Thursday, February 3, 2011

Encryption Is A Feared Technology In India

National security should be strengthened by technology and not threatened by it. In fact, technology seldom threatens national security but only strengthens it. Still governments all over the world are trying to make technology a villain and are using the façade of national security to suppress it.

Recently, Google, Skype and Blackberry were in news for their encryption technologies. Google was asked to surrender the encryption keys of its Gmail that it, rightly and boldly, refused. Skype has not yet been officially contacted regarding its encrypted VOIP services. Research in motion’s (RIM) Blackberry, on the other hand, is in continuous controversies.

Although Blackberry has agreed to provide real time and in plain text access to its messenger services through a cloud computing environment in India yet it has expressed its inability to provide encryption keys residing at user’s servers for its enterprise services. Another deadline passed as Blackberry did not provide the encryption keys to India.

India’s intention to curb cyber security capabilities of Indian citizens became apparent when the sole cyber law of India, i.e. information technology act, 2000 (IT Act, 2000) was amended by the information technology act, 2008 (IT Act, 2008).

The government was quick enough to confer upon itself and its agencies wide and unregulated e-surveillance and Internet censorship powers, but it deliberately avoided incorporating necessary safeguards to prevent abuse of these powers. Till now we do not have such safeguards.

Even procedural safeguards and applicability regarding encryption norms in India have not been incorporated by the government till now. There are no rules regarding encryption standards under the amended IT Act, 2000.

India should not fear encryption and should not sacrifice the cyber security of its crucial organisations and systems. Criminal elements and terrorists have better methods than using mere Blackberry, Skype or Gmail. Leave these companies/services alone and develop actual cyber security capabilities so that cyber criminals and terrorists can be arrested before they engage in their nefarious activities.