MUMBAI - An Indian government request for access to encryption codes that would
let it check e-mails from users of BlackBerry-enabled mobile phones is raising
concerns whether the demand will damage privacy rights. Also in the firing line
is the country's US$1.7 billion and growing e-commerce market, such as online
banking and credit card transactions.
The Department of Telecommunications (DoT) has requested access to BlackBerry
algorithms ostensibly to monitor terrorist communications. The issue is being
thrashed out in the run-up to the March 31 expiry date of BlackBerry's
operating license.
The number of BlackBerry users in India, the world's second-fastest growing
mobile-phone market, is growing along with the country's fast-expanding
economy. About 8.77 million new
mobile-phone connections were made in January 2008 and the country expects to
have over 500 million mobile-phone users within two years.
BlackBerry, a front-runner in offering portable Internet access, has an
estimated 400,000 Indian users, among a worldwide subscriber base of 14
million, according to company data, and its users would include India's most
powerful politicians, industrialists, media professionals, corporate executives
and senior police officials - a treasure house also for political
eavesdropping.
A meeting between telecom industry representatives and government officials on
March 14 to thrash out the controversy passed off relatively peacefully, with
the government dismissing heavy-handed solutions. "We are keen to resolve the
issue at the earliest, but there is no question of banning the BlackBerry
services," telecommunications ministry secretary S Behura told the media.
Even so, India has given Research In Motion (RIM), which owns BlackBerry, and
the country's telecom companies 15 days to enable monitoring of the contents
transmitted on BlackBerrys or stop the service, the Press Trust of India
reported this week.
Canada-based RIM was non-committal on whether with it will part with computer
algorithms needed to decode BlackBerry messages. Srilata Venkatraman, general
manager, operations Digiqom Solutions, which handles press relations for RIM in
India, responded to Asia Times Online with a terse official statement that
said, "RIM operates in more than 130 countries around the world and respects
the regulatory requirements of governments. RIM does not comment on
confidential regulatory matters or speculation on such matters in any given
country."
Rajesh Chharia, president of the New Delhi-based Internet Service Providers
Association of India, termed the government move as "ridiculous". He told local
media that while routine check-ups "are fine with us" if questions of national
security are raised, he was concerned about Internet service providers being
"ridiculously" asked to reduce encryption from the global standard of 128-bit
for online transactions to 40-bit. This makes e-security intrusions and fraud
much easier. The RIM network uses the more advanced 256-bit Advanced Encryption
Standard (AES), prompting the government to ask for the encryption decoding
algorithm.
Encryption involves converting information into a secure format that is
accessible legibly only to the authorized recipient who holds a cryptographic
key that enables decryption of the message. The loss of the guarantee of
sender-receiver privacy that encryption allows will make e-commerce such as
money transfers very difficult, say industry players.
"When someone asks for the 128-bit encryption standard to be lowered, then
e-commerce is at risk," said V Ramachandran, director general of the Cellular
Operators Association in India. Ramachandran told Asia Times Online that his
association is involved in mediation efforts between the government and RIM to
resolve the issue.
The BlackBerry clash arose when the government refused permission for Tata
Group to operate a wireless mobile phone Internet service similar to
BlackBerry. The authorities then asked for BlackBerry algorithms to decode
encrypted emails, supposedly as a security measure in response to government
agencies' claims that terrorists are increasingly turning to Internet-related
communication.
RIM had initially been quoted in the media saying that such a request has not
come from any other country. The Indian move comes soon after the Pakistani
government shut down local access to social networking site Facebook,
ostensibly on religious grounds, raising questions as to whether the
sub-continent's Big Brothers are getting more paranoid about the Internet and
are using national security and religion as pretexts.
Internet-related security has been an increasingly strident issue in India in
recent years following reports of terrorists using cyber-cafes to communicate
with each other. Cyber-cafe customers in metropolitan centers such as Mumbai
and Chennai are now required to submit personal address and telephone contact
details, while some Internet parlor owners in New Delhi demand to see
police-verifiable proofs of identity such as a driving license or passport
photocopy.
While security concerns are legitimate, so too are fears that powerful
electronic snooping can be misused. Both India's central and state governments
are periodically mired in allegations of phone-tapping opposition politicians
and business leaders. On March 10, the Trinamool Congress party chief Mamata
Banerjee in Parliament accused the central government of tapping her phone.
The South Indian daily Deccan Herald in January ran a front-page report with
mobile phone numbers of opposition politicians, journalists and others that
were allegedly being tapped by the intelligence wing of the South Indian state
of Tamil Nadu.
A senior official from the Internet and Mobile Association of India who wished
to be unnamed told Asia Times Online that matters involving PKI (Public Key
Infrastructure, or the encryption mechanism for security of public networks and
issuing online security certificates) are actually with the Department of
Information Technology, and not with the Department of Telecommunications.
The official wondered why the Department of Telecommunications was trespassing
and why there are no protests from both the Department of Information
Technology and its agency, the Indian Computer Emergency Response Team
(CERT-In), which is directly responsible for India's communications and
information infrastructure security. CERT tracks Internet security violations,
online crimes, studies trends, investigates specific incidents, publishes a
monthly security bulletin on its website and posts solutions to plug security
holes. The latest CERT bulletin reports no alarming data to justify the
government pushing any panic buttons.
Local media have also reported that the Department of Telecommunications is
considering asking RIM and cellular phone operators such as Vodafone, Bharti
Airtel and Reliance Communications to create a six-month long mirror image of
all e-mails and data sent on BlackBerry and similar devices in India, a move
that, besides being of dubious legality, could be a logistic nightmare given
that India's Internet and cellular phone-using population is increasing by
millions each month.
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
