In the last few decades, Asia has experienced rapid economic growth, political transformation and social change. This is a familiar and well-known fact. The story of cyberspace in Asia has been less frequently explored. Generally, Asian cyber policy has always faced critical problems in one way or the other. Asia is a widely diverse continent where around 3500 different languages are spoken with 60% of the population and 40% of all internet users. It is a region marked by stark economic inequality between both countries and within countries. Asia is a home for some of the most networked societies on earth and the least. States within this region exercise dramatically varying levels of control over their citizens. On a global stage, they may have different ideas on key cyber policy issues over some policies in different areas. Increasingly Asia is a huge battleground for the future of the internet. Major norms setting developments, freedom of expression and cybersecurity are happening in Asia and it plays host to many competing visions of cyberspace from China’s great firewall to ambitious connectivity at e-governance schemes like Digital India.

In Asia, cyber policy discussion is dominated by perseverance to security whether that is national security or economic security. The increasing territorial dispute is spilling over into cyberspace. In 2012 a tense naval standoff between Philippines and China, so hackers on both sides defacing each other’s website. In 2014, China’s deployment of an oil rig in contested waters of Vietnam was accompanied by cyber-attacks on Vietnamese websites. Tensions on the Korean peninsula are increasingly playing out online. As stated by Shivashankar Menon, the former National Security Advisor in 2015, “cyberspace has become a fresh domain of contention between states. It is true of lands, sea, skies and outer space, all of which we have successfully militarized. The same thing is happening in cyberspace.” Another key area of concern is economic security. In 2011, a malicious attack against Hongkong Exchanges and Clearing caused a suspension of shares for seven companies with a combined worth of $167 billion and in 2014 MTGOX one of the world’s leading bitcoin exchanges based in Japan went bankrupt after the theft of $460 million by hackers.

Most Asian countries including China and India were found less vulnerable to cyberattacks than the global average. But few were found to be much more vulnerable.  In response to security concerns, countries across the region are trying to develop stronger cybersecurity frameworks and measure to increase cyber capabilities. According to the ITU, nine countries of the region have adopted cybersecurity strategies and three others are in the process of developing them. New legislation is also being introduced. In 2014 Pakistan updated its 130 years old surveillance and interception law with the Investigation for Fair Trial Act, 2013 with the stated aim of regulating advanced and modern investigative techniques and in response to fear other states have started exploiting geo special data. India has introduced a draft bill which would place heavy restrictions on unauthorized digital maps on its territory. But often introduced by the name of cybersecurity. In some cases, these new laws threaten to undermine human rights. By introducing new surveillance measures and imposing controls on contents, human rights defenders are resisting these trends.

In the Philippines, a clause in the Cybercrime Prevention Act of 2012 which criminalized liability, was struck down after a campaign against it. The same activists then used crowdsource to draft a new bill called the Magna Carta of Philippine Internet Freedom in direct opposition to the law. In India, an often-misused section of the Information Technology Act which criminalizes sending offensive or annoying messages through the internet was struck down after public protest. In some states in Asia, human rights like the right to freedom of expression and the right to information aren’t always universally applied. Often a vague definition of blasphemy, sedition or hate speech can be used to repress them. For example, when the violent riot broke out in Pakistan over a video perceived as blasphemous, the government responded by shutting down YouTube siting blasphemy law under the Pakistan Penal Code and in Malaysia, news websites that have exposed government scandals have been banned on the ground that they threatened public order and national security.

Another challenge to the human rights defenders in the region is the measures that undermine privacy. For instance, Thailand’s government has been seeking to restrict website encryption to address content which could result in a public disturbance. If successful, these measures could result in increasing the scope of surveillance and have a chilling effect on activists and journalists. There are also some positive moves towards harmonizing data security laws with global standards. In Singapore and Malaysia, privacy laws are currently being implemented. China’s consumer laws are being updated to include data privacy principles.

For human rights defenders, the obvious first level of engagement is the national level where cyber policies, laws and frameworks have a greater impact. As seen in the case of India and the Philippines, human rights defenders can engage effectively at the legislative level either by working with legislators or by challenging decisions in the national courts. National security cyber strategies are another potential way in. They already exist in several nations in Asia but are still developing in others. Human rights defenders should follow the development of these strategies closely and ask questions like does the strategy have a specific mechanism for stakeholder engagement? But cyberspace does not respect national borders. Addressing them requires coordination at the regional and global level with the involvement of different stakeholder groups. In Asia regional cooperation takes many forms and varies depending on which part of the region it focuses. In the South, Asia coordination tends to be done through bilateral and multilateral channels. It remains one of the least integrated parts of the world despite the existence of regional bodies.  By contrast, East Asian Regional Cooperation has grown stronger over time and mainly depends on the Association of Southeast Asian Nations (ASEAN), a political or economic association of ten South East Asian countries. Unlike the African and Latin American counterparts, it doesn’t have a court but through its regional forums, it has built a legal framework to decide on criminal and terrorist activities in cyberspace.

Another influential regional force is the Shanghai Cooperation Organization, a Eurasian military, a political and economic association of six states with India and Pakistan so to join. This is a state dominated space but an important one for a cyber policy with cybersecurity high on their agenda. Bodies dealing with technical issues are another important part of the landscape. The Asia Pacific Network in Information Centre (APNIC) is one of the world’s regional internet registries. It provides forums for internet development policies where human rights defenders can get involved in. And out of the many non-binding forums in the region, Asia Pacific Regional Internet Governance Forum is a place where human rights defenders can learn about emerging cyber policy issues, exchange best practice and develop collaborations with other stakeholders.

Outcomes of discussions in the forums at the global levels like the International Telecommunication Union (ITU), the London Process and the UN Group of Governmental Experts can have big implications in regional and national approaches and policies in Asia. While they aren’t necessarily binding in the way national laws are. These discussions can set the norms that can shape the wider cyber policy environment. But the reverse applies too. Regional initiatives like the Wuzhen Summit aims to project regional norms onto the global level. Hence there is no right way to engage as a human rights defender. Its infrastructure and forums are complex, what works in one, may not be applicable in the other.