Pulling the plug


In the aftermath of the TikTok ban Mishi Choudhary, the founder of Software Freedom Law Centre (India), says the government must enact pro-privacy legislation that protects private data from tech companies, regardless of their origin

Prior to 29 June, it was hard to avoid the vibrant watermarked logo of TikTok. Whether it was a forwarded WhatsApp video featuring a young couple energetically dancing to a Bollywood track in the background, or young women tying a pencil bun to the tune of Italian protest folk song, Bella Ciao, or other TikTok videos that made their way to traditional social media platforms like YouTube, Facebook or Twitter, it was hard to miss that the app was rewriting social media.

Mishi Choudhary Tiktok ban
Mishi Choudhary

All of that came to a screeching halt with an order issued by the Ministry of Electronics and Information Technology (MEITY) invoking its power under section 69A of the Information Technology Act, read with the relevant provisions of the Information Technology (Procedure and Safeguards for Blocking of Access of Information by Public) Rules, 2009.

Via this order, the government decided to disallow the use of 59 apps, including TikTok, used in both mobile and non-mobile internet-enabled devices. The ministry stated: “In view of information available [the apps] are engaged in activities that are prejudicial to the sovereignty and integrity of India, defence of India, security of state and public order.” The order also stated that the ministry received “several representations” from citizens regarding the security of data and risk to privacy, as well as bipartisan concerns expressed by members of parliament regarding the use of these apps.

Scores of experts rushed to weigh in on the legality of the order and provide realpolitik assessments. It was difficult to extricate the order from the ongoing standoff in the Galwan Valley between India and China, which started in May this year. This ostensibly simple step underscored the fact that geopolitics and cyberspace are now forever closely interlinked.

A new era?

The Indian startup ecosystem and business pundits were quick to declare this as heralding a new era for local startups, and an opportunity for them to occupy the attention economy – as if anybody had stopped them until this moment. These rushed assessments seemed to rely on an assumption that other platforms from other countries will not use this opportunity to promote their own “inspired” features. Instagram was quick to introduce it’s 15-second video making feature, Reels, in India following this ban. A perfectly timed alternative made available to all those users looking for something else, but we digress.

Let’s unpack all these claims. Section 69A arms the government with the power to block any information in the country. The process to block such information is set out in the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009. Rule 16 requires the maintenance of strict confidentiality regarding all the requests and complaints received and actions taken. These rules have been challenged in the Supreme Court, and were upheld by it, although the court also observed that an order for such blocking has to be a written, reasoned order so that it can be assailed in a writ petition under article 226 of the constitution.

As section 69A orders are confidential, we have no way of examining the evidence that the MEITY possesses. The affected companies are engaging with the ministry, answering questions and presenting their responses to this action. But there is no denying that governments all over the world see technology companies as pillars of national power, an immense national security intelligence resource, and therefore their strategic ally.

No way to opt out

There are at least two existing pieces of Chinese legislation that mandate cooperation: The National Intelligence Law, 2017, and the Counter-Espionage Law of 2014. Article 7 of the National Intelligence Law states that “any organization or citizen shall support, assist and cooperate with the state intelligence work in accordance with the law,” adding that the state “protects” any individual and organization that aids it. The Counter-Espionage Law says that, “When the state security organ investigates and understands the situation of espionage and collects relevant evidence, the relevant organizations and individuals shall provide it truthfully and may not refuse.”

As easy as it has been for China to build national search engines and social media structures, favouring domestic private market entrants and exercising control over national telecoms networks, the same ease won’t be available to Chinese companies in shaking off the control that surrounds them as they go global.

In the 29 June order, the MEITY also states there have been “raging concerns” on aspects relating to data security and safeguarding the privacy of 1.3 billion Indians. It is heartening to see an official statement recognizing the importance of privacy but this “rage” is yet to materialize into a concrete step, considering the data protection bill has been pending in the parliament since December 2019. India needs such a law urgently that can address the problems being presented by complicated new technologies that hold to ransom the privacy and security of all citizens. The bill is a necessary step, although it is by no measure adequate to protect citizens from the ever-broadening reach and greed of companies and other entities for our data.

Societies around the world are now wrestling with the enormous social power wielded by the Internet’s platform companies and their complicated relationships with their respective governments. Billions of people provide data about their personal lives and business activities to these companies, which are using that data as leverage to change human behaviour to their economic advantage. In such a world, we expect our government to undertake several steps to protect the country. The current ban may be a stopgap, short-term step, but without long-term thinking, we will continue to play the game of tic-tac-toe with a different player each time.

Here are a few suggestions: (1) the government must enact a people’s protection legislation, and not merely a data protection act that gives it a backdoor into everything, and access to swathes of citizen data for a small group of Indian companies; (2) it must subject all companies to the rule of law, whether they are Chinese, American Indian, or from anywhere else; (3) it must invest more in research and development, higher education and critical tech including computer chips and artificial intelligence, and not just magic “apps”; (4) it must put an end to the Bengaluru-driven misguided nationalist narrative that domestic companies are better just because they are Indian; and (5) its policies must recognize that protecting Indians from potential technology abuses, no matter the nationality of the company, doesn’t destroy innovation or strengthen any foreign company.

Until the government proactively does that, and helps build for-profit, pro-privacy IT for humanity, all these actions will remain the proverbial elephant’s tusks.

Mishi Choudhary is the founder of Software Freedom Law Centre, India.