A little over 25 years ago, India set out to connect every village by telephone through public call offices. Ten years later, in the mid-1990s, cellular phones were introduced. Today, India is trying to connect its 626,000 villages with telecom and broadband services.
This is more than a grand plan to put a telephone in everyone’s hands. It is about connecting India, because that would mean the opportunity to improve education, health and agriculture, and introduce services such as information technology and business process outsourcing (BPO), which have put India firmly on the global leadership map. In a fast changing world, it is critical that India grabs these opportunities. To do so, it needs to keep pace with technological advancements. The recent controversy over BlackBerry services needs to be seen in this context.
Leading global corporations have set up software development, BPO and research and development centres in India because they have the confidence that the data they generate will be safe, thanks to secure networks that allow data to be transferred without risk of being hacked by competition or criminals.
Unfortunately, recent terrorist threats have resulted in a greater need for what is known as lawful interception. As a result, there have been threats to “turn off” the highly acclaimed BlackBerry enterprise services (BES) because it uses secure encryption. Skype, Yahoo and Google have also come under inspection, as has any VPN (virtual private network) that transmits encrypted data.
Close scrutiny and demands for unlimited access at any time by law enforcement and investigating agencies are both understandable and a serious concern: Understandable, because every nation must have the right and the means to defend itself; a concern, because unlimited and free access to any agency is susceptible to misuse. That is a risk no business will take, particularly when the weakened security also creates the risk that their data could be hacked.
What is needed is a more balanced approach for lawful interception, as in the US and the UK, where interception is facilitated through a combination of intelligence-gathering and profiling of suspects without crippling legitimate business.
As Sam Pitroda put it eloquently in a recent interview: “On the one hand, we have a lot of opportunities and, on the other, we have a 19th-century mindset, 20th-century processes and 21st-century needs.”
While no one can deny the need for law enforcement and investigative agencies to monitor and intercept potential threats, the call for a ban on BES and potentially other VPNs appears to be unreasonable and draconian. It is not that Research In Motion (RIM) won’t give the keys to decrypt the encrypted data; it’s just that it can’t.
BlackBerry has been around for some years and is popular in countries across North America, Europe and many parts of Asia. Many of these countries, too, are under constant threat from terror. Yet none of them, despite being very security conscious, has called for a ban on BlackBerry. This makes some people suspicious that RIM has somehow provided other countries with decryption keys that can be used to intercept emails sent through a BlackBerry in a readable form. This is a misplaced assertion for two reasons.
One, what would RIM gain by hiding this knowledge from only certain governments? It would be so much simpler to simply grant the access and move on.
Two, one only has to study BlackBerry’s encryption technology to realize that data transmitted between BES and BlackBerry smartphones is encrypted using highly advanced encryption standards. Private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Each secret key is stored only in the user’s secure enterprise account and on her BlackBerry smartphone. The encrypted information travels securely across the network to the smartphone where it is decrypted with the key stored there. Data remains encrypted in transit and is never decrypted outside of the corporate firewall. As a result, no third party, not even RIM, has the keys to unlock or decrypt the encrypted data.
In a connected world, governments will have to work carefully to balance national security interests with commercial security needs. The challenge of misuse is rooted not just in one device or technology, but in society in general. The solution to this threat lies in collective intelligence by investigating agencies with the cooperation of industry, civil society and law enforcement agencies. All have to come together, so that the legitimate needs of legitimate users remain uninterrupted, while any misuse is intercepted.
To my mind, we need to implement the following on a fast track:
Upgrade and modernize intelligence and investigating agencies so that they are equipped with the latest tools and technologies to intercept data
Provide organizations such as the National Technical Research Organisation with the requisite funding to enhance their capabilities so that they can assist law enforcement and investigating agencies
Prepare a lawful interception policy that can be implemented uniformly and with the full cooperation of industry in a way that supports the needs of investigating agencies and protects the data security needs of corporations
Bans and calls for bans are simply not a solution, otherwise India will be disconnected from the world. We cannot afford to allow that to happen —because then, terror will have won without even firing a bullet.
S Ramadorai is vice-chairman and former chief executive officer, Tata Consultancy Services Ltd
Comments are welcome at firstname.lastname@example.org