A year since the TikTok ban, India set to stay the course on Chinese apps
On June 29, 2020, just over a year ago, Union minister for electronics and information technology, Ravi Shankar Prasad, launched what he termed “India’s digital strike” against China, as the government banned 59 mobile applications, mostly of Chinese origin, in the wake of the Galwan border clash.
The decision sent ripples through the community of online users as TikTok, a fast-growing short-video streaming application, was on the list. TikTok, according to Bloomberg data, had nearly 200 million users in India last year.
India would go on to ban over 200 mobile applications, including the hugely popular videogame PUBG, over concerns of national security and data privacy. India’s push against China’s presence in the telecom market has also seen an increased focus in the last year, with the government introducing criteria for trusted source vendors that can supply equipment and keeping China-based companies, Huawei and ZTE, out of the 5G trials.
The strategic subtext behind the ban
The ban on TikTok, WeChat and ShareIt was executed under Section 69(A) of the Information Technology Act, 2000, on the grounds that they “posed a threat to sovereignty and integrity of India”. The first tranche of app bans was followed by two more — 44 apps that functioned like ones banned in the first, including lite versions of the applications, followed by a decision to ban 117 mobile applications on September 2, including PUBG, for “stealing and surreptitiously transmitting users’ data in an unauthorised manner.”
But while data privacy and security were cited as the reasons, there is little doubt that the trigger for the ban was the Galwan clash of 2020. The bloodiest encounter between India and China at the border in over 40 years took the lives of 20 Indian armed forces personnel, and with the incident and Chinese intrusion across the Line of Actual Control, the framework to maintain peace at the border was severely strained.
Former Indian ambassador to China, Pakistan and Bhutan, Gautam Bambawale, said that the decision to ban the apps was a message to China. “India has stated that if there is no peace on the border, then the rest of the India-China relationship will be adversely impacted,” He added that the ban on Chinese apps was a “first step” in indicating to Beijing that there are costs involved of their actions in eastern Ladakh. “The message has gone loud and clear.”
Vivan Sharan, partner with research-driven advisory firm, Koan Advisory Group, said that the app ban represented “an inflection point” which signified “India’s willingness to link geopolitics with tech policy”.
At the same time, he added, “There is no guarantee that blacklisting will mitigate dangers in the digital environment, where threats cannot always be geolocated. Moreover, a transparent and judiciable standard for app and content takedowns is the need of the hour, and what will differentiate digital democracies from the rest.”
The impact on the companies
A year after the ban, TikTok hasn’t given up on its India plans yet.
ByteDance, TikTok’s parent company, remains hopeful of a lift of the ban after it received and submitted a questionnaire sent by the IT ministry enquiring about the company, its practices and content.
A company executive familiar with the matter said that the company was working with the government to have the ban lifted, but this may well be more hope than reality. Ministry officials said that no such rethink was on the cards.
The executive also said that while data was a principal concern, the company had worked to create even more safeguards. “Our data centres are in Singapore and the United States (US). India remains the only country that has banned TikTok.” In the US, the ban on the company was halted after US district judge Carl Nichols said former President Donald Trump “overstepped” when it comes to exercising his power while announcing the ban. However, President Joe Biden did extend a Donald Trump-era ban on Chinese surveillance companies. The total number of blocked Chinese firms increased from 48 to 59.
PUBG adopted a different route.
In September, explaining its rationale for a set of additional prohibitions, the government asserted that since these applications were routing data through China or had data centres within the country, the safety of the data of the citizens was compromised. “This move will safeguard the interests of crores of Indian mobile and internet users. This decision is a targeted move to ensure safety, security and sovereignty of Indian cyberspace,” the ministry of electronics and information technology (Meity) said.
The move was viewed as targeting some of China’s technology giants such as Tencent Holdings Ltd, the country’s search engine leader Baidu Inc, Xiaomi’s ShareSave and online payments giant Ant Group Co.’s platform Alipay.
After it was banned, PUBG (which is a South Korean company) pulled its franchise from China-based company Tencent, and said, “In light of recent developments, PUBG Corporation has decided to no longer authorise the PUBG MOBILE franchise to Tencent Games in India. Moving forward, PUBG Corporation will take on all publishing responsibilities within the country.”
In June 2021, PUBG’s parent company, Krafton, announced a new version specially tailored for India named Battlegrounds Mobile India. This launch has created a renewed furore among those who believe that it is simply a rebranding of PUBG.
Gaurav Tyagi, an assistant professor at Jawaharlal Nehru University, filed a Right To Information (RTI) report regarding this new release. Meity and the ministry of home affairs (MHA) explained that they have no role in granting permission for the launch of any mobile application but clarified that they can, however, ban the game after its release as per provisions under the IT Act. This has not happened.
Independent researcher Srinivas Kodali said that the applications always have the option of challenging the ban. “They can always litigate. There is a government order banning them, they can challenge it in the court,” he said. “From a nation-State perspective, you don’t want information from India going to another country.”
He added, “The decision did make some impact but the larger questions of data security remain. There have numerous data breaches since, whether it is in the case of Dominos or Big Basket or Mobikwik, all this data available on the darknet for anyone who is looking for it.”
The impact on the larger ecosystem
Did the “digital strike” propel the rise of an alternative ecosystem? Initial reports suggested that the move prompted Indian entrepreneurs to present a local alternative to various popular apps in the market. And, indeed, from file sharing and scanning to video streaming, indigenous apps were developed rapidly to fill the gap that came with the ban and to create a new ecosystem within the country.
At the same time, experts point to a more nuanced landscape.
“A majority of the banned apps were essentially fly-by-the-night operations, less than a dozen had offices in the country. And only a subset of the latter, apps such as TikTok, UC Browser and PUBG, had a significant market share in their respective segments. Therefore, an alternative ecosystem already existed for most apps. In some segments such as video content sharing, local counterparts have improved valuations but are yet to achieve monetisation at scale,” Sharan stated.
Since many of the banned apps had no or limited stakes in the country, re-entry is unlikely. Sharan added, “Most (banned) apps seem disinterested in re-entry. Those that hope to return would likely need to restructure like PUBG has, or to localise in India in the widest possible sense short of forced tech transfer. This will include auditable information security assurances, and responsiveness to local enforcement concerns.”
India’s cybersecurity is still a work in progress
While the 2020 move was guided by a strategic decision to let China know that undermining peace at the border will have economic implications and business won’t carry on as usual, an equally important concern is a mounting threat to India’s data privacy and cybersecurity.
A recent report by the International Institute for Strategic Studies (IISS), Cyber Capabilities and National Power: A Net Assessment, ranked India poorly in its cyber-power. “Despite the geostrategic instability of its region and a keen awareness of the cyber threat it faces, India has made only modest progress in developing its policy and doctrine for cyberspace security,” the report read. It added, “Its approach towards institutional reform of cyber governance has been slow and incremental, with the key coordinating authorities for cyber security in the civil and military domains only established in 2018 and 2019 respectively.”
According to information from the Indian Computer Emergency Response Team (CERT-In), India saw a sharp rise in cybersecurity incidents during the Covid-19 pandemic. Cybersecurity incidents increased from 3,94,499 in 2019 to 11,58,208 in 2020.
In 2020, however, the International Telecommunication Union (ITU)’s Global Cybersecurity Index, which is a specialised organisation under the United Nations, ranked India at 10th position, while China was ranked 33rd. The report, released on June 29, may represent a shift in India’s cybersecurity standing globally.
A year after the ban, it is this mix of geopolitics and national security concerns vis a vis China, cybersecurity and data privacy vulnerabilities, the Indian State’s own evolving regulatory frameworks, the Indian tech ecosystem’s ability to identify needs, tap markets, compete effectively and scale up, and the varied responses of those who had to exit the Indian market that have shaped the policy environment.