The public internet, as we know it today, is a product of R&D done by the US Department of Defence at the height of the Cold War in 1969. The objective was to develop a distributed database system that will be able to withstand a nuclear attack. It was a cooperative effort of the US government and a few universities. Called the ARPANET, it connected universities, R&D organisations and military customers, and provided connectivity to a small number of supercomputer centres to support timesharing applications. Funding was provided by the National Science Foundation Network. Gradually, it evolved into a public network and saw explosive growth since the 1980s.
Since early 1990s, the internet has been commercialised, extending its use to anyone with a PC and a modem connected to the network of an access provider, called ISPs. Although the internet is an autonomous distributed network with no central control, the US Department of Commerce has exercised control over address allocation, initially through a body called the Internet Assigned Numbers Authority. This function has been transferred to another body called the Internet Corporation for Assigned Names & Numbers (ICANN). Except address allocation, all other functions are discharged by various bodies which are quite autonomous. Bodies like the Internet Society, Internet Architecture Board, Internet Engineering Task Force are all non-profits. They welcome contributions from individuals, research groups, companies and universities. These organisations are transparent in their working and do not require any kind of control by any government. In these days of internet freedom and neutrality, there will be considerable opposition by the civil society if any government tries to impose controls on these organisations.
The Indian government exercises regulatory control on the carriage of internet traffic originating in India, through the ISP licence. The licensee must conform to the Indian Telegraph Act, 1885. The content on the internet is regulated through the IT Act. The licence has a section entitled Application of Indian Telegraph Act. It has three sub-paras. The last sub-paragraph reads as follows: “Nothing provided and contained anywhere in this licence agreement shall be deemed to affect adversely anything provided or read under the provisions of Indian Telegraph Act, 1885, or any other law in force or enacted from time to time.” Para 10 of the license states that, on security-related issues, an inter-ministerial committee with representatives from Department of Telecommunications, home ministry, defence ministry, Cabinet Secretariat, Department of Electronics and National Informatics Centre will look into the technical aspects of monitoring of communications on the internet to enable the setting up of monitoring infrastructure. Any condition imposed by this committee during the validity of the licence shall be binding on the licensee.
But despite these measures, there have been numerous cases of hacking and cyber attacks from inimical countries on internet sites in India. Since the infamous Stuxnet malware attack on Iranian nuclear facilities in 2010, many countries have established a Computer Emergency Response Team (CERT) to deal with cyber attacks. In India too we have such a team which is engaged in malware analysis and intrusion detection, called CERT-In. The organisation is working with anti-virus vendors to develop effective solutions to deal with cyber attacks. India was one of the most targeted nations for malware that steals data, according to a Trend Micro report of 2015. So, all countermeasures should be taken to safeguard our network. Although critical infrastructure like power plants, gas pipelines, etc, are not connected to the public internet, they are still vulnerable. The control system of all critical infrastructure needs to be protected. They should preferably be isolated from public internet and have their own dedicated intranet to which the control computers are connected.
Internet is a collection of autonomous and interconnected networks that implement open protocols and standards. No person, government or entity owns or controls it. Internet architecture is such that most of the national networks through local ISPs, regional ISPs and backbone ISPs get connected at the highest level to a few network access points in the US and then down the hierarchy in the US to millions of websites. Most of the internet traffic originating in India is directed towards websites situated outside the country, mostly in the US. So, any sovereign control over the internet by nation states is not possible due to its autonomous nature and its protocol for routing.
Issues relating to internet governance, particularly the management of ICANN, have been discussed at global conferences where India has played an important role. The UN General Assembly in November reaffirmed the principles agreed to in the Geneva declaration that the management of the internet encompasses both technical and public policy issues and should involve stakeholders and relevant intergovernmental and global organisations, within their respective roles. India, at the Buenos Aires conference, expressed itself in favour of a multi-stakeholder body to manage ICANN. The country has promised to work towards a new form of digital democracy through the internet. ICANN president & CEO Fadi Chehade has expressed appreciation of India joining a group of countries which support the multi-stakeholder model of internet governance. Hopefully, 2016 will be a landmark year in the evolution of internet governance when in September the US will fully relinquish control over ICANN and the organisation will become a multi-stakeholder body.
The author is former member, Trai and Telecom Commission