Isolating, Not Taming: What’s Behind the Impetus to “Digital Sovereignty” in Russia?

//Julien Nocetti, a Research Fellow at the Paris-based think tank French Institute of International Relations (IFRI), explores recent Russian claims and policies concerning the internet in an attempt to reveal what these claims and initiatives reveal about Russian authorities’ stance towards the internet.

April 2014 was a particularly bitter month for Russian internet users and the local internet industry. President Vladimir Putin unsurprisingly made headlines when, at the Media Forum in St. Petersburg, he publicly labeled the internet as a “CIA project” and launched an attack against Russian internet businesses. Putin particularly expressed reservations about the successful Russian search engine Yandex, as it is registered in the Netherlands for, as Putin stated, “not only… taxation purposes but for other reasons, as well.” A week earlier, during his annual call-in TV show, Putin also referenced the internet when, responding to a question from Edward Snowden, he rejected any mass surveillance of the network by Russian law enforcement agencies.

Simultaneously, an avalanche of internet related legislation, which would make any legal expert dizzy, passed in Russia. The State Duma approved a law which imposed stricter rules on bloggers, requiring blogs with over 3000 daily visits to register as mass media entities.  The Duma also released a draft “Internet Law” that would significantly increase the government’s powers by obliging all email providers and social network owners to store information about their users, users’ posts, and users’ communications on servers in Russia. In an apparent…

Click here to read more. 

Will New Telecom Law Secure Freedoms in Myanmar Connectivity Developments?

Dr. Andrea Calderaro, a researcher at the Centre for Media Pluralism and Media Freedom at the European University Institute, outlines the open consultation on Myanmar’s draft telecom law.

In the midst of Myanmar’s current period of dramatic reforms, developing a national connectivity plan is a key priority on the government’s agenda. As illustrated in my previous discussion about ongoing connectivity building in Myanmar (see Digitalizing Myanmar: Connectivity Developments in Political Transitions), in order to safeguard citizens’ freedoms and secure the telecom infrastructure development from political uncertainty, the government must first set rules for this connectivity plan and frame its policy implementations. The design and release of the country’s telecom law provides an important opportunity to better understand the credibility of Myanmar’s ongoing reform process and is a key step forward for connectivity development in the country.

In accordance with one of the main “best practices” in telecom reform, the Myanmar government launched an open consultation in order to gather recommendations and feedback on the draft version of the law before its final release. This consultation invited multiple stakeholders to contribute through a public, transparent, and open process. The draft law was made available online in English for an international public consultation from November 4th to December 2nd 2013. As a result, 21 different stakeholders, including international telecom hardware supply…

Click here to read more.

Guidelines for the Protection of National Critical Information Infrastructure: How Much Regulation?

Jonathan Diamond analyzes recent developments in India’s national cyber security policies.

This summer was a busy period for cyber security in India. Beginning with the release of the country’s first National Cyber Security Policy on July 2, followed shortly by a set of guidelines for the protection of national critical information infrastructure (CII) developed under the direction of the National Technical Research Organization (NTRO), India has made respectable progress in its national cyber security mentality. However, the National Cyber Security Policy, taken together with what little is known of the as-yet restricted guidelines for CII protection, raises troubling questions, particularly regarding the regulation of cyber security practices in the private sector. Whereas the current Policy suggests the imposition of certain preferential acquisition policies, India would be best advised to maintain technology neutrality to ensure maximum security.

According to Section 70(1) of the Information Technology Act, Critical Information Infrastructure (CII) is defined as a “computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.” In one of the 2008 amendments to the IT Act, the Central Government granted itself the authority to “prescribe the information security practices and procedures for such protected system[s].” These two paragraphs form the legal basis for the regulation of cyber security within the private sector.

Despite this basis, private cyber security remains almost completely unregulated. According to the Intermediary Guidelines, intermediaries are required to report cyber security incidents to India’s national-level computer emergency response team (CERT-In). Other than this relatively small stipulation, the only regulation in place for CII exists at the sector level. Last year the Reserve Bank of India mandated that…

Click here to read more.