Expert Speak Digital Frontiers
Published on Jul 26, 2022 Updated 1 Days ago
Regulations of the geospatial data need to be employed in a manner that is conducive to the private sector whilst keeping the defence sector in mind.
The importance of geospatial data in national security After a long and arduous attempt at creating policies on geospatial mapping and technology,  India finally released its latest guidelines for acquiring and producing geospatial data and geospatial data services including maps in February 2021 and the draft of the National Geospatial Policy in July 2021 (NGP). These two documents exist in a landscape that already aims to monitor data under the National Data Governance Framework Policy (NDGFP) and the imminent Data Protection Bill (2021)once passed.  These new documents that govern geospatial technology and data, add to the guidelines by presenting a caveat for locational, satellite, remote sensing, and otherwise mapped data. The geospatial market in India has been on an exponential rise in both the private and public sector. The Indian geospatial economy is expected to grow from nearly INR 38,972 crore in 2021 to INR52,770 crore in 2025 at a CAGR of 7.87 per cent, if the policy is further strengthened in its liberalisation of data it can help encourage the growth of INR 63,100 crore at a CAGR of 12.8 percent. A major segment of its utility is applied in areas like agriculture, telecommunications, disaster and climate management, environmental studies, architecture, etc. One of the largest sectors to utilise the data and technology under the umbrella of geospatial is the defence sector (in the top five industry verticals). The recent geospatial guidelines and NGP have done away with the older obligations published as notifications under authorities and the National Map Policy (2005) in the geospatial sphere that required entities, both government and private to approach multiple authorities—such as the Survey of India, Ministry of Finance and Ministry of Defence—for permissions to gain access to the required data. Now the data is to be submitted on one portal for all Indian entities to access and store. Though data is required to be stored within India and its servers, foreign entities are given access to license it. The regulatory documents also enumerate access to political maps for print and digital display and disallow any negative list of sensitive attributes, i.e., “no person or legal entity shall identify or associate any location on a map with a prohibited attribute”.  The geospatial guidelines will create a list of negative attributes as decided by the Department of Science and Technology to ensure that it is minimalistic and does not affect the ease of doing business. The current tentative list of attributes contains mostly associations with nuclear fields, airlines, missile launch areas, lines of control, etc. The regulation ends mentioning that violations will be dealt with appropriate laws applicable, including the Indian Penal Code, IT Act, Companies Act 2013, Civil Aviation Requirements, and The Criminal Law Amendment (Amending) Act 1990.

Is liberalising geospatial data prudent?

Though this move for liberalised geospatial data is lauded in the private sector as it encourages innovation and foreign investment, the defence sector is less optimistic. Currently, geospatial data (that is mapped using Indian satellite and remote sensing systems) is not shared with international entities such as Google, Apple, and other delivery services, to a “pinpoint accuracy” nor are private entities permitted to track such data without permission, to ensure national security is maintained. However, now the Ministry of Defence (MoD) has recommended permitting geospatial mapping for international agencies for up to 25 kms and free underwater mapping for up to 12 nautical miles from the coastline. Despite the MoD’s proposal, the defence forces, such as the Indian Army are against such a move. The government has also proposed to provide free access to these private players by removing the permission process. This move has been advised against by a NITI Aayog committee housing representatives from all security agencies. With mapping and satellite organisations like Google, Apple, SpaceX, Lockheed Martin, etc. that host their headquarters in the United States, which comes under the Five-Eyes Alliance<1> (as well as the nine Eyes and 14 Eyes Alliance), the Indian Army is justified in their hesitance to liberalise mapping data to international organisations. The use of ocean surveillance, ECHELON, and geospatial mapping has always been a part of national intelligence. Despite India joining the Five Eyes Alliance in 2020 to support backdoor access to end-to-end-encrypted platforms, the main intention for the alliance remains to share any information that may be regarded as important for national security among any of the members.

If India were to liberalise access to geospatial data to internationally headquartered mapping agencies, this would open India up to vulnerabilities not only individual privacy but also homeland and national security.

If India were to liberalise access to geospatial data to internationally headquartered mapping agencies (as there is a large gap in mapping agencies and geospatial technology and device manufacturing in India as compared to global players), this would open India up to vulnerabilities not only individual privacy but also homeland and national security. This would not only be limited to possible historical data misuse by foreign intelligence agencies, but also include possible satellite surveillance of weaponry or cargo movement, maritime mapping, and even movement of borders. Geospatial technology currently has the advantage of being limited to niche uses in India. With the current system of preserving mapped data to security organisations and hosting this data on Indian servers. The argument to liberalise data may not hold the same as when argued for other regulations like the Data Protection Bill. While the Data Protection Bill has rephrased from its older rendition to aim for data localisation for sovereignty and security, the same is not mirrored in the current geospatial guidelines Geospatial data may require further protections as it can map coastal and land borders, satellite usage, railway movement,  etc. Currently, this objective for securing real-time mapping, is the reason street view is not permitted via GPS (Google maps) in India. Only recently has India permitted a GPS-aided Indian satellite constellation (GAGAN) to track real-time railway movement, and this too is reserved for passenger trains, and is to be monitored by the Center for Railway Information Systems (CRIS). As the NGP remains vague on the granularity of the data that can be shared, it is currently under the pretext of a case-by-case use (to be considered with other parallels, like start-ups, PPPs, etc). The importance of the data is also to be looked over by the members of the Geospatial Data Promotion and Development Committee (GDPDC) that is to be established under this policy and host a member from the Defence sector. This ambiguity in case preferences is a point of concern that recalls the need for a defence-specific vertical in geospatial data sharing and geospatial technology use.

The document needs to encourage the creation of indigenous organisations for all parts of the geospatial supply chain that will ensure these organisations are not bound by generalised data policies meant to govern civil data or international regulations, for data storage, sharing and cannot have the information used by intelligence alliances outside of the Indian defence ecosystem.

Defence GIS has been substantiated to be kept separate from civil data. In this segment, it was highlighted that the requirements of the defence, even aside from suscept to attacks, may include also obviating security concerns and issues. The requirement of geospatial data for the defence and thus its regulation must also concern round-the-clock surveillance, terrain analysis and use of higher resolutions and advanced sensors and 3D visualisations as compared to the requirements of civil agencies. In India, specifically in the defence, the Indian Army’s CIDSS (Command Information Decision Support System) and the IAF’s Integrated Air Command and Control System (IACCS) are two geospatial systems in various stages of implementation. India in the New Space Policy has been said to help the Indian space sector move beyond Antrix and become akin to SpaceX, this will help privatise the space sector in India in terms of launches and manufacturing, but this is yet to be seen in practice. Incorporating private sector actors in the space industry is also an area that should be regulated in the NGP, to ensure the New Space Policy is in alignment with strategic use. Regulation for the geospatial sector must consider the defence sector separately. Blanket regulations for defence data and civil data may create a conducive growing environment for the private sector but will be harmful to the defence. Instead, the document needs to encourage the creation of indigenous organisations for all parts of the geospatial supply chain that will ensure these organisations are not bound by generalised data policies meant to govern civil data or international regulations, for data storage, sharing and cannot have the information used by intelligence alliances outside of the Indian defence ecosystem.
<1> The Five Eyes alliance is an intelligence alliance consisting of the US, UK, Australia, Canada, and New Zealand.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.

Author

Shravishtha Ajaykumar

Shravishtha Ajaykumar

Shravishtha Ajaykumar is Associate Fellow at the Centre for Security, Strategy and Technology. Her fields of research include geospatial technology, data privacy, cybersecurity, and strategic ...

Read More +