Data localisation: A strategic weapon in cyber war
A sovereign has the right to protect its own property in its own jurisdiction and data about its own citizens or entities remains to be adjudicated by Indian laws. No bigger capitalist or profiteering organisations registered in some other jurisdictions can dictate the fate of Indian property i.e. data
By Prashant Mali, President – Cyber Law Consulting (Advocates & Attorneys)
Data is the new oil, and I believe it is the new cyber weapon too. Those whose possess, control and mine the data are the proxy rulers of cyber space. Data being localised in Indian borders gives a better control even for law enforcement agencies to gather electronic evidence without any foreign countries prejudice. Till the ECPA (Electronic Communications and Privacy Act), exists in the US, they are never going to share data with India’s law enforcement agencies. My personal interaction with a US Government attorney in Washington made me aware that they do not even expect ECPA to be amended in favour of data sharing with countries like India.
Data localisation is a topic which RBI has taken a lead and should be very well supported by the Home Ministry as it is a pure facilitator of law and order. The electronic evidence which is paramount in many financial frauds and other high value crimes often have data stores in foreign countries as the loophole is exploited by these criminals. Digital data in India was around 40,000 petabytes in 2010; it is likely to shoot up to 2.3 million petabytes by 2020, twice as fast as the global rate. If India houses all this data, it will become the second-largest investor in the data centre market and the fifth-largest data centre market by 2050.
Dominance in cyber space
When GDPR, the almost model law in data privacy across the world favours data localisation, when the very companies opposing data localisation bow to Chinese laws and open their data centres there, why are they bullying India and the Indian law? I feel this is concept of applying pressure challenges our sovereignty and is a matter of exerting dominance in cyber space.
Russian rules mandate that citizen data should be stored within its borders, Brazil Marco Civil since 2014, imposes Brazilian law on all data crossing Brazil’s borders. Germany mandates that telecom and internet service providers store data locally, Nigeria since 2013 requires all subscriber and consumer data of tech and telecom firms and government data to be located locally, while comprehensive laws are in China which not only governs personal data but all data invested in critical information infrastructure stays within China’s boundaries.
As a student of cyber warfare and international law, I would argue that Indian data is the strategic weapon in cyber warfare and localisation remains an important cyber war tactic. It is so unfortunate that lobbyist Indians have been brainwashed or promised with cuts gained from no data localisation. They forget their nationalistic responsibilities and they forget Make in India and Made In India requires Indian data in India. More data in India also brings long term jobs to Indians. This is driving data centre infrastructure spending, which could touch US$ 4.5 billion by end of 2018 and US$ 7 billion by 2020, according to real estate consultant Cushman & Wakefield’s blog on data centre growth in India.
I would appeal to those blinded with the views of western capitalist owners to holistically support data localisation in favour of India’s cyber dominance, let’s not again become a cyber colony of the western powers. Stop colonisation, support data localisation is my new slogan. In fact Gartner sees data centre hardware spend alone to be US$ 2.7 billion by 2018, India having a big pie vindicates my position. India had built up data centre infrastructure of 1.3 million square feet in 2008, expected to scale to 10.9 million sq feet by end of 2018.
I believe that the internet would balkanise and in due course countries would exert sovereignty over its cyber space as it threatens its physical space sovereignty. As of now organisations are challenging India’s own law and regulators’ regulation-making powers.
Those handful brainwashed or “sold” Indians need not bother about balkanisation, Indian networks are so huge that the world wants our users to mine data. The Almighty has given this ultimate chance to rule the cyber space with sheer size of data, let’s not lose the chance to profit mongering organisations who have no allegiance to India’s growth, sovereignty or security.