileged segments) would be an assertion anchored on privilege.  Therefore, as important as the internet is for speech and expression, education, technology, etc. the fact that it is not accessible to a lot of people is something for policymakers and wider stakeholders to consider. 

This is especially important to look at in the context of COVID-19. Lockdowns and movement restrictions have increased remote work and accelerated online education. In order to work or study online, people must have access to both devices and  the internet. 

In this context a UNICEF Report (August 2020)observed that only 24% of Indian households had internet connection to access education and in November 2020 an undergraduate student died as a result of suicide since she was unable to afford a laptop. This provides macro and micro evidence of the blatant digital divide in India. Hence, it is not feasible to deem the right to access the internet as a fundamental right.  

In any case, if we were to assume that the right to access the internet was a fundamental right as what was held on 19 September 2019 by the Kerala High Court in Faheema Shirin R.K v. State of Kerala, the issue of whether internet shutdowns are legal or not would still be contended. Article 19(2) provides certain conditions under which the right to freedom of speech and expression under Article 19(1)(a) can be reasonably restricted. Similarly, Article 19(6) of the Constitution provides that  the right to carry on trade and business can be reasonably restricted in the interest of the general public. If access to the internet would be deemed as a fundamental right, it would be necessary to look at the scope of Articles 19(2) and 19(6) through a different lens. Nevertheless, such alteration would not yield a different application of the law. In essence, the Government’s restrictions on internet access would operate in the same way.

It is highly likely that Internet shutdowns would still be constitutional. However, there could be a change in the current stance to the legality of internet shutdowns. Situations wherein internet shutdowns would be legal may become narrower. There may even be a need for specific  legislation for clarity and for compliance with the constitutional obligations. 


Due to COVID-19, many people are unable to access education or work in the same way that was done before. Even courts are functioning online and with that the necessity to access the internet has never been stronger. The court in Anuradha Bhasin held that the internet was an enabler to rights under Articles 19(1)(a) and 19(1)(g). However,  now with the added scope for the necessity to be able to use the internet as a medium of accessing education and as a medium to access justice (which has been recognised as a fundamental right under Article 21 and 14), lawmakers and Courts must evaluate whether the rising dependency on the access internet would in itself be a reason for internet access becomes crystallised as a fundamental right. 

*Views expressed in the blog are personal and should not be attributed to the institution.


  1. Access Now, in consultation with stakeholders from around the world, launched its #KeepItOn campaign against internet shutdowns and developed the first international consensus on the definition of an internet shutdown in RightsCon 2016, available at

A fundamental right to virtual court hearings

This blog post has been authored by Shrutanjaya Bhardwaj.

The pandemic has brought about a paradigm shift in the way justice is delivered in India. To adapt to the exigencies of the situation, courts have shifted to a model that allows virtual (online) hearings. Hearings have been exclusively virtual during phases of the pandemic, i.e., during lockdowns. In 2020 alone, the Supreme Court conducted 43,713 virtual hearings as per a Standard Operating Protocol issued for this purpose. When the public health situation has improved, courts have experimented with “hybrid” hearings where parties could choose to appear either physically or virtually.

Diverging views have been expressed by lawyers and judges on the desirability of continuing virtual hearings even in the absence of lockdowns. Some lawyers have supported the continuation of virtual hearings, contending that they reduce public movement, thus helping prevent the spread of the virus. In November 2021, a group of more than 100 women lawyers wrote a letter to the Chief Justice of India requesting that hybrid hearings be allowed to continue because digitally equipped courts are “more equal for women lawyers,” especially those with care-giving responsibilities. A contrary view is that some lawyers, especially those at the Supreme Court and national tribunals who rely on an inflow of cases from outside Delhi, have suffered due to virtual hearings. This is in part because (when physical hearings are the norm) lawyers from outside Delhi find it inconvenient to travel to Delhi and handle the case on their own, incentivising them to engage a Delhi-based lawyer. With virtual hearings, outstation lawyers would have little incentive to engage a Delhi-based lawyer to handle cases. Another concern is that virtual hearings prevent junior advocates from getting noticed while assisting their seniors in court, which in turn reduces their chances of getting briefs.

While acknowledging the validity of these concerns, this piece explores the legal question of whether litigants have a fundamental right to opt for virtual court hearings. At the outset, it is clarified that this post does not envisage a prohibition on physical hearings, for that would overlook India’s digital divide — not all lawyers and litigants have access to a stable computer and high-speed internet services. The limited argument advanced is that the virtual option could be insisted on as a matter of right. Further, it is treated as a given that certain judicial functions cannot be exercised virtually, such as habeas corpus petitions (that require the physical production of the detenu), production of the accused before a Magistrate within 24 hours of arrest (this again involves physical production), or in camera proceedings, e.g. in matrimonial disputes under the Family Courts Act, 1984 (for which the Supreme Court has ruled that video conferencing is not permissible).

A right to access courts

The fundamental right to access justice stems inter alia from Articles 14, 19(1)(a), 21, 32, and 226 of the Constitution. There are two possible conceptions of this right. The broader conception views the litigant as an active participant in the litigation process—constantly giving feedback to their lawyer, demanding accountability, ensuring that their perspective and views find reflection in the case ultimately prepared and presented before the court, and generally being in-charge of their case. Under the narrower conception, the litigant is understood as a dormant stakeholder, far removed from the actual process of litigation because they have handed over their brief to the lawyer, whom they have no option but to trust.

To be meaningful, the right to access justice must be understood broadly to allow the litigant to monitor and control their case. Under the broader conception, then, the bare minimum requirement of access to justice is access to the courtroom itself. In a non-Covid world, this would imply that the litigant must have the option to remain physically present inside the courtroom when the matter is argued. This is not only to enable the litigant to evaluate their lawyer’s performance more accurately—which could theoretically be achieved simply by live-streaming proceedings—but also to allow them to assist the lawyer on a minute-to-minute basis based on the questions that fall from the bench.

Further, many litigants may choose to not engage a lawyer and argue their cases themselves, in which case—whether one accepts the narrow or the broad conception of the right to access justice—litigants must have access to courts.

The pandemic poses a unique and specific challenge with respect to access to courts, i.e., exposing oneself to a physical courtroom entails the risk of being infected, especially during an ongoing wave of infections. This is aggravated by the severe overcrowding that characterizes many of India’s courtrooms. The fact that courtrooms are plagued by congestion was noted by the Supreme Court in a 2018 judgment on live streaming of court proceedings. In fact, only two months before the first wave arrived, the then-CJI lamented the “severe problem” of overcrowded courtrooms even in the Supreme Court. Given such congestion, social distancing norms and the wearing of masks are much harder to enforce, especially in the subordinate courts that lack proper infrastructure and staff. Insisting on physical hearings, therefore, straightaway implies that the litigant must choose between their right to access justice and taking requisite health safety precautions during the pandemic.

Distance and Inequality

With respect specifically to the Supreme Court—which sits only in Delhi and has no other benches—virtual hearings also serve as an eliminator of inequality. Research has shown that litigants situated geographically closer to Delhi file more cases in the Supreme Court compared to litigants situated further away. One likely cause for this contrast is that faraway litigants are deterred by the time and cost required to travel to Delhi and litigate their dispute in the Supreme Court. It was perhaps in anticipation of this difficulty that Article 130 of the Constitution allowed additional benches of the Supreme Court to be set up by the Chief Justice of India in consultation with the President; however, that power has never been exercised. (Similar concerns would apply to central benches of other adjudicatory bodies, e.g., principal benches of national tribunals.)

Further, though comparative research for High Courts is not available, one can extrapolate that geographically larger states would face similar problems with litigants finding it difficult to manage the time and cost of travelling to the city in which the High Court is situated. To combat this and ensure accessibility, several large states have multiple benches across the state. Even in respect of subordinate courts, it is a common litigation strategy to file cases in faraway courts to harass opponents.  

Evolutionary reading of Article 19(1)(a)

Harassment of this nature was hard to address before the advent of video conferencing technology. But the Constitution must be receptive to technological advancement; our understanding of rights must change with evolving technological realities, and technological means should be used wherever possible to prevent and redress constitutional violations. On the issue of open courts, the Supreme Court adopted an evolutionary understanding of the right to receive information under Article 19(1)(a) of the Constitution. The earliest case to authoritatively rule on the right of the public to access courts was Kehar Singh (1988). The Supreme Court had held:

The courts like other institutions also belong to people. They are as much human institutions as any other. The other instruments and institutions of the State may survive by the power of the purse or might of the sword. But not the courts. The courts have no such means or power. The courts could survive only by the strength of public confidence. The public confidence can be fostered by exposing courts more and more to public gaze.

The Kehar Singh Court obviously had only physical court hearings in mind. But these observations were loyally carried forward in later cases, and eventually in 2018, the Court acknowledged the immense role that technology can play in ensure open access to courts, and held that open live streaming of court proceedings was a fundamental right protected by Article 19(1)(a) of the Constitution:

“By providing “virtual” access of live court proceedings to one and all, it will effectuate the right of access to justice or right to open justice and public trial, right to know the developments of law and including the right of justice at the doorstep of the litigants. Open justice, after all, can be more than just a physical access to the courtroom rather, it is doable even “virtually” in the form of live streaming of court proceedings and have the same effect.

(emphasis supplied)

Similarly, the rights of access to justice must be interpreted in consonance with technological advancements. Virtual hearings—which render distance meaningless—must now be understood as flowing from two distinct constitutional guarantees. The first is access to justice, which includes the right of the litigant to remain present in the courtroom. The second is the positive guarantee of “equal protection of the laws” under Article 14 of the Constitution, which implies equal opportunity for all litigants to access courts. Denying the option of virtual hearings to litigants would breach both these constitutional guarantees.


Conversations around continuation of virtual hearings—during and post the pandemic—must consider the fundamental rights of litigants to access courtrooms and to take reasonable health safety precautions to remain safe during the pandemic. While other policy concerns must be taken seriously, including the unique concerns of the members of the Bar discussed in the Introduction section, these cannot trump rights considerations flowing from Part III of the Constitution.

This blog was written with the support of the Friedrich Naumann Foundation for Freedom.

Introducing the Reflection Series on CCG’s Technology and National Security Law and Policy Seminar Course

In February 2022, CCG-NLUD will commence the latest edition of its Seminar Course on Technology and National Security Law and Policy (“the Seminar Course”). The Seminar Course is offered to interested 4th and 5th year students who are enrolled in the B.A. LL.B. (Hons.) programme at the National Law University, Delhi. The course is set against the backdrop of the rapidly evolving landscape of international security issues, and concomitant challenges and opportunities presented by emerging technologies.

National security law, viewed as a discrete discipline of study, emerges and evolves at the intersection of constitutional law; domestic criminal law and its implementation in surveillance; counter-terrorism and counter-insurgency operations; international law including the Law of Armed Conflict (LOAC) and international human rights law; and foreign policy within the ever-evolving contours of international politics.

Innovations and technological advancements in cyberspace and next generation technologies serve as a jumping off point for the course since they have opened up novel national security issues at the digital frontier. New technologies have posed new legal questions, introduced uncertainty within settled legal doctrines, and raised several legal and policy concerns. Understanding that law schools in India have limited engagement with cyber and national security issues, this Seminar Course attempts to fill this knowledge gap.

The Course was first designed and launched by CCGNLUD in 2018. In 2019, the Seminar Course was re-designed with the help of expert consultations to add new dimensions and debates surrounding national security and emerging technologies. The redesign was meant to ground the course in interdisciplinary paradigms in a manner which allows students to study the domain through practical considerations like military and geo-political strategy. The revised Seminar Course engages more  deeply with third world approaches which helps situate several issues within the rubric of international relations and geopolitics. This allows students to holistically critique conventional precepts of the international world order.  

The revamped Seminar Course was relaunched in the spring semester of 2020. Owing to the sudden countrywide lockdown in the wake of COVID-19, most sessions shifted online. However, we managed to navigate these exigencies with the support of our allies and the resolve of our students.

In adopting an interdisciplinary approach, the Seminar Course delves into debates at the intersection of national security law and policy, and emerging technologies, with an emphasis on cybersecurity and cyberwarfare. Further, the Course aims to:

  1. Recognize and develop National Security Law as a discrete discipline of legal studies, and
  2. Impart basic levels of cybersecurity awareness and inculcate good information security practices among tomorrow’s lawyers.

The Technology and National Security Seminar Reflection Paper Series (“The Reflection Series”) is meant to serve as a mirror of key takeaways and student learnings from the course. It will be presented as a showcase of exceptional student essays which were developed and informed by classroom discussions during the 2020 and 2021 editions of the Seminar Course. The Reflection Series also offers a flavour of the thematic and theoretical approaches the Course adopts in order to stimulate structured discussion and thought among the students. A positive learning from these two editions is that students demonstrated considerable intellectual curiosity and had the freedom to develop their own unique understanding and solutions to contemporary issues—especially in the context of cyberspace and the wider ICT environments. Students were prescribed atypical readings and this allowed them to consider typical issues in domains like international law through the lens of developing countries. Students were allowed to revisit the legitimacy of traditional sources of authority or preconceived notions and assumptions which underpin much of the orthodox thinking in geostrategic realms like national security.

CCG-NLUD presents the Reflection Series with a view to acknowledge and showcase some of the best student pieces we received and evaluated for academic credit. We thank our students for their unwavering support and fruitful engagement that makes this course better and more impactful.

Starting January 5, 2022, select reflection papers will be published three times a week. This curated series is meant to showcase different modules and themes of engagement which came up during previous iterations of the course. It will demonstrate that CCG-NLUD designs the course in a way which covers the broad spectrum of issues which cover topics at the intersection of national security and emerging technology. Specifically, this includes a showcase of (i) conceptual theory and strategic thinking, (ii) national security through an international and geostrategic lens, and (iii) national security through a domestic lens.

Here is a brief glimpse of what is to come in the coming weeks:

  1. Reimagining Philosophical and Theoretical Underpinnings of National Security and Military Strategy (January 5-12, 2022)

Our first reflection paper is written by Kushagra Kumar Sahai (Class of ’20) in which he evaluates whether Hugo Grotius, commonly known as the father of international law owing to his seminal work on the law of war and peace, is better described as an international lawyer or a military strategist for Dutch colonial expansion.

Our second reflection paper is a piece written by Manaswini Singh (Class of ’20). Manaswini provides her take on Edward Luttwak’s critique of Sun Tzu’s Art of War as a book of ‘stratagems’ or clever tricks, rather than a book of strategy. In a separate paper (third entry), Manaswini also undertakes the task of explaining the relationship between technological developments and the conduct of war through the lens of the paradoxical logic of strategy.

Our fourth reflection paper is by Animesh Choudhary (Class of ’21) on Redefining National Security. Animesh, in his submission, points out several fallacies in the current understanding of national security and pushes for “Human Security” as an alternative and more appropriate lens for understanding security issues in the 21st century.

  1. International Law, Emerging Technologies and Cyberspace (January 14-24, 2022)

In our fifth reflection paper, Siddharth Gautam (Class of ’20) explores whether cyber weapons could be subjected to any regulation under contemporary rules of international law.

Our sixth reflection paper is written by Drishti Kaushik (Class of ’21) on The Legality of Lethal Autonomous Weapons Systems (“LAWS”). In this piece, she first presents an analysis of what constitutes LAWS. She then attempts to situate modern systems of warfare like LAWS and its compliance with traditional legal norms as prescribed under international humanitarian laws.

Our seventh reflection paper is written by Karan Vijay (Class of ’20) on ‘Use of Force in modern times: Sisyphus’ first world ‘boulder’. Karan examines whether under international law, a mere threat of use of force by a state against another state would give rise to a right of self-defence. In another piece (eighth entry), Karan writes on the authoritative value of interpretations of international law expressed in texts like the Tallinn Manual with reference to Article 38 of the Statute of the International Court of Justice i.e. traditional sources of international law.

Our ninth reflection paper is written by Neeraj Nainani (Class of ’20), who offers his insights on the Legality of Foreign Influence Operations (FIOs) under International law. Neeraj’s paper, queries the legality of the FIOs conducted by adversary states to influence elections in other states through the use of covert information campaigns (such as conspiracy theories, deep fake videos, “fake news”, etc.) under the established principles of international law.

Our tenth reflection paper is written by Anmol Dhawan (Class of ’21). His contribution addresses the International Responsibility for Hackers-for-Hire Operations. He introduces us to the current legal issues in assigning legal responsibility to states for hacker-for-hire operations under the due diligence obligation in international law.

  1. Domestic Cyber Law and Policy (January 28- February 4, 2022)

Our eleventh and twelfth reflection papers are two independent pieces written by Bharti (Class of ’20)and Kumar Ritwik (Class of ’20). These pieces evaluate whether the Government of India’s ongoing response to the COVID-19 pandemic could have benefited if the Government had invoked emergency provisions under the Constitution. Since the two pieces take directly opposing views, they collectively product a fascinating debate on the tradeoffs of different approaches.

Our thirteenth and fourteenth reflection papers have been written by Tejaswita Kharel (Class of ’20) and Shreyasi (Class of ’20). Both Tejaswita and Shreyasi interrogate whether the internet (and therefore internet access) is an enabler of fundamental rights, or whether access to the internet is a fundamental right unto itself. Their analysis rely considerably on the Indian Supreme Court’s judgement in Anuradha Bhasin v. Union of India which related to prolonged government mandated internet restrictions in Kashmir.

We will close our symposium with a reflection paper by Romit Kohli (Class of ’21), on Data Localisation and National Security: Flipping the Narrative. He argues that the mainstream narrative around data localisation in India espouses a myopic view of national security. His contribution argues the need to go beyond this mainstream narrative and constructs a novel understanding of the link between national security and data localisation by taking into consideration the unintended and oft-ignored consequences of the latter on economic development.