Moving to more substantive reasons, both India and Indonesia may be using spyware both in domestic and international cyber operations. Consequently, they might not want to adopt a clear position on restricting commercial intrusion capabilities just yet. Recent reports indicate that India-affiliated hackers have used spyware to target actors based in Pakistan. Further, there are allegations that India bought the Pegasus spyware from Israel’s NSO group and used it against journalists and opposition leaders. Indonesian authorities have also been suspected of using commercial spyware to spy on opposition leaders and activists.
Third, in terms of morals, neither country views surveillance in the interests of national security as illegitimate state action. India’s data protection legislation grants broad exemptions to government agencies acting in the interests of national security. Further, the Snowden revelations, which revealed that India was a major target of NSA snooping, were a major wake-up call for India to build its own surveillance capabilities, although no Indian government has publicly disclosed such capabilities. Meanwhile, Indonesia also prioritises development or internal security concerns over countering surveillance, which explains China’s continued presence in Indonesia’s technological perimeter despite strategic distrust between the two states.
So, how should proponents of the Pall Mall Process and adjacent diplomatic initiatives engage with crucial non-Western democracies like India and Indonesia? Would India and Indonesia ever consider signing up?
First, bilateral channels help. India signed the US-brokered Artemis Accords after conversations between the security establishments of both countries during Prime Minister Narendra Modi’s well publicised visit to the US in 2023. Tapping into Indonesian sensitivities about the use of surveillance tools by foreign actors could also help. After all, Indonesian entities, including commercial firms, are likely to emerge as much bigger targets of cyber-espionage by foreign states seeking political and economic gain.
Second, India and Indonesia’s moral agnosticism on the privacy impacts of surveillance stems from a deep-rooted conviction that Western liberal democracies wax eloquent about surveillance while reaping its benefits, albeit using different tools and techniques. While combating spyware is an important piece of the puzzle, meaningful dialogue on the impacts of surveillance writ large is the need of the hour, including introspection on the Five Eyes’ own surveillance practices. Global moral clarity would nudge India and Indonesia to sign onto portraying themselves as responsible cyber actors, even if actual domestic practices diverge.
Given that they are not formal alliance partners of the US, India and Indonesia will never be default ratifiers of any cyber initiative. However, as has been demonstrated by both India and Indonesia’s proactive engagement with several US-led initiatives like the Quad and the Indo-Pacific Economic Framework, they can sign on when interests converge.
The Pall Mall Process comes at a critical juncture in the domestic political history of both countries. Amid allegations of growing executive control and the abrogation of institutions, a gamut of other challenges have rightfully captured the media and political limelight. Yet, India and Indonesia are both critical stakeholders in the global governance of cyberspace, which is increasingly resorting to informal mechanisms like the Pall Mall Process. Therefore, engaging with Indonesia and India effectively is critical to the success of these initiatives and the stability of cyberspace as a whole.
The views expressed in this Commentary are the author’s, and do not represent those of RUSI or any other institution.
Have an idea for a Commentary you’d like to write for us? Send a short pitch to commentaries@rusi.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.
