Look who wants to read your emails - the Indian government!

Written on Tuesday, March 18, 2008 by Gemini

When Canadian company Research In Motion (RIM) launched BlackBerry in 1999, within no time the revolutionary mobile device that enabled users to browse the Net, read emails in real-time and send fax documents earned the nickname, CrackBerry, an allusion to its notoriously addictive features. Like all secure internet services, RIM uses an encryption code that scrambles the email messages sent out from a BlackBerry device and then unscrambles it again when the message reaches its target. Only, Blackberry uses a highly complex algorithm for the purpose — a 256-bit advanced encryption standard process. The Intelligence Bureau (IB) of The Government of India allegedly can decode messages with an encryption level of up to 40 bits. (According to cyber security experts, there’s a rigid decryption technology hierarchy in the world: The US has the most advanced software, Europe gets tech that’s one generation behind and countries like India have even older decoders.)

So, if intelligence agencies cannot crack BlackBerry’s email code, they can still do one of two things — get the government to force RIM to scale down its encryption code to 40 bits, or better still, ask for the “keys” that will unlock the code. The Section 69 of the IT Act, 2000 does give the government the power to intercept electronic information, but such sweeping surveillance is clearly stretching the law. And, what impact will it have on ecommerce? People will be extremely concerned about sending business details through the Net. For instance, the licensing norms for ISPs in India were created in 1998-99. Accordingly, licenses issued to ISPs forbid encryption above 40 bits. Today, a 40-bit code can be cracked in no time. A browser like Internet Explorer 7 has a 128-bit code. So, any web provider using an encryption of over 40 bits has to provide the keys to the government. This means that the government has the means to track transactions and correspondences in these websites — an access it doesn’t have in the BlackBerry platform since the ISPs providing these services were, for some reason, never asked to hand over the encoding key.

Terror organizations are constantly changing their footprint and upgrading their technology. Today if we have tracked say, 555 web-pages linked to the terror network, tomorrow they may all disappear and return modified. It’s a nightmarish scenario for security agencies. However, the powers of surveillance can be misused. That’s a devil you have to live with. Unfortunately, the legal and political framework needed to check misuse of cyber-snooping by our politicians is lacking in the country. That’s a point many cyber experts are making. Can the intelligence agencies ensure fairplay? People may be willing to give up some of their civil liberties for dealing with the security threat to the country. But there should be a clear-cut policy framework and laws on what kind of invasion is lawful and what’s not. Clearly, there’s room for legislative action and transparency in cyberspace.

SHORT CUT TO ENCRYPTION

What? – In IT, encryption is a software that uses advanced algorithms to scramble a message being sent out in cyberspace. The message is unscrambled when it reaches the recipient.
Why? – It’s a security measure to prevent internet data being read by unintended persons.
Who Uses It? – All web browsers, e-commerce, banking sites and email service providers use encryption software to ensure secure transactions and confidentiality.
Does It Change? – Yes, encryption technology is constantly evolving. A few years back, codes that were 40 bits long were considered safe. Now, 128-bit codes are default in most sites. BlackBerry uses a more advanced 256-bit algorithm.
Can It Be Cracked? – Software can be developed to crack encryption codes. Security agencies use these to monitor data flow in cyberspace. Obviously, longer codes are harder to crack.
What Is A Key? – This is the sequence of bits used by an encryption algorithm to scramble a message and put it back again. It unlocks the code.