Blackberry, G Mail And Skype May Not Be Banned In India

Blackberry, Gmail and Skype have been asked to provide encryption free services in India. When these companies conveyed their inability to do so, Indian government warned them of banning their services in India. Subsequently, India issued directions to telecom service providers forcing them to drop Blackberry’s services if Blackberry does not provide free and unencrypted access to its services in India.

This episode has happened because we have no lawful interception law in India, no encryption policy in India, no effective telecom policy in India, a draconian and ineffective cyber law of India that needs urgent repeal and many more such factors.

According to Praveen Dalal, managing partner of New Delhi base law firm Perry4Law and leading techno legal expert of India, India is the only country of the World where Phone Tapping and Interceptions are done without a Court Warrant and by Executive Branch of the Constitution of India. Phone Tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” for Phone Tappings and Lawful Interceptions. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more, informs Dalal.

While none can doubt about the National Security and Law Enforcement Requirements yet they must be “Reconciled” with Fundamental Rights of Indians, says Dalal. Further, Intelligence Infrastructure of India also needs urgent rejuvenation, suggests Dalal. Recently the Home Ministry of India asked the Departments of Telecommunication (DoT) and Department of Information Technology (DIT) to examine the existing legal framework and recommend appropriate amendments of the laws to ensure smooth access to services like BlackBerry and Skype.

DoT has now clarified its stand in this regard and it is against the proposal of discontinuing about 14 communication services that intelligence agencies cannot track currently. Further, DoT is also not in favour of imposing responsibility upon mobile phone companies to provide assistance to decrypt all the services they provide.

Keeping in mind this latest development, it can be assumed that services of Blackberry, Gmail, Skype, etc would not be banned in India for some more time.

However, Indian intelligence agencies and law enforcement agencies must concentrate upon skills development in India. Further, one thing that Indian intelligence agencies must develop on priority basis is techno legal Intelligence gathering skills development. Encrypted services in India are going to stay and law enforcement and intelligence agencies must develop skills to deal with the same in future.

The New National Telecom Policy Of India 2011

The first National Telecom Policy of India was written in 1994. It was subsequently reformulated as the New Telecom Policy in 1999 and was also amended in 2004. Now proposals have been given to formulate National Telecom Policy of India 2011.

The Telecom Policy of India has been in controversies like 2G scam in the past. The present Telecom Policy of India is anti common man. It is going against the interests of telecom consumers of India. India needs consumer friendly telecom policy to break the vicious circle that has engulfed the telecom sector of India, says Praveen Dalal, managing partner of Perry4Law and leading techno legal telecom expert of India.

Similarly, in the name of national security and cyber security, companies like Gmail, Skype and BlackBerry have been troubled a lot in India. The biggest problem creator is the encryption issues that are not acceptable o the intelligence agencies of India.

Encryption is an unresolved enigma in India. We have no encryption laws in India and despite the suggestions of many experts’ encryption laws and regulations in India are still missing. Encryption has also become essential due to faulty electronic sniffing and e-surveillance approach of India.

Of late, India is pressurising Research in Motion’s (RIM) Blackberry for providing unencrypted e-mail and telecom communications in India. By threatening to ban Blackberry services in India, the government has already obtained access to Blackberry’s messenger services. Now India is forcing the telecom service providers of India to drop Blackberry’s services if it does not provide free and unencrypted access to its services in India.

In this entire quandary, Indian government has not paid attention to the real issues. Issues like Consumer Friendly National Telecom policy of India, Telecom Security of India, establishment of Telecom Security Council of India, establishment of Telecom Security Regulatory Authority of India (TSRAI), etc must be considered by Indian Government in general and Ministry of Communication and Information Technology (MCIT) in particular on a “priority basis”, suggests Praveen Dalal. Further, Telecom Security Policy of India must also be formulated as soon as possible as India has already taken more than enough time in this regard, suggests Dalal.

We have no telecom security policy in India. There is no mechanism in India through which telecom hardware and software can be analysed for backdoors and malware. In these circumstances, formulating an Indian telecom security policy is urgently required.

The new telecom policy of India 2011 must incorporate all these suggestions in order to be effective. If we need to eradicate corruption that is marring the present telecom sector of India, we must take bold and immediate steps in this regard.

Mobile Cyber Security In India

Mobile phone has become an important aspect of our daily lives. We use mobile phone for multi purposes including mobile banking and mobile governance. With the use of third generation spectrum, even better, speedier and more productive use of mobile phones is now possible.

However, of all the benefits of use of mobile, we cannot ignore the risks associated with it. For instance, the mobile banking in India is risky as the present banking and other technology related legal frameworks are not conducive for mobile banking in India.

Similarly, we do not have a well developed e-governance infrastructure in India. Naturally, India is still not ready for m-governance. India does not have any infrastructure, legal framework, policies and strategies and most importantly expertise to implement these ambitious projects.

The biggest hurdles before the mobile related uses in India pertain to use of weak encryption standards and non use of mobile cyber security mechanisms in India, informs Praveen Dalal, managing partner of New Delhi based law firm Perry4Law. Absence of encryption laws in India has further made the mobile security very weak in India, says Dalal.

Mobile viruses and worms are further increasing the woes of mobile users’ world wide, claims Dalal. Recently 50 applications within Google’s official Android Market were found to be contaminated with DroidDream malware. The malware stole sensitive information like phone’s International Mobile Equipment Identity (IMEI) Number and the SIM card’s International Mobile Subscriber Identity (IMSI) number. It then sent it to a command-and-control server, informs Dalal. Similarly, other spyware and bugs are also infecting mobile phones worldwide

Instead of making the encryption requirements redundant and weak, India must concentrate upon further strengthening the same for better and secure mobile communications. Governments of most developed countries allow the usage of strong encryption standards ranging from 128 bits to 256 bits or more to ensure the security of sensitive information exchanged via Internet and other networks. However, India is still clinging to 40 bits encryption standards for the simple reason that intelligence and security agencies of India are not capable enough to break strong encryptions.

In fact, threats have been issued by Indian government to services providers providing encrypted mobile, e-mail and VOIP services. Gmail and Skype have been asked to provide the encryption keys to Indian government and its security agencies. However, neither Google nor Skype have admitted of receiving any such communication. India is also indirectly pressurising Blackberry to help India in its e-surveillance activities. These actions of Indian government would only make mobile security weaker.

Indian population is still not interested in mobile cyber security and if the default encryption protection is also taken away, mobile usage in India is definitely going to be suffered from malware attacks and cyber attacks. India must urgently concentrate upon mobile security so that these infected mobile cannot be used by criminals.