BD Narayankar
New Delhi: Few countries face the kind of challenges that India’s security agencies face. Virtually all of India’s borders have seen subversive activities. Hence India arguably needs extraordinary measures to address its unique security concerns.
But this cannot justify arbitrary measures, especially if there is a cost associated with them. Banning of 14 telecom services – from the ubiquitous Gmail to video chats, push mail, Skype, BlackBerry messaging and son on – is a case in point.
The home ministry has given the telecom ministry a list of 14 telecom services that should be banned if their data is not made available to the security agencies in “readable, understandable, printable and audible format”.
The government can argue, with justification, that its security agenda must take precedence over commercial consequences to BlackBerry. But it is worth keeping in mind that countries like the US which have equally pressing national security concerns allow such services.
Agencies in the US have put their own 240-bit encryption on the BlackBerry server covering Barrack Obama and 14 key people in his administration.
Moreover in China, all BlackBerry handsets shipped in have been inserted with software by the government, which ensures that all communication on the devices also goes to the government.
Hence it is for the Indian sleuths to raise their game and get capabilities to decrypt information sent out at higher levels of encryption.
The telecom ministry has been right to point out that, should telecom services like Gmail, video chats, push mail, Skype and BlackBerry messaging are banned, it will seriously affect e-commerce, BPO and banking services in India as encryption is almost a way of life now, right from the time you access a bank account on the Internet to applying for a passport online.
At the end of the day, the issue is how much level of encryption should be allowed. A lower level of encryption makes it easier for intelligence agencies to decipher the communication.
India does not legally allow encryptions beyond 40 bits on the grounds that its security agencies lacked the technological capabilities to monitor data transfers on the internet when the coding is beyond this limit.
India should raise its encryption levels from the present 40 bits to 256 bits as is the standard in Europe and the US. A higher encryption level will ensure more secure financial transactions on personal computers and cell phones.
Most western countries do not allow financial transactions on the internet through computers and mobile handsets, if the encryption level is less than 128 bits. Lower encryption levels make hackers job easier.
However, to build better decryption capacities, security agencies will need some time and in the interim, it does not absolve telecom operators of their responsibilities to provide a solution. They can either locate their servers in the country or share encryption keys with security agencies and assist security agencies in monitoring these services.
No comments:
Post a Comment