Internet Governance Main

Since last year, digital platforms have been actively making the headlines in various countries for different acquisitions, raising questions around the anti-competitive nature of their behaviour. In the US, about 46 states filed an antitrust case against Facebook along with the Federal Trade Commission in December 2020, accusing them of buying out rivals such as WhatsApp, Instagram etc[1]. Recently, the US supreme court overturned the case by 46, stating it to be tardy and FTC’s case to be “legally insufficient”[2].  However,  one of the solutions proposed for this problem by various experts and politicians is to break up Facebook[3].

Influential people such as Vijay Shekhar Sharma (CEO, Paytm) in India argued similarly when Whatsapp updated its privacy policy to share data with Facebook. They suggested that the movement of users towards Signal could break Facebook's monopoly[4]. While it is conceivable that breaking up a platform or seeking an alternative for them will bring an end to their monopoly, well, in reality, is it so? This post will try to answer this question. In section 1, I discuss the importance of interoperability and portability amongst the messaging platforms for tackling monopoly, which, in turn, helps in enhancing user outcomes such as user choice and privacy. Section 2 discusses the enablers, legislative reimagining, and structural changes required in terms of technology to enable interoperability and portability amongst the messaging platforms. In section 3, I discuss the cost structure and profitability of a proposed message gateway entity, followed by the conclusion. 

1. Introduction

In the case of the platform economy, the formation of a monopoly is inevitable, especially in messaging platforms, because of (a) network effects and (b) lack of interoperability and portability between messaging platforms[5]. As the network effect gets vigorous, more users get locked into a single messaging platform leading toward a lack of user choice (in terms of switching platforms) and privacy concerns (as the messaging platforms get more significant, it poses a high risk in terms of data breaches, third-party data sharing etc.). For instance, as a WhatsApp user, it is difficult for me to switch towards any other messaging platforms as my friends, family and business/work still operate on WhatsApp. Messaging platforms  also use the network effect towards their favour (a) by increasing the switching cost (b) by creating a high barrier to entry within the market[6].   

If there was interoperability between the messaging platforms, I could choose between the platforms freely- thereby negating some of the aforementioned limitations. Therefore, to create a competitive environment amongst messaging platforms to enhance user choice and privacy, it is crucial to have an interoperability and portability framework. To deploy interoperability and portability, it is imperative to have coordination among platforms while still competing for individual market share[7]. Interoperability and portability will also bring in healthy competition, as platforms will be nudged to explore alternative value propositions to remain competitive in the market[8]. One of the outcomes of this could be better consumer protection through innovation of privacy safeguards, etc. In addition to this, interoperability and portability could enable a low barrier to entry (through breaking the network effect), which could, in turn, increase online messaging penetration in untapped geographies as more messaging platforms emerge in the market.

There are two kinds of interoperability, vertical interoperability – i.e., interoperability of services across complementary platforms and horizontal interoperability – i.e., interoperability of services between competing platforms. While vertical interoperability exists in the form of the cloud system, multiple system login, etc., horizontal interoperability is yet to experiment at the market level. Nonetheless, realising the competition concerns in the digital platforms’ market, the European Union (European Electronic Communications Code[9], Digital Service Act etc[10].), the US (Stigler Committee Report[11]) and the UK Competition and Markets Authority[12] are mulling a move towards interoperability amongst the digital platforms. Furthermore, Facebook has already commissioned its efforts towards horizontal interoperability[13] amongst its messaging platforms, i.e., Messenger, WhatsApp and Instagram direct messages. This again adds to the competition concerns, as one platform uses interoperability towards its favour.

Besides, one of the bottlenecks towards enabling horizontal interoperability is the lack of technical interoperability – i.e., the ability to accept or transfer data, perform a task etc., across platforms. In the case of messaging platforms, lack of technical interoperability is caused due to the presence of different kinds of messaging platforms operating with different technical procedures. Therefore, to have effective horizontal interoperability and portability, it is crucial to streamline technical procedures and have guidelines which will enable technical interoperability. In the following section, I discuss the enablers, legislative reimagining, and structural changes required in terms of technology to enable interoperability and portability amongst the messaging platforms.

2. Message Gateway Entity

2.1. Formation of Message Gateway Entity to Enable Interoperability

To drive efficacious interoperability, it is imperative to form message gateway entities as for-profits that are regulated by a regulator (either an existing one such as TRAI or a newly established one). The three key functions of message gateway entities should be: (a) Maintain standard format for messaging prescribed by a standard-setting council, (b) Provide responsive user message delivery system to messaging platforms, (c) Deliver messages from one messaging platform to another seamlessly in real-time. There have to be multiple message gateway entities to enable competition, which will bring out more innovations, penetration, and effectiveness. Besides, it is prudent to have private players as message gateway entities as government-led message gateway entities for interoperability will not be fruitful as there will be a question of efficacy. Also, this might, in a way, bring the tender style business, which is problematic as the government could have a say in how and who it will provide its service (gatekeeping). However, the government has to set it up by itself only if it is a public good (missing markets) which might not be the case in message gateway entities.

Messaging platforms should be mandated through legislation/executive order to be a member of at least one of the message gateway entities to provide interoperability benefits to its users. Simultaneously, messaging platforms can also handle internal message delivery - User A to User B within the platform - amongst themselves.

While message gateway entities will enable interoperability between messaging platforms, it is crucial to have interoperability among themselves to compete in the market. For instance, a user from messaging platform under gateway A should be able to send messages to a user of a messaging platform under gateway B. Perhaps as we enable competition amongst the message gateways entities, the enrollment price will also become commensurate and affordable for small and new messaging platforms. In addition to this, to increase interoperability, message gateway entities should develop various awareness programs at the user level.

 Further, the regulatory guidelines for message gateway entities (governed by the regulator) must be uniform, with leeway for gateways to innovate technology to attract messaging platforms. Borrowing some of the facets from the various existing legislations, the below suggested aspects should advise the uniform guidelines,

• End-to-end encryption: As part of the uniform guidelines, message gateway entities should be mandated to enable end-end encryption for message delivery. In contrast, the recent Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021[14] tries to break the end-end encryption by mandating significant social media intermediaries to identify the first originator of a particular message (part II section 4 rule 2) sought through an order. As this mandate impinges upon user privacy and free speech, the Indian government should revise this rule to keep end-to-end encryption intact. Besides, WhatsApp (a significant social media intermediary) has moved to Delhi High Court to block the implementation of the rules, which came into force on May 27th, 2021[15]. Also, Rule 4(2) of IT Rules 2021 contradicts provisions of the PDP Bill 2019 such as privacy by design[16] (Section 22) and the right to be forgotten (Section 20).
  
  

• Neutrality: The guidelines should have a strict rule for enforcing non-discrimination (similar to the Indian Government's 2018 net neutrality principles[17]) in delivering messages by message gateway entities. Discrimination against both messaging platforms and other message gateway entities has to be scrutinised. In addition to that, to hold message gateway entities accountable, the guidelines should mandate monthly disclosure of information (at the messaging platform level with information on which gateway entity they are routed through) on message deliveries and failures in a prescribed user-friendly format to the public.
  
  

• Standard Format Setting: As various messaging platforms follow different formats for providing messaging services, to have seamless interoperability, message gateway entities must adhere to a standard format, which is compatible with formats followed within the market. This standard format has to keep up with technological evolution in this space and to be formulated by an independent standard-setting council (through stakeholder consultation) commissioned by the regulator. The maintenance of this standard format falls into the ambit of message gateway entities and should be governed by the regulator.
  
  

•  Uniform identification information: As the users of messaging platforms identify other users through various means, for instance, on WhatsApp, we use the telephone number, whereas, on Instagram, we use profile name; thus, the unique identification information (UII) of a user (which can be something existing like a phone number or a new dedicated identification number) has to be standardised. Message gateway entities should facilitate messaging platforms with this process, and the generation of UII should be seamless for the user. Besides, a user's unique identification information has to be an additional way to search for other users within a messaging platform and would be crucial for messaging across platforms.
  
  

• Consumer choice: While interoperability should be a default option for all the users, there has to be a user-friendly way of opt-out for the user who wishes to compartmentalise different kinds of messages depending upon the platform used. The unique identification information (in case of a new dedicated number) of a user who had opted out must be ceased to avoid misuse.One of the major reasons users opt-out of interoperability services could be to keep various digital public spheres (personal, leisure, professional, etc.) distant. To tackle this dilemma of the users, the messaging platforms should enable options such as (a) the optional notification for cross-platform messages with the snooze option, so that the user can decide if she wants the cross-platform message to hit the enrolled messaging platform at the given time. (b) The messaging platform should enable the “opt-out from messaging platform” setting for the users to disable messages from a list of platforms. Besides, users might choose to opt-out due to lack of trust. This has to be tackled by both the message gateway entities by creating awareness amongst the users on their rights and messaging platforms by providing a user-friendly privacy policy.
  
  

• ​​Data Protection: As the emergence of message gateway entities creates new data flow, this new flow of data has to take a data minimisation approach. Message gateway entities should be recognised as the data processor (one who processes data for data fiduciary, i.e., messaging platforms). They should adhere to the upcoming Personal Data Protection regime[18] to protect the data principals' personal data and collect personal data as per the proportionality principle. Message gateway entities should not collect any non-personal data or process any form of data to infer the behavioural traits of the data principals or messaging platforms. In addition to this, the name of the message gateway entity enrolled by the messaging platform, data collected and processed by the message gateway entity should be disclosed to the data principals through the messaging platform’s privacy policy.
  
  

• Licensing: There should be a certain level of restriction on licensing to create a level playing field. Applicants for message gateway entities should not have an economic interest in any messaging platforms or social media intermediaries. Applicants have to ensure that the delivery failure of the messages should be at the level of 2% to 1%. Besides, to ensure low levels of delivery failure, data protection compliance and to check other requirements, message gateway entities have to go through technical and regulatory sandbox testing before issuing a license.
  
  

• Consumer Protection: Users should be given a choice to block another user (using unique identification information) for various reasons such as personal, non-personal, phishing etc. After a stipulated number of blocking by multiple users, the suspected user should be denied access (temporarily or permanently according to the reasons) to message gateway entities. Before denying access, the message gateway entities should indicate the messaging platforms to notify the user. There has to be a robust grievance redressal mechanism for users and messaging platforms to raise their complaints regarding blocking, data protection, phishing etc. Besides, unique identification information has to be leveraged to prevent bot accounts and imposters. In addition to this, message gateway entities should be compatible with measures taken by messaging platforms to prevent the spread of disinformation and misinformation (such as restrictions on the number of recipients for forward messages).

The figure below showcases the use case of the message exchange with the introduction of message gateway entities.

Source: Author’s own illustration of the process of interoperability

2.2. Portability Feature to Compliment Interoperability

In the case of messaging platforms, when we talk about portability, it is essential to differentiate it into two: (a) portability of the unique identification information of the user from one platform to other seamlessly (b) portability of the user data from one platform to other followed by the portability of unique identification information. As the generation of unique identification information is facilitated by the message gateway entities, the portability of the same has to be done by the respective messaging gateway entity. Adopting some features of process and protocols from Mobile Number Portability[19] mandated by the Telecom Regulatory Authority of India, standard-setting council for messaging gateway entities (discussed above) should streamline the unique identification information portability process across messaging gateway entities.

Followed by the unique identification information porting, the message gateway entities should trigger a notification to the messaging platform (on behalf of the user) to transfer user data towards the requested platform. As mentioned in chapter V, section 19(1)(b) of The Personal Data Protection Bill, 2019, messaging platforms should transfer the user data towards the platform notified by the message gateway entity in the suggested or compatible format.

Globally since the emergence of the General Data Protection Regulation (GDPR) and other legislation that mandates data portability, platforms have launched the Data Transfer Project (DTP)[20] in 2018 to create a uniform format to port data. There are three components to the DTP, of which two are crucial, i.e., Data models and Company Specific Adapter. A Data Model is a set of common formats established through legislation to enable portability; in the case of messaging platforms, the standard-setting council can come up with the Data Model.

Under Company Specific Adapter, there are Data Adapters and Authentication Adapters. The Data Adapter converts the exporter platform’s data format into the Data Model and then into the importer platform’s data format. The Authentication Adapter enables users to provide consent for the data transfer. While Company Specific Adapters under DTP are broadly for digital platforms, adopting the same framework, message gateway entities can act as both a Data Adapter and as an Authentication Adapter to enable user data portability amongst the messaging platforms. Message gateway entities can help enrolled messaging platforms in format conversion for data portability and support users' authentication process using the unique identification information. Besides, as messaging gateway entities are already uniform and interoperable, cross transfer across message gateway entities can also be made possible.

3. Profitability of Message Gateway Entities

As the message gateway entities would operate as for-profits, they may cost the messaging platform one-time enrolment fees for membership through which the member (messaging platform) can avail interoperability and portability services. The enrolment fees should be a capital cost that compensates the messaging gateway entities for enabling technical interoperability. In addition to this, message gateway entities may levy minimal yearly fees to maintain the system, customer (messaging platforms) service and grievances portal (for both users and messaging platforms). Besides, in terms of update (as per new standards) or upgradation of the system, message gateway entities may charge an additional fee to the member messaging platforms.

On the other hand, messaging platforms don’t charge[21] a monetary fee for the service because the marginal cost of providing the service is near zero, while they incur only fixed cost. Besides, nothing is free in the platform economy as we pay the messaging platforms in the form of our personal and non-personal (behavioural) data, which they sell to advertisers[22]. 

Therefore, messaging platforms have to consider the fee paid to the message gateway entities as part of their fixed cost such that they continue not to charge (monetary) users for the service as the cost-per-user would still be very low. Besides, messaging platforms also have economic incentives in providing interoperability as it could reduce multi-homing (i.e., when some users join or use multiple platforms simultaneously).

4. Conclusion

While breaking up Facebook and other bigger social media or messaging platforms could bring a level playing field, this process could consume a large portion of resources and time. Irrespective of a breakup, in the absence of interoperability and portability, the network effect will favour few platforms due to high switching cost, which leads to a high entry barrier.

When we text users using Short Message Service (SMS), we don't think about which carrier the recipient uses. Likewise, messaging across messaging platforms should be platform-neutral by adopting interoperability and portability features. Besides, interoperability and portability will also bring healthy competition, which would act as a lever to enhance user choice and privacy.

This also opens up questions for future research on the demand-side. We need to explore the causal effect of interoperability and portability on users to understand whether they will switch platforms when provided with port and interoperate options.

This article has been edited by Arindrajit Basu, Pallavi Bedi, Vipul Kharbanda and Aman Nair.  

The author is a tech policy enthusiast. He is currently pursuing PGP in Public Policy from the Takshashila Institution. Views are personal and do not represent any organisations. The author can be reached at [email protected]

 Footnotes

[1] Rodrigo, C. M., & Klar, R. (2020). 46 states and FTC file antitrust lawsuits against Facebook. Retrieved from The Hill: https://thehill.com/policy/technology/529504-state-ags-ftc-sue-facebook-alleging-anti-competitive-practices

[2] Is Facebook a monopolist? (2021). Retrieved from The Economist:https://www.economist.com/business/2021/07/03/is-facebook-a-monopolist

[3] Hughes, C. (2019). It’s Time to Break Up Facebook. Retrieved from The New York Times: https://www.nytimes.com/2019/05/09/opinion/sunday/chris-hughes-facebook-zuckerberg.html

[4] Shekar, K. (2021). An Elephant in the Room – Recent Case of WhatsApp Fallout Amongst Indian Users. Retrieved from Takshashila Institution: https://takshashila.org.in/an-elephant-in-the-room-recent-case-of-whatsapp-fallout-amongst-indian-users/

[5] Manur, A. (2018). How to Regulate Internet Platforms Without Breaking them . Retrieved from AsiaGlobal Online: https://www.asiaglobalonline.hku.hk/regulate-internet-platforms-antitrust-competition/

[6] Ibid

[7] Nègre, A. (2021). How Can Funders Promote Interoperable Payments? Retrieved from CGAP Blog: https://www.cgap.org/blog/how-can-funders-promote-interoperable-payments;

Cook, W. (2017). Rules of the Road: Interoperability and Governance. Retrieved from CGAP Blog: https://www.cgap.org/blog/rules-road-interoperability-and-governance

[8] Punjabi, A., & Ojha, S. (n.d.). PPI Interoperability: A roadmap to seamless payments infrastructure. Retrieved from PWC: https://www.pwc.in/consulting/financial-services/fintech/payments/ppi-interoperability.html

[9] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a Single Market For Digital Services (Digital Services Act) . (n.d.). Retrieved from European Union: https://eur-lex.europa.eu/legal-content/en/TXT/?qid=1608117147218&uri=COM%3A2020%3A825%3AFIN

[10] European Electronic Communications Code (EECC). (n.d.). Retrieved from https://www.gov.ie/en/publication/339a9-european-electronic-communications-code-eecc/

[11] Stigler Center News Stigler Committee on Digital Platforms: Final Report. (n.d.). Retrieved from Chicago Booth: https://www.chicagobooth.edu/research/stigler/news-and-media/committee-on-digital-platforms-final-report

[12] Brown, I. (n.d.). Interoperability as a tool for competition regulation. CyberBRICS.

[13] Facebook is hard at work to merge its family of messaging apps: Zuckerberg. (2020). Retrieved from Business Standard: https://www.business-standard.com/article/companies/facebook-is-hard-at-work-to-merge-its-family-of-messaging-apps-zuckerberg-120103000470_1.html

[14]Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021. (n.d.). Retrieved from: https://www.meity.gov.in/writereaddata/files/Intermediary_Guidelines_and_Digital_Media_Ethics_Code_Rules-2021.pdf

[15] Menn, Joseph. 2021. "WhatsApp sues Indian government over new privacy rules - sources." Reuters. Retrieved from: https://www.reuters.com/world/india/exclusive-whatsapp-sues-india-govt-says-new-media-rules-mean-end-privacy-sources-2021-05-26/

[16] Raghavan, M. (2021). India’s New Intermediary & Digital Media Rules: Expanding the Boundaries of Executive Power in Digital Regulation. Retrieved from Future of Privacy Forum:https://fpf.org/blog/indias-new-intermediary-digital-media-rules-expanding-the-boundaries-of-executive-power-in-digital-regulation/

[17]Net Neutrality. (n.d.). Retrieved from Department of Telecommunications: https://dot.gov.in/net-neutrality;

Parsheera, S. (n.d.). Net Neutrality In India: From Rules To Enforcement. Retrieved from Medianama: https://www.medianama.com/2020/05/223-net-neutrality-india-rules-enforcement/

[18]The Personal Data Protection Bill, 2019. (n.d.). Retrieved from: http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf

[19] Consultation Paper on Review of Interconnection Usage Charges, 2019. TRAI.

Mobile Number Portability. (n.d.). Retrieved from TRAI: https://www.trai.gov.in/faqcategory/mobile-number-portability

[20] Data Transfer Project. (2018). Retrieved from https://datatransferproject.dev

[21] Aulakh, G. (n.d.). How messaging apps like WhatsApp, WeChat can make money while offering free texting and calling. Retrieved from Economic Times: https://economictimes.indiatimes.com/tech/software/how-messaging-apps-like-whatsapp-wechat-can-make-money-while-offering-free-texting-and-calling/articleshow/62666227.cms

[22] (2019). Report of the Competition Law Review Committee. Ministry of Corporate Affairs.

Bibliography

1. Master Direction on Issuance and Operation of Prepaid Payment Instruments. (n.d.). Retrieved from Reserve Bank of India: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11142
2. Privacy Without Monopoly: Data Protection and Interoperability. (2021). Retrieved from Electronic Frontier Foundation: https://www.eff.org/wp/interoperability-and-privacy
3. Sullivan, M. (2021). How interoperability could end Facebook’s death grip on social media. Retrieved from Fast Company: https://www.fastcompany.com/90609208/social-networking-interoperability-facebook-antitrust
4. Tinworth, A. (n.d.). Why Messenger Interoperability is a digital canary in the coal mine. Retrieved from NEXT: https://nextconf.eu/2019/06/why-messenger-interoperability-is-a-digital-canary-in-the-coal-mine/#gref

This submission is a response by the researchers at CIS to the report “National Strategy on Blockchain” prepared by Ministry of Electronics and Information Technology (MEITY) under the Government of India. 

We have put forward the following comments based on our analysis of the report.

1. General Comments on the National Strategy

1. There are currently a number of reports and policies on blockchain use across  departments, ministries and even states. The absence of a harmonised blockchain policy across all departments and institutions of government must be fixed. 

2. There are inherent dangers with viewing blockchain as a silver bullet solution.  

3. Informational concerns with blockchain are existent and policies must be designed to reflect these concerns and minimise their occurrences. 

2. Section Specific Comments 

1. Section 6.1 - There is a need for greater decentralisation and a shift away from a solely government operated blockchain 

2. Section 6.2: 

• The legality of blockchain also faces the hurdle of smart contracts 

• The RBI decision to halt the use of cryptocurrencies was struck down by the Supreme Court 

• The right to be forgotten exists as an extension of the right to privacy as well 

3. Section 7 - There is a need for greater detail and granularity in the report’s analysis and in the suggestions and recommendations that it makes. 

Speaking on the status of 5g in India at a virtual summit, Niti Aayog CEO Amitabh Kant noted the country is set to go all out in its adoption, but that there exist security concerns with the technology. He also pointed out that India is yet to make a decision on the participation of Chinese telecom companies in its 5g infrastructure. In many ways, this has been the story of 5g adoption globally. Governments see the potential of 5g to usher in a new era of prosperity and development but are wary of the risks it poses. Central to these risks is the fear of espionage conducted by Chinese corporations like Huawei and ZTE that are the major suppliers of the components required for 5g networks. These concerns have resulted in a multitude of sanctions being levied against Chinese telecom corporations by Western nations. Whether that be through the United States citing cybersecurity concerns while issuing an executive order effectively banning Chinese companies Huawei and ZTE  from participating in their 5g telecom network. Or UK Prime Minister Boris Johnson laying out a 2027 deadline for removal of all Huawei equipment from UK networks.

Closer to home, 2020 has already seen a severe deterioration in Sino-Indian relations following cross border firing at the Glawan valley. The Indian government has deployed a number of cyber related sanctions against China in retaliation for the military clashes between the States - such as the banning of a number of Chinese apps, including TikTok. Despite these sanctions being levied against China, one area where no action has yet been taken is Chinese companies’ participation in India’s 5g infrastructure. As of writing, Chinese telecom companies are still permitted to undertake testing of 5g within India. However in light of the strained relationship between the two countries, as well as the security concerns now identified by other States, a scenario where Chinese companies are banned from India’s telecom networks in the future is plausible - if not highly likely.

The possibility of such a scenario raises a number of questions. How would such a ban on Chinese participation in 5g affect India domestically? Would banning Chinese telecom companies be enough to solve India’s 5g security concerns? And if not how can India develop a strategy to ensure that consumers have fair access to secure 5g networks?

Why have Chinese vendors been banned in other countries?

The primary concern from the West relates to Huawei’s proximity to the Chinese Government. Chinese legislation requiring Chinese companies to assist the State in matters of national intelligence are seen as obvious threats by the US and its allies in a situation wherein trust is hard to come by. While Huawei has stated that it would not cooperate with China in any form of geopolitical espionage, this has done little to quell suspicion. 

What does banning Chinese companies mean for Indian consumers?

As of right now, not much really. 5g is at an incredibly nascent stage and its adoption in India is estimated to be a few years away at the earliest, with no clear deadline on when some of the 5g spectrum will be auctioned off in India. Moreover, Chinese companies are as of now permitted to undertake 5g testing in the country.

However, in a hypothetical situation where these companies are banned, the effects will be seen in a few years time. The most obvious impact is that a ban for Chinese providers will result in a less competitive market consisting of fewer actors. Developing 5g in India is incredibly expensive for three reasons. Firstly, is the cost associated with upgrading infrastructure to that which is compatible and optimized for 5g. Secondly, India has the highest cost (reserve price) for purchasing spectrum in the world. Thirdly is existing debt among telecom companies. The costs involved in developing 5g to these companies, therefore, far outweighs the benefits. This problem will only be compounded by banning Chinese companies in the space, who are seen to operate cheaper than their European counterparts. Such a ban could therefore further delay 5g’s adoption in India by a significant amount of time.

Moreover, given the security concerns, the government could proceed with favouring Indian only companies within the sector.  With Reliance now claiming to have developed its own 5g technology within India it could result in a situation wherein it becomes the primary, or even sole, provider for 5g infrastructure in India. Any such corporate monopoly over such critical infrastructure would undoubtedly harm domestic consumers. 

Does banning Chinese companies solve India’s security concerns relating to 5g?

Despite all of the potential negative repercussions, the argument to exclude a hostile nation from potentially having access into Indian infrastructure is a persuasive one. Citizens data privacy and national security have to be prioritised over any marginal economic gains that may result from allowing Chinese corporations to be involved in 5g infrastructure. And it's feasible that the negative side effects regarding the rise of a domestic monopoly can be handled by effective State regulation. But this leaves us with the question, is banning Chinese companies all that the government has to do to ensure 5g is implemented securely?

Not really. Limiting the involvement of Chinese companies will undoubtedly remove certain threats of espionage, but this is far from the only concern with 5g. While 5g has made certain improvements in security when compared to 4g, it is far from unbreakable. Firstly, initial rollouts of 5g are expected to be done on top of existing cellular networks so as to avoid new infrastructure costs.  This interoperation of 5g with existing 4g (and in some cases 3g) networks will result in early 5g being subject to the same exploits that 4g is. 

Secondly, 5g presents a risk due to the additional avenues through which it can be attacked. 5gs software based routing system and its connection to a wide amount of traffic points through the internet of things (IOT) would create more points of potential vulnerability that can be exploited. Finally, the globally accepted standards of 5g themselves allow companies the discretion to implement them in a more lenient manner. This includes making optional the use of certain cypher algorithms that look to protect user integrity. So it would come as no surprise that companies motivated by the profit motive would in the future look to cut these corners, making the network less secure.

All of this comes together to mean one thing: no matter how many Chinese companies India excludes from its 5g infrastructure, it will never be absolutely secure. Moreover, needing such formalised access through a company has never been a prerequisite for a State to target another through a cyber attack. Cyber attacks perpetrated by external actors outside of companies or States have existed in the past and will continue to exist in the future. Now that isn’t to say that the government should include Chinese corporations in 5g - the concerns over espionage make it clear that they shouldn’t be involved. What it does say, however, is that this has to be one step in a larger 5g strategy that would look to ensure implementation while maintaining security.

 India’s 5g strategy

In order for 5g’s implementation in India to be successful it has to fulfil two criteria - it must be secure and it must generally be in the economic interest of the consumer. Both of these criteria can be met with a mixture of legislative and strategic decisions.

On the side of security, the most obvious step that can be taken would be to prevent the participation of those companies that are either primarily based in a hostile State or that can be significantly compromised through foreign legislation - such as Huawei and ZTE. In terms of legislative actions, the government must aim to address the security concerns regarding 5g as part of a dedicated cybersecurity law. Such a cybersecurity law must ensure that telecom companies are tasked with a duty of care to ensure cybersecurity and privacy of user data. This would compel companies working on 5g to ensure that they meet the highest threshold of security standards when implementing their networks. Such a law can also lay down strict requirements and standards of data encryptions that can serve to minimise damage in cases wherein a 5g system is compromised.

On the economic side, the government must view 5g as a form of critical infrastructure. If we are to believe the vision of a future wherein 5g is a necessity then the State must take steps to ensure its widespread availability to all sections of society by limiting its cost. Private participation in this sector must therefore be appropriately regulated keeping this goal in mind. Given the reduction in market actors for security reasons, there must be strict enforcement of competition laws to prevent domestic telecom providers from forming monopolies or cartels and setting exorbitant prices. One other way to reduce costs would be for the State to ensure that gaps in 5g supply chains are properly dealt with so as to reduce dependence on foreign States’ for components. Beyond these measures, consumers must also be educated so as to be able to make better informed decisions regarding their 5g access and have recourse to efficient grievance redressal mechanisms.

Ultimately if India is to ensure that 5g is implemented in a manner that is both safe and fair, it must look to balance out security and consumer benefit. And while banning Chinese corporations would make the system more secure, such an action would mean little without a series of additional steps to handle other security concerns with 5g while ensuring that Indian consumers don’t miss out.