[June 16, 2011] E-services like Gmail, BlackBerry, Skype can't be banned for lack of scrutiny: Cyber Law Panel [The Economic Times, India] Tweet (Economic Times (India) Via Acquire Media NewsEdge) June 16--NEW DELHI -- A government panel set up to examine security threats regarding 15 forms of communications, Gmail, BlackBerry services, Nokia's email offerings and Skype, among others, that cannot be tracked by law enforcement agencies here has recommended that no service be banned purely on the grounds that it cannot be monitored. It has proposed that in the short term, India should force operators offering such services to either locate servers in the country or share encryption keys with security agencies and assist security agencies here in monitoring these services. As a long-term solution, the committee has recommended that the upcoming Central Monitoring System (CMS) be made capable of intercepting any form of communication service offered within the country. It has also endorsed the telecom ministry's stance that the ultimate solution should involve intelligence agencies building up capabilities indigenously to monitor and intercept these technologies. The panel added that security agencies must take the help of companies such as Infosys, TCS, Wipro and Tech Mahindra to build such capabilities. It has said security agencies must first check whether monitoring solutions are available in other counties before threatening to ban any specific communication service. "Before banning or blocking of encrypted communication impact on business and industry, e-commerce, e-governance, e-medicine, e-health, passport services etc should be taken into consideration. Further, banning or blocking services without providing an alternative may have international reactions and could affect other Indian industries such as BPO and IT outsourcing," the panel report, a copy of which was reviewed by ET, adds. The committee, which has members from different ministries, including telecom and IT, has also recommended that India raise its encryption levels from 40 bits to 256 bits-the standard in Europe and the US. Encryption means converting data and emails into codes that travel through the network and later get reassembled into the original form. A higher encryption level will ensure more secure financial transactions on personal computers and cellphones. It is also vital for protection from hackers. Most Western countries do not allow financial transactions on the internet through computers and mobile handsets, if the encryption level is less than 128 bits. India, on the other hand, does not legally allow encryptions beyond 40 bits level on the grounds that its security agencies lack the technological capabilities to monitor data transfers on the internet when the coding is beyond this limit. But the home ministry and IB, whose members are also part of the panel, have not signed these recommendations and have given their dissent note. The IB has said the recommendations by the panel shifts the onus on encryption and decryption from mobilephone companies to the 'designated agency' (CMS) authorised by the home ministry, when 'current experience was that government agencies were unable to track such services'. It has also pointed out that it may be impossible to persuade foreign players to locate servers in India or share encryption keys with security agencies here as recommended by the panel. The IB has also said recommendations must include its point that mobilephone and internet companies must have technologies to block services that are non-decodeable by security agencies. "It is also felt that unless a comprehensive solution to decrypt encrypted messages is in place, the proposal to allow increase in encryption from 40 bits would only make it more difficult for law enforcing agencies," adds the IB note, which has been enclosed with the panel's recommendation. The recommendations by this technical panel, which had looked at encryption services provided by different platforms,firms, handset makers and IT giants, will cheer cellphone firms and internet service providers, all of whom are opposing a directive by the home ministry that mandates operators to provide interception solutions for services they offer to their customers. For generic consumer services, this panel is of the view the government can mandate that servers be located in India or insist that the provider give remote access to servers located abroad to address security issues. ___ To see more of The Economic Times, or to subscribe to the newspaper, go to http://economictimes.indiatimes.com. Copyright (c) 2011, The Economic Times, India Distributed by McClatchy-Tribune Information Services. For more information about the content services offered by McClatchy-Tribune Information Services (MCT), visit www.mctinfoservices.com, e-mail [email protected], or call 866-280-5210 (outside the United States, call +1 312-222-4544) [ Back To TMCnet.com's Homepage ]