Showing posts with label Encryption Policy Of India. Show all posts
Showing posts with label Encryption Policy Of India. Show all posts

Wednesday, January 11, 2012

Electronic Authentication Policy Of India

Electronic authentication (e-authentication) is a very useful service provided it is safe, secure and reliable. Similarly, e-authentication must also be supported by a sound legal framework that governs its uses and abuses.

We have no e-authentication policy in India. Even we have no legal framework for e-authentication in India. Although some efforts in this regard were made through the Aadhar project of India yet the very constitution and functioning of Aadhar project is unconstitutional. For some strange reasons, the unique identification authority of India (UIDAI), which is managing the Aadhar project, thinks that it is above constitution of India. This attitude of Aadhar and UIDAI has brought it to a stage where it is about to be scrapped.

So as on date we have no legal framework for e-authentication in India, no authority that can deal with e-authentication in India and no policy framework for e-authentication in India that has been implemented at the national level. If this is not enough, we have no encryption usage policy of India that can ensure cyber security of e-authentication in India.

If both cyber security in India and use of encryption in India are missing, the credibility of any e-authentication system is in great doubt. Possibility of data breaches and cyber attacks cannot be ruled out. Securing of critical national infrastructure of India from cyber attacks has still not achieved and introducing an e-authentication system without robust cyber security is not a wise move.

The cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB) indicate that cyber security in India is still ignored by various stakeholders. Whether it is banks or strategic computers of Indian government, all of them have proved to be vulnerable to cyber attacks.

E-authentication is also useful for providing mobile banking services in India. Cyber security of Internet banking in India is still poor and e-banking risks in India are abundant. Mobile banking cyber security in India is still to be established before it can be explored in India.

E-authentication cannot succeed in India till we take care of various techno legal policy issues. Without removing various obstacle of e-authentication, using the same in India would create more problem than solutions providing.

Tuesday, December 20, 2011

Intelligence Gathering In India Is Unconstitutional

Intelligence gathering and fighting terrorism are essential national security and sovereign functions. They cannot be equated at par with other governmental functions. That is the reason why every country provides some extra protection and immunity from public scrutiny to such functions.

None can doubt that Indian counter terrorism capabilities need rejuvenation. We have an obvious but unresolvable terrorism dilemma in India. With the growing use of social media by cyber criminals and terrorists, the intelligence agencies world over are engaging in open source intelligence through these social media and platforms.

However, the real problem is that in India intelligence agencies and law enforcement agencies are practically governed by no law. Whether it is Central Bureau of Investigation (CBI) or Intelligence Agencies of India, none of them are presently “accountable” to Parliament of India.

Even the constitutional validity of national investigation agency act, 2008 is still doubtful. Further, India does not have a constitutionally sound lawful interception law. Phone tapping in India is still done in an unconstitutional manner and at times by private individuals as well.

E-surveillance in India, websites blocking in India, Internet censorship in India, etc are also not done a strictly constitutional manner. Till now Indian courts have not tested the acts of intelligence agencies of India on the touchstone of constitutional protections. There is no e-surveillance policy in India and protection of human rights in Indian cyberspace has still not been considered by Indian government.

In fact, intelligence infrastructure of India has become synonymous for non accountability and mess. There is neither any parliamentary oversight nor and transparency and accountability of the working of Intelligence Agencies of India. Intelligence infrastructure of India needs rejuvenation keeping in mind the constitutional obligations.

A private Bill titled Intelligence Services (Powers and Regulation) Bill, 2011 was circulated in the last session of the Parliament. However, instead of discussing the same in the current Monsoon Session (August 2011) and winter session (December 2011) of the Parliament, Indian Prime Minister Dr. Manmohan Singh has announced that Law on Intelligence Agencies would be formulated soon.

The national intelligence grid (Natgrid) project of India is also without any constitutional safeguards. The Cabinet Committee on Security (CCS) has also given only “Partial In Principle Approval” to NATGRID Project. Since NATGRID Project is not supported by any Legal Framework and Parliamentary Oversight, the “Crucial Stages” of NATGRID Project has not yet been approved by the CCS. Thus, NATGRID Project of India is still in troubled waters as lack of Privacy Laws and Data Protection Laws has put it in doldrums.

On top of it we have the proposed central monitoring system (CMS) project of India that has been proposed without any parliamentary oversight. Further, stress upon Internet kill switch is also given by India without realising that Internet kill switch is not a solution to cyber threats. Anti Internet kill switch measures are needed to prevent Indian government from taking recourse of any such unconstitutional and draconian action.

Finally, intelligence gathering skills developments in India are far from satisfactory. Intelligence agencies of India are insisting upon use of 40 bits encryption level in India. This has been suggested so that surveillance of Internet traffic in India is possible. However, e-surveillance is not a substitute for cyber skills. Encryption policy of India is urgently needed to resolve all these issues.

Presently, Indian government and intelligence agencies of India are engaging in many unconstitutional activities that are not subject to any parliamentary or judicial scrutiny. It is high time to bring some order in the chaos created by this situation unless it is too late.

Saturday, November 26, 2011

Surveillance of Internet Traffic In India

E-surveillance in India is no more a secret as Indian government is openly engaging in e-surveillance activities. This is despite the fact that an unregulated and unguided e-surveillance is violating the civil liberties protection in cyberspace in India.

Now e-surveillance is proposed to be expanded to even mobile infrastructure. The cell site location based e-surveillance in India is also in contemplation. Cell site data location laws in India and privacy issues are once again bypassed for this proposal. Even the e-surveillance policy of India is missing that can provide some safeguards against illegal and unconstitutional e-surveillance in India.

Similarly projects like Aadhar project of India, central monitoring system project of India, etc are also intended to strengthen the e-surveillance capabilities of India without and constitutional safeguards.

On the top of India, India is trying every possible method to discourage the cyber security initiatives like encryption. Encryption policy of India is missing and so are encryption laws in India.

Now Indian government has forced the telecom service providers and internet service providers (ISPs) to deploy monitoring equipment for surveillance of internet traffic as per the conditions of the respective license agreements and as per the requirements of security agencies. At present, indigenous internet monitoring systems are being deployed in the network of ISPs.

Based on the feedback and traffic projections provided by the ISPs, the internet monitoring systems are upgraded and deployed continuously as per the requirement of security agencies.

India needs to upgrade its intelligence infrastructure that is in real mess. Intelligence agencies need to develop intelligence gathering and analysis skills so that situations like the present one can be taken care of. E-surveillance is not a substitute for cyber skills and Indian government and its agencies must realise this truth as soon as possible.

Even by forcing the telecom service providers and ISPs to filter internet traffic at large would not serve any purpose. Cyber criminals and terrorists are already well aware to use sophisticated technology to hide their tracks. This exercise would only violate the civil liberties of law abiding citizens.

Fortunately, Yahoo has dragged Indian government regarding e-surveillance to the Delhi High Court and a judicial scrutiny of e-surveillance in India may be possible. Time has come to consider all these aspects in detail and at the highest levels by the Indian government and parliament of India.