Ccg-Nlud-Technology-And-National

CENTRE FOR COMMUNICATION GOVERNANCE AT NATIONAL LAW UNIVERSITY DELHI

TECHNOLOGY AND NATIONAL SECURITY LAW AND POLICY

SEMINAR COURSE (FEBRUARY - JUNE 2020)

B.A. LL.B. (HONS.) PROGRAMME

NATIONAL LAW UNIVERSITY DELHI

Course Facilitator Gunjan Chawla Programme Manager, Technology and National Security, Centre for Communication Governance at National Law University Delhi; email: [email protected]

ABOUT THE COURSE

Given the rapidly evolving landscape of international security issues and the challenges and opportunities presented by new and emerging technologies, Indian lawyers and policymakers need to acquire the capacity to engage effectively with national security law and policy. However, curricula in Indian law schools do not engage adequately with issues of national security. National security threats, balance of power, issues of secrecy and political accountability, terrorism and surveillance laws tend to be discussed in a piece-meal manner within various courses or electives.

To fill this knowledge gap within the legal community, the Centre for Communication Governance at National Law University Delhi (CCG-NLU) is offering this seminar course to fourth and fifth-year students of the B.A. LL.B. (Hons.) Programme.

The course will explore interdisciplinary approaches in the study of national security law and policy, with a particular focus on issues in cybersecurity and cyberwarfare. Through this course curriculum, we aim to (1) recognize and develop National Security Law as a discrete discipline of legal studies, and (2) impart basic levels of cybersecurity awareness and inculcate good information security practices among tomorrow’s lawyers.

National security law, viewed as a discrete discipline of study, emerges and evolves at the intersection of constitutional law, domestic criminal law and its implementation in surveillance, counter-terrorism and counter-insurgency operations, international law including the Law of Armed Conflict (LOAC) and international human rights law, and of course, foreign policy in the ever-evolving contours of international politics. With new and emerging threats to security in a borderless cyberspace, the law and regulation of information and communication technology (ICT) across jurisdictions also gets added to this mix.

Accordingly, it is assumed that students taking this course have a basic understanding of constitutional law, criminal law and procedure and international law. Familiarity with the Information Technology Act, 2000, will be advantageous.

New legal questions often follow issues of national security. These questions lead to uncertainty regarding the currently settled legal doctrines and raise several legal and policy concerns. The course is an opportunity for us to discuss such issues, brainstorm potential legal solutions and have a broader discussion about what India’s national security policy should look like.

TEACHING METHODOLOGY

The course will be discussion oriented. Students will be expected to read and be prepared to engage with the assigned material for classes. The reading material will be a mix of theoretical/academic writing, primary sources including legislation, case law and policy documents issued by Governments and/or relevant Governmental departments, as well as shorter public commentaries including op-eds from leading newspapers and scholarly blogs on contemporary issues by international and Indian authors.

If, on rare occasion, you are not prepared or are not comfortable discussing the assigned material, you may notify us by email at least two hours before the start of class, and we will not call on you that day. Otherwise, it will be assumed that you are prepared and ready to discuss the assigned readings.

A substantial portion of the final grade (15%) is class participation. However, the substance of your response when you are called on, or your comment when you volunteer is far more important than the number of times you speak in the class.

The course will also include a number of classes where current and former senior members of the intelligence community, armed forces and law enforcement officials, senior counsels who have dealt with issues of national security law, journalists covering national security law and individuals working on preserving civil rights in the context of national security will join us for the class. One of the aims of the course is to understand what is the actual practice of national security in the country. Some of the classes may include movies or TV shows relating to the relevant issues.

EVALUATION

- Two reflection papers of 1000 words each: 20 marks each

Students are expected to choose any two (2) of the six (6) modules outlined in the curriculum to write reflection papers on the assigned material. The reflection papers are to be submitted one day before the class and will form the basis for discussion in those sessions. Exceptional reflection papers on relevant issues may also be published on CCG’s blog.

- A Seminar Paper of 3500 words: 45 marks

The Seminar Paper will be due in the first week of June, the exact date will be provided during the first class.

- Class Participation: 15 marks

As mentioned above, the substance of your response when you are called on, or your comment when you volunteer is far more important than the number of times you speak in the class. Failure to meet the 75% attendance requirement will result in an automatic zero score on this parameter.

ATTENDANCE AND CLASS TIMINGS*

Classes will be held every [Wednesday] from [3.00 pm to 6.00 pm] (tentatively), starting on February 27.

The University regulations require students to attend at least 75% of the classes.

* Timings indicated are tentative, and subject to modification based on class strength and students’ unavoidable scheduling conflicts, if any. Guest lectures to be delivered by various experts over the semester may be organized beyond class timings.

OFFICE HOURS

We will schedule office hours once a week on [Mondays] between [4 pm and 6 pm]. You may also schedule a meeting by appointment by sending an email.

TECHNOLOGY AND NATIONAL SECURITY LAW AND POLICY

CURRICULUM OUTLINE1

The seminar course curriculum is divided into six modules, to be taught over a period of 12 weeks between February and May 2020.

§ Module I: Unpacking ‘National Security’ 1. Why study national security law 2. The meaning of national security 3. Theories of national security and their application 4. Major debates about national security

§ Module II: An introduction to strategic thinking—Linking national security law and policy 1. Classical Approaches: Hugo Grotius to Clausewitz 2. American Approaches: From Edward Luttwak to Richard Danzig 3. Chinese Approaches: From Sun Tzu to ‘Unrestricted Warfare’ 4. Strategic Thinking in the Indian Context?

§ Module III: National Security in the Domestic Sphere 1. The State at war 2. War making powers under the Constitution 3. Terrorism, insurgency and national security 4. The role of intelligence and its importance in cyber operations

§ Module IV: War and National Security in International Law 1. Unpacking the concept of war in international law 2. International law and security: The Law of Armed Conflict 3. ‘National Security’ as an exception to international legal obligations

1 This is a draft of a comprehensive curriculum that CCG is preparing to be taught across Indian law schools. We realize that the scope and depth of this curriculum is ambitious, and we may not be able to cover all issues in the desired level of detail within the course of a single semester. Sections and readings may be added or removed from the course structure, depending on the level of the classes. On an average, students will be expected to read 150-200 pages per week.

§ Module V: Cyberwarfare, Cybersecurity and International Law 1. Cyberwarfare and its impact on existing international legal framework 2. Applicable and relevant international law 3. Overview of cyber norms formation processes

§ Module VI: Cybersecurity in India: A Case Study 1. Cybersecurity in the Indian context and why it matters 2. Challenges and threats to cybersecurity 3. India and cybersecurity: The National Cyber Security Strategy 2020 4. Cybersecurity in the FinTech Sector: A Case Study

Additionally, we will also conduct at least one session to inform and equip students with practical tips to encourage good information security practices and cyber safety online for individuals. We envision that a critical analysis of current policy and strategy documents in vogue will also enable students to project and predict emerging technological challenges to our national security infrastructure and institutions, as well as the evolution of the legal tools and processes available to deal with these challenges.

MODULE I: UNPACKING ‘NATIONAL SECURITY’

The First Module is an introduction to relevant theoretical concepts in security and strategic studies. We delve into the theoretical components of what comprises ‘national security’, and major debates around it, including the tension between security and fundamental freedoms. This module is divided into four parts:

1. Why study national security law 2. The meaning of national security 3. Major debates about national security 4. Theories of national security and their application

A flexible phrase, ‘national security’ has distinct yet connected meanings in domestic law, international relations, international law, and related fields such as human rights. In this module, students will (1) learn the meanings of the term ‘national security’, including security of the state and security in the state (2) explore the “why” behind the use of the national security concept, from a legal and political perspective, and (3) be introduced to theoretical models of national security, exploring the extent and limits of the concept with the help of case studies. An understanding of the justifications will enable students to look past stated reasons, and will enable them to arrive at an independent evaluation of the use of the concept.

Readings for Module I Part 1: Unpacking ‘National Security’

1. Arnold Wolfers, National Security as an Ambiguous Symbol, Political Science Quarterly, Vol. 67, No. 4 (Dec., 1952), pp. 481-502. 2. David A Baldwin, The concept of security, 23(1) Review of International Studies 5 (1997). 3. Barry Buzan, Peace, power and security: contending concepts, 21(2) Journal of Peace Research 109 (1984). 4. Jeff Huysmans, Security! What do you mean? From concept to thick signifier, 4(2) European Journal of International Relations 226 (1998). 5. Sørensen, Individual security and national security, 27(4) Security Dialogue 371 (1996). [17 pages]

6. Sachs, The Changing Definition of Security, (2003), http://www.stevesachs.com/papers/paper_security.html. 7. James E Baker, In the common defense: national security for perilous times, (2007) Chapter 2: The Meaning of National Security. 8. Laura Donohue, The Limits of National Security, 48 Am. Crim. L. Rev. 1573- 1756 (2011), http://scholarship.law.georgetown.edu/facpub/1010. (pages 1751-1756 mandatory, rest optional)

Readings for Module I Part 2: Contemporary Debates about National Security

1. Burke-White, Human Rights and National Security: The Strategic Correlation, 17 Harv. Hum. Rts. J. 249 (2004). 2. Roach, Must we trade rights for security, 27 Cardozo L. Rev. 2151 (2005- 2006), http://papers.ssrn.com/s ol3/papers.cfm?abstract_id =899280 3. Dinah Pokempner, Human Rights Watch, A Shrinking Realm: Freedom of Expression Since 9/11, https://www.hrw.org/legacy/wr2k7/essays/shrinking/ashrinkingrealm.pdf 4. Chandler, Privacy versus National Security: Clarifying the Trade-off, in Lessons From The Identity Trail 121-38 (Ian Kerr et al. eds., Oxford University Press, 2009). 5. Seth Kaplan, When Everything is a Human Right, Nothing Is, Foreign Policy, September 6, 2019, https://foreignpolicy.com/2019/09/06/when-everything-is- a-human-right-nothing-is/. (also attached) 6. Srinivas Kodali, Economic Development Trumps Privacy of an Individual?, The Asian Age, February 27, 2020, https://www.pressreader.com/india/the-asian- age/20200227/281990379558433

MODULE II: AN INTRODUCTION TO STRATEGIC THINKING: LINKING LAW AND

POLICY

The Second Module is an introduction to some seminal works in strategic thought that have shaped not only the theory, but also security practices of major powers that have shaped the contemporary geopolitical landscape. We aim to identify and examine similar works in the Indian context and their impact. This module will be taught in four parts:

1. European/Classical approaches: Hugo Grotius and Carl von Clausewitz 2. American Approaches: From Edward Luttwak to Richard Danzig 3. Chinese Approaches: From Sun Tzu to ‘Unrestricted Warfare’ 4. Strategic Thinking in the Indian Context

Readings for Module II Part 1: Views from the West

1. Oona Hathaway and Scott Shapiro (2017), The Internationalists and their Plan to Outlaw War. [Chapter 1: Hugo the Great] 2. Carl von Clausewitz (1852), On War. [Book I, Chapters 1, 6, 7 and 8] 3. Edward Luttwak (1987), Strategy: The Logic of War and Peace, [Part I, Chapters 1 and 3; Introduction to Part II] 4. Richard Danzig et al (2018), A Preface to Strategy: The Foundations of American National Security, Johns Hopkins Applied Physics Laboratory. 5. Niccolò Machiavelli (1532), The Prince. [Chapters 12, 13 and 14]

Readings for Module II Part 2: Views from the East

1. Sun Tzu, Art of War, Chapter 1-3, 5 and 6. 2. Col. Qiao Liang and Col. Wang Xiangsui, Unrestricted Warfare: China's Master Plan to Destroy America, Preface, Chapters 1 and 2. 3. Anit Mukherjee, K Subhramanyam and Indian Strategic Thought, 35:4 Strategic Analysis (2011).

4. George K Tanham, Indian Strategic Thought: An Interpretative Essay, RAND Corporation (1992), Summary pp. v-viii and Chapter 1 Pages 1-7 (mandatory), rest optional 5. External Affairs Minister S. Jaishankar's Speech at the 4th Ramnath Goenka Lecture, 14 November 2019, https://mea.gov.in/Speeches- Statements.htm?dtl/32038/External+Affairs+Ministers+speech+at+the+4th+R amnath+Goenka+Lecture+2019. 6. Tapan Basu et al, Tracts for the Times, Khaki Shorts and Saffron Flags: A Critique of the Hindu Right (1993). (optional)

MODULE III: NATIONAL SECURITY IN THE DOMESTIC SPHERE

The Third Module deals with the contemporary domestic legal framework relevant to the prosecution of war by the State. This module is divided into four parts:

1. The State at War 2. War making powers under the Constitution 3. Terrorism, insurgency and national security 4. The role of intelligence, surveillance and its relevance to cyber operations

The declaration of war and peace is central to domestic national security, but India has seen her share of terrorist attacks and insurgencies too, and continues to do so. Accordingly, we study the legal framework that is relevant to conventional, State-to- State warfare, as well as sub-conventional warfare involving States as well as non- State actors.

India’s engagement in war is governed by the Indian Constitution. This includes a study of the exercise of the President’s powers as the Supreme Commander of the Armed Forces and the declaration of the state of emergency.

In this Module, we (1) study the constitutional and legal procedure and constraints on war in India, (2) the distinction between border security and internal security, including challenges in counter-terrorism and counter-insurgency operations, (3) the colonial legacy of counter-insurgency laws in India and their impact on fundamental freedoms and (4) gathering of information by intelligence agencies through various overt and covert operations including espionage, communication interception, and collaboration with other intelligence agencies. We will also discuss the government surveillance mechanisms, its legal regime and its drawbacks from a constitutional perspective.

Readings for Module III Part 1: “National Security” and the Constitution

1. HM Seervai, Constitutional Law of India: Volume 3 (4th edn., Universal Law Publishing, 2008), at 3081-3108.

2. Rahul Sagar, Emergency Powers, in The Oxford Handbook of the Indian Constitution, OUP 2016, pp. 213-32 3. Derek Jinks, The Anatomy of an Institutionalized Emergency: Preventive Detention and Personal Liberty in India, 22 MICH. J. INT’L L. 311 (2001) read Part II only (pp. 323-339). 4. SN Jain, Secrecy in the Government of India, in Official Secrecy and the Press, Indian Law Institute (1982), pp. 15-18. 5. Gunjan Chawla, India's New Defence Cyber Agency-II: Balancing Constitutional Constraints and Covert Ops, Medianama, October 4, 2019, accessible at https://www.medianama.com/2019/10/223-india-defence- cyber-agency-part-2/

Readings for Module III Part 2: ‘National Security’, Surveillance and Domestic Law

1. Gautam Bhatia, Epilogue: 'Something of Freedom is Yet to Come': The Aadhaar case, Technological self-determination and the Future of Transformative Constitutionalism, in The Transformative Constitution: A Radical Biography in Nine Acts (2019). 2. Vrinda Bhandari and Karan Lahiri, The Surveillance State, Privacy and Criminal Investigation in India: Possible Futures in a Post-Puttaswamy World, Vol. 3(2) University of Oxford Human Rights Hub Journal (2020) pp. 15-46. 3. Bundesverfassungsgericht, In their current form, surveillance powers of the Federal Intelligence Service regarding foreign telecommunications are a violate fundamental rights of the Basic Law, Press Release No. 37/2020 of 19 May 2020 on Judgment 1 BvR 2835/17 of the German Constitutional Court at https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/E N/2020/bvg20-037.html.

Podcast for Module III Part 2

1. Vice Cyber Podcast, The Brief and Terrifying History of Modern Surveillance in the United States, at https://podcasts.apple.com/gb/podcast/the-short-and- terrifying-history-of-modern-surveillance/id1441708044?i=1000474561025.

Optional Readings Module III Part 2:

1. Gautam Bhatia, State Surveillance and the Right to Privacy in India: A Constitutional Biography, National Law School of India Review, Vol. 26, No. 2 (2014), pp. 127-158.

2. Gunjan Chawla and Smitha Krishna Prasad, CCG’s Response to Call for Submissions on ‘Surveillance Industry and Human Rights’, Centre for Communication Governance (February 2019).

MODULE IV: NATIONAL SECURITY IN INTERNATIONAL LAW AND THE LAW OF

ARMED CONFLICT

The Fourth Module deals with the contemporary international legal framework that operates as an external constraint on the nation’s security choices.

This Module is divided into three parts:

1. Unpacking the concept of war in international law 2. International law and security: The Law of Armed Conflict 3. ‘National Security’ as an exception to international legal obligations

At the international level, states are accorded the right or freedom to engage in acts of force under circumstances where the territorial integrity or political independence of the state is threatened. Concepts of state sovereignty and autonomy, crucial to the understanding of war and national security, are also introduced in this module.

In the second part of this Module, we study the customary law on the justifiability of 'use of force' in international law, which dictate when and under what circumstances a state may go to war against another (including self-defence, armed conflict, humanitarian intervention and R2P). Further, the international Law of Armed Conflict including jus ad bellum (international law on the use of force) and jus in bello (international humanitarian law) are explored, which delineate limits on the use of aggression and force in international law. Through this, students may expect a thorough understanding of the scope and limits of the use of national security as a justification to enter and fight a war.

Other than being a justification to go to war, ‘national security’ may in some limited circumstances, be used as the grounds for an exception to comply with certain international legal obligation, such as in international trade. We also examine the challenges posed by such exceptions.

Readings for Module IV Part 1: Surveillance, Espionage and International Law

1. Ashley Deeks, An International Legal framework for Surveillance, Virginia Journal of International Law, Vol. 55: No. 2, pp. 292-368. [Part I (pp. 292-318

mandatory, rest optional]

2. Asaf Lubin, "We Only Spy on Foreigners": The Myth of a Universal Right to Privacy and the Practice of Foreign Mass Surveillance," Chicago Journal of International Law: Vol. 18: No. 2, Article 3. Available at: https://chicagounbound.uchicago.edu/cjil/vol18/iss2/3

Optional Readings for Module IV Part 1

1. Asaf Lubin, The Liberty to Spy, Harvard Journal of International Law, Vol. 61: No. 1 (Winter), pp. 185-243. 2. Russel Buchan, The International Legal Regulation of Cyber Espionage. In: Osula, A.-M. and Rõigas, H., (eds.) International Cyber Norms: Legal, Policy & Industry Perspectives. NATO CCD COE Publications (2016), Tallinn, Estonia, pp. 65-86. Repository copy accessible at http://eprints.whiterose.ac.uk/98791/10/Russell_The%20International%20Leg al%20Regulation%20of%20Cyber%20Espionage%20_comments%20combin ed.pdf. 3. Christopher S. Yoo, Cyber Espionage or Cyberwar? International Law, Domestic Law, and Self-Protective Measures, (2015) Faculty Scholarship. Paper 1540, accessible at http://scholarship.law.upenn.edu/faculty_scholarship/1540.

Readings for Module IV Part 2: Refresher on the Law of Armed Conflict and Sources of International Law

1. Article 2, Chapter VII of the United Nations Charter 1945, http://www.un.org/en/sections/un-charter/un-charter-full-text/index.html 2. International Court of Justice, Judgment of 27 June 1986, Case concerning Military and Paramilitary Activities in and against Nicaragua (Nicaragua v. US), paras. 115, 187-195, 227-230, 242, and 246- 252 only. 3. Steven Ratner, Jus ad bellum and jus in bello after September 11, American Journal of International Law, Vol. 96 No. 4 (2002) pp. 905-921.

4. Michael Schmitt and Sean Watts, Beyond State Centrism: International Law and Non-State Actors in Cyberspace, Journal of Conflict and Security Law, Vo. 21 No. 3 (2016), pp. 595-611. 5. Michael Schmitt, Peacetime Cyber Operations and Wartime Cyber Operations: An Analytical Vade Mecum, Harvard National Security Law Journal, Vol. 8 (2017), pp. 239-282.

Optional Readings for Module IV Part 2

1. BS Chimni, Customary International Law: A Third World Perspective, AJIL Unbound, (2018) Vol 112:1, pp. 1-46 2. BS Chimni, Third World Approaches to International Law: A Manifesto, International Community Law Review 8: 3–27, (2006) 3. Case studies in national security as an exception to international legal obligations and its limits a. WTO, Members adopt national security ruling on Russian Federation’s transit restrictions, DS 512, Russia- Measures concerning traffic in transit, https://www.wto.org/english/news_e/news19_e/dsb_26apr19_e.htm b. William Alan Reinsch and Jack Caporal, The WTO’s first Ruling on National Security: What Does it Mean for the United States?, Centre for Strategic and International Studies, April 5, 2019, https://www.csis.org/analysis/wtos-first-ruling-national-security- what-does-it-mean-united-states. c. ICJ, Certain Iranian Assets (Islamic Republic of Iran v. United States of America), Preliminary Objections Judgment of 13 February 2019, https://www.icj-cij.org/files/case-related/164/164- 20190213-JUD-01-00-EN.pdf d. Elena Chachko, Certain Iranian Assets: The International Court of Justice Splits the Difference Between the United States and Iran, The Lawfare Blog, 14 February 2019, https://www.lawfareblog.com/certain-iranian-assets-international- court-justice-splits-difference-between-united-states-and-iran

MODULE V: CYBERWARFARE, CYBERSECURITY AND INTERNATIONAL LAW

The Fifth Module deals exclusively with legal and policy issues that arise in international law due to the disruptive impact of cyberwarfare on existing laws and legal institutions. We also examine the salient features of ongoing international efforts to building international norms for responsible State behavior in cyberspace. This Module is divided into three parts:

1. An introduction to cyberwarfare and cybersecurity: the changing character of war 2. Applicable and relevant international law 3. Overview of cyber norms formation processes

In this module, we introduce the students to basic cybersecurity concepts. As cybersecurity is intrinsically linked to the architecture of the Internet, we begin with an introduction of this architecture. We then discuss the definitions and concepts underlying cybersecurity - threats, threat actors, vulnerabilities and zero-day attacks, as well as hacking. Following this, we briefly explore the international legal landscape surrounding cybersecurity incidents - those that reach the threshold of “war”, and those that do not. We explore these concepts through prominent examples of cyber-attacks such as Stuxnet, Estonia and Georgia. Further, we consider the challenges of resolving cybersecurity incidents, such as the problem of attribution and applicability of international law.

Though the Internet has been called a borderless world, the real-world effects of cyber incidents cross geographical boundaries. This increasingly makes international law relevant to cybersecurity. It is largely accepted today that international law is applicable to cyberspace. Similarly, it has been suggested that the international law of war is also applicable to cyberspace. We explore this through the Tallinn Manual 2.0 and the United Nations Group of Governmental Experts (Cyber), which explore the limits of both jus ad bellum (international law on the use of force) and jus in bello (international humanitarian law) in the context of cybersecurity. The applicability of international law in incidents not amounting to war (i.e., peacetime cyber incidents) is also explored.

In this Module, students will also be introduced briefly to the process of norms formation for responsible State behaviour in cyberspace. This will assist students in applying the national security concept at the level of international warfare, both in traditional (conventional and sub-conventional) and evolving forms of warfare (electronic and information warfare).

Module V Part 1: Demystifying the fog of (cyber) war Mandatory Reading

1. Joseph S. Nye Jr. (2010), Cyber Power, Harvard Kennedy School Belfer Centre for Science and International Affairs 2. Thomas Rid and Peter McBurney (2012), Cyber Weapons, The RUSI Journal, 157:1, pp. 6-13. 3. Lillian Ablon, Martin C Libicki and Andrea A. Golay (2014), Black Markets for Cybercrime Tools and Stolen Data: Hacker's Bazaar, RAND Corporation National Security Research Division, Chapters 3 and 4 (pp. 21-28) mandatory, Chapter 2 (pp. 3-20) optional. 4. Andy Greenberg, It's about to get even easier to hide on the dark web, WIRED Magazine, 20 January 2017, accessible at https://www.wired.com/2017/01/get-even-easier-hide-dark-web/. 5. Thomas Rid and Ben Buchanan (2015), Attributing Cyber Attacks, Journal of Strategic Studies Vol. 38 Nos. 1-2, pp. 4-37.

Mandatory Viewing

1. Zero Days (2016), A Documentary by Alex Gibney on the Stuxnet worm available on Youtube.

Optional Readings

1. Rebcca Slayton, What is the Cyber Offense-Defense Balance?: Conceptions, Causes and Assessment, International Security, Vol. 41, No. 3 (Winter 2016/17), pp. 72–109, https://www.mitpressjournals.org/doi/abs/10.1162/ISEC_a_00267#.WJNKkLY rKYU

2. Tara Davenport, Submarine Cables, Cybersecurity and International Law: An Intersectional Analysis, 24 Cath. U. J. L. & Tech 57 (2015) 3. Herbert Lin, Attribution of Malicious Cyber Incidents: From Soup to Nuts, 70(1) J. Int’l Affairs (2016), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2835719. 4. Lawrence B. Solum and Minn Chung, The Layers Principle: Internet Architecture and the Law, 79 Notre Dame L. Rev. 815 (2004), available at: http://scholarship.law.nd.edu/ndlr/vol79/iss3/1 . 5. Henry Farrell and Abraham Newman, Weaponized Interdependence: How Global Economic Networks Shape State Coercion, International Security, Vol. 44, No. 1 (Summer 2019), pp. 42–79,

Module V Part 2: Demystifying the fog of (cyber) law

Mandatory Reading

1. Pukhraj Singh, A Death Knell for the International Norms of Cyber Conflict, Modern War Institute, August 8, 2019, accessible at https://mwi.usma.edu/death-knell-international-norms-cyber-conflict/. 2. Marco Roscini, Cyber Operations and the Use of Force in International Law, 1st edn. 2014, OUP, The changing terminology of cyber operations at pp. 10-19 and The Applicable Law: Inter (Cyber) Arma Enim Silent Leges? at pp. 19-33 mandatory. Optional: pp. 1-10 (The emergence of the cyber threat to international security), pp. and 33-40 (Identification and Attribution Problems) 3. UN Doc. A/69/723, Draft International Code of Conduct for Information Security 2015, Annex to the letter dated 9 January 2015 from the Permanent Representatives of China, Kazakhstan, Kyrgyzstan, the Russian Federation, Tajikistan and Uzbekistan to the United Nations addressed to the Secretary-General. 4. UN Doc. A/70/174, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunication in the

Context of International Security, dated 22 July 2015. Parts II, III and VI mandatory, rest optional. 5. Christian Ruhl, Duncan Hollis, Wyatt Hoffman and Tim Maurer, Cyberspace and Geopolitics: Assessing Global Cybersecurity Norm Processes at a Crossroads, Carnegie Endowment for International Peace Working Paper, February 2020. Recommended Viewing

1. The Great Hack (2019), a documentary by Jehane Noujaim and Karim Amer, examines the Cambridge Analytica scandal, available on Netflix.

Optional Reading

1. Jeffrey T Biller and Michael N Schmitt, Classification of Cyber Capabilities and Operations as Weapons, Means, or Methods of Warfare, 95 International Law Studies 179 (2019), accessible at https://digitalcommons.usnwc.edu/cgi/viewcontent.cgi?article=2462&context=ils.

2. Jon P. Jurich, Cyberwar and Customary International Law: The Potential of a "Bottom-up" Approach to an International Law of Information Operations," Chicago Journal of International Law: Vol. 9:No. 1, Article 11 (2008), accessible at: https://chicagounbound.uchicago.edu/cjil/vol9/iss1/11

3. Lesley Swanson, The Era of Cyber Warfare: Applying International Humanitarian Law to the 2008 Russian-Georgian Cyber Conflict, 32Loy. L.A. Int'l & Comp. L. Rev. 303 (2010), accessible at https://digitalcommons.lmu.edu/cgi/viewcontent.cgi?referer=https://www. google.com/&httpsredir=1&article=1010&context=ilr

MODULE VI: CYBERSECURITY IN INDIA

The Sixth Module undertakes a study of the state of cybersecurity in India, and existing and emerging challenges in the building and maintenance of cybersecurity in Digital India’s networked economy. It is divided into four parts:

1. Challenges and threats to cybersecurity in India 2. The Architecture of India’s Cybersecurity Institutions and the National Cyber Security Strategy 2020 3. Cybersecurity in the FinTech Sector: A Case Study 4. Cybersecurity for the Individual: a crash course in basic cybersecurity practices

In the final Module, we acquaint ourselves with the domestic perspective on cybersecurity. As India moves towards greater integration with an increasingly networked global economy, the cyber domain becomes predominant in the functioning of both domestic and international governance infrastructure. India has made its presence felt in the international legal/policy landscape—by entering into the Wassenaar Arrangement, hosting the Global Conference on Cyberspace, etc, and engages a number of wings of government in decisions regarding cybersecurity. Following our introduction to these, we explore the Information Technology Act, 2000 (am. 2008). The IT Act governs, in a limited manner, the possibility of cyber incidents and intrusions; its provisions criminalise cyberterrorism and unauthorised access to computer systems (including protected systems).

The recent cyber-attacks at ISRO and the Kudankulam Nuclear Power Plant amply demonstrate that India remains vulnerable to cyber-attacks on its critical information infrastructure, and that much remains to be done to build a ‘cyber-secure’ nation. This module will acquaint students with the architecture of bodies and institutions entrusted with ensuring cybersecurity; identify gaps and overlaps with those engaged in implementing conventional security measures and law enforcement, in light of the National Cyber Security Strategy 2020 [as and when it is released]. For a deeper understanding of cyber incident response and management processes and protocols, we undertake a study of the regulatory framework shaped by the Reserve

Bank of India for cybersecurity in banks and the FinTech/digital payments sector.

Readings for Module VI: Contemporary Issues in Domestic Cybersecurity Law and Policy

1. Statement delivered by India at the Organisational Session of the Open-Ended Working Group (OEWG) on 'Developments in the field of Information and Telecommunications in the context of International Security' in New York on June 3, 2019 accessible at http://meaindia.nic.in/cdgeneva/?8251?000 2. Information Technology Act, 2000 a. Section 43A b. Information Technology (Reasonable Security Practices and Procedure and Sensitive Personal Data or Information) Rules, 2011. 3. Anja Kovacs and Nayantara Ranganathan, Data Sovereignty of Whom? Limits and suitability of sovereignty frameworks for data in India, Internet Democracy Project Working Paper No. 3, November 2019, accessible at https://internetdemocracy.in/reports/data-sovereignty-of-whom/. (Read Chapters 1 and 2 as mandatory, rest optional) 4. Gunjan Chawla, Sharngan Aravindakshan and Vagisha Srivastava, Comments to the National Security Council Secretariat on the National Cybersecurity Strategy 2020, Centre for Communication Governance at National Law University Delhi, January 2020. (‘CCG Comments’), https://ccgnludelhi.wordpress.com/2020/01/30/ccgs- comments-to-the-national-security-council-secretariat-on-the-national- cyber-security-strategy-2020/ a. In Volume I (CCG Comments),read Chapter II in (Existing and Emergent Threats: Landscape for India) at pp.5-18 (Volume I) and b. In Volume II(Annexures to CCG Comments), read Annexure B (Organograms of Relevant Ministries)at pp. 129-135. c. R/W Gunjan Chawla, Architecture of Cybersecurity Institutions in India, The CCG Blog, 7 February 2020, accessible at

https://ccgnludelhi.wordpress.com/2020/02/07/the-architecture-of- cybersecurity-institutions-in-india/ 5. Aditi Agarwal and Nikhil Pahwa, Lt. Gen. Rajesh Pant on India’s National Cybersecurity Strategy, Indo-US Cooperation, end-to-end encryption and more, Medianama, 2 June 2020, accessible at https://www.medianama.com/2020/06/223-rajesh-pant-interview-national- cyber-security-coordinator/ 6. Anuradha Bhasin and Ors v. Union of India, WP (Civil No.1031 of 2019), Supreme Court of India judgment on 10 January 2020, accessible at https://main.sci.gov.in/supremecourt/2019/28817/28817_2019_2_1501_1 9350_Judgement_10-Jan-2020.pdf [read Section F on Internet Shutdown, paras 78-102 at pp. 66-85] 7. NSO Group and Pegasus Spyware a. Aditi Agarwal, All you need to know about NSO Group and Pegasus Spyware, Medianama, 31 October 2019, accessible at https://www.medianama.com/2019/10/223-nso-pegasus-spyware/. b. Russel Buchan and Daniel Franchini, WhatsApp v. NSO Group: State Immunity and Cyber Spying, Just Security, 16 April 2020, accessible athttps://www.justsecurity.org/69684/whatsapp-v-nso- group-state-immunity-and-cyber-spying/ c. Citizen Lab’s full report Hide and Seek: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries, can be accessed here: https://tspace.library.utoronto.ca/bitstream/1807/95391/1/Report%23 113--hide%20and%20seek.pdf.(Optional) 8. WhatsApp Traceability a. MR Subramani, Question at Heart of TN’s ‘WhatsApp Traceability’ case: Are you endangering national security if you don’t link your social media account with Aadhaar, Swarajya Magazine, 5 September 2019, https://swarajyamag.com/ideas/privacy-versus- national-interest-all-you-need-to-know-about-tamil-nadu-whatsapp- traceability-case

b. For more granular reporting on the WhatsApp traceability case and procedural developments, see Medianama’s WhatsApp traceability case archives. 9. Jack Stubbs, Raphael Satter and Christopher Bing, Obscure Indian cyber Firm Spied on Politicians, Investors Worldwide, Reuters, 9 June 2020, accessible at https://uk.reuters.com/article/us-india-cyber-mercenaries- exclusive/exclusive-obscure-indian-cyber-firm-spied-on-politicians- investors-worldwide-idUKKBN23G1GQ 10. Gunjan Chawla, India’s Latest National Security Dilemma : The Huawei Ban and NAM(O) 2.0, The CCG Blog, June 8, 2019, https://ccgdelhi.org/2019/06/08/indias-latest-national-security-dilemma-the- huawei-ban-and-namo-2-0/

* * *