Technology & National Security Reflection Series Paper 13: Flipping the Narrative on Data Localisation and National Security

Romit Kohli*

About the Author: The author is a fifth year student of the B.A. LL.B. (Hons.) programme at the National Law University, Delhi.

Editor’s Note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law. This post was written in Summer, 2021. Therefore, it does not reflect recent policy developments in the field of data governance and data protection such as the December 2021 publication of the Joint Parliamentary Committee Report and its proposed Data Protection Bill, 2021.

I. Introduction

Countries all over the world are seeking to preserve and strengthen their cyber-sovereignty in various ways. One popular mechanism for the same is labelled with the nebulous phrase ‘data localisation’. Data localisation refers to requirements imposed by countries which necessitate the physical storage of data within their own national boundaries. However, the degree of data localisation varies across jurisdictions. At one end of the spectrum, we have ‘controlled localisation’ that favours the free-flow of data across borders, subject to only mild restrictions.  A prominent example of controlled localisation is the European Union’s (“EU”) General Data Protection Regulation (GDPR). At the other end of the spectrum, we have jurisdictions like China which impose much stricter localisation requirements on businesses operating within their national boundaries.

In India data localisation has become a significant policy issue over the last few years. Various government documents have urged lawmakers to introduce a robust framework for data localisation in India. The seminal policy document in this regard is the Justice BN Srikrishna Committee report, which provided the basis for the Personal Data Protection Bill of 2019.This bill proposed a framework which would result in a significant economy-wide shift in India’s data localisation practices. At the same time, various government departments have sought to implement sector-specific data localisation requirements with different levels of success.

This blog post argues that far from being a facilitator of national security, data localisation measures may present newer threats to national security in their implementation. We seek to establish this in three steps. First, we analyse the link between India’s national security concerns and the associated objectives of data localisation. This analysis demonstrates that the mainstream narrative regarding the link between national security and data localisation is inherently flawed. Thereafter, we discuss the impact of data localisation on the economic growth objective, arguing that India’s localisation mandate fails to consider certain unintended consequences of data localisation which restrict the growth of the Indian economy. Lastly, the article argues how this adverse impact on economic growth poses a threat to India’s national security, which requires us to adopt a  more holistic outlook of what constitutes national security. 

Image by World Bank Photo Collection’s Photostream. Copyrighted under CC BY 2.0.

II. The Mainstream Narrative

The Srikrishna Committee report underscores national security concerns as a basis for two distinct policy objectives supporting the introduction of data localisation measures. First, the report refers to the need for law enforcement agencies to have access to data which is held and controlled by data fiduciaries, stating that such access is essential for ‘… effectively [securing] national security and public safety…’ since it facilitates the detection of crime and the process of evidence gathering in general (Emphasis Added). However, experts argue that such an approach is ‘… unlikely to help India achieve objectives that actually require access to data’. Instead, the government’s objectives would be better-served by resorting to light-touch localisation requirements, such as mandating the storage of local copies of data in India while still allowing the data to be processed globally. They propose complementing these domestic measures with negotiations towards bilateral and multilateral frameworks for cross-border access to data.

Second, the report states that the prevention of foreign surveillance is ‘critical to India’s national security interests’ due to the lack of democratic oversight that can be exercised over such a process (Emphasis Added). However, we believe that data localisation fails as an effective policy measure to address this problem because notwithstanding the requirements imposed by data localisation policies, foreign governments can access locally stored data through extra-territorial means, including the use of malware and gaining the assistance of domestic entities. What is required,, is a more nuanced and well-thought-out solution which leverages the power of sophisticated data security tools. 

The above analysis demonstrates that the objectives linked to national security in India’s data localisation policy can be better served through other means. Accordingly, the mainstream narrative which seeks to paint data localisation as a method of preserving national security in the sense of cyber or data security is flawed. 

III. The (Unintended) Impact on the Indian Economy

The Srikrishna Committee Report ostensibly refers to the ‘… positive impact of server localisation on creation of digital infrastructure and digital industry’. Although there is no disputing the impact of the digital economy on the growth of various industries generally, the report ignores the fact that such growth has been fuelled by the free flow of cross-border data. Further, the Srikrishna Committee Report fails to consider the costs imposed by mandatory data localisation requirements on businesses which will be forced to forgo the liberty of storing their data in the most cost-effective way possible. These costs will be shifted onto unsuspecting Indian consumers. 

The results of three seminal studies help illustrate the potential impact of data localisation on the Indian economy. The first study, which aimed at quantifying the loss that data localisation might cause to the economy, found that mandatory localisation requirements would reduce India’s GDP by almost 1% and that ‘… any gains stemming from data localisation are too small to outweigh losses in terms of welfare and output in the general economy’. A second study examined the impact of data localisation on individual businesses and found that due to a lack of data centres in India, such requirements would impose a 30-60% increase in operating costs on such businesses, who would be forced to store their data on local servers. The last study analysed the sector-specific impact of localisation, quantifying the loss in total factor productivity at approximately 1.35% for the communications sector, 0.5% for the business services sector, and 0.2% for the financial sector. More recent articles have also examined the prejudicial impact of data localisation on Indian start-ups, the Indian IT sector, the cyber vulnerability of small and medium enterprises, and India’s Ease of Doing Business ranking. 

At this point, it also becomes important to address a common argument relied upon by proponents of data localisation, which is the fact that localisation boosts local employment, particularly for the computer hardware and software industries. Although attractive on a prima facie level, this argument has been rebutted by researchers on two grounds. First, while localisation might lead to the creation of more data centres in India, the majority of the capital goods needed for such creation will nonetheless be imported from foreign suppliers. Second, while the construction of these centres might generate employment for construction workers at a preliminary stage, their actual functioning will fail to generate substantial employment due to the nature of skilled work involved. 

The primary lesson to be drawn from this analysis is that data localisation will adversely impact the growth of the Indian economy—a lesson that seems to have been ignored by the Srikrishna Committee report. Further, when discussing the impact of data localisation on economic growth in India, the report makes no reference to national security. We believe that this compartmentalisation of economic growth and national security as unrelated notions reflects an inherently myopic view of the latter. 

IV. Towards a Novel Narrative

National security is a relative concept—it means different things to different people in different jurisdictions and socio-economic contexts. At the same time, a noticeable trend vis-à-vis this relative concept is that various countries have started incorporating the non-traditional factor of economic growth in their conceptions of national security. This is because the economy and national security are inextricably linked, with several interconnections and feedback loops. 

Although the Indian government has made no explicit declaration in this regard, academic commentary has sought to characterise India’s economic slowdown as a national security concern in the past. We believe that this characterisation is accurate since India is a relatively low-income country and therefore, its national security strategy will necessarily depend upon the state of its economy. Further, although there have been objections surrounding a dismal defence-to-GDP ratio in India, it is believed that these objections are based on ‘trivial arithmetic’. This is because the more appropriate way of remedying the current situation is by concentrating policy efforts on increasing India’s GDP and accelerating economic growth, rather than lamenting low spends on defence. 

This goal, however, requires an upgradation of India’s national security architecture. While the nuances of this reform fall outside the precise scope of this blog post, any comprehensive reform will necessarily require a change in how Indian policymakers view the notion of national security. These policymakers must realise that economic growth underpins our national security concerns and consequently, it is a factor which must not be neglected.

This notion of national security must be used by Indian policymakers to examine the economic viability of introducing any new law, including the localisation mandate. When seen through this broader lens, it becomes clear that the adverse economic impact of data localisation policies will harm India’s national security by inter alia increasing the costs of doing business in India, reducing the GDP, and prejudicing the interests of Indian start-ups and the booming Indian IT sector. 

V. Conclusion

This blog post has attempted to present the link between data localisation and national security in a different light. This has been done by bringing the oft-ignored consequences of data localisation on the Indian economy to the forefront of academic debate. At the center of the article’s analysis lies an appeal to Indian policymakers to examine the notion of national security through a wider lens and consequently rethink their flawed approach of addressing national security concerns through a localisation mandate. This, in turn, will ensure sustained economic growth and provide India with the technological advantage it necessarily requires for preserving its national interests.  

---

*Views expressed in the blog are personal and should not be attributed to the institution.

Technology and National Security Law Reflection Series Paper 12 (B): Contours of Access to Internet as a Fundamental Right

Shreyasi Tripathi^*

About the Author: The author is a 2021 graduate of National Law University, Delhi. She is currently working as a Research Associate with the Digital Media Content Regulatory Council.

Editor’s Note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law.  Along with a companion piece by Tejaswita Kharel, the two essays bring to a life a fascinating debate by offering competing responses to the following question:

Do you agree with the Supreme Court’s pronouncement in Anuradha Bhasin that access to the internet is an enabler of other rights, but not a fundamental right in and of itself? Why/why not? Assuming for the sake of argument, that access to the internet is a fundamental right (as held by the Kerala High Court in Faheema Shirin), would the test of reasonableness of restrictions be applied differently, i.e. would this reasoning lead to a different outcome on the constitutionality (or legality) of internet shutdowns?

Both pieces were developed in the spring semester, 2020 and do not reflect an updated knowledge of subsequent factual developments vis-a-vis COVID-19 or the ensuing pandemic.

1. INTRODUCTION 

Although it did little to hold the government accountable for its actions in Kashmir, it would be incorrect to say that the judgment of Anuradha Bhasin v. The Union of India is a complete failure. This reflection paper evaluates the lessons learnt from Anuradha Bhasin and argues in favour of access to the internet as a fundamental right, especially in light of the COVID-19 pandemic. 

Image by Khaase. Licensed under Pixabay License.

2. EXAMINING INDIA’S LEGAL POSITION ON RIGHT TO INTERNET 

Perhaps the greatest achievement of the Anuradha Bhasin judgement is the fact that the Government is no longer allowed to pass confidential orders to shut down the internet for a region. Moreover, the reasons behind internet shutdown orders must not only be available for public scrutiny but also be reviewed by a Committee. The Committee will need to scrutinise the reasons for the shutdown and must benchmark it against the proportionality test. This includes evaluating the pursuit of a legitimate aim, exploration of suitable alternatives, and adoption of the least restrictive measure while also making the order available for judicial review. The nature of the restriction,  its territorial and temporal scope will be relevant factors to determine whether it is proportionate to the aim sought to be achieved. The court also expanded fundamental rights to extend to the virtual space with the same protections. In this regard, the Court  made certain important pronouncements on the right to freedom of speech and expression. These elements will not be discussed here as they fall outside the scope of this paper. 

A few months prior in 2019, the Kerala High Court recognised access to the internet as a fundamental right. Its judgement in Faheema Sharin v. State of Kerala, the High Court addressed a host of possible issues that arise with a life online. Specifically, the High Court recognised how the internet extends individual liberty by giving people a choice to access the content of their choice, free from control of the government. The High Court relied on a United Nations General Assembly Resolution to note that the internet “… facilitates vast opportunities for affordable and inclusive education globally, thereby being an important tool to facilitate the promotion of the right to education…” – a fact that has only strengthened in value during the pandemic. The Kerala High Court held that since the Right to Education is an integral part of the right to life and liberty enshrined under Article 21 of the Constitution, access to the internet becomes an inalienable right in and of itself. The High Court also recognised the value of the internet to the freedom of speech and expression to say that the access to the internet is protected under Art. 19(1)(a) of the Constitution and can be restricted on grounds consistent with Art. 19(2).

3. ARGUING IN FAVOUR OF RIGHT TO INTERNET  

In the pandemic, a major reason why some of us have any semblance of freedom and normalcy in our lives is because of the internet. At a time when many aspects of our day to day lives have moved online, including education, healthcare, shopping for essential services, etc. – the fundamental importance of the internet should not even be up for debate. The Government also uses the internet to disseminate essential information. In 2020 it used a contact tracing app (Aarogya Setu) which relied on the internet for its functioning. There also exists a WhatsApp chatbot to give accurate information about the pandemic. The E-Vidya Programme was launched by the Government to allow schools to become digital. In times like this, the internet is not one of the means to access constitutionally guaranteed services, it is the only way (Emphasis Added). 

In  this context, the right of access to the internet should be read as part of the Right to Life and Liberty under Art. 21. Therefore, internet access should be subject to restrictions only based on procedures established by law. To better understand what shape such restrictions could take, lawmakers and practitioners can seek guidance from another recent addition to the list of rights promised under Art. 21- the right to privacy. The proportionality test was laid down in the Puttaswamy I judgment and reiterated in  Puttaswamy II (“Aadhaar Judgement”). In the Aadhar Judgement  when describing the proportionality for reasonable restrictions, the Supreme Court stated –

“…a measure restricting a right must, first, serve a legitimate goal (legitimate goal stage); it must, secondly, be a suitable means of furthering this goal (suitability or rational connection stage); thirdly, there must not be any less restrictive but equally effective alternative (necessity stage); and fourthly, the measure must not have a disproportionate impact on the right-holder (balancing stage).” –

This excerpt from Puttaswamy II provides as a defined view on the proportionality test upheld by the court in Anuradha Bhasin. This means that before passing an order to shut down the internet the appropriate authority must assess whether the order aims to meet a goal which is of sufficient importance to override a constitutionally protected right. More specifically, does the goal fall under the category of reasonable restrictions as provided for in the Constitution. Next, there must be a rational connection between this goal and the means of achieving it. The appropriate authority must ensure that an alternative method cannot achieve this goal with just as much effectiveness. The authority must ensure that the method being employed is the least restrictive. Lastly, the internet shutdown must not have a disproportionate impact on the right holder i.e. the citizen, whose right to freedom of expression or right to health is being affected by the shutdown. These reasons must be put down in writing and be subject to judicial review.

Based on the judgment in Faheema Sharin, an argument can be made how the pandemic has further highlighted the importance of access to the internet, not created it. The reliance of the Government on becoming digital with e-governance and digital payment platforms shows an intention to herald the country in a world that has more online presence than ever before. 

4. CONCLUSION 

People who are without access to the internet right now* – people in Kashmir, who have access to only 2G internet on mobile phones, or those who do not have the socio-economic and educational means to access the internet – are suffering. Not only are they being denied access to education, the lack of access to updated information about a disease about which we are still learning could prove fatal. Given the importance of the internet at this time of crisis, and for the approaching future, where people would want to avoid being in crowded classrooms, marketplaces, or hospitals- access to the internet should be regarded as a fundamental right.

This is not to say that the Court’s recognition of this right can herald India into a new world. The recognition of the right to access the internet will only be a welcome first step towards bringing the country into the digital era. The right to access the internet should also be made a socio-economic right. Which, if implemented robustly, will have far reaching consequences such as ease of social mobility, increased innovation, and fostering of greater creativity.

---

*Views expressed in the blog are personal and should not be attributed to the institution.

Technology and National Security Law Reflection Series Paper 12(A): Contours of Access to Internet as a Fundamental Right

Tejaswita Kharel^*

About the Author: The author is a 2021 graduate of National Law University, Delhi. She is currently working as a lawyer in Kathmandu, Nepal. Her interests lie in the area of digital rights, freedom of speech and expression and constitutional law.

Editor’s Note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law. Along with a companion piece by Shreyasi Tripathi, the two essays bring to a life a fascinating debate by offering competing responses to the following question:

Do you agree with the Supreme Court’s pronouncement in Anuradha Bhasin that access to the internet is an enabler of other rights, but not a fundamental right in and of itself? Why/why not? Assuming for the sake of argument, that access to the internet is a fundamental right (as held by the Kerala High Court in Faheema Shirin), would the test of reasonableness of restrictions be applied differently, i.e. would this reasoning lead to a different outcome on the constitutionality (or legality) of internet shutdowns?

Both pieces were developed in the spring semester, 2020 and do not reflect an updated knowledge of subsequent factual developments vis-a-vis COVID-19 or the ensuing pandemic.

1. INTRODUCTION 

The term ‘internet shutdown’ can be defined as an “intentional disruption of internet or electronic communications, rendering them inaccessible or effectively unusable, for a specific population or within a location, often to exert control over the flow of information”.¹ It has become a tool used by States against residents of the country in question when they are faced with some imminent threat to law and order or a certain breakdown of law and order. It is used with the belief that a blanket shutdown of the Internet helps restrict misinformation, spreading of fake news,  incitement of violence, etc. that could take place. 

Image by Ben Dalton. Copyrighted under CC BY 2.0.

2. ANURADHA BHASIN JUDGEMENT: INTERNET AS ENABLER OF FUNDAMENTAL RIGHTS ENSHRINED UNDER THE CONSTITUTION OF INDIA 

Due to the suspension of mobile and broadband internet services in Jammu and Kashmir on August 4, 2019 before the repeal of Article 370 of the Constitution of India, a petition was filed at the Supreme Court by Anuradha Bhasin (a journalist at Kashmir Times). The petition challenged  the Government’s curb of media freedom in Jammu and Kashmir as a result of the blanket internet and communications shutdown. On 10th January 2020, the Supreme Court’s judgement in Anuradha Bhasin v. Union of India, held that the internet has been deemed as a means to realise fundamental rights under Article 19 of the Constitution. The Court’s decision specifically applied to the right to freedom of speech and expression and the right to carry on trade or businesses. 

The Court did not explore or answer the question of whether access to the internet by itself is a fundamental right since it was not a contention by the counsels. However, the Court did state that since fundamental rights could be affected by the measures applied by authorities (which in this case was an internet shutdown), a lawful measure which could restrict these fundamental rights must be proportionate to the goal. 

One reading of the Supreme Court’s decision in Anuradha Bhasin is that the case could act as an enabler which legitimises government-mandated internet shutdowns. Nevertheless, the Court does explicitly hold that the curtailment of fundamental rights affected by internet access restrictions must be proportionate. In pursuance of this restrictive measures need to be the least restrictive in nature. However, determining what constitutes the least restrictive measure is a subjective question and would vary on a case by case basis. There is no guarantee that internet shutdowns would not be the opted measure. . 

3. Critiquing the Rationale of the Anuradha Bhasin Judgement

It is important to investigate why the Court was hesitant to not deem internet access as a fundamental right. One major reason could be due to the fact that access to the internet is not possible for all the citizens of India in the current situation in any case. At the time of writing this paper, approximately half of India’s population has access to and uses the internet. Where such a visible ‘Digital Divide’ exists, i.e. when half of the Indian population cannot access the Internet and the government has not yet been able to provide such universal access to the internet, it would not be feasible for the Court to hold that the access to internet is in fact a fundamental right. 

If the Court were to hold that access to the internet is a fundamental right in the current situation, there would be a question of what internet access means ? Is access to the internet simply access to an internet connection? Or does  it also include the means required in order to access the internet in the first place? 

If it is just the first, then deeming access to the internet as a fundamental right would be futile since in order to access an internet connection, electronic devices (e.g. laptops, smartphones, etc.) are required. At a purely fiscal level, it would be improbable for the State to fulfil such a Constitutional mandate. Moreover, access to the internet would be a fundamental right only to those who have the privilege of obtaining the means to access the internet. The burden on the State would be too high since the State would be expected to not just provide internet connection but also the electronics which would be required in order to access the same. In either case, it does not seem feasible for access to the internet to be deemed as a fundamental right due to the practical constraint of India’s immense digital divide.  

4. RIGHT TO INTERNET FOR CURRENT AND FUTURE CHALLENGES 

At a future point where it is feasible for more people to access the internet in India (especially in rural/remote areas), it may be appropriate to deem access to the internet as a fundamental right. However, at this juncture to argue that the access to internet is a fundamental right (knowing that it is primarily accessible to more privileged segments) would be an assertion anchored on privilege.  Therefore, as important as the internet is for speech and expression, education, technology, etc. the fact that it is not accessible to a lot of people is something for policymakers and wider stakeholders to consider. 

This is especially important to look at in the context of COVID-19. Lockdowns and movement restrictions have increased remote work and accelerated online education. In order to work or study online, people must have access to both devices and  the internet. 

In this context a UNICEF Report (August 2020)observed that only 24% of Indian households had internet connection to access education and in November 2020 an undergraduate student died as a result of suicide since she was unable to afford a laptop. This provides macro and micro evidence of the blatant digital divide in India. Hence, it is not feasible to deem the right to access the internet as a fundamental right.  

In any case, if we were to assume that the right to access the internet was a fundamental right as what was held on 19 September 2019 by the Kerala High Court in Faheema Shirin R.K v. State of Kerala, the issue of whether internet shutdowns are legal or not would still be contended. Article 19(2) provides certain conditions under which the right to freedom of speech and expression under Article 19(1)(a) can be reasonably restricted. Similarly, Article 19(6) of the Constitution provides that  the right to carry on trade and business can be reasonably restricted in the interest of the general public. If access to the internet would be deemed as a fundamental right, it would be necessary to look at the scope of Articles 19(2) and 19(6) through a different lens. Nevertheless, such alteration would not yield a different application of the law. In essence, the Government’s restrictions on internet access would operate in the same way.

It is highly likely that Internet shutdowns would still be constitutional. However, there could be a change in the current stance to the legality of internet shutdowns. Situations wherein internet shutdowns would be legal may become narrower. There may even be a need for specific  legislation for clarity and for compliance with the constitutional obligations. 

5. CONCLUSION 

Due to COVID-19, many people are unable to access education or work in the same way that was done before. Even courts are functioning online and with that the necessity to access the internet has never been stronger. The court in Anuradha Bhasin held that the internet was an enabler to rights under Articles 19(1)(a) and 19(1)(g). However,  now with the added scope for the necessity to be able to use the internet as a medium of accessing education and as a medium to access justice (which has been recognised as a fundamental right under Article 21 and 14), lawmakers and Courts must evaluate whether the rising dependency on the access internet would in itself be a reason for internet access becomes crystallised as a fundamental right. 

---

*Views expressed in the blog are personal and should not be attributed to the institution.

References:

1. Access Now, in consultation with stakeholders from around the world, launched its #KeepItOn campaign against internet shutdowns and developed the first international consensus on the definition of an internet shutdown in RightsCon 2016, available at https://www.rightscon.org/cms/assets/uploads/2016/07/RC16OutcomesReport.pdf.

Technology and National Security Reflection Series Paper 11(B): Effectively Managing the COVID-19 Pandemic: Alternative Route under the Extant Constitutional Framework?

Kumar Ritwik^*

About the Author: The author is a 2020 graduate of National Law University, Delhi. He is a Delhi-based advocate practicing at the Supreme Court of India.

Editor’s Note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law. Along with a companion piece by Bharti Singh, the two essays bring to a life a fascinating debate by offering competing responses to the following question:

Do you think the ongoing COVID-19 Pandemic could have been better managed (more efficiently or more democratically) if the government had invoked emergency provisions under the constitution instead of relying on the national disaster management act? Why or why not?

Both pieces were developed in the spring semester, 2020 and do not reflect an updated knowledge of subsequent factual developments vis-a-vis COVID-19 or the ensuing pandemic.

1. INTRODUCTION 

After the onset of the Covid-19 pandemic, India’s Ministry of Home Affairs (“MHA”) vide Order No. 1-29/2020-pp dated 24th March 2020, under section 6(2)(i) of the Disaster Management Act (“DM Act”), 2005, announced a nationwide lockdown and restrictions among other things. The order included an imposition of restrictions on movement and other liberties of Indian citizens. Wide ranging restrictions articulated in that order and subsequent orders under the DM Act directly impacted, among other things, individuals’ right to movement [Art. 19(1)(d)] and their right to livelihood (Art. 21). Though well-intentioned, these measures left much to be desired in terms of government support. Several significant administrative issues and concerns were raised. In this article, I argue that the Indian Government could have managed the pandemic better if it had invoked emergency provisions under Part XVIII of the Constitution instead of relying primarily on the DM Act, 2005 . 

Image by mohamed_hassan. Licensed under Pixabay License.

2. LIMITATION OF THE DISASTER MANAGEMENT ACT IN COUNTERING COVID-19

To be fair, the government’s interventions have relied on the trinity of the DM Act; the Epidemic Diseases Act, 1897; and relevant state-level Public Safety Act(s). However, such interventions have resulted in some pretty significant concerns. Specifically, administrative officials, located far away in the national capital i.e. New Delhi, are invoking powers and issuing decrees under these statutes. They are granted the power to control and restrict the movement of a billion lives in the country. In essence we are observing that the decision(s) of officials who are far removed from ground-level realities are impacting the lives of individuals residing in remote cities, towns and/or villages.

I argue that since health is a state subjectState governments should have been ordinarily tasked with both the primary responsibility as well as power to decide how to best deal with the pandemic. However, given the extraordinary scale of the pandemic, a different route was chosen wherein the Union Government could exert tight control and issue numerous advisories and directives over an extended period. This was consistent with the idea that a streamlined uniform approach towards tackling the pandemic would work best across all states. As was observed later, States struggled to manage the crisis due to institutional and budgetary constraints. It was quite transparent how dependent States are on the Union Government for financial aid as well as technical expertise. As stated earlier, ground level realities are most closely dealt with by the district bureaucracy, and therefore involving them in the crisis management planning apart from implementation measures would have been beneficial. Emergency provisions under India’s Constitution could have served as an effective alternative which allowed the country to manage the crisis in a different and perhaps, more effective manner.

In the initial period of the pandemic, parliamentary operations suffered major disruptions. A direct result of these disruptions was a lack of meaningful legislative discussion and accountability. Our constitution envisages a system of checks & balances between the powers of the legislature, executive and judiciary. Disruptions to the operation of Parliament signalled that, over a period of several months, direct executive action could face little oversight or accountability from the legislative branches of government at both the Central and State levels.

In such a situation, it is reasonable to turn to the judiciary for ensuring adequate accountability of executive actions. Unfortunately, the judiciary has failed on most occasions with its lax attitude towards the apathy of the officials. While the courts have occasionally rebuked the governments on specific points such as its handling of the migrants’ crisis, there has been no concerted effort by the Indian judiciary in holding the executive or its officials accountable for its management of the crisis. This is in addition to the fact that an extended period of the lockdown ensured that only those few fortunate enough to have constant access to high-speed internet could approach the judiciary for remedies/to submit its petitions as well.

The DM Act, strictly speaking, was not enacted to issue directives on public health emergencies or pandemics. In fact, the Epidemic Diseases Act, 1897 has been enacted with the intent of controlling infectious disease outbreaks like Covid-19 . Though creative and inclusive interpretation would allow for a pandemic to be covered under the scope of the DM Act, the structure and mechanism within the statute has been rendered useless or ineffective to deal with a crisis of such magnitude. These circulars and the regulations that they invoke continue to remain disproportionate and outside the scope or stipulated purpose of the particular statute.      

However, the DM Act has brought with itself immense powers that are enshrined with the government. Any regulation or decision may be taken by the government that is deemed fit and necessary in its own opinion, to aid in the efforts of reducing risks of a disaster (or a pandemic in this case). Additionally, Section 8(1) of the DM Act empowers the Central Government to constitute a National Executive Committee (‘NEC’), comprising senior bureaucrats and leaders [S. 8 (2)]. 

The NEC is empowered to issue directions so as to fulfill obligations and objectives under the Act. State governments and district bureaucracy are bound by circulars or regulations which are issued by the NEC. In fact, the NEC can empower another authority or other authorities to issue guidelines that would bind State Governments as well. Such an overarching framework under Article 256 of the Constitution has essentially been put in place to ensure that where the Union Government finds itself in certain extraordinary situations, it has the necessary tools to adopt measures across all States in a uniform manner. In this case, the Union Government empowered the Union Home Ministry to issue all necessary guidelines for State authorities.

3. EMERGENCY  PROVISIONS AS BETTER AVENUES AGAINST HEALTH  EMERGENCIES 

In contrast, Articles 355 and 356 read alongside Articles 246 and 256 would grant wide powers to the Government of India to impose emergency and invoke these provisions to grant itself all the necessary powers to deal with the crisis. Interestingly, emergency provisions still do stipulate a time limit period whereas the DM act does not. The DM Act grants an unlimited time period to the government machinery to apply these regulations and deems it applicable to all places deemed worthy of its application.

After the bitter experience of the emergency period of 1975-1977, drastic changes were made in order to make the extension of an emergency period contingent on legislative accountability as well. However, with the DM Act, regulations do not require any legislative sanction or even a discussion to that effect either. Therefore, the broad powers enshrined under the DM Act appear to contradict Constitutional ideals, though there has been little critique of the same in the public discourse.

This silence is perhaps owed to the fact that almost every citizen wishes to see the Government mount an aggressive and effective response to such a pandemic, without creating significant hurdles in their path to do so. However, in doing so, these wide-ranging regulations have also brought forth a huge chilling effect and have the potential to incentivise abuse of power by officials in such situations as well.

4. CONCLUSION 

With the large-scale powers that the DM Act accords to officials, India’s treatment of the pandemic essentially resembles an emergency situation. Extraordinary powers are held by the State machinery with little or no safeguards/mechanisms in place that ensure periodic review and/or legislative accountability. Therefore, the current framework serves as a de facto emergency framework.

This is a departure from most mature democracies. Countries have taken the aid of new legislations aimed at the public health emergency, with numerous parliamentary democracies ensuring that regulatory interventions continue to have some kind of legislative scrutiny. The UK legislated close to a hundred laws (collectively referred to as the ‘lockdown laws’ in the UK) to deal with the pandemic, whereas New Zealand pushed for a single comprehensive law instead.

Instead of acting without any restrictions under a statute that was not originally meant for handling a pandemic that has stretched over many years, the Indian Government could have followed this example and relied upon the extant emergency powers within the constitutional framework or legislated a new public health law which could empower officials with the safeguards necessary in a democratic setup instead.

---

*Views expressed in the blog are personal and should not be attributed to the institution.

Technology and National Security Law Reflection Series Paper 11(A): Evaluating the Validity of Disaster Management Act Against Constitutional Emergency Provisions in Containing the COVID-19 Pandemic

Bharti Singh^*

About the Author: The author is a 2020 graduate of National Law University, Delhi. In 2021 she completed her LL.M. from National Law School of India University, Bengaluru. She is currently working as a researcher in areas related to health policy. 

Editor’s Note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law. Along with a companion piece by Kumar Ritwik, the two essays bring to a life a fascinating debate by offering competing responses to the following question:

Do you think the ongoing COVID-19 Pandemic could have been better managed (more efficiently or more democratically) if the government had invoked emergency provisions under the constitution instead of relying on the national disaster management act? Why or why not?

Both pieces were developed in the spring semester, 2020 and do not reflect an updated knowledge of subsequent factual developments vis-a-vis COVID-19 or the ensuing pandemic. 

1. Introduction

Since the introduction of the Constitution of India, the COVID-19 pandemic represents an unprecedented event. It has created extraordinary infrastructural challenges to both governing authorities and legal institutions. In the initial phases of this pandemic the Government of India faced the difficult task of not only adopting containment measures which minimise the effects and casualties of the virus; but also ensure the delivery of essential services to its citizens. It has had to execute these tasks whilst preserving citizens’ liberties and the basic values of the Constitution. Given the death toll along with, economic, financial, political, educational and broader health related costs exacted by the pandemic it is critical for the government to deploy best-in-class infrastructural solutions which remain consistent with India’s constitutional values.

In this article, I argue that after evaluating the competing options, the Government of India’s decision to rely on the Disaster Management Act (“DM Act”), 2005 rather than invoking the Constitution of India’s emergency provisions was the appropriate course of action. The DM Act defines the term ‘disaster’ as a situation of  “… catastrophe, mishap, calamity or grave occurrence which has arisen because of man- made or natural causes and has resulted in “substantial loss of life or human suffering”. Further, it has to be “… of such a nature or magnitude as to be beyond the coping capacity of the community of the affected area”. The gravity of human suffering caused by the COVID-19 pandemic, both in terms of aggregate infections and deaths, becomes more and more evident with the passage of time.

Image by MiroslavaChrienova. Licensed under Pixabay License.

2. Limitations of Constitutional Emergency Provisions

An emergency can be proclaimed pursuant to Article 352(1) of the Indian Constitution. According to it, if the President is satisfied that the grave emergency exists to the security of India or any part thereof is threatened by “war/ external aggression or armed rebellion”. The term “armed rebellion” replaced the former term “internal disturbance” after the emergency proclamation in 1975. When an emergency is proclaimed, Article 353, permits (1) the Central government to direct any state on how to use its executive power (2) permits parliament to make laws even in matters which are in the state list. Article 358 suspends the six fundamental rights protected under Article 19 during Constitutional emergencies. Article 359 suspends enforcement of fundamental rights during emergencies. 

In the context of COVID-19, any decision by the Government to declare a national emergency under Article 352 of the Constitution, would be unconstitutional in light of the 44th Constitutional Amendment in 1978. The 44th Amendment holds that such emergencies can only be declared if the security of India or any part thereof is threatened by war or external aggression or armed rebellion (Emphasis Added). These are the only three grounds under which an emergency can be declared under Article 352.

The Constitution of India does not have any explicit provisions for disaster management. In absence of any such provision, disaster management was conventionally considered to be within the competence of the states as per colonial practice. The legal basis of the Disaster Management Act can be traced in Entry 23, Concurrent List of the Constitution which relates to “Social security and social insurance” as well as Entry 29, Concurrent List which relates to “Prevention of the extension from one State to another of infectious or contagious diseases or pests affecting men, animals or plants,”. Owing to the federal structure of India’s Democracy, public health and public order are listed in the State List under the Seventh Schedule of the Constitution. Critically, while operationalising and implementing Government interventions to contain the spread of COVID-19, the Government’s use of provisions under the DM Act must be mindful of the unprecedented and unique factors of this disaster where the primary causality is human life and not degradation of environment or loss of property.

The framework of the DM Act is consistent with the federal structure of India’s democracy. Conversely, the proclamation of Emergency under the Constitution centralises powers within the Union Government. When in effect, the Union Government can direct state governments and make laws on the entries present under the State list in the Constitution of India. Under Article 357 of the Indian Constitution, the power of state can be vested in the legislature, which can delegate it to the President and the President can further delegate it to an appropriate authority. In his way the powers vested in the Central Government under the provisions of emergency are very flexible. However, this compromises the quasi federal structure of India’s constitutional democracy.

In India’s Constituent Assembly Debates, the Emergency provisions were being conceived  as an exception to otherwise federal structure of the Government., Originally this power to declare emergency/President’s Rule in a particular State was envisioned to be vested with the Governors of the State. At the time, the position of Governor was supposed to be an elected office. Ultimately this was not the case as  the office came to be appointed by the President. In effect this means that the  power to declare an emergency under the Constitution is essentially vested in the President. Under Constitutional emergency conditions  as per Article 256, even the legislative powers can be vested in the president and need not be vested in Parliament. The President can make incidental and consequential provisions necessary to give effect to proclamation.

3. Conclusion: The Merits of the Disaster Management Act

India is a diverse country, not just in terms of culture and heritage but also in terms of geography. The States, with international airports and tourism specific industries, are more prone to the spread of the virus and the number of cases varies across states. In the context of COVID-19, State-specific measures become important since local authorities may have to simultaneously manage other natural and man-made disasters. Recent examples of this include the cyclone Amphan in Kolkata, or the gas leakage from the chemical plants in Visakhapatnam. States which are prone to natural calamities such as cyclones, floods, famines could be afforded the flexibility to create State and district plans under DM Act, to tackle such calamities as well as the spread of the COVID-19 in more vulnerable locations. Further, policymakers should not ignore the heterogeneity of infrastructure across the health industry as well as the strength of the economy– the dependency of which also varies from state to state.   

The demand for Personal Protective Equipment (PPEs)  for essential workers or essential infrastructure like ventilators also varies across states based on variables such as the number of cases. These factors dictate the need for state-specific measures and targeted  district-specific measures as well. The intensity of the spread of the virus is being determined district wise by distinguishing them as red, orange and green zones, and the laying out of district plan per Section 31 becomes of utmost importance for the Red Zone districts. 

The Centre should limit its role to coordination between states and the other departments of the government, rather than dictating consistency across the states. Instead, states should be empowered in terms of implementation, enforcement and the funds. The cooperative federalism envisaged in India’s Constitution will be a better model for the government to follow. This principle could have been utilised at the time of crisis of inter-state migration of workers and could further have been utilised for facilitating transportation of essential goods, in order to minimise economic harms and societal destabilisation during periods of government mandated lockdowns.   

I conclude by reiterating that it is better for the Government to manage the pandemic under the Disaster Management Act, 2005. However, in case a State Government is going through the breakdown of its constitutional or infrastructural machinery and in which case it is unable or unwilling to exercise its  responsibility to provide relief to affected persons, then the Central Government should impose the Constitutional Emergency provisions in such territories.

---

*Views expressed in the blog are personal and should not be attributed to the institution.

Technology and National Security Law Reflection Series Paper 9: Legality of Foreign Influence Operations (“FIOS”) Under International Law

Neeraj Nainani^*

About the Author: The author is a 2020 graduate of National Law University, Delhi. He currently works as an Associate at AZB & Partners, Mumbai. 

Editor’s note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law.

1. INTRODUCTION

States have always tried to influence opinions and politics of other sovereign states. Sun Tzu advocated spreading false information to take tactical advantage while Genghis Khan and his men planted rumors about their cruelty and their horsemen to spread fear and to weaken the enemy’s resilience.¹ However, changes in technology have drastically altered the way in which influence operations are conducted. The continuous evolution of information technology (“IT”) has resulted in progressive transformation in the information environment both in terms of constituent elements and inherent dynamics. 

Due to this transformation, the dissemination of information on a large scale is no longer controlled by a few stakeholders within democracies. This transformation is accelerated by the advent of online and social media platforms. Such platforms have upended the financial configuration of the media landscape in a manner in which prioritizes commercial revenues over the reliability and integrity of information which is consumed. 

These incentive structures have become fertile ground for influence operations which are increasingly shifting to cyberspace. In fact these online influence operations are being used to interfere in matters of other countries, especially elections. Cyber influence operations are defined as

“… activities that are run in cyberspace, leverage this space’s distributed vulnerabilities, and rely on cyber-related tools and techniques to affect an audience’s choices, ideas, opinions, emotions or motivations, and interfere with its decision making processes”.

The author will look at the status of cyber influence operations under international law and examine whether they violate principles of sovereignty and non-intervention and other obligations of states under international law. 

“Aspects of Cyber Conflict (pt. 4)” by Linda Graf is licensed under CC BY 4.0. From CyberVisuals.org, a project of the Hewlett Foundation Cyber Initiative.

2. FIOs AND THE PRINCIPLE OF SOVEREIGNTY

A state’s sovereignty is one of the most important concepts in international law. The ICJ has recognized the centrality of sovereignty by holding that “the whole international law rests” upon the concept of sovereignty. However, scholars highlight two issues as challenges to the argument that cyber influence operations may violate a State’s sovereignty. 

First, the conceptual understanding of sovereignty is currently challenged as an international legal obligation, especially in cyberspace. The authors of the Tallinn Manual on the international law applicable to cyber operations have recognized sovereignty as a primary and central principle of international law. The United Kingdom has observed that even though sovereignty is an important concept in international systems, “we can currently extrapolate from that general principle a specific rule or additional prohibition for cyber activity beyond that of a prohibited intervention”. The chief lawyer to the U.S. Cyber Command has also argued that sovereignty is “a principle of international law that guides state interactions, but is not itself a binding rule that dictates results under international law”.

The second argument pertains to the application of sovereignty principle over influence operations. Tallinn Manual 2.0 recognizes that a cyber operation constitutes a violation of sovereignty when they result in cause “physical damage or injury”, or the remote causation of “loss of functionality” of infrastructure in the target state or when they interfere with or usurp inherently governmental functions. However, there was division among the experts on the threshold which would amount to violation. The test is irrelevant for cyber influence operations as they generally do not cause physical damage or loss of functionality. Further, the authors of Tallinn manual were also not able to reach consensus on whether the cyber influence operations violate notions of territorial sovereignty of nations states.

The other touchstone to test cyber influence operations is on the notion of interfering with or usurping inherently governmental functions. Some authors have argued that it is unclear “whether a cyber influence operation on an election falls within the bounds of the terms ‘interference’ or ‘usurpation’.” Authors of Tallinn Manual have argued that the transmission of propaganda alone is generally not a violation of sovereignty. Michael Schmitt argues that the doxing operations disclosing crucial confidential information at crucial moments before the national elections as well disinformation campaigns involving overt acts from fake accounts are serious and classification of these serious influence operations as violations of sovereignty is “somewhat supportable”. Schmitt concludes that influence operations currently fall within “the legal grey zone of the law of sovereignty”.

One of the arguments to consider is that influence operations are generally backed with some additional overt or covert act such as doxing supported by hacks, or information warfare supported by the violation of privacy. UNGA has observed in the context of elections that “any activities that attempt, directly or indirectly, to interfere in the free development of national electoral processes, in particular in the developing countries, or that are intended to sway the results of such processes, violate the spirit and letter of the principles established in the Charter”. 

Influence operations do more than merely transmit propaganda. They perform subversive acts aiming at destabilizing State institutions by influencing nationals of another State; and enable militant democracy which allows the attacking state to indulge in political and legal warfare in the medium and long term. Further, influence operations interfere with the duty of the state to conduct free and fair elections.

3. FIOs AND THE PRINCIPLE OF NON-INTERVENTION

The other possible argument questioning the legality of influence operations under international law is the settled principle of non-interference. As per the ICJ’s decision in Nicaragua, an intervention by a State is unlawful when first, it has a bearing on matters which by principle the state can decide freely, second, the state uses methods of coercion. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations provides that “a State may not intervene, including by cyber means, in the internal or external affairs of another State” 

Duncan Hollis identifies two key issues with bringing cyber-enabled foreign influence operations within the principle of non-intervention. Firstly, that the content of the categories i.e. internal and external affairs of the state is not well defined. He argues that in earlier times there were subjects clearly cabined off from international attention that a state could address. However, with technological advancements and globalization, such subjects are limited and every subject attracts international attention. Therefore, any idea defining internal affairs of the state is likely to be limited, contested, and dynamic. However, the influence operations do not merely mean ‘international interest’ from a particular state. Influence operations more often than not, are clandestine operations by States – designed to meddle with the internal affairs of the country which shows a hint of militant democracy. 

Second, Hollis argues that influence operations do not meet with the criteria of coercion as narrowly defined in International Law. Tallinn Manual defines Coercion as “designed to deprive another State of its freedom of choice, that is, to force that State to act in an involuntary manner or involuntarily refrain from acting in a particular way”. This must be “distinguished from persuasion, criticism, public diplomacy, propaganda, retribution, mere maliciousness…” because “such activities merely involve either influencing (as distinct from factually compelling) the voluntary actions of the target State, or seek no action on the part of the target State at all”. It has been argued that the very nature of influence operation is to have target adopt or change certain behaviors willingly, which implies an absence of coercion. Another argument is that a legal finding that the State acted due to/under the influence of coercion would depend on recognizing and attributing some individual or group as the target of the coercion and identifying threatened consequences.

However, a broader conceptual understanding of coercion can be identified in efforts to bolster the argument that non-intervention includes the conduct of a State which weakens, undermines or compromises the authority of another State. The argument emphasizes on the examination of context and consequences while determining whether a State was compelled to act in a manner it otherwise wouldn’t have.

This broad approach is supported by observations made by the experts in Tallinn Manual 1.0 where they observed that the prohibited forms of interventions include “the manipulation by cyber means of elections or of public opinion on the eve of elections, as when online news services are altered in favor of a particular party, false news is spread, or the online services of one party are shut off”.

4. CONCLUSION

Various authors have highlighted that it is very difficult to argue that cyber influence operations questioning the democratic legitimacy of a target State falls within the ‘prohibited forms of intervention’. Similar arguments have been made for questions pertaining to the principle of sovereignty as well. Michael Schmitt has also observed cyber influence operations fall within a significant legal grey zone. However, an important question which is asked is whether these primary principles of international law which have developed on the basis of kinetic conflicts could be applied to cyberspace by analogy. Other scholars have also argued that cyber influence operations can better examined through lens of “self-determination”, “duty of due diligence” and also arguing  “information ethics” should inform our legal interpretation of damage and violence in cyberspace. Due to challenges posed by traditional understanding of sovereignty and principle of non-intervention, it is important to reexamine these concepts in context of cyber influence operations and to apply concepts accordingly to address concerns raised by them. 

---

*Views expressed in the blog are personal and should not be attributed to the institution.

References:

1. Sunil Narula, “Psychological Operations: A Conceptual Overview,” Strategic Analysis 28, no. 1 (2004): 180.

Technology & National Security Reflection Series Paper 7: Use of Force in Modern Times: Sisyphus’ First World Boulder

Karan Vijay^*

About the Author: The author is a 2021 graduate of the National Law University, Delhi. He is currently an Associate at Talwar Thakore & Associates, Mumbai. His interests lie in evolving landscapes of technology and their impact on international law and economics.

Editor’s note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law.

INTRODUCTION 

In this post, we discuss a rather contentious point that whether in international law, a mere threat or use of force by a State against another State would give rise to a right of self-defense. 

For context Article 2(4) of the UN Charter provides for all member States to refrain from the threat of or the actual use of force which may threaten the territorial integrity or political independence of any other state. This provision is regarded to have a jus cogens character, i.e., binding on all States as a non-derogable one. Each Member State also has the positive duty to refrain from the use of force against other  States under international law.

Pursuant to Article 51 of the UN Charter, States which face a use of force at the level of an ‘armed attack’ have the right to exercise self-defense. An armed attack is when this force is used on a relatively large scale, is of sufficient gravity, and has a substantial effect. Dinstein states that armed attack presupposes a use of force producing serious consequences, epitomized by territorial intrusions, or human casualties or considerable destruction of critical infrastructure.

Photo by Kyle Glenn on Unsplash. Copyrighted under Unsplash license.

MEMBER STATE’S RIGHT TO SELF DEFENSE

We need to be aware that this right of self-defense does not manifest at every instance of use of force against another State. In certain instances victim States can instead exercise ‘countermeasures’ against the belligerent State. However, when this right of self-defense does manifest, it must abide by the doctrines of necessity and proportionality.

These doctrines were initially laid down in the aftermath of the Caroline incident of 1837, which has inadvertently governed the rules of use of force for nearly two centuries. Herein, the doctrine of necessity posits that an armed attack can only be responded to when there is no other alternative means to seeking viable redressal. Necessity requires that military action should be used only as a last resort. Then, the doctrine of proportionality provides that the size and scope of an armed attack shall determine the overall objective of the defensive responses. This leads to the conclusion that such action will only be towards self-defense and not retaliatory in nature or have a punitive outlook against the aggressor. The counter attack cannot be unreasonable or excessive and can only be carried out to repel or prevent an attack.

Thus, if we were to literally interpret the law, the answer would be that a mere threat or even a use of force that is not of a level of an armed attack does not give rise to the right of self-defense. However, a look at how State practice has shaped this understanding might lead to a different conclusion.

EMERGING FAULTLINES AND EXPANSION OF LEGAL INTERPRETATION OF RIGHT OF SELF-DEFENSE

The United States, with their invasion of Afghanistan for harboring terrorists in 2001 and the subsequent invasion of Iraq in 2003 for allegedly procuring weapons of mass destruction have posited a changed landscape to the  right of self-defense. American actions of ‘self-defense’ completely subvert the legal interpretation of the right being unavailable against threats and conventional use of force. Furthermore, it has led to the emergence of an anticipatory right to self-defense.

At the outset, it is observed that the opinion on the legality of such acts that anticipate armed attacks from threats or other information is divided. Some scholars (usually the ones who have a favorable outlook towards American and/or the Israeli Government actions) argue that the right to anticipatory self-defense is not only in consonance with customary international law but also with article 51 of the U.N Charter.

However, an anticipatory right of self-defense would actually be contrary to the wording of Article 51, since an armed attack must ‘occur’. In any case, Article 51 must be interpreted narrowly containing a prohibition of anticipatory self-defense as one of the purposes of the Charter was to reduce to a minimum the unilateral use of force. At the very least, States claiming the right will have to prove that they face an imminent attack^.. It is ideal to have a ‘clear and convincing’ evidence of the same to avoid situations like that of the invasion of Iraq, which was initiated based on extremely faulty intelligence. 

There are checks and balances enshrined within Article 51 itself to ensure that this does not become a practice. Key mechanisms include the requirement or duty to report immediately to the Security Council when such an act is undertaken, which can act as a limitation on the exercise of self-defense. However, even this duty does not have the power to stop the states exercising such ‘rights’ as reporting to the Security Council is a mere procedural matter, and nonfeasance cannot technically deprive a state of the substantive right of self-defense or invalidate it.

Therefore, it can be said that the scope of the right to self-defense despite fair legal objections may have already expanded to practically include threats or even conventional uses of force not amounting to an ‘armed attack’. What becomes important now is to see how this right of a sovereign state will shape in the future. Towards this, there are two important questions that need to be answered. Firstly, whether this right can be exercised against non-state actors and secondly, can this right be exercised against a cyber-operation?

When the right of self-defense towards non-state actors is considered, the legal position seems pretty clear. The International Court of Justice itself has expressed that the inherent right of self-defense in the case of armed attack by one state is available only against another state.

The general understanding is that Article 51 of the Charter is an exception to the prohibition on the use of force as enshrined in Article 2(4). Given that Article 2(4) refers only to a ‘state’, its exception must also deal with the same. However, some do argue that while Article 2(4) of the Charter, in proscribing the use of force, refers solely to state actors on both sides.  On the other hand, Article 51 mentions a member only as the potential target of an armed attack. This means that the perpetrator of that armed attack is not identified necessarily as a state, especially during these times where it is not just State but non-State entities like terrorists that pose the significant threats to national security concerns of States.

Moreover, regardless of what the law states or what the law should be, the tacit acknowledgement of the Security Council, NATO and EU towards the American invasion of Afghanistan to attack Al Qaeda has given credence to the understanding that self-defense is available against non-State actors. Thus, contemporary state practice (of the first world countries) shows that non-State actors can be behind ‘armed attacks’ which can give rise to self-defense. The ‘pro-democracy’ opinion now states that self-defense against a non-State actor can be justified when the territorial State has manifestly and persistently been unwilling or unable to prevent such attacks in other States, like invasion of Afghanistan on the pretext that if they are harbouring terrorists, they are as liable as the terrorists themselves.

Coming to the second question of whether cyber-operations against a state can give a right to self-defense to that State, it is imperative to determine whether a cyber-operation is an armed attack (as per the prevailing legal view as there is no contrary contemporary state practice yet).

An ‘armed attack’ may not strictly require the use of kinetic weapons, but may, in principle, also be conducted by computers used by hackers. In order to reach this very threshold, the consequences and effects of the cyber-operation in question, must be compared to that of conventional use of force. These operations cannot be isolated or random acts of cyber-attacks and exercising the right against these one-off incidents are excluded from the scope of right to self-defense. Thus, the bar to classify a cyber-operation as an armed attack exists against which a right to self-defense will also exist. However, this bar must be considerably high and will not trigger when hypothetically Indian college students hack a Pakistani bank’s website as a one-off incident.

CONCLUSION

The high standard set is important to ensure that self-defense is not ‘exercised’ in a ubiquitous manner. However, the first world tells us that if the standard is too high and is creating an obstacle towards their political interests, the standard will be disregarded or modified accordingly making an effective set of laws a Sisyphean task. This is what happened to non-State actors, to threats and simple uses of force and will most likely happen to cyber-operations as well. 

Self-defense will be heavily exercised if doing so aligns with the political ideology of the State regardless of what the law states. The law understandably does not allow a State to exercise the right to self-defense against mere threats or even conventional uses of force. However, as we understand from a third-world vantage point of international law, the law is what the first world will allow it to be.

---

*Views expressed in the blog are personal and should not be attributed to the institution.

Technology and National Security Law Reflection Series Paper 5: Legality of Cyber Weapons Under International Law

Siddharth Gautam^*

About the Author: The author is a 2020 graduate of National Law University, Delhi. 

Editor’s note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law. In the present essay, the author reflects upon the following question: 

What are cyber weapons? Are they cyber weapons subject to any regulation under contemporary rules of international law? Explain with examples.

Introducing Cyber Weapons

In simple terms weapons are tools that harm humans or aim to harm the human body. In ancient times nomads used pointing tools to hunt and prey. Today’s world is naturally more advanced than that. In conventional methods of warfare, modern tools of weapons include rifles, grenades, artillery, missiles, etc. But in recent years the definition of warfare has changed immeasurably after the advancement of the internet and wider information and communication technologies (“ICT”). In this realm methods and ways of warfare are undergoing change. As internet technology develops we observe the advent/use of cyber weapons to carry out cyber warfare.

Cyber warfare through weapons that are built using technological know-how are low cost tools. Prominent usage of these tools is buttressed by wide availability of computer resources. Growth in the information technology (“IT”) industry and relatively cheap human resource markets have a substantial effect on the cost of cyber weapons which are capable of infiltrating other territories with relative ease. The aim of cyber weapons is to cause physical or psychological harm either by threat or material damage using computer codes or malware.

2007 Estonia Cyber Attack

For example during the Estonia –Russia conflict the conflict arose after the Soldier memorial was being shifted to the outskirts of Estonia. There was an uproar in the Russian speaking population over this issue. On 26^th and 27^th April, 2007 the capital saw rioting, defacing of property and numerous arrests.

On the same Friday cyber attacks were carried out using low tech methods like Ping, Floods and simple Denial-of-Service (DoS) attacks. Soon thereafter on 30^th April, 2007 the scale and scope of the cyber attack increased sharply. Actors used botnets and were able to deploy large scale distributed denial of service (D-DoS) attacks to compromise 85 thousand computer systems and severely compromised the entire Estonian cyber and computer landscape. The incident caused widespread concerns/panic across the country.

Other Types of Cyber Weapons

Another prominent type of cyber weapon is HARM i.e. High-speed Anti Radiation missiles. It is a tactical air-to-surface anti radiation missile which can target electronic transmissions emitted from surface-to-air radar systems. These weapons are able to recognise the pulse repetition of enemy frequencies and accordingly search for the suitable target radar. Once it is visible and identified as hostile it will reach its radar antenna or transmitter target, and cause significant damage to those highly important targets. A prominent example of its usage is in the Syrian–Israel context. Israel launched cyber attacks against the Syrian Air defence system by blinding it. It attacked their Radar station in order not to display any information of Airplanes reaching their operators. 

A third cyber weapon worth analysing can be contextualised via the Stuxnet worm that sabotaged Iran’s nuclear programme by slowing the speed of its uranium reactors via fake input signals. It is alleged that the US and Israel jointly conducted this act of cyber warfare to damage Iran’s Nuclear programme.

In all three of the aforementioned cases, potential cyber weapons were used to infiltrate and used their own technology to conduct cyber warfare. Other types of cyber risks emerge from semantic attacks which are otherwise known as social engineering attacks. In such attacks perpetrators amend the information stored in a computer system and produce errors without the user being aware of the same. It specifically pertains to human interaction with information generated by a computer system, and the way that information may be interpreted or perceived by the user. These tactics can be used to extract valuable or classified information like passwords, financial details, etc. 

HACKERS (PT. 2) by Ifrah Yousuf. Licensed under CC BY 4.0.From CyberVisuals.org, a project of the Hewlett Foundation Cyber Initiative.

Applicable Landscape Under International Law

Now the question that attracts attention is whether there are any laws to regulate, minimise or stop the aforementioned attacks by the use of cyber weapons in International law? To answer this question we can look at a specific branch of Public international law; namely International Humanitarian law (“IHL”). IHL deals with armed conflict situations and not cyber attacks (specifically). IHL “seeks to moderate the conduct of armed conflict and to mitigate the suffering which it causes”. This statement itself comprises two major principles used in the laws of war.

Jus ad Bellum – the principle which determines whether countries have a right to resort to war through an armed conflict,

Jus in bello– the principle which governs the conduct of the countries’ soldiers/States itself which are engaging in war or an armed conflict. 

Both principles are subjected to the Hague and Geneva Conventions with Additional Protocol-1 providing means and ways as to how the warfare shall be conducted. Nine other treaties help safeguard and protect victims of war in armed conflict. The protections envisaged in the Hague and Geneva conventions are for situations concerning injuries, death, or in some cases  damage and/or destruction of property. If we analyse logically, cyber warfare may result in armed conflict through certain weapons, tools and techniques like Stuxnet, Trojan horse, Bugs, DSOS, malware HARM etc. The use of such weapons may ultimately yield certain results. Although computers are not a traditional weapon its use can still fulfil conditions which attract the applicability of provisions under the IHL.

Another principle of importance is Martens Clause. This clause says that even if some cases are not covered within conventional principles like humanity; principles relating to public conscience will apply to the combatants and civilians as derived from the established customs of International law. Which means that attacks shall not see the effects but by how they were employed

The Clause found in the Preamble to the Hague Convention IV of 1907 asserts that “even in cases not explicitly covered by specific agreements, civilians and combatants remain under the protection and authority of principles of international law derived from established custom, principles of humanity, and from the dictates of public conscience.” In other words, attacks should essentially be judged on the basis of their effects, rather than the means employed in the attack being the primary factor.

Article 35 says that “In any armed conflict, the right of the Parties to the conflict to choose methods or means of warfare is not unlimited. It is prohibited to employ weapons, projectiles and material and methods of warfare of a nature to cause superfluous injury and unnecessary suffering”

The above clause means that the action of armed forces should be proportionate to the actual military advantage sought to be achieved. In simple words “indiscriminate attacks” shall not be undertaken to cause loss of civilian life and damage to civilians’ property in relation to the advantage.

Conclusion

Even though the terms of engagement vis-a-vis kinetic warfare is changing, the prospect of the potential of harm from cyber weapons could match the same. Instead of guns there are computers and instead of bullets there is malware, bugs, D-DOS etc. Some of the replacement of one type of weapon with another is caused by the fact that there are no explicit provisions in law that outlaw cyber warfare, independently or in war.

The principles detailed in the previous section must necessarily apply to cyber warfare because it limits the attacker’s ability to cause excessive collateral damage. On the same note cyber weapons are sui generis like the nuclear weapons that upshot in the significance to that of traditional weapons

Another parallel is that in cyber attacks often there are unnecessary sufferings and discrimination in proportionality and the same goes for  traditional armed conflict. Therefore, both should be governed by the principles of IHL. 

In short, if the cyber attacks produce results in the same way as kinetic attacks do, they will be subject to IHL.

---

*The views expressed in the blog are personal and should not be attributed to the institution.

Technology & National Security Reflection Series Paper 4: Redefining National Security

Animesh Chaudhary*

About the Author: The author is a 2021 graduate of National Law University, Delhi. He is currently working at Rural Electrification Corporation Limited.

Editor’s note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law.

Introduction

“National Security” is one of the foremost concerns of any nation state. However, the meaning of this term has acquired an overwhelmingly military character over time. This military approach to national security follows the assumption that the principal threat to security comes from other nations. While such an understanding was suitable a few decades ago health pandemics, climate change, technological changes etc. are challenging this notion today. This submission aims to identify the gaps in traditional understandings of national security and proposes redefining the concept. 

This piece is divided into three parts- Part I looks at the traditional military approach to “National security”. Part II analyses the need to update this traditional understanding. Part III identifies “Human Security” as a modern and suitable concept of national security.

Photo by MySecuritySign.com. Licensed via CC BY 2.0.

I.         Traditional Military approach to “National Security”

The traditional approach has been to view “National Security” from a military lens i.e. ‘securing the nation from military threat’. The policy measures of nation States and many strategists have followed this understanding.

Weber found a monopoly on violence, allowing to deal with internal or external military threats, as a crucial condition for the State. Similarly, James Baker notes that while no common definition of “national security” exists, the core issues which warrant national security treatment will primarily include nuclear attack, terrorist attacks and conventional attacks. “National Security” is also used to justify “the maintenance of armies, the development of new weapon systems, and the manufacture of armaments”.

In many ways, it can be easily understood how this understanding of National security developed. Wars in 18^th and 19^th century were generally short. The security strategy in the past was focused mainly on “external military threats”, which consequently required corresponding military responses.  However, in present times, such an understanding is inadequate.

II.                Need to update the definition of National Security

 i)  Nature of threats is changing

Today, for most nations, the threat of military aggression has reduced considerably. Instead, nations have to face “environmental pollution, depletion of ozone, [global] warming, and migrations of refugees“¹ among others. Health issues such as the Coronavirus pandemic, changes in technology, or spiralling economy as seen in many third-world countries are other threats to nations. 

One of the greatest enablers of this change is technology. It is difficult to place technological threats within the traditional military approach to national security, yet it is undeniable that technological disruptions present great danger to the security of nations.  The impact of technologies on the international security environment are all-encompassing.² These include both conventional changes like technological weapons, and non-conventional changes like cyber warfare.

ii)  Non-Military Threats can cause Military Conflict

Another reason for updating the present understanding of “National Security” is that a number of non-traditional threats can lead to military conflict. This makes it imperative for proactive policymakers to treat all such threats as National Security issues.

Scholars have studied resource conflicts, energy security, climate change and insecurity and tied them in with military conflicts. Some have found that “… water resource scarcity can be both the cause and the consequence of armed conflicts.” ³

Proactive policymaking demands recognising such threats before they acquire a military character.

iii)  Conventional understanding of ‘National Security’ is narrow and patriarchal

If National Security means the security of a nation, it is imperative to define ‘nation’ first. While it is difficult to come up with a precise definition of a ‘nation’, it is submitted that any definition, that does not take into account the people is narrow in scope. 

In this context, national security fails to include everyday experiences of a significant population. Further, the current definition is patriarchal and excludes the experiences of women.

J.Tickner finds that the traditional perspectives on security through a military point of view has marginalised or omitted women, which has resulted in a masculine and militaristic definition of National Security.⁴ Women, on the other hand, have defined security as “absence of violence whether it be military, economic, or sexual.”⁵ National Security, when understood as “absence of violence against people of the nation”, can then be extended to all other disempowered groups.

Similarly, the perception of security that many people of colour have in America, does not align with the dominant definition of national security in America. In the Indian context, crimes against underprivileged groups are not considered a national security threat. Understood in these terms, it is clear that the traditional understanding does not cover the security threats faced by disempowered groups in a nation. A definition that does not take into account is therefore severely lacking in scope, and needs to be updated.

III.          “Human Security”- A Modern understanding of National Security

Put forth in 1994 by the United Nations Development Program, ‘Human Security‘ very simply relates to the security of people. Erstwhile Prime Minister of Japan Obuchi Keizo called Human Security “the keyword to comprehensively seizing all of the menaces that threaten the survival, daily life, and dignity of human beings”

In essence, Human Security puts “people first” and recognises that the security of States does not necessarily translate to security of the people in it.  This has been borne out of the events of the 20^th century – world wars, multiple genocides, and the realisation that conventional notions of security need to be challenged when serious violations of rights occur.

The advantages of a human security understanding of national security are manifold:

i)   People first approach

The biggest advantage of this concept is that it puts people first in its definition of the ‘nation’. It recognises different forms of violence and threats that individuals face every day.  It brings into focus “structural violence” i.e. “the indirect violence done to individuals when unjust economic and political structures reduce their life expectancy through lack of access to basic material needs.”⁶

Understanding National Security as “absence of violence for people in a nation”, also allows us to recognise new unconventional threats that arise in the 21^st century.

ii)    Radically alters Public notions of Emergency and Urgency

There is normative value in recognising ‘Human Security’ as ‘National Security’. By recognising violence against individuals as national security threats, it sends a message that threats faced by individuals are the most important threats that any nation faces. It legitimises the security issues faced by groups that are not dominant in a nation.

“National Security” issues receive utmost urgency and importance in policy making. As Sachs notes, “Questions of “security” are often given pride of place before other potential policy concerns.”

This leads to a number of questions, why should emergency conditions and sense of urgency be reserved only for military threats? Why should crimes against women be considered any less urgent in a country which reports 87 rapes per day? Why shouldn’t crimes against Scheduled caste and Scheduled tribes be considered as urgent? How do nations issue national or local emergency in times of military conflict, but go on about in a routine manner when extreme gender, social and economic injustices exist?

By equating human security issues with national security threats, it is these questions that we can answer adequately. Crimes against minorities, women and other groups, poverty, lack of access to healthcare and education, and other social, economic and environmental ills that plague nations have become normalised to such an extent that all these issues have become routine. The concept of ‘Human Security’ challenges this status quo.

iii)   Leveraging Public Trust

National Security threats often generate public trust and public consensus swiftly. Public trust is an important part of a democratic system,⁷ while a lack of public trust is one the biggest obstacles in governance. By recognising “Human Security threats” as “National Security” threats, this public trust can be leveraged to improve governance.

As Lester Brown notes, while responding to a national security threat, “the ‘public good’ is much more easily defined; sacrifice can not only be asked but expected, it is easier to demonstrate that “business as usual” must give way to extraordinary measures.”

If such consensus and unity could be achieved with respect to “Human security”, it would allow governance to take place a lot more efficiently.

Conclusion

The traditional understanding of National Security in terms of military threats to the State is no longer adequate in the 21^st century. Today, ‘Human Security’ offers a more holistic understanding with its ‘people first’ approach. It recognises and legitimises the experiences of disempowered groups and challenges conventional notions of security.

Human Security offers multiple advantages as an analytical concept, and holds normative value by contesting the traditional understanding of a nation, urgency and emergency. The definition of Human Security is broad, but that acts as an advantage for it covers a wider range of threats, including the new threats caused by technology and climate.

This redefinition of ‘National Security’ does pose challenges relating to vagueness, increased powers of the executive, conceptual and funding issues, among others, but overall provides a strong base for policymakers to realign their priorities as per the requirements of today.

---

*Views expressed in the blog are personal and should not be attributed to the institution.

References:

1. Kalevi J. Holsti, The State, War, and the State of War (1996), Pg. 15.
2. Group Captain Ajay Lele, “Technology and National Security” Indian Defence Review Issue Vol 24.1 Jan-Mar 2009.
3. Swain, A., 2015. “Water Wars”. In: International Encyclopaedia of the Social & Behavioural Sciences, 2nd edition, Vol 25. Oxford: Elsevier. pp. 443–447.
4. Tickner J. A. (1997b), “Re-visioning Security”, in: International Relations Theory Today, eds. K. Booth, S. Smith, Polity Press Cambridge.
5. Tickner, J. (1993). “Gender in International Relations: Feminist Perspectives on Achieving Global Security” Political Science Quarterly.
6. J. Ann Tickner, “Re-visioning Security,” International Relations Theory Today (Ken Booth and Steve Smith, eds., 1994), p. 180.
7. Beshi, T.D., Kaur, R. “Public Trust in Local Government: Explaining the Role of Good Governance Practices”. Public Organiz Rev 20, 337–350 (2020).

Technology & National Security Reflection Series Paper 3: Technology and the Paradoxical Logic of Strategy

Manaswini Singh^*

About the Author: The author is a 2020 graduate of National Law University, Delhi. She is currently pursuing an LLM with specialization in Human Rights and Criminal law from National Law Institute University, Bhopal. 

Editor’s note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law.

In the present essay, the author reflects upon the following question: 

According to Luttwak, “The entire realm of strategy is pervaded by a paradoxical logic very different from the ordinary ‘linear’ logic by which we live in all other spheres of life” (at p. 2) Can you explain the relationship between technological developments and the conduct of war through the lens of this paradoxical logic?

Introducing Luttwak’s Paradoxical Logic of Strategy

While weakness invites the threat of attack, technologically advanced nations with substantial investment in better military technology and R&D that are capable of retaliation, have the power to persuade weaker nations engaged in war to disengage or face consequences. Initiating his discussion on the paradox of war, Luttwak mentions the famous roman maxim si vis pacem, para bellum which translates to – if you want peace, prepare war. Simply understood, readiness to fight can ensure peace. He takes the example of the Cold War to discuss the practicality of this paradoxical proposition. Countries that spend large resources in acquiring and maintaining nuclear weapons resolve to deter from first use. Readiness at all times, to retaliate against an attack is a good defensive stance as it showcases peaceful intent while discouraging attacks altogether. An act of developing anti-nuclear defensive technology – by which a nation waging war may be able to conduct a nuclear attack and defend itself upon retaliation – showcases provocativeness on its part.

The presence of nuclear weapons, which cause large scale destruction, have helped avoid any instance of global war since 1945. This is despite prolonged periods of tensions between many nations across the globe. Nuclear weapons are an important reason for the maintenance of international peace. This is observable with India and its border disputes with China and Pakistan where conflicts have been frequent and extremely tense leading to many deaths. Yet these issues have not escalated to large scale or a full-fledged war because of an awareness across all parties that the other has sufficient means to engage in war and shall be willing to use the means when push comes to shove. 

Using the example of standardisation of antiaircraft missiles, Luttwak points out that ‘‘in war a competent enemy will be able to identify the weapon’s equally homogeneous performance boundaries and then proceed to evade interception by transcending those boundaries… what is true of anti aircraft missiles is just as true of any other machine of war that must function in direct interaction with reacting enemy – that is, the vast majority of weapons.”

Image by VISHNU_KV. Licensed via CC0.

Luttwak’s Levels of Strategy

The five levels of strategy as traced by Luttwak are: 

1. Technical interplay of specific weapons and counter-weapons.
2. Tactical combat of the forces that employ those particular weapons.
3. Operational level that governs the consequences of what is done and not done tactically.
4. Higher level of theatre strategy, where the consequences of stand alone operations are felt in the overall conduct of offence and defence.
5. The highest level of grand strategy, where military activities take place within the broader context of international politics, domestic governance, economic activity, and related ancillaries.

These five levels of strategy create a defined hierarchy but outcomes are not simply imposed in a one-way transmission from top to bottom. These levels of strategy interact with one another in a two-way process. In this way, strategy has two dimensions: the vertical dimension and the horizontal dimension. The vertical dimension comprises of the different levels that interact with one another; and the horizontal dimension comprises of the dynamic logic that unfolds concurrently within each level.

Situating Technological Advancements Within Luttwak’s Levels of Strategy

In the application of paradoxical logic at the highest level of grand strategy, we observe that breakthrough technological developments only provide an incremental benefit for a short period of time. The problem with technological advancement giving advantage to one participant in war is that this advantage is only initial and short-lasting. In discussing the development of efficient technology, he gives an example of the use of Torpedo boats in warfare which was a narrow technological specialisation with high efficiency. Marginal technological advancement of pre-existing tech is commonplace occurrences in militaries. The torpedo naval ship was a highly specialised weapon i.e. a breakthrough technological development which was capable of causing more damage to larger battleships by attacking enemy ships with explosive spar torpedoes. The problem with such concentrated technology is that it is vulnerable to countermeasures. The torpedo boats were very effective in their early use but were quickly met with the countermeasure of torpedo beat destroyers designed specially to destroy torpedo boats. This initial efficiency and technical advantage and its ultimate vulnerability to countermeasures is the expression of paradoxical logic in its dynamic form. 

When the opponent uses narrowly incremental technology to cause damage to more expensive and larger costlier weapons, in the hopes of causing a surprise attack with the newly developed weapon, a reactionary increment in one’s weaponry is enough to neutralise the effects of such innovative technologically advanced weapon(s). The technological developments which have the effect of paradoxical conduct in surprising the opponent and finding them unprepared to respond in events of attacks, can be easily overcome due to their narrowly specialised nature themselves. Such narrowly specialised new tech are not equipped to accommodate broad counter-countermeasures and hence the element of surprise attached with such incremental technology can be nullified. These reciprocal force-development effects of acts against torpedo-like weapons make the responding party’s defence stronger by increasing their ability to fight and neutralise specialty weapons. Luttwak observed a similar response to the development of Anti-tank missiles which was countered by having infantry accompany tanks.

Conclusion

The aforementioned forces create a distinctly homogenous and cyclical process which span the development of technology for military purposes, and concomitant countermeasures. In the same breadth, one side’s reactionary measure also reaches a culmination point and can be vulnerable to newer technical advancement for executing surprise attacks. Resources get wasted in responding to a deliberate offensive action in which the offensive side may be aware of defensive capabilities and it is just aiming to drain resources and cause initial shock. This can initiate another cycle of the dynamic paradoxical strategy. Within the scheme of the grand strategy, what looks like deadly and cheap wonder weapons at the technical level; fails due to the existence of an active thinking opponent. These opponents can deploy their own will to engage in response strategies and that can serve as a dent to the initial strategic assumptions and logic.

In summary, a disadvantage at the technical level can sometimes also be overcome at the tactical level of grand strategy . Paradoxical logic is present in war and strategy, and use of technology in conduct of war also observes the dynamic interplay of paradoxical logic. Modern States have pursued technological advancements in ICT domains and this has increased their dependence on high-end cyber networks for communication, storage of information etc. Enemy States or third parties that may not be equipped with equally strong manpower or ammunition for effective adversarial action may adopt tactical methods of warfare by introducing malware into the network systems of a State’s critical infrastructure of intelligence, research facilities or stock markets which are vulnerable to cyber-attacks and where States’ inability in attribution of liability may pose additional problems.

---

*Views expressed in the blog are personal and should not be attributed to the institution.