My article on BlackBerry Interception by Indian Government, Financial Express issue of Friday, 03 September 2010

My article on BlackBerry Interception by Indian Government

Published in Financial Express issue of Friday, 03 September 2010

A Lot More BlackBerries Out There
By Ravi Visvesvaraya Sharada Prasad


http://www.indianexpress.com/news/a-lot-more-blackberries-out-there/676401/0

http://www.financialexpress.com/news/a-lot-more-blackberries-out-there/676401/0

http://www.indianexpress.com/news/there-are-so-many-ways/676401/


(c) Ravi Visvesvaraya Sharada Prasad, 2010

International Publishing Rights in all media, in all jurisdictions and languages with Financial Express

Reproduction and Forwarding strictly prohibited, except with the prior written permission of the copyright holder and original author, Ravi Visvesvaraya Sharada Prasad



by Ravi Visvesvaraya Sharada Prasad

Tel: {91} 99 90 265 822, 98 118 36 331
p@r67.net r@50g.com



The apparent climbdown by Research in Motion on Monday, 30 August 2010, of permitting two of its services - BlackBerry Enterprise Services and BlackBerry Messenger Services - to be intercepted by India’s intelligence agencies will not prevent determined terrorists. Instead, it will compromise the confidentiality of prominent politicians and corporations.

There are several alternative technological solutions to guard emails and messages sent over wireless networks from being read by intelligence agencies.

For instance, on a smartphone using Google’s Android Operating System (those available in India are manufactured by HTC, Huawei, Samsung, LG, Motorola, Sony Ericsson, etc.), one could run the strong encryption algorithm APG (Android Pretty Good Privacy). Another encryption solution is Secure Email from JADS Ltd (both are available for free). For greater privacy, one can use steganographic packages like MobiStego, which can hide secret messages within video, audio, or picture files.

SMSs can be encrypted on a wide range of phones available in India (Motorola, Nokia, Siemens, Sony Ericsson, etc) using a free program called CryptoSMS.

On its part, Research in Motion continues to maintain that even it cannot decrypt data transmitted between the BlackBerry Enterprise Server and BlackBerry smartphones. This is because the private encryption key assigned to each user is stored only in the customer company’s server (such as Microsoft Exchange, IBM Lotus Domino or Novell GroupWise) and on their BlackBerry smartphone. Data sent to the BlackBerry smartphone is encrypted by BlackBerry Enterprise Server using the private key retrieved from the user's mailbox, using either Advanced Encryption Standard or Triple Data Encryption Standard. The encrypted information travels securely across the network to the smartphone where it is decrypted with the key stored there.


What is surprising is that no politician raised any objections when the UPA government passed a law in December 2008 which made tapping of phones and emails easier.

Prior to the notification of the Information Technology (Amendment) Act 2008 on 5 February 2009, phone tapping was governed by Clause 5 (2) of the Indian Telegraph Act of 1885:


5 (2) On the occurrence of any public emergency, or in the interest of the public safety, the Central Government or a State Government or any officer specially authorized in this behalf by the Central Government or a State Government may, if satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence, for reasons to be recorded in writing, by order, direct that any message or class of messages to or from any person or class of persons, or relating to any particular subject, brought for transmission by or transmitted or received by any telegraph, shall not be transmitted, or shall be intercepted or detained, or shall be disclosed to the Government making the order or an officer thereof mentioned in the order:



Section 7 (2) (b) of the Indian Telegraph Act of 1885 mentions that the government should formulate “precautions to be taken for preventing the improper interception or disclosure of messages”. But ever since 1885, no government, whether British or Indian, had formulated any such precautions.

The People's Union for Civil Liberties filed a Writ Petition in the Supreme Court in 1991, challenging the constitutional validity of section 5(2), arguing that it infringed the constitutional right to freedom of speech and expression, and to life and personal liberty. In December 1996, the Supreme Court delivered its judgment:


“Occurrence of any public emergency" or "in the interest of public safety" are the sine qua non for the application of the provisions of Section 5(2) of the Act. Unless a public emergency has occurred or the interest of public safety demands, the authorities have no jurisdiction to exercise the powers under the said Section. Public emergency would mean the prevailing of a sudden condition or state of affairs affecting the people at large calling for immediate action. The expression "public safety" means the state or condition of freedom from danger or risk for the people at large. When either of these two conditions are not in exercise, the Central Government or a State Government or the authorised officer cannot resort to telephone tapping even though there is satisfaction that it is necessary or expedient so to do in the interests of sovereignty and integrity of India, etc. In other words, even if the Central Government is satisfied that it is necessary or expedient so to do in the interest of the sovereignty and integrity of India or the security of the State or friendly relations with sovereign States or public order or for preventing incitement to the commission of an offence, it cannot intercept the messages or resort to telephone tapping unless a public emergency has occurred or the interest of public safety. Neither the occurrence of public emergency nor the interest of public safety are secretive conditions or situations. Either of the situations would be apparent to a reasonable person.”




From this Supreme Court judgement, it is clear that most instances of tapping of the phones of politicians and journalists were illegal since the essential criteria of “Public Emergency” or “Public Safety” were not satisfied.


But now, Section 69 of the Information Technology (Amendment) Act 2008, which was passed by Parliament in December 2008, drops all references to the essential criteria of “public emergency” or “public safety”, and has thereby circumvented the Supreme Court judgement. Even the Information Technology Act of 2000 only mentioned decryption; interception and monitoring were not mentioned at all there. Section 69 of the new IT Act of 2008 enhances the scope from the 2000 version of the IT Act to include interception and monitoring.


69. Powers To Issue Directions For Interception Or Monitoring Or Decryption Of Any Information Through Any Computer Resource (Substituted Vide ITAA 2008)

(1) Where the central Government or a State Government or any of its officer specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if is satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may, subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information transmitted received or stored through any computer resource.




Moreover, the Information Technology (Procedures and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, which were notified on 27 October 2009, allow far easier tapping than the safeguards formulated by the Supreme Court in 1996.

To sum up, terrorists have numerous avenues to communicate without likelihood of interception. On the contrary, the removal of the essential criteria of “Public Emergency” and “Public Safety” in the amended IT Act of 2008 has permitted a legal situation which is far more detrimental to personal liberty than the 1885 Telegraph Act. Section 69 of the amended IT Act of 2008 could be violative of the Supreme Court’s rulings that a reasonable expectation of privacy derives from Article 21 of the Constitution.



Ravi Visvesvaraya Sharada Prasad, an alumnus of Carnegie Mellon and IIT Kanpur, heads a group on C4ISRT (Command, Control, Communications and Computers Intelligence, Surveillance, Reconnaissance and Targeting) in South Asia.


Ravi Visvesvaraya Sharada Prasad
Tel: {91} 99 90 265 822, 98 118 36 331
p@r67.net r@50g.com

Mailing Address
Ravi Visvesvaraya Sharada Prasad
19 Maitri Apts, CIS Off Soc # 19
A – 3, Paschim Vihar
New Delhi 110 063




Published in Financial Express issue of Friday, 03 September 2010

A Lot More BlackBerries Out There
By Ravi Visvesvaraya Sharada Prasad


http://www.indianexpress.com/news/a-lot-more-blackberries-out-there/676401/0

http://www.financialexpress.com/news/a-lot-more-blackberries-out-there/676401/0


(c) Ravi Visvesvaraya Sharada Prasad, 2010

International Publishing Rights in all media, in all jurisdictions and languages with Financial Express

Reproduction and Forwarding strictly prohibited, except with the prior written permission of Ravi Visvesvaraya Sharada Prasad