This piece was written by PI Research Officer Edin Omanovic and originally appeared here.

Whatever happens over the next few years, if there is to be a storm, then it is best to prepare. It is essential that western liberal democratic societies are resilient enough to uphold their fundamental values.

One of the UK’s biggest security assets is one of its biggest security threats. The UK’s spies have access to and are allowed to exercise some of the most sophisticated electronic surveillance techniques in the world. It has underwritten its Special Relationship with the US, cementing a bond at the most sensitive level of the State.

But it’s come at a cost. A government-appointed independent review called the UK’s legal framework under which its capabilities have been developed “undemocratic, unnecessary and — in the long run — intolerable”.

The spooks and Home Office have been dragged into modest reforms kicking and screaming. The few safeguards which do exist are only in place because of external pressure. The oversight system relies on a staggering amount of unfounded trust in the resilience of liberal democracy and the post-war western security order. It is trust that is now outright dangerous.

It is understandable that the UK doesn’t want to risk the Special Relationship. The United States is unarguably the world’s only superpower, spending more than double what China does on its military. The post-war order is based on US power and its projection around the world. The security establishment in the west and its allies have invested it with vast power. In doing so, they have accepted that the it has built the world’s largest ever surveillance infrastructure, supported by its dominance in technology and international security relationships.

The UK spooks want to play with their Atlantic cousins. They don’t like being told to do boring things like report back, or have a foreseeable, necessary, and proportionate legal framework in place. Tellingly, the area where resistance to transparency has been strongest in the UK is the extent to which the US has access to its intelligence. This isn’t about spooks trading brown envelopes on park benches: intelligence sharing in the age of the internet involves sharing, by default, any and all electronic communications that the UK collects. Today, UK intelligence gathering includes tapping submarine cables through which the vast majority of internet traffic flows, allowing the surveillance of the communications of millions of people on a daily basis.

We only know of the existence of these intelligence sharing agreements because of an obscure agreement — the UK-USA Agreement — signed in the aftermath of the Second World War, when civilian communications were confined to the few households that could afford a telephone. The agreement — which governs intelligence sharing between the US, UK, Australia, Canada and New Zealand — not only provides for the sharing of raw intelligence, but also calls for these governments’ agencies to share surveillance equipment and techniques. Today, these arrangements have manifested themselves in the form of jointly staffed and jointly run bases, jointly run operations, and direct access to bulk surveillance. They have also been interpreted to allow US agencies to collect intelligence to target drone strikes, from a base in North Yorkshire.

Despite the level of cooperation however, the only official safeguard the government has been prepared to offer has been a two-page summary of secret internal guidance presented to a secret court.

This is intolerable. Globally, the pillars of democracy are under threat. It is worth remembering that it has no inherent right to exist. The effects of inequality are finding an outlet in populist nationalism, bringing with it politicians who were considered irrelevant and sneered at only a few years ago. In the UK, the independence of the judiciary has been openly challenged. If facts are becoming less relevant, then so too is parliamentary representation and the media.

The fact that the largest surveillance infrastructure ever exercised will soon be run by commander-in-chief Donald Trump, a man with no apparent qualms about using it to target entire religious groups, should therefore be of concern to everyone. For the UK, the security establishment’s trust in the system now means that Trump and whoever he appoints will also have access to the UK’s intelligence gathering infrastructure, including potentially data on British people. Moreover, they will have access at a time when the post-war western security order is under threat by a US leader who is in apparent awe of an authoritarian former KGB spy who has threatened and destabilised the UK’s allies and strategic interests.

Whatever happens over the next few years, if there is to be a storm, then it is best to prepare. It is essential that western liberal democratic societies are resilient enough to uphold their fundamental values. Some argue that technology is polarising groups and creating echo chambers: certainly, Brexit and the US election show that sides are less understanding of one another, and for a democracy, that represents real danger.

It is now in everyone’s interests to invest in robust institutions, governance systems, and clear laws that restrain and protect fundamental rights. Whether you believe it is the elites or populists that have hijacked democracy, a liberal system of checks and balances is the only way we know of how to manage power, and it is our only hope.

This must start with the state’s monopoly on violence and its power to spy on us and to control. For the UK government, this begins with telling Parliament and its electorate what Donald Trump will have on them. We can no longer rely on blind trust in the system, on secret courts reviewing secret safeguards.

Whether you believe that the UK’s surveillance infrastructure is the product of a national debate, supported by independent review, that strikes a balance between national security and transparency, or a dangerous and counter-productive global precedent that has no place in a modern liberal democracy, it’s in everyone’s interest to make it as democratic and resilient as possible — and certainly a lot more than it is at the moment. Why take the risk?

This guest piece was written by Elonnai Hickok and Vipul Kharbanda.

In light of the complex challenges and threats posed to, and by, the field of information telecommunications in cyberspace, in 1998 the draft resolution in the First Committee of the UN General Assembly was introduced and adopted without a vote (A/RES/53/70) . Since then, the Secretary General to the General Assembly has invited annual reports on the issue. The most recent report, Developments in the Field of Information and Telecommunications in the Context of International Security, was published in June 2015.

The 2015 Report touches upon a number of issues, including international cooperation, norms and principles for responsible state behavior, confidence building measures cross border exchange of information, and capacity building measures.

Annual reports will continue to be accepted by the General Assembly, and the 2016/2017 Group of Governmental Experts will have it's first meeting in August 2016.  India was a member of the Group of Governmental Experts in 2013.

The  Centre for Internet and Society (CIS) published a paper analysing India’s alignment with  the recommendations of the report of the Group of Governmental Experts. This policy brief attempts to articulate the major policy actions that may be considered by India to further incorporate and implement the principles enunciated in the Report.

CIS believes that the report of the Group of Governmental Experts provides important minimum standards that countries could adhere to in light of challenges to international security posed by ICT developments. Given the global nature of these challenges and the need for nations to holistically address such challenges from a human rights and security perspective, CIS believes that the Group of Governmental Experts and similar international forums are useful and important forums for India to continue to actively engage with.

Below are our specific recommendations:

(a) Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security;

India has entered into treaties on ICT issues with countries such as Belarus, Canada, China, Egypt, and France. Additionally, India’s IT Act addresses a number of the cyber-crimes listed in the Budapest Convention. However, India is not yet a signatory to the Convention. This leaves scope for India to consider further forums and means of international cooperation to better realise this principle.

India has been invited to accede to the Budapest Convention in the past, but for various tactical and political reasons has not yet agreed to do so. Although whether to accede to an international convention or not is usually a well discussed and thought out policy decision of the diplomatic core of a country, the mutual assistance framework, however flawed it may be, would offer a better opportunity for India for international cooperation for increasing the stability and security of ICTs and prevent harmful ICT practices as envisaged in the Report of the Group of Governmental Experts.

(b) In case of ICT incidents, States should consider all relevant information, including the larger context of the event, the challenges of attribution [of cybercrime] in the ICT environment and the nature and extent of the consequences;

While the Department of Electronics and Information Technology (DEITY) as well as the Computer Emergency Response Team, India (CERT-In) have a number of policies which talk about maintaining security and means of addressing threats in the ICT environment, most ICT incidents, crimes or illegal activities using ICT, unless they involve large or government institutions, are handled by the regular police establishment of the country. The lack of capacity, both in terms of infrastructure and skill, of the regular police to adequately address most cyber-crimes is an area that needs to be strengthened. The need for cyber security capacity building  in India was highlighted in 2015 by the Standing Committee on Information Technology.   It would be useful for dedicated cyber-crime departments to be established in all districts. This would be a step in the right direction to provide the requisite capacity and resources to deal with the various technical issues such as attribution, jurisdiction, etc. arising out of ICT incidents.

(d) States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats. States may need to consider whether new measures need to be developed in this respect;

Owing to the growing irrelevance of physical and political borders in the age of globally networked devices, one of the most important issues arising out of ICTs and cyber-crimes is the need for greater and more efficient exchange of information between nations. It has been widely accepted that sharing of information on a regular and sustained basis between nation states would be a very important tool. Limitations in the traditional mechanisms (MLATs, Letters Rogatory, etc.) such as the delay in accessing the information as well as denial of access due to differences in legal standards, present hurdles to the efficacy of law enforcement agencies only emphasize the urgency of developing a new mechanism of international information sharing that would be able to deal with ICT incidents, while at the same time protecting the freedoms and privacy rights of the citizens of the world. Exploration and participation in dialogues and solutions that are evolving at the international level around cross border sharing of information is key.

(i) States should take reasonable steps to ensure the integrity of the supply chain [of ICT equipment] so that end users can have confidence in the security of ICT products. States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions;

While the National Electronics Policy of 2012 states that the government should mandate technical and safety standards in order to curb the inflow of sub-standard and unsafe electronic products, the government is yet to mandate any broad standards in the Indian market for ICT equipment. Considering the enormous security implications of compromised ICT this is an area where the government should prioritisemust act immediately. Mandating standards may require the establishment of a monitoring or enforcement mechanism to ensure that the standards are being implemented. This should be done with the aim of ensuring security while not hindering innovation or the flow of business. To achieve such a balance, research and discussion is needed within the government to formulate a mechanism which would ensure the safety and quality of ICT tools while at the same time ensuring that industry is not hindered.

Conclusion

The suggestions given above are some of the major lessons from the analysis of the UN Report on ICT which CIS believe the government of India could adopt and pursue to strengthen its enlightenment with the recommendations of the Report. It is also imperative that the Government of India continues to realise the importance of the work being done by the Group of Governmental Experts and take measures to ensure that a representative from India is included in future Groups. Meanwhile, India can take positive steps by strengthening domestic privacy safeguards, improving transparency and efficiency of relevant policies and processes, and looking towards solutions that respect rights and strengthen security.