Inthe US, law enforcement and security agencies have raised privacy concerns with a new proposal for electronic eavesdropping powers to track terrorists and criminals and unscramble their encrypted messages.
But in India, government authorities are well beyond the proposal stage. Prompted by fears of digital-era plotters, officials are already demanding that network operators give them the ability to monitor and decrypt digital messages, whenever the Indian Ministry of Home Affairs deems the eavesdropping to be vital to national security.
Critics, though, say India’s campaign to monitor data transmission within its borders will hurt other important national goals: attracting global businesses and becoming a hub for technology innovation.
ILLUSTRATION: MOUNTAIN PEOPLE
The most inflammatory part of the effort has been India’s threat to block encrypted BlackBerry services, widely used by corporations, unless phone companies provide access to the data in a readable format.
However, Indian officials have also said they will seek greater access to encrypted data sent over popular Internet services like Gmail, Skype and virtual private networks that enable users to bypass traditional telephone links or log in remotely to corporate computer systems.
Critics say such a threat could make foreigners think twice about doing business there. Especially vulnerable could be outsourcing for Western clients, like processing medical records or handling confidential research projects, information that is typically transmitted as encrypted data.
“If there is any risk to that data, those companies will look elsewhere,” said Peter Sutherland, a former Canadian ambassador to India who is now a consultant to North American companies doing business there.
S. Ramadorai, vice chairman of India’s largest outsourcing company, Tata Consultancy Services, echoed that sentiment in a newspaper column on Wednesday last week.
“Bans and calls for bans aren’t a solution,” he wrote. “They’ll disconnect India from the rest of the world.”
Few doubt that India has valid security concerns. In recent years, attacks against India have included the use of sophisticated communications technology — as when the terrorists who stormed Mumbai two years ago communicated with their Pakistani handlers by satellite phone and the Internet, or when Chinese hackers infiltrated India’s military computer networks this year.
But critics say that India’s security efforts, which they describe as clumsy, may do little to protect the country, even as they intrude on the privacy of companies and citizens alike.
“They will do damage by blocking highly visible systems like BlackBerry or Skype,” said Ajay Shah, a Mumbai-based economist who writes extensively about technology. “This will shift users to less visible and known platforms. Terrorists will make merry doing crypto anyway. A zillion tools for this are freely available.”
Senior Indian officials argue that they have no choice but to demand the data that could help thwart and investigate terrorist attacks.
“All communications which is done by Indians or coming to and fro into India — and where we have a concern about national security — we should have access to it,” said M Gopal Krishna Pillai, the secretary of India’s home ministry, which oversees domestic security.
During the Mumbai attacks, he said, officials could not gain access to some of the communications between the terrorists and their handlers.
Some legal experts indicate that Indian law — which has few explicit protections for personal privacy — is on the government’s side, but they also say India is trying to enforce the law in unnerving ways.
“The concern of corporate users and general users of BlackBerry is that if this is allowed, the government will become the single biggest repository of information,” said Pavan Duggal, a technology lawyer who practices before India’s Supreme Court. “And we have no idea how this information will be used and misused in the future.”
The government has also clamped down on the importation of foreign telecommunications equipment, saying it wants to ensure that the technology does not contain malicious software or secret trap doors that could be used by foreign spies.
The technology and security debates playing out here are not new or unique to India.
During the 1990s, for instance, US security officials tried unsuccessfully to restrict the use of encryption because of worries that law enforcement would not be able to monitor communications.
Now, in legislation the administration of US President Barack Obama plans to introduce next year, officials want the US Congress to require all services that enable communications — including encrypted e-mail systems like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically able to comply if served with a wiretap order.
Other countries — including the United Arab Emirates and Indonesia — are trying to impose various measures similar to India’s.
The debate here, though, is complicated by the fact that despite the technology prowess of India’s private industries, in technologies like cryptography Indian law enforcement agencies still lag significantly behind their counterparts in the US and other advanced countries.
The Indian government says it is intent on improving its code-cracking skills. But “in the interim, it has this very blunt instrument,” said Rajan Mathews, director general of the Cellular Operators Association of India, a trade group.
“It comes to the operators and says: ‘I’m going to make you responsible for giving me access,’” he said.
Pillai said the government was not opposed to the use of encryption to protect the privacy of legitimate electronic communications. However, he said that as government-licensed entities, network operators were obliged to give law enforcement officials a way to decode messages when required or to block communications that they cannot decipher.
But network providers say they may not always have the technical ability to do that. In much of the world — including for business users in India — companies and individuals now often use encryption systems that generate new code keys for each message and lack a convenient master key that could unlock everything for government viewing.
Google, for its part, has enhanced the encryption for its Gmail service, making it harder for hackers and the Indian government to read messages. Pillai said his ministry had begun conversations with Google and Skype, the Internet phone company, which also uses strong encryption, to provide access to decoded data.
Representatives for Google and Skype said that they could not comment because they had not yet received formal demands from the Indian government.
Meanwhile, government officials have demanded that the maker of BlackBerry, Research In Motion (RIM) of Canada, set up a server computer in India from which law enforcement agencies can gain access to unencrypted versions of messages when they need to. The government has given RIM until the end of next month to comply.
The company has said that it is willing to meet “the lawful access needs of law enforcement agencies,” but added that it cannot provide unencrypted copies of messages of corporate users because of how the BlackBerry system is designed, noting that even RIM cannot decode them.
“Strong encryption has become a mandatory requirement for all enterprise-class wireless e-mail services today,” RIM said in a statement late last month, “and is also a fundamental commercial requirement for any country to attract and maintain international business.”
ADDITIONAL REPORTING BY HEATHER TIMMONS
Could Asia be on the verge of a new wave of nuclear proliferation? A look back at the early history of the North Atlantic Treaty Organization (NATO), which recently celebrated its 75th anniversary, illuminates some reasons for concern in the Indo-Pacific today. US Secretary of Defense Lloyd Austin recently described NATO as “the most powerful and successful alliance in history,” but the organization’s early years were not without challenges. At its inception, the signing of the North Atlantic Treaty marked a sea change in American strategic thinking. The United States had been intent on withdrawing from Europe in the years following
My wife and I spent the week in the interior of Taiwan where Shuyuan spent her childhood. In that town there is a street that functions as an open farmer’s market. Walk along that street, as Shuyuan did yesterday, and it is next to impossible to come home empty-handed. Some mangoes that looked vaguely like others we had seen around here ended up on our table. Shuyuan told how she had bought them from a little old farmer woman from the countryside who said the mangoes were from a very old tree she had on her property. The big surprise
The issue of China’s overcapacity has drawn greater global attention recently, with US Secretary of the Treasury Janet Yellen urging Beijing to address its excess production in key industries during her visit to China last week. Meanwhile in Brussels, European Commission President Ursula von der Leyen last week said that Europe must have a tough talk with China on its perceived overcapacity and unfair trade practices. The remarks by Yellen and Von der Leyen come as China’s economy is undergoing a painful transition. Beijing is trying to steer the world’s second-largest economy out of a COVID-19 slump, the property crisis and
Former president Ma Ying-jeou’s (馬英九) trip to China provides a pertinent reminder of why Taiwanese protested so vociferously against attempts to force through the cross-strait service trade agreement in 2014 and why, since Ma’s presidential election win in 2012, they have not voted in another Chinese Nationalist Party (KMT) candidate. While the nation narrowly avoided tragedy — the treaty would have put Taiwan on the path toward the demobilization of its democracy, which Courtney Donovan Smith wrote about in the Taipei Times in “With the Sunflower movement Taiwan dodged a bullet” — Ma’s political swansong in China, which included fawning dithyrambs