Warning: Creating default object from empty value in /nfs/c03/h07/mnt/56080/domains/filtercoffee.nationalinterest.in/html/wp-content/themes/canvas/functions/admin-hooks.php on line 160
Archive | July, 2013

Where is the Difa-e-Pakistan Council?

Why the silence?

It’s been over half a year since we’ve heard from that wonderful consortium of crazy people, the Difa-e-Pakistan Council (DPC).  There haven’t been any news reports of large rallies of the sort held by the DPC last year.  Even when tensions with India mounted in January this year as a result of the killing of Indian troops along the LoC, there was no agitation of the sort one had come to expect from the DPC.

There are some reports that the DPC continues to be active and operating in stealth mode.  We are told that the U.S. Ambassador to Pakistan, Richard Olsen met with DPC’s leader Sami ul-Haq this past month and requested his assistance in DC’s ongoing attempts to negotiate with the Taliban.  The DPC may be working behind the scenes, but the drive to mobilize public sentiment in favor of hardline causes seems to have fizzled out.

Mujahid Hussain’s piece in the Viewpoint potentially offers some clues as to why:

According to well placed reports, it has been decided at a high-level meeting that the Defence of Pakistan Council [Difa-e-Pakistan Council] would not be allowed to hold rallies in major cities of Pakistan as the leaders of the Defence of Pakistan Council are adding to the country’s external problems.

This meeting was held at the Presidency. A high-ranking military representative was also present. However, the military representative remained non-committal during the meeting.Jamat-ud-Dawa, responsible for arranging all the rallies and meetings of the Defence of Pakistan Council, and Jamat’s head, Hafiz Saeed, are known for their extremist views. Given this background, Pakistan is facing disturbing situation at the external front.

However, the powers that be do not want to render the Defence of Pakistan Council ineffective even if the Ministry of Foreign Affairs has already warned that the Defence of Pakistan Council is harming Pakistan’s interests at external front.

Most likely, a terrified civil government will beg the GHQ and request the military leadership to help rein in the Defence of Pakistan Council. [The Viewpoint]

The DPC’s members themselves have been anything but inconspicuous in the media.  Gen. Hamid Gul lauded Pakistan’s sheltering of Osama bin Laden for almost a decade, Hafiz Saeed, who carries a bounty on his head, used ill-conceived statements by Satish Verma to claim innocence on 26/11 and Maulana Muhammad Ludhianvi is spearheading a pogrom against Pakistan’s minorities

But it appears that the burner has has been reduced from hot to simmer.  The utility of the groups that constitute the DPC hasn’t been forgotten by the powers-that-be in Rawalpindi; yet there appears to be some sort of attempt to check the hitherto unbridled freedom with which the DPC operated.  It is an old game that the generals at GHQ think they have mastered.  The operative word there being “think.”

Read full story · Comments { 1 }

Calling all stations

Why are Indian “techies” conspicuously absent from India’s debates on cyber-security?

In an attempt to regulate conduct and provide security over electronic media, the Indian government enacted the Information Technology (IT) Act (2000) and implemented the Central Monitoring System (CMS).  The IT Act, which contains clauses such as Section 66A, which challenges the spirit of the Constitution of the country, was passed in Parliament with no debate.

Similarly, the CMS, whose mandate encompassed the lawful interception of telecommunications and Internet traffic, was implemented at an initial cost of well over $120 million.  We are now given to understand that due to technological limitations, the scope of the CMS, at least in the interim, will be restricted to the interception of telecommunication and unencrypted Internet traffic.  OK, except freely-available open-source security tools and a pool of cyber-security professionals could deliver results sought by the restricted mandate of the CMS at a negligible cost.

The question that emerges is this: did the government of India (and those that advise it) know of the inherent technological limitations that inhibit full-spectrum interception of electronic data?  If they didn’t, we should be astounded by the level of incompetence.  If they did, India’s citizens should be challenging wasteful expenditure towards a program whose mandate no one appears to be able to deliver upon. Curiously, much of the public debate on cyber-security in India seems to be led mostly by legal experts or by open society advocates.  But where are India’s technophiles?  Why is there almost no articulation of the technological challenges such a program presents to those that govern us?

We are told that India is a global software leader and that IT and IT-enabled service sectors provide employment to millions of citizens. Indians are taking to the Internet at a faster rate than any other major economy in the world; India’s mobile penetration rate is off the charts at 70 per cent (870 million subscribers).

Heck, the IT revolution in India has also led us to coin and mass-accept the term “techie,” used by almost no one else in the world in that context (a “techie” in the U.S., for example, is technician involved in setting up sound and lighting for film/TV production sets).  An army of Indian technophiles dominates social media and multi-media sharing websites such as Youtube.  Yet, these technophiles have been silent in an already-muted debate on the governance of cyberspace in India.

This is not to say that legal experts and open society champions have no role to play in in the discourse.  Indeed, legal experts and open-society advocates provide perspective and expertise that others in India may not have.  Their participation in the debate, therefore, is not only beneficial but essential.  At the same time though, we are missing critical perspectives from technology experts if legal and open-society advocates continue to dominate the discourse as they do now in India.  The narrative of the discourse today is skewed in favor of debates over privacy and the spirit of the Constitution and doesn’t feature in any meaningful way, critiques of the government of India’s approach from a technological standpoint.

It should be a matter of concern that India’s broad and vibrant base of technology professionals is mostly absent from debates on how India governs technology.  What do we put this down to — a lack of awareness?  Or disinterest?  More importantly, what can we do to entice them into participating and enriching the discourse?

Read full story · Comments { 2 }

The Indian army’s new strike corps

Five key questions that the country’s leadership must answer.

The Cabinet Committee on Security (CCS) gave its approval last week to the raising of a mountain strike corps along the border with China.  The Indian army’s only “China-centric” strike corps — first mooted in 2009 — will reportedly cost Rs. 62,000 crores (about $10 billion) and will raise over 45,000 soldiers.  Reaction to the announcement has been mixed; some commentators were encouraged by the government’s move, while others have taken the view that the reaction is latent and cannot mask the very real structural challenges that India’s armed forces face today.  China’s own reaction to the announcement was muted.

Indeed, opinion was also divided among friends and INI colleagues.  However, after vigorous debate via email, the following questions were arrived at that the powers-that-be ought to be answering with regard to the new strike corps:

1.  Given the timing of the approval by the CCS, it is conceivable that the motivation is related to the Border Defense Cooperation Agreement (BDCA), put forward by China but received with limited enthusiasm in India.  Should India continue to negotiate the BDCA with China, additional muscle deployed along the border with China can effectively convey red lines in negotiations and compromises.  But what good is a border defense cooperation agreement anyway, when India and China have different perceptions on what actually constitutes the “border” between the two countries?

2.  Important questions need to be asked on just how India expects to build capacity for a new strike corps numbering 45,000 soldiers.  Will the divisions and brigades under the corps constitute new raising?  If the answer is a partial yes, then what component of the new corps will absorb existing formations and units?  There appears to be very little clarity on the subject currently publicly available.

Assuming there will be an element of new raising, to what extent will the accretion be on a “save and raise” basis vs. only net spend?  This is important because it carries with it long-term financial implications at a time when there is additional pressure on defense spending as a result of the country’s slowing economy.  Questions of how additional capacity will be built also need to be answered.  The Indian army already suffers from a shortage of 10,000 officers and over 30,000 soldiers in other ranks.  If additional capacity has to be raised, what will its source be?

3.  Next, how effective can we expect the new strike corps to be without a mechanized component?  What utility can mountain divisions really provide as a strike force, given the terrain?  What is the airborne component to lift and shift forces, if there is no mechanized component?  How effective can the new formation be when the infrastructure needed for the rapid mobility of men and material along the border with China continues to be woeful?

4.  Will the new strike corps be a dual-tasked formation (i.e., will it play a role on the Pakistan border, if the situation arises) or will it be a formation solely focused on the Tibetan plateau, as some media reports suggest?  Given what we know about its constituent units, how effective can the formation be in areas like Ladakh, or in plain or desert terrain along the border with Pakistan?

5.  The final point gets to the crux of the issue where India is concerned: our collective thinking continues to miss the forest for the trees on defense-related issues.  We have been unable to break away from an army and land border-centric mindset that dominated our strategic thinking 65 years ago (back then, probably with good reason).If we really are serious about developing capabilities to raise the costs of a Chinese misadventure, would the resources not be better spent on the Indian Navy instead?

India continues to complain about being strategically outflanked by China, but has not done enough to address threats in the Indian Ocean.  The Indian Navy is stretched for resources and strategic projects meant to augment its capabilities have been waylaid.    Instead, we are about to create a new corps and raise as many people as the entire Indian Navy has today without adequate consideration of deterrence already at play where China is concerned. Indeed, what is the point of India’s nuclear weapons and missiles if it continues to obsess over and dedicate asymmetric sums of money and resources towards offensive formations that can achieve, at best, limited tactical gains if a border conflict with China were to break out?

Ultimately, bolstering capabilities along the border with China will always be welcome, but the effectiveness of such an endeavor will be limited if we don’t develop the necessary infrastructure along the border,  don’t address shortages in troops and equipment and continue to ignore the growing asymmetries between the Indian and Chinese navies.

Read full story · Comments { 0 }

Big Brother India?

Why the Central Monitoring System (CMS) is not India’s PRISM.

Read almost any article on India’s soon to be implemented Central Monitoring System (CMS), and you’ll see references and attempts to draw parallels between the CMS and the (until recently) secret U.S. surveillance and data-collection program, PRISM.  Some articles have drawn comparisons between the two programs in an attempt to amplify threat perceptions, while other equations, curiously, seem to have been drawn with a sense of national pride.

Except the CMS is not India’s PRISM.  The only similarity between the two programs appears to be the objective — an apparent attempt to implement a program for the legal interception of data.  But that’s where all comparisons should end.  Both programs differ on general approach, operate under very different legal environments, and are dissimilar in terms of checks-and-balances and technical capabilities.

Interestingly, while the Indian government publicly announced its intention to establish a program for the legal interception of citizens’ data, it did not put into place any of the checks-and-balances needed (that we know of, anyway) for such an intrusive program.  Electronic data under the CMS, for example, can be legally intercepted by dozens of government agencies without the knowledge or cooperation of telecommunications and Internet service providers.  Indian citizens know little else about the program, apart from the fact that it apparently exists.

On the other hand, although the establishment of PRISM was a much more clandestine affair, the U.S. put into place mechanisms to regulate surveillance and circumscribed Executive authority.  Surveillance without the acquiescence of service providers was made difficult.  Only the U.S. Attorney General and the Director of National Intelligence could authorize surveillance through a formal order obtained through a Foreign Intelligence Surveillance Act (FISA) court; service providers were provided the ability to challenge the order to grant access to surveillance in a FISA court.

The legal environment matters too.  Strong privacy and data retention regulation in the U.S. have allowed groups to sue U.S. government agencies involved in PRISM on the grounds that it violated the rights of citizens to “reasonable expectations of privacy.”  Similar laws do not exist in India and it is unclear as to what recourse an Indian citizen would have vs. the Government of India should his or her privacy be unreasonably breached (or personal data disclosed) through electronic surveillance.

But perhaps most importantly, the differences are stark with regard to technical capabilities.  For all intents and purposes, the Internet as we know it today is a culmination of research conducted by the U.S.’s armed forces and educational institutions.  Mechanisms to secure data, in storage and in transit, were also developed by institutions in the U.S.  The AES encryption algorithm (in its various avatars) for instance, is now widely used to encrypt data worldwide.

The AES itself owes its mass acceptance to a detailed assessment and approval by a body of the U.S. government.  Which one? Oh, a tiny little agency known as the NSA.  Indeed, the same NSA in charge of PRISM.  How many countries and agencies would you suppose understand the intricacies and vulnerabilities of the AES algorithm better than the NSA?

India, on the other hand, benefits from no such advantages.  Its public and private institutions are not net-contributors to mass acceptance Internet and telecommunications technologies.  Most services consumed by Internet users in India (e.g., Google, Gmail, Facebook) are not physically based in India and employ encryption technologies that the Indian government cannot breach (at least, not without the active assistance of foreign governments).   Thus, even with the CMS, the Indian government will be at the mercy of foreign service providers to gain access to data published on popular and secure Internet platforms.

The Indian government could, of course, intercept land-based and mobile communication.  Indeed, the recent announcement by Research in Motion (the makers of BlackBerry mobile devices) means that the Indian government will have the ability to intercept voice and data communicated through all non-Corporate BlackBerry devices in India.  These capabilities, will no doubt, be rolled into the CMS.  But the use of open-source mobile operating systems coupled with encryption technology could still frustrate attempts to intercept mobile communication.

Effectively, this means that the Indian government is attempting to build a program whose extensive Executive mandate does not match its limited and imbalanced technical capabilities.  Such a system will, I fear, be inept or worse, vulnerable to misuse.

Ultimately, the Indian government must engage its citizens in a dialog on the need for a system for legal surveillance, and build trust among its citizens.  Ordinary, law-abiding citizens are not the only mass consumers of Internet and telecommunications technologies; terrorists and enemies of the state are too.  You could make a fairly solid argument, particularly given the challenges India continues to face with regard to national security, in favor of a system for legal surveillance.  Unfortunately, the Indian government has chosen silence instead of dialog.  This is no way to assuage the anxieties of citizens in a liberal democracy such as ours.

Read the Takshashila Institution‘s discussion document on the Central Monitoring System where we argue that:

[S]uch an inherently pervasive and intrusive program cannot be deployed in a liberal democracy without an adequate level of trust between the government and its citizens and an appropriate framework of checks-and-balances to ensure that entrusted agencies do not overstep their jurisdiction.

Thus, it is imperative that the Indian government take its citizens into confidence on the necessity for such a program, evolve an appropriate framework of laws, including those pertaining to privacy and data retention, and establish a system of checks-and-balances to ensure against systemic overreach prior to the implementation of the CMS. [Takshashila Institution]

 

Read full story · Comments { 1 }