Recently, India has been widening its security measures by asking all companies that provide encrypted communications, such as Google, Skype, and BlackBerry, to install servers in India so that its government can more easily obtain users' data. While this may seem like a threat to our privacy, India's push for increased security review comes as a result of the 2008 terrorist attack in Mumbai where terrorists coordinated using cell phones, satellite phones, and Internet calls. With access to data, India will be able to better patrol and protect such data. This sweeping internet security reform also comes at a time where officials are focused on avoiding trouble at the Commonwealth Games, a major sporting event held in New Delhi in October.
The main issue with India's call for companies with encrypted communications to install a server in India is that these companies are concerned with the balance of privacy and security. While it seems that easier access to this data would mean a higher level of protection from encrypted threats such as organized terrorist attacks or malware, the security of personal information for the users must also be strongly considered. Companies with encrypted communications data would have to decide if security is a better choice than privacy. India has made its stance clear through Rajesh Chharia, president of the Internet Service Providers Association of India, saying "national security is supreme over privacy." While Indian officials claim that access to encrypted communications data is for the sole purpose of cracking down on security, I am skeptical that alternate motives are not in place.
In India's battle for direct server access to encrypted data, companies are facing heavy pressures to concede to India's request. BlackBerry, for example, is considering installing a server in India in response to the threat of a two month ban of BlackBerry service. For those companies who have not installed servers in India, there are a few ways they can handle this information security and privacy dilemma. Either the companies give in to India's request for a server and risk data privacy, deny the request for a server and possibly suffer a ban, or try to work out a limited negotiation in which server access does not mean free domain over all encrypted communications data. In my personal opinion, working out a compromise halfway seems to make the most sense and would allow for the greatest balance of security and privacy.
Posts
This blog brings about an interesting topic surrounding the governing of internet and information across country lines. For India, they feel as a government that they have the right to access the information of users of Gmail, Blackberry, and Skype in order to better provide protection against terrorist attacks. India seems to be making a fair claim, however, when we look at this issue from another perspective it seems fair to view Google’s position as a business and resource provider. They are an American company and comply with United States laws. Why should they have to comply with India? Because an international internet governing agency has yet to be compiled, there are vast grey areas for which companies can perform.
ReplyDeleteIn this case, unlike other cases, I think Google and the other companies should comply with India. By providing information to Indian government agencies they are aiding in the possible prevention of an attack like the one that happened in Mumbai using different cell phone and satellite phone services.
The article used in the original post states that Skype complies with local regulations, rather than the regulations of its base-country, Luxembourg. Skype even states on its website that it is possible that users’ “communications and personal data could be stored, monitored, or blocked and made available to authorized local parties, for instance law enforcement, subject to the local legal standards.” Based on this (and looking at it from a business perspective), it seems like at least Skype will comply with whatever the Indian government mandates.
ReplyDeleteThe issue now becomes the effectiveness of the government monitoring communications data. If the mandate is issued, I think that initially, the government will see the results it wants in that certain words will be picked up, schemes will be foiled, and potential threats to national security will be eliminated. Eventually, however, people will find ways to work around “Big Brother.” There is nothing stopping terrorists from plotting an attack on India while they are physically overseas or even right across the border. By the time they are ready to execute the plan in India, the government might be able to pick up on it, but at that point, it is probably too late. Also, because India is so densely populated in cities like Mumbai, the task of patroling all communications seems to be a large undertaking. Of course, national security and protecting the lives of the citizens far outweigh financial investment, but the practicality of implementation should be considered.
After the terrorist attacks in Mumbai, I understand India's need for installing servers. In order to keep their country safe and to prevent another terrorist attack like in 2008, they need to resort to these measures. I also understand that users of such providers like Google, Skype, and Blackberry in India are worried about their personal information being shared and viewed by Indian government officials. With the installation of these servers, the confidentiality established with encryption goes out the window, for lack of a better term. But, government officials in India feel that some privacy must be invaded in order to provide better security for the people. But Google and Skype are worried because by allowing access to encrypted files might bring into question the company's integrity.
ReplyDeleteIt is amazing how the terrorists communicated over the phone and plotted all of their moves. In this new age of technology, people are able to use a Blackberry or Google Mail to plot a terrorist attack, so I feel it is only right for a country like India to be able to see encrypted files from companies so they can try and prevent any further attacks. I just hope they have the right personnel to help uncover any important information deemed harmful to lives' of the Indian people.
To me, this situation very closely parallels Prof. Chapple's discussions in class about weighing the costs and benefits of certain security measures. Here, we have a situation where the line between national security and the rights to privacy for corporations are conflicting. On the one hand, I can totally see why these large American companies with encrypted information want to keep it private. On the other hand, I definitely understand India's concerns. They have more at hand than simply managing a corporation on their land....they have an obligation to maintain high standards of national security for its citizens. I agree with DSTICH that the most realistic solution will be some sort of compromise. However, I do see these companies as having an obligation to provide these servers. This situation is a seemingly large drawback to globalization. If companies like Blackberry want to have capital in countries like India, then they should try to accommodate as many requests as possible. Why, after all, should India's national security be compromised simply because Blackberry has a building there? These are the types of issues that make risk assessment so important in the world of information security today.
ReplyDelete