|Get those pigeons now|
|Tuesday, 05 July 2011 00:00|
It says volumes for how basic the functioning of India’s security agencies is that the home ministry has given the telecom ministry a list of 14 services—from the ubiquitous Gmail to video chats, push mail, Skype and so on—that should be banned if their data is not made available to the security agencies in “readable, understandable, printable and audible format”. The telecom ministry has done well to point out that, should this be done, it will seriously set back the country’s progress since encryption is almost a way of life now, right from the time you access a bank account on the Internet to applying for a passport online; then there’s the entire BPO business out of India that can get affected. Since, at the end of the day, the issue boils down to the level of encryption that is allowed—a lower level of encryption makes it easier for intelligence agencies to decipher the communication—the telecom ministry is correct in saying that the 40-bit encryption allowed in India is very low and that other government institutions like RBI and Sebi mandate higher levels of encryption for banking and financial services; most e-commerce, for instance, takes place at 128 or 256 bits.
It can be no one’s case, that national security is not important, but it’s worth keeping in mind that countries like the US which have equally pressing national security concerns allow such services—the key, as the telecom ministry has pointed out, is that Indian sleuths need to raise their game, to get capabilities to decrypt information sent out at higher levels of encryption. While the solutions proposed by sleuths that service providers be forced to set up servers in India or deposit their ‘keys’ look reasonable, they too are behind the times. The BlackBerry, for instance, generates one-time keys automatically for each transaction, so there’s nothing a server in India will do; and it is not possible to deposit any ‘keys’ to decrypt either—this applies to several other such transactions as well. BlackBerry’s solution, evidently not found suitable as yet, is to offer data to security agencies (after suitable authorisation has been given) on the size of data transfers between suspects who are being monitored—for the actual data, all that BlackBerry or any other provider can offer, is the IP address of the users’ server; after that, it’s up to the security agencies to get the data. Perhaps Indian sleuths would do well to spend time with their US counterparts to figure out how the latter deal with such issues, given that banning is not even among the list of available options.