We should also nuance our approach to digital threats
PremiumAmerica has adopted an evidence-based policy on the risks of foreign apps and so should India
US President Joe Biden recently signed an executive order (EO) that marks an important shift in how America uses technology as an instrument of foreign policy. The EO issued on 9 June states that the federal government should evaluate threats from information and communication technology (ICT) services “through rigorous, evidence-based analysis and should address any unacceptable or undue risks consistent with overall national security, foreign policy, and economic objectives, including the preservation and demonstration of America’s core values and fundamental freedoms." This comes at a time when geopolitics dominates technology-policy discourse in India. A common feature is distrust of Beijing’s weaponization of technology supply chains.
Biden’s order revokes previous ones passed by former president Donald Trump that banned apps like Tik Tok and WeChat (see orders 13943, 13942). These revoked orders were issued by president Trump at a time when the US trade war with China had escalated. Their origins lie in an earlier order the Trump administration issued in May 2019 that remains in effect, which first linked national security to threats in ICT and service supply chains. Last year, India too banned 267 apps, a move that was widely perceived as a response to unprovoked border incursions by Chinese troops in Ladakh. Similarly, it restricted inward investments from border nations in sensitive sectors at the start of the pandemic in 2020, and is widely expected to prohibit the involvement of China’s Huawei and ZTE in the development of core 5G networks.
MORE FROM THIS SECTIONSee All
The Biden administration has laid down an exhaustive list of technology-based transaction risks and a clear chain of command that will analyse and respond to them within fixed timelines. These include risks linked to ownership, control or management of software and apps by foreign adversaries, including non-state actors, as well as concerns related to the “scope and sensitivity of the data collected".
In effect, President Biden replaced his predecessor’s reactionary approach with evidence-based policymaking. However, he did so while maintaining Trump’s foundational framework to address risks in ICT. Therefore, while Biden rescinded Trump’s sanctions on popular apps, he did not dilute the emphasis on data security. In fact, the US strengthened the pillars of its China counterstrategy through a nuanced approach that prioritizes precision over prohibition. Prohibition is a hallmark of Chinese state policy and is best avoided. The Biden administration’s approach serves as a useful template for India, which will likely continue to leverage technology policy as an instrument to hit back at the increasingly expansionist People’s Republic of China.
A well-specified framework to identify and respond to ICT security threats would provide a safety net for a wider set of risks. There is no guarantee that blacklisting will mitigate dangers in technology ecosystems, where bad actors can exercise control in myriad ways. Most financial and technological flows are complex and hard to pin. For instance, a ‘variable interest entity’ financial structure allows overseas investors to obtain control of companies through contractual rights rather than beneficial ownership. Several Chinese tech majors leveraged this financial structure to overcome Beijing’s longstanding financial firewalls and raise money from US investors. Similarly, nothing stops foreign original equipment manufacturers for 5G networks from engaging with low-cost Chinese suppliers in arm’s length or derivative supply chain agreements. And finally, some of the largest breaches of Indian citizens’ data in recent months have stemmed from domestic financial technology companies and public sector units. It can be nobody’s case that domestic vulnerabilities should go unaddressed.
India must not adopt China’s blunt tactics, particularly in the digital economy. These will inevitably lead to ostracization from global markets, as in the case of Chinese ICT firms. While digital firms have global reach, they can be switched on and off instantly, unlike traditional businesses with brick-n-mortar operations. This renders them especially vulnerable to impulsive state interventions. Moreover, Beijing’s crackdown on Alibaba, following its founder Jack Ma’s frank assessment of the flaws in the domestic regulatory environment, was both a self-goal and a warning sign of the excesses of state control.
China’s command-and-control model is not suited to a globalized digital market with limited international safeguards against knee-jerk policies. While a multilateral treaty on digital trade will remain elusive precisely because of the divergence in governance approaches between the two largest economies, it is likely that the Biden administration will engage other democracies to help shape plurilateral and bilateral agreements to engender stability. These agreements will be based on common assessment criteria and adequacy standards to provide for secure market access. In this paradigm, trust in ICT and digital supply chains will stem from a commitment to sophisticated policymaking, which entails delineating clear security standards based on well-accepted first principles. Illustratively, the Bureau of Indian Standards released robust data privacy assurance standards earlier this year. These standards are based on privacy principles that are globally accepted. Such approaches require broad basing for India to stand tall in the comity of democratic digital economies.
Vivan Sharan is partner, Koan Advisory Group
Never miss a story! Stay connected and informed with Mint. Download our App Now!!