If you thought that the Indian government was being unnecessarily paranoid about insisting that BlackBerry and some others provide it with a master key to read encrypted emails and messages that they carried, now the United States government is also speaking in similar language. Indeed, the sweeping new regulations that US law enforcement and national security officials are asking Congress to enact go much, much further: these have the potential of bringing about a sea change in the way that the Internet has functioned till now. But the news of American officialdom seeking new regulations to “tap” Skype, BlackBerry and social networking sites such as Facebook still comes as a bit of a surprise considering the tremendous prowess in cryptography that its National Security Agency possesses — unmatched in the rest of the world. The NSA employs the largest number of cryptographers in the world and most encryption techniques are evolved in America, which only allows the rest of the world access to it after it has mastered the decryption techniques. Indeed, commercial production or availability of any encryption technology is permitted only after it has been decrypted by the NSA’s experts. Much of the world functions on US encryption standards, and there are “haves” and “have nots” in this sphere. The Echelon project — the largest collaborative surveillance effort worldwide — has 18 member-countries; while the Wassenaar project includes 33 countries who exchange data on cryptography technical knowhow, dual-use export controls etc. India is not part of either. India has an Information Technology Act which requires any Internet service provider to supply the decryption in the event that any authorised security agency needs to read or unscramble any communication. The law is not the problem here, but India simply does not possess the technical capability or knowhow to decipher most encrypted messages or mails — which is why is keeps asking BlackBerry and others to provide it with the “keys” to enable this.
In the US, an NGO called Centre for Democracy and Technology has expressed fears that the proposed new American legislation might challenge the fundamental elements of the Internet revolution. It claims such a law will turn the clock back and eventually make Internet services function the way that the telephone system used to in an earlier age. But given the NSA’s tremendous capabilities in this area, the need for the US to have such legislation is truly puzzling. The NGO has claimed the proposed law will invade the individual’s privacy — but the relevant point here is that such privacy was being invaded all along anyway, through programmes such as Magic Lantern and Carnivore. These are two major surveillance techniques used and perfected by the US, which have been around for some time, and against which cases have been filed in the US federal courts by privacy activists. The UK too had such a law allowing monitoring of emails, and so does India. One wonders what the fuss is all about!
But if America, which is so far advanced in this area, is worried about the threat of cyber warfare — possibly from China, also from countries like Iran and North Korea, then India should be truly petrified. Most of this country adheres to US encryption standards — our banks and financial services sector largely work with US products. The Data Security Council of India was established to promote security standards in the country, and IIT Kanpur has developed its own encryption standards — used only in defence for now. We should work harder to develop our own decryption techniques so that we don’t become totally dependent on others in this sector — and aim for the day when we can enforce our laws with our own capabilities.