The past year has seen a tussle between BlackBerry maker RIM and the government of India. The encryption offered by RIM on their BlackBerry services did not allow the security agencies to monitor the email communication over the service. The government threatened to ban BlackBerry for not complying, which resulted in RIM granting the government access to communication over BlackBerry Messenger.
The saga raised more concerns over Internet based communication using services like Gmail, Skype, Nokia Mail and how these security concerns can be addressed. A government committee comprising of members from the telecommunications and IT ministries was setup and they have made the following recommendations:
- Improve upcoming Central Monitoring System's capabilities to intercept communication over these services
- Developers of the Central Monitoring System should consult top Indian IT firms (Infosys, TCS, Tech Mahindra) in improving the system's interception capabilities
- Consider impact of banning or blocking encrypted services on businesses and the industry
- Raise encryption levels in India from 40bits to 256bits
- If an enterprise needs to have overseas email communication servers for its employees in India, remote access to these emails should be provided
- Servers in India would have to be registered with the Department of Telecom and service providers
Some of the recommendations made by the panel are refreshing. The Central Monitoring System as proposed by Telecom Minister, Kapil Sibal, will allow the government to decrypt communications and at the same time not allow misuse of the system. The policies defined in the system will be crucial since questions will arise as to how and when does the government decrypt communication over a service like RIM's BlackBerry and how do private companies like Nokia, Skype, RIM react to their secure communication services being subject to interception by the government.
The Home Ministry and Intelligence Bureau (IB) made the following reservations on the panel's recommendations:
- Proposing that the CMS decrypt communication is a problem since the government's recent experiences show it is difficult to access the encrypted communication
- Raising encryption from 40bits to 256bits will make it all the more difficult to intercept the communication
The IB does have a case as we would go back to square one by making the government attempt decryption and not having the service providers being responsible for decrypting the secure communication. The ministries need to come to some consensus on the technicalities, however, the panel's suggestion of considering impact of banning or blocking a service on facilities like e-commerce and e-governance should be seriously considered.
Regarding encryption, the United States and Europe, encrypted transactions below 128bit encryption aren't allowed whereas in India, encryption of 40bit is allowed. Given the rise of mobile payments in the country, upgrading the encryption level would be beneficial to service providers and the users.
The recommendations and the following reservations show a positive sign in the process of dealing with a sensitive and complicated issue.