Roopinder Singh
BLACKBERRY blinked first, and the government gave it a 60-day reprieve to find a way to meet India’s internal security concerns. It also lifted the impending ban on some BlackBerry services in India. Soon thereafter, the government announced that it would also ask other service providers to ensure that they comply with laws that require them to provide access to security agencies in India.
The genesis of the present showdown goes back to the horrific Mumbai terrorist attacks of November 26, 2008, in which cell phones, satellite phones and other electronic devices were used by the terrorists and their handlers. The government then decided to act in a decisive manner such that it would have access to all forms of electronic data that goes out of India.
Unlike other service providers like Google Inc, Nokia and Microsoft Corp, BlackBerry uses its own servers and security software, as well as centralised data centres for its customers. It thus became the primary target of security forces, even though none of the terrorists had actually used a BlackBerry device. Other service providers use encryption software made by specialised companies like Symantec Corp and McAfee Inc, more familiar to Indian users as the main providers of anti-virus software.
BlackBerry also provides its corporate customers a server called the BlackBerry Enterprise Server (BES) which encrypts mail according to special software “key” that is set up by the customers. It is because of this feature that BlackBerry says that it can’t provide any “open-all” access key, because there is simply no such key.
On the other hand, the government maintains that it must have the ability to monitor the data sent across the servers because of national security concerns and to prevent criminals from using BlackBerry phones to transact business. One way out is that BlackBerry could install an “eavesdropping box” on each BSE, and give the agencies access to that box.
By far, India is not the only country that has issues regarding BlackBerry. France, Saudi Arabia, the United Arab Emirates, Lebanon, Kuwait are among the nations that had had security concerns regarding BlackBerry services.
The government has also asked other service providers to install servers in India. Nokia has announced that it will do so soon, and now the Gmail and Skype are also being specifically targeted. Once the servers are in India, their operators have to comply with Indian laws, and thus cooperation will become more proactive.
While the security concerns have been addressed, the larger question of providing privacy to the users remains. Indian citizens are well within their right to demand that a proper, transparent and effective system be set up to ensure that the security agencies do not misuse the access granted to them.
The Intelligence Bureau and the National Technical Research Organisation are the two organisations that will primarily deal with electronic surveillance. They will thus be empowered tremendously. With power comes responsibility. The government should have transparent and universal norms, proper procedures and oversight to prevent abuse of power that such access would give.
A system of adequate judicial supervision should be chalked out to ensure that only those specific phones or e-mail IDs are tapped which are justified and necessary. Sometime ago, illegal tapping of mobile phones was exposed by the media. It raised a storm, even in Parliament, but there is no information on what is being done to prevent such incidents in future. The government must ensure accountability among the security agencies.
Individual privacy should be inviolable, unless it is breached for specific legal reasons. Data integrity is crucial to all kinds of transactions, including business transactions which have made BlackBerry phones a preferred choice of the corporate world. The independent BEE servers provided a lifeline to the survivors of the 9/11 New York tragedy, and it became the only network that continued to work even in that trying time.
But then, as BlackBerry, Google and Skype must also realise, while at one level, the world is increasingly borderless, at another, it is not so -all have to conform to the law of the nations they operate in. They must demonstrate their commitment to the security concerns of these nations and work out ways in which they can continue to provide the best service possible to law-abiding users there.
This article was published on a special Oped page of The Tribune devoted to Cyber security on September 6,2010