Once again the 400,000 BlackBerry users in the country are worried that services might be stopped by an overenthusiastic government citing security concerns. This comes with fresh inquiries from the department of telecom seeking answers in a few days. This was days after the relief announcement by the telecom secretary on 14 March after a meeting with the six cellular telecom operators currently providing the service and BlackBerry manufacturer Research in Motion (RIM). At the heart of the controversy is the debate raging about the lawful interception of data and privacy concerns, but it’s a long way before the actual resolution of the dispute can take place. Many countries are grappling with the issue, although Indian security agencies are being seen as too aggressive.
Communication through this medium is encrypted at the 256-bit level and traffic lands at servers of RIM in Canada with the operators in India having mirror servers, but not any insight into the content of the traffic.
While security agencies have access to email traffic via Internet service providers (ISPs) in India, they do not have access to emails sent via BlackBerry, mainly due to the fact that decryption solutions are not available to them for that level of encryption. Licensing conditions are not very clear about the issue of email traffic via BlackBerry.
The government and security agencies have to consider the threat factor realistically. All BlackBerry users are post-paid subscribers whose identities have been well verified by the operators and in turn recorded with the agencies. The security agencies should instead be concerned about strengthening the verification process for mobile connections, often made by using false documents. The agencies cite past instances involving Yahoo and Google when they got a poor response. So, when such an eventuality arises, they don’t want to be kept waiting to get the relevant data.
Globally there have been concerns about balancing lawful interception and privacy concerns. Today, so much sensitive business information is exchanged through communication networks that it’s not prudent to monitor such communication in an intrusive fashion. Privacy of users has to be respected in the widest sense. At the same time, whenever there is any doubt or indication that the network is being used for unlawful activities, law enforcers can step in.
So far, the support of ISPs has been very good. In the present situation, there could be a way to get moving. RIM could store email traffic in some server in India that could be accessed by the agencies under special circumstances. The other solution would be the agencies getting decryption keys. That would need an agreement between the governments concerned.
In India, rightly there is no law allowing blanket snooping into Internet traffic at all times. Section 69 of the Information Technology (IT) Act, 2000, allows the controller of certifying authority under the department of IT to intercept email messages only if they affect the sovereignty and integrity of the country, friendly relations with foreign states, public order, or for prevention of a cognizable offence or inciting it. Hence, the essence is interception under some serious and specific situations, but not under all circumstances. While deliberating the proposed amendments to the IT Act to be introduced in the latter half of the Budget session, the standing committee of Parliament on IT has also not recommended any extension of this provision of snooping in all situations, although it has made the observation that state governments should also be allowed to intercept email messages under similar conditions that allow the Union government to do so.
Subimal Bhattacharjee writes on cyber security issues. Comment at email@example.com