India once again tightened up its digital borders and asserted sovereignty in the digital space with its latest move to ban apps belonging to large China tech firms such as Tencent, Alibaba and NetEase and re-branded versions of apps already banned by India in 2020 among others.
The lack of transparency about the data-sharing norms under a Chinese law, that requires companies of Chinese origin to share data with that country’s intelligence agencies, irrespective of where they operate, necessitates that in the interest of sovereignty, integrity, defence, security of state, friendly relations with foreign states and public order the government of India invokes Section 69A of the Information Technology Act to restrict public access on these apps.
To understand the entire picture, it is pertinent to glance at the existing regulations in China specially: the National Intelligence Law 2017 and the Counter Espionage Law 2014. Article 7 of the National Intelligence Law 2017 authorises the Chinese government’s deliberate integration of the public and private digital landscape, which requires Chinese citizens and organisations to cooperate with state intelligence work. As it is, the law remains obscure and vague in terms of national security and intelligence work, Article 11 further adds to the risk associated with Chinese entities or companies operating overseas.
Article 11 authorises the Chinese intelligence agencies to collect and process information about any activities of “overseas entities or individuals” which jeopardize the national security and interests of China. The Counter Espionage law 2014 states that when the state security organ investigates and understands the situation of espionage and collects relevant evidence, the relevant organisations and individuals shall provide it truthfully and may not refuse. In a nutshell, it appears that organisations and individuals don’t have a choice when it comes to helping the government. The Chinese government, with this vaguely-defined “intelligence work,” could force companies to hand over network data whether they want to or not. This concern was also raised by Amnesty International thereby stating that the national security legal architecture poorly defines concepts of “intelligence work”, making it prone to risk and violation of human rights.
China has accused India of discriminatory practices that violate World Trade Organization rules after India banned Chinese mobile apps and on the contrary China’s nation-scale firewall, colloquially referred to as the ‘Great Firewall of China’, put into action numerous kinds of content filtering and censorship to control the internet traffic of China. The data suggests that China accounts for three quarters of the takedown requests between July 2018 and July 2019 and approximately 85 per cent of apps removed from the Apple’s App Store.
A scrupulous attention to the data collected by Apps would give us a coup d’oeil into the possible threats from a geopolitical perspective. The apps on your cell phone collect data such as:
(a) Who you are: Which includes biometrics like retina and fingerprints, a person’s physical characteristics and other personally identifiable information.
(b) What you do: Your activities like travel and GPS location, a person’s behaviour and movement patterns.
(c) What you know: Entailing information known only to the beholder personally, like personal identification number (PIN), usernames and access tokens.
(d) What you have: This includes documents and numbers such as a national identity number, passport, bank account numbers, etc.
While European apps have to be compliant with its data protection law- General Data Protection Regulation (GDPR), the US tech ecosystem is also democratically regulated (you can go to a court). The principles of Data protection in totalitarian states like China are highly apocryphal. With respect to Chinese apps there exists no transparency and information about the data subjects’ rights, one knows nothing about principles of consent and other legitimate grounds for the processing of personal data. Similarly, data transfers and processing by third parties is also opaque thereby leaving Indian citizens vulnerable to exploitation by a totalitarian non-democratic state, which puts surveillance and censors its citizens around the clock.
The lines between government and business interests, in a totalitarian state, are opaque. Apple can resist the US government (supposedly) and decline to share data on the grounds of individual privacy, but the same cannot be said for China.
The Internet has no boundaries, de facto and de jure, hence hundreds of millions of Indians today are subscribers of apps made worldwide. The Cambridge Analytica scandal has proved beyond doubt that data can be put to use for sinister purposes. Little bits and bytes of data leak information about individuals but if this is accumulated, it can have perilous national security implications. In his book Data and Goliath, Bruce Schneier discusses the “hidden battles to collect your data and to control your world”. In 2015, this thought did not seem so sinister. The ephialtes unfolded so slowly that the world missed the horror since. A variety of data are used for corporate and government surveillance around the world including but not limited to identity, transaction, location, activity and communication details. Sources of these data points include social media platforms, email accounts, desktop computers, networks and now the most potent source are our mobile devices.
During the act of warfare and conflict between China and other countries, data from these apps will put the Chinese regime to a great geopolitical advantage. It can get a real-time picture of the other country’s varied strategic and tactical initiatives for defence and combat preparedness.
(Khushbu Jain is a practicing advocate in Supreme Court and founding partner of law firm – Ark Legal)