Who makes up the internet?

India’s internet penetration rate stands at ~50% ‒ one of the poorest statistics in the world. Access has long been consolidated in urban, richer locations, though it is increasing in rural India due to affordable data plans and smartphones (even then, there are concerns about whether usage is being calculated appropriately). According to a 2020 UNICEF report, only 24% of Indian households have internet connections with which they can access remote learning.

Significant rural-urban and gender divides in internet access are obvious, but there is little data on the role of caste. Generally speaking, the Indian caste system consists of four castes. In order of precedence, these are the Brahmins (priests and teachers), the Kshatriyas (rulers and soldiers), the Vaisyas (merchants and traders), and the Shudras (laborers and artisans) These make up the upper castes of the Indian caste system. A fifth category falls outside the varna system and consists of those known as “untouchables” or Dalits. One 2019 study by the CSDS found that 29% of the people in India’s Dalit communities have used social media (compared to 46% in caste-privileged communities). High usage was seen only in 8% of Dalit communities, and 9% of OBC communities. Smartphone ownership too was found to be much lower. 

“Social media usage data suggests that the social media space has always been upper-caste dominated and continues to be so.”

The internet, of course, exists beyond social media. For many, a lack of access to the internet, rooted in their social and economic marginalization, hinders their ability to work, receive an education, and survive in an increasingly digitized world. India’s BharatNet program aims to connect 250,000 gram panchayats (village level grassroots organizations that make up the local self-governance system in India) via optical fiber by 2023, but the implementation of this program has been slow. Aditi Agrawal from MediaNama writes, “1,07,260 gram panchayats are still not connected and if work continues at the pace it did in January-August 2020, the project would take 6 years and 8 months to complete.”

How can narratives about the democratizing power of the internet be considered true when massive caste-related access gaps still exist? These statistics ‒ and the ones we don’t see ‒ reiterate the fact that social dynamics don’t cease to exist on the internet. In fact, the internet becomes an extension of our physical lives right from the moment of access. 

Even where there there is access, there is inequality

This July, Dilip Mandal, an expert on media and sociology, wrote about how India’s subaltern ‒ Dalits, Adivasis, Muslims, and other backward classes ‒ have not been able to challenge oppressive powers as effectively as once thought possible. This is attributed to the replication of social hierarchies ‒ the domination of privileged castes ‒ in the digital space. The internet is widely considered to be a public sphere, a realm of politics where strangers come together to engage in the free exchange of ideas. However, Mandal rightly asserts that India’s public sphere itself is hegemonic and distorted thus resulting in a similarly distorted online realm.

Here are the key highlights from a 2019 Oxfam and Newslaundry report on the representation of people from different caste groups in Indian media:

• Of the 121 newsroom leadership positions, 106 are occupied by journalists from the upper castes and none by those belonging to the Scheduled Castes and the Scheduled Tribes. 
• Three out of every four anchors of flagship debates are upper caste. Not one is Dalit, Adivasi, or OBC. 
• For over 70% of their flagship debate shows, news channels draw the majority of the panelists from the upper castes. 
• No more than 5% of all articles in English newspapers are written by Dalits and Adivasis. Hindi newspapers fare slightly better at around 10%. 
• Over half of those writing on issues related to caste in Hindi and English newspapers are upper caste. 
• Around 72% of bylined articles on news websites are written by people from the upper castes. 
• Only 10 of the 972 articles featured on the cover pages of the 12 magazines under study are about issues related to caste.

The threat of the Internet

The internet has brought with it a new set of potential issues, including the looming threat of state surveillance, privacy concerns, and the seemingly inevitable rise of technology-enabled state power. These are novel concerns for many and their rise terrifies me, but that is partly because my privilege has shielded me from an experience of life where surveillance is the norm. This is one of the many functions of caste. These concerns are only heightened under the current hyper-nationalist government.

Surveillance is a part of the process through which the dominant castes uphold their power over the oppressed castes. Privacy is the privilege of the oppressors, as has been reiterated by many Dalit-Bahujan writers and activists.

Examples of tech’s rising role in enforcing the caste system are plenty: GPS-enabled trackers tagged on Swachh Bharat (translation: Clean India) sanitation workers, the leakage of Aadhaar numbers of scheduled caste students by the Andhra Pradesh government website and the broader concern of caste-based geolocation, the surveillance and resulting criminalization of Dalits’ rights defenders, the internet shutdown in Saharanpur after a fatal caste atrocity, COVID-related personal data leaks that reveal people’s names and caste locations and hence carry the potential for abuse, the many instances of the exploitation of personal wants, needs and identity by big tech and many more instances.

This violence and violation, alongside political harassment, hyper-nationalism and the disproportionate representation of dominant castes on the internet, are a grave cause of concern, and conversations surrounding it deserve more space in the mainstream.

Mulling on social media

Recently, as #DalitLivesMatter trended online in light of caste-based violence in Hathras and systemic oppression, I wondered whether my opinion — as a woman from a dominant caste — urgently required space on social media. My conclusion was that it didn’t. 

Caste-privileged proclamations of allyship overwhelm conversations, leverage virality, and are celebrated — despite, or perhaps due to, their mediocrity. All of what is said has already been said before by people from Dalit and Bahujan communities, and I feel acutely aware of having taken up space similarly, now and in the past. 

Our proclamations are transient and fleeting, yet we are convinced that our opinions are entitled to space. This is a function of both what Dilip Mandal called replicated social hierarchies as well as the neoliberal rooting of Instagram and the social currency it demands.

Anti-caste activism and identity

Professor Mandal said that his once-held assumption that social media will allow India’s voiceless underclass to express themselves has been proven both right and wrong. The wrong is illustrated above ‒ but the right holds immense power.

Tejas Harad, journalist and founder of The Satyashodhak, writes about the sense of community that Twitter has given Dalit youngsters, and how “social media was, finally, a platform where lower-caste individuals could come together to overcome geographic and cultural boundaries”.

Even six years ago, Sunil Gangavane, working on PUKAR’s research on caste identities on social media, spoke of how students in urban cities are more likely to seek out caste-related communities online than to talk about caste in physical spaces. 

There is the power of archiving and sharing, through platforms and blogs like RTI, Velivada, and Dalit Camera. There is art, music, community, and discourse, and the best memes on the internet. The internet has aided this process of creativity, self-empowerment, solidarity and emancipation.

While the internet is not inherently democratic, and privacy concerns are rising, it’s up to all of us ‒ technologists, researchers, allies, students, and people who love️ the internet ‒ to work collaboratively to create a healthier cyberspace that prioritizes the safety of vulnerable communities. This, especially in the Indian context, requires a critical anti-caste lens on all of the things that make up our digital realities. 

It is imperative to think about ‒ and act on ‒ how systems of oppression enter and influence this space we call home. We must remember that the internet is what we make of it ‒ it has the potential to reproduce caste dynamics, exacerbate them, or challenge them.

The post Understanding Caste in the Indian Cyberspace appeared first on Glimpse from the Globe.

Cyber warfare, defined as espionage or sabotage conducted through politically motivated hacking, has existed as long as networked devices. In 1998, US officials discovered systematic unauthorized access to sensitive data at NASA, the Department of Energy, private research labs, and the Pentagon. The DoD traced the attacks to a mainframe computer in the former Soviet Union, although Moscow to this day denies any involvement. In 2003, cyber attackers gained access to the networks of several major US defense contractors, including Lockheed Martin. The SANS Institute, a US security company, determined two years later that the attacks were “most likely the result of Chinese military hackers attempting to gather information on U.S. systems.” In the decade since these two milestone incidents, known by their codenames Moonlight Maze and Titan Rain, networked systems have experienced order-of-magnitude growth. Over 80,000 pieces of malware are reported daily in the United States. Despite the best efforts of financial institutions and large corporations, defending against cyber warfare has never been so difficult.

Recent events have revealed that cyber attacks can come from various sources, including national governments, militaries, organized crime, or individuals. In March 2014, a group of unknown hackers installed a malicious piece of software in Target’s security and payments system designed to siphon customer to a remote server. Over the course of two weeks, the hackers obtained 40 million credit card numbers and 70 million addresses, phone numbers, and other pieces of personal information that Target had been trusted by its customers to protect. Just a few days later, the tech world was rocked by the discovery of the Heartbleed Bug, an accidental mistake in the coding of the OpenSSL cryptography library – part of the backbone of the Internet. In this case, a concerned citizen reported the vulnerability; had it been exploited, an attacker could theoretically have decrypted the web traffic on 20% of the world’s servers.

If cybersecurity was not in the national spotlight already, then these two events certainly pushed it in. The Pew Research Center reported that 39% of Internet users surveyed either changed at least one account password or shut down at least one online account to protect personal data as a result of Heartbleed media coverage.

The private sector was similarly quick to respond. On May 9, General Electric (GE) announced its acquisition of the privately held company Wurldtech, a Vancouver-based leader in cybersecurity solutions for oil refineries and power grids. On May 14, Gap, JC Penney, Lowe’s, Nike, Safeway, and Walgreen’s partnered with a large group of other retailers (including Target) to launch the Retail Industry Leaders Association (RILA), an independent organization combining the cybersecurity efforts of private retailers with those of the Department of Homeland Security. Finally, private firms funded this year’s United States Cybercrime Conference – an annual gathering of hundreds of private-sector administrators and CISOs (Chief Information Security Officers) – instead of the DoD as is typical.

There is little argument in Washington with the opinion that the government must now protect public infrastructure and sensitive national data at all cost. Homeland Security, in its 2013 year-end report, stated that it responded to 256 cyber invasion incidents last year, 151 of which occurred in the energy sector.(2) The thought of hackers compromising energy grids, or troop configurations and weapon designs falling into the hands of a foreign military, is chilling. A repeat of Moonlight Maze or Titan Rain in 2014 could compromise America’s position in a number of domestic and international affairs.

But the rapid emergence of cyber threats elicits two difficult questions. One, what should be the role of the government in protecting private sector institutions against cyber attacks? Two, how will voters and policymakers balance the need for cybersecurity with their desire for online privacy?

In a 2009 speech, President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.” He commissioned a comprehensive review (entitled “Cyberspace Policy Review”) of the US government’s ability to defend information and communication infrastructure. The resulting report outlined a ten-point plan designed to accomplish two objectives: improving US resilience to cyber incidents and reducing the general threat of cyber attacks. The ten-point plan, like the two objectives it was supposed to accomplish, was vague and largely procedural. Its scope was limited to the appointment of officials, the creation of preparedness plans, the promotion of national awareness, and the creation of new international relationships.

In February 2013, the President urged Congress to pass a more comprehensive and action-oriented plan named the Cyber Intelligence Sharing and Protection Act (CISPA). CISPA’s aim is to help the US government investigate cyber threats and ensure the security of networks against attacks. Introduced in 2012, the bill has twice passed the House and twice failed to pass the Senate due to concerns over a lack of civil liberties safeguards. Dozens of Internet privacy activist organizations have decried the bill for its failure to provide specificity on when and how the government can monitor an individual’s browsing history. Ron Paul (R-TX) labeled the bill “Big Brother writ large.”

Recent reports from Capitol Hill suggest that Intelligence Committee Chair Dianne Feinstein (D-CA) and Ranking Member Saxby Chambliss (R-GA) have drafted a new piece of cybersecurity legislation currently being circulated for comment. Yet, the stated aim of the bill sounds too similar to that of CISPA to have a chance of passing the Senate. The new bill’s goal is reportedly to “allow companies to monitor their computer networks for cyber attacks, promote sharing of cyber threat information, and provide liability protection for companies who share that information.”

Two new proposals have also been introduced in the Senate. The first, proposed by John Thune (R-SD), would allow the Federal Trade Commission to punish companies retroactively for failing to adopt “reasonable” data security practices and would preserve Congress’s authority to determine what those security practices should be. The second, proposed by Jay Rockefeller (D-WV), would give the Federal Trade Commission (FTC) legislative authority to set cybersecurity standards, removing Congress’s authority altogether.

Given the rapidly increasing threat that cyber attacks pose and Congress’s relative lack of cybersecurity knowledge compared to the FTC, Rockefeller’s plan seems more reasonable. But the past history of the Senate’s concern for privacy indicates that neither bill will garner enough votes to pass.

The unfortunate reality for cybersecurity policy is that online security is simply not a top priority for enough Americans. Edward Snowden’s unauthorized disclosure of the PRISM program profoundly altered the public psyche toward online privacy, creating a largely irrational belief among many technology users that the government should not have a right to ensure maximum cyberspace security with their personal data. In CISPA’s case, people seem to value the privacy of their Internet browsing histories alone over the reduction of imminent cyber threats. Given Washington’s inability to pass legislation promoting cooperation between the private sector and the government, and that its chief responsibility is to ensure the security of nationwide systems and government facilities, individual companies are beginning to realize that the security of private sector networks is their prerogative alone.

Evidence suggests that the private sector is up to the task. In April, the National Retail Federation, a trade association comprising both independent and chain retailers, established the Information Sharing and Analysis Center, which links the threat data of all member retailers and shares anonymized data with the US government. The steps of GE in protecting its infrastructure through the acquisition of Wurldtech will bolster private sector confidence in the value of cybersecurity and will dispel fear that the return on investment of protecting critical information is outweighed by its cost.

In the coming years, companies will need to focus their efforts in these areas:

1. Transitioning the chief objective of cybersecurity from preventing attacks to reacting quickly and determining their source. Given the difficulty of predicting hacker behavior and the inevitability of eventual breaches, companies must develop robust internal programs that can destroy cyber attacks before they do damage. Target’s shortcoming was not its failure to prevent a breach, but rather its failure to act swiftly once it diagnosed the problem. The post-mortem investigation showed that Target’s systems set off unmistakable red flags, yet officials waited several days before acting on the information. Had they responded immediately, the stolen data would never have made it to the hacker’s servers.

2. Holding third-party providers to a higher standard. Most major company data breaches come through third-party service providers rather than through the company’s infrastructure. Data security is inconsistent across platforms and industries, and companies need to subject all of their partners and contractors to rigorous stress tests to ensure that attackers have no easy entry points.

3. Building stronger relationships with the government and the police so that attackers can be prosecuted. Regardless of what legislation is passed in Congress, the government’s role in cybersecurity should include, at a minimum, the vigilant pursuit of known cyber marauders.

While the burden may seem to fall hard on private sector companies today, the government will eventually pass definitive and meaningful legislation. The political climate toward national cybersecurity is simply too charged for a bill not to pass at some point in the next few years. The Pentagon’s annual reports to Congress have become increasingly direct in their condemnations of national militaries and governments. The 2012 report openly accused both the Chinese government and the People’s Liberation Army of propagating cyber attacks against the United States in deliberate attempt to “gain strategic advantage.” The government is aware of the grave threat posed by cyber attackers; it now needs to match its rhetoric with legislation and action. Although largely symbolic, the Justice Department’s May 19 indictment of five members of the Chinese People’s Liberation Army for hacking into US networks was a step in the right direction. The hackers allegedly compromised the networks of Westinghouse Electric, the US Steel Corporation, and several other private companies. Attorney General Eric Holder Jr. stated that these actions crossed the line because the government commissioned covert actions for the purpose of gaining a commercial advantage, not for advancing national security.²²

Nonetheless, it is not and should never be the government’s responsibility to ensure the full security of private sector networks. For the sake of both national security and auxiliary benefits to individual companies – such as liability protection after security breaches in exchange for sharing data with the government – Washington should still attempt to pass legislation that will improve cooperation between the private and public sectors. Perhaps the upcoming midterm elections will yield a Congress more appropriately focused on pushing a cybersecurity bill into law. If the Senate, as well as the American public, can realize the relative importance of national cyber attack preparedness over the disclosure of personal user data to the government, then US cybersecurity strategy may have a promising near-term future.

The views expressed by the author do not necessarily reflect those of the Glimpse from the Globe staff and editorial board.

Update 8/13/2014: Citations format updated

The post Defense in the Information Age appeared first on Glimpse from the Globe.