Warning: Creating default object from empty value in /nfs/c03/h04/mnt/56080/domains/filtercoffee.nationalinterest.in/html/wp-content/themes/canvas/functions/admin-hooks.php on line 160
Archive | Technology RSS feed for this section

Filtered Café

The government’s proposed legislation on cyber cafés is misplaced.

At the outset, thanks to both @PRSLegislative and @_R_Srikanth for alerting me to a draft legislation put forward by the Department of Information Technology (DIT) on governing the workings of cyber cafés in India.  The government has published the draft legislation and sought feedback from citizens, by February 28, 2011.  A copy of the draft legislation is available here.

PRSLegislative summarizes the legislation thus:

The draft regulations requires every cyber café to have a license and give internet access to people after they prove their identity to the satisfaction of the cyber café.  The cyber cafés are required to maintain the logs of users and of websites accessed by users. Cyber cafés are also required to ensure that their service is not utilised by people for any illegal activity or for viewing pornography.  There are requirements on the physical layout of the cyber café — for example, they need to prominently display a board stating that users may not view pornography. [PRSLegislative]

There are several issues with the government’s proposal, of which some are articulated below (those concerned about the proposed legislation are encouraged to respond to DIT directly via the email address provided in  PRSLegislative’s blog):

The first question that such a proposed legislation raises is one of objectives.  I.e., what does the government hope to achieve by seeing the implementation of the security provisions in the proposed legislation?  If the idea is essentially one pertaining to national security — i.e., denying vulnerable systems or networks to individuals who can use them to aid in plotting against the nation, then some security prescriptions outlined appear incongrous to this objective (more on them later).

Second, while the government’s desire to establish the identity of individuals using the café’s wireless network can certainly be appreciated, the proposed legislation does not account for the fact that individuals visiting cyber cafés may just as easily use their own laptops — either within the premises of the cyber café, or in its vicinity (with or without the permission or knowledge of the owners, depending on how wireless access points are set up).

Third, unless the government is reasonably sure that none of India’s 81 million Internet users access “obscene” material or pornography within the confines of their homes, or that the government fully expects to track, identify and fully prosecute everyone that does, expecting cyber cafés to warn or to otherwise deter accessing whatever the government may consider “obscene” (not defined) is beyond ridiculous.

The question of whether or not a democratic government should have the right to dictate to its citizens, under whose consent it governs, as to what they can or cannot see is another issue (for the record, no it shouldn’t). Again, the question here is about objectives.  If this is about national security, then this particular provision conflicts with the overall objective of the proposed legislation.

Next, how does the government plan to monitor cyber cafés to ensure they comply with the required standards?  The Cyber Café Association of India itself has a membership of 180,000 cyber cafés and 40,000 Internet kiosks. It is safe to assume that the entire population of cyber cafés in India is considerably larger.  Unless the government has adequate financial and manpower resources to regularly ensure compliance, the legislation becomes meaningless.

Further, whenever physical or logical security requirements are mandated, there are costs associated with them.  These will have to be borne by the cyber cafés (who will need to invest time and money in installing and monitoring services) and by the government (to ensure that standards are being adhered to).  Additionally, cyber cafés will need to obtain a license (unsure if these are different from the licenses that cyber cafés are already required to obtain), which, no doubt, will have costs associated with it, which eventually will be passed on to their patrons.

The whole point of security, however, is that it must be an enabler, not a deterrent to business.  Some of the provisions articulated in the proposed legislation are indeed laudable (the intent to protect minors, deter terrorists and their collaborators, etc.), however, when taken as a whole, the proposed legilation will have a negative impact on cyber cafés in India.  Especially if the government is unclear about the raison d’être for this legislation and doesn’t really have any desire or ability to enforce the provisions of the legislation.

It will be an example of a clueless GoI chasing its own tail, and unfortunately, not for the first time.

 

Read full story · Comments { 1 }

Rocking the Casbah

Social mobilization and the role of the Internet in the Middle East

In the midst of massive street protests, Egypt’s National Democratic Party (NDP) decided to pull the plug on about 3,500 border gateway protocol (BGP) routes to Egypt, thereby cutting off the country from the Internet.  A significant step, because much of the mobilization for the disobedience movement occurred through social networking platforms such as Twitter and Facebook.

My colleague at the Takshashila Institution, Srijith, writes on the importance of importance of an open, unfiltered Internet to any democratic setup.

For reasons beyond merely Egypt’s ability to control information flow, this blog had previously articulated why Egypt will not go the way of Tunisia.  Even as Cairo simmers, The Filter Coffee stands by that argument.  But the Egyptian experience raises interesting questions on the role of the Internet as a tool to mobilize and sustain social movements in the Middle East, more so the Arabian Peninsula. It also raises questions about the scope for a Tunisia-style social upheaval in the Peninsula.

Consider this excerpt from Bogon Monitoring (via Vyūha)

Yesterday there were 2903 Egyptian networks, originated from 52  ISP’s. Transit was provided via 45 unique isp’s. Today at 2am UTC, the numbers look quite different, there were only 327 Egyptian networks left on the Internet. These were originated 26 by ISP’s.So 88% of the Egyptian networks is unreachable! [BGPmon]

Social upheavals are few and far between in the Peninsula.  Certainly, no precedence exists in the modern history of the states that form the GCC of any such upheaval.  There have been occasional bouts of unrest in Bahrain, but those are largely on sectarian grounds.

So hypothetically, if social, political and economic circumstances in any country in the Peninsula came to mirror those Egypt or Tunisia, could a popular uprising even be mobilized?  The NDP was able to render 50% of Egypt’s ISPs (some, presumably, privately-owned) inoperable in a relatively short span of time.  In the Gulf, of course, there are but a handful of ISPs in each country, and even that is a charitable numeration.

The UAE, for example, has 5 (1 major, 4 minor) ISPs.  These are either wholly-owned by the regimes or operate at their will.  As telecommunications companies, these operators also provide a variety of other services — cable TV, telephone and mobile communication.  If there is the slightest probability of a popular mobilization in the Gulf, it is almost certain than there will be a virtual information blackout.  Western governments will, of course, pressure these regimes to restore communication, but only to a point, for they too understand the implications of instability in that part of the world.

Therefore, if social media is to be  a vehicle for the democratization of the Middle East through social movements, what hope does it give those who romanticize of a “liberated” Middle East?  The answer should worry such proponents.

Read full story · Comments { 3 }

The BlackBerry saga

Shoot the (BlackBerry) Messenger.

India’s pushback on the BlackBerry issue, along with U.A.E. and Saudi Arabia’s stance is challenging fundamental perceptions of electronic security and global commerce.  India and the Gulf countries, contend, and not without justification that they require the ability to intercept encrypted electronic communication in the interest of national security.

India’s history as perhaps the nation most victimized by terrorism has necessitated such a stance.  The Indian government has let it be known that it will ban BlackBerry devices in the absence of such an ability (the U.A.E. expects to enforce its ban beginning October 11, if no agreement is reached). At the core of this security dilemma is the uniqueness of RIM’s BlackBerry architecture, where its encrypted emails are stored in server farms in Canada.

There are two aspects to any government’s legitimate need to access encrypted emails — surveillance under warrant, and post-incident forensics.  As far as surveillance is concerned, governments should be able to intercept and read communication that they legitimately feel threaten the integrity of the nation and the safety of its citizens.  From a post-incident forensics standpoint, physical access to the servers that contain encrypted email will allow the state to control variables, establish a chain of custody and bring about successful prosecutions.

In the U.S., the National Security Agency (NSA) has the ability to “snoop” electronic communication under court order.  During the George W Bush Administration, the NSA had the ability to intercept electronic communication without a court order in the days immediately following 9/11 (many suspect that this is an ability that the NSA retains).

India has asked to be given the ability to decrypt BlackBerry emails, if it feels they threaten its national security.  RIM has denied the request, stating that there are no master keys to decrypt BlackBerry emails.  There are two obvious fallacies with regard to this assertion.  One, knowing U.S.’s preoccupation with security,  it would have been impossible for RIM (a foreign company, for all intents and purposes) to operate commercially in the U.S., were this true.  Two, news reports indicating that the U.S. is in negotiations with India on resolving the issue makes me question why the U.S. would want to insert itself into what should rightly be negotiations between India and RIM (or Canada).

It is the legitimate right of any democratic government to intercept communication that threatens its national security, or to secure and use as evidence any information used to undermine it.  Any talk of a settlement whereby a third party or government (such as the U.S.) decrypts BlackBerry emails for India, upon request is unwelcome.  For one, it should be fundamentally unacceptable to GoI to allow custody of its citizens’ secure communication to a third country.

The government of India should therefore accept nothing short of access to RIM’s decryption keys and a server farm physically located in India.  Anything short of this will likely be a compromise of national security.  If RIM chooses to be unyielding, it is entirely their loss.  This blogger can think of a million reasons why they will be compelled to reconsider their stance.

Read full story · Comments { 5 }

Mock Outrage

The Opposition staged walkouts — twice in three days — over the Indo-Pak joint statement at Sharm el-Sheikh, and the End-Use Monitoring Agreement (EUMA) or the so-called “Blue Lantern” program, for high technology defense purchases with the United States.  Too often this “walkout” culture is misinterpreted as a reflection of a vibrant democratic process in India. The irony is this that it is anything but.  The farcical walkouts staged by the Opposition undermine their own role in the democratic due process of the country.

Challenging a government on decisions it takes requires actual work. And really, when have our babus ever been fans of work?  Why waste time gathering information, formulating a view and challenging  those opposed to it, when you can just shout someone down in Parliament and summarily extricate yourself from the proceedings in mock outrage?

EUMAs are required as part of satisfying the “eligibility” requirements of the United States’ Arms Export Control Act. At least one source from the Defense Cooperation Security Agency (DSCA) confirms that India has previously signed similar EUMAs with the United States as part of the sale of the C-130J “Super Hercules” transport aircraft and USS Trenton (INS Jalashwa).  However those were transaction specific EUMAs, which both India and the US hope to do away with via a general master products and services agreement (which is essentially what this latest “agreement” is), as defense trade between the countries increases.

But the UPA and the Obama Administration have delivered mixed messages on the scope of the EUMA — is it restricted to defense related high technology purchases only, or does it include all high technology  transfers, which would scope in the Indo-US deal?  If it is the latter, as Brahma Challaney suggests, Manmohan Singh has some explaining to do with his representation to the Rajya Sabha that the Indo-US nuke deal was governed only by the 123 Agreement, the Separation Plan and the safeguards agreement with the IAEA.

The brouhaha around the much denounced “physical inspections” clause per se is unfounded.  First, while the US retains the right to physically inspect equipment, India gets to decide on where and when this inspection can occur. Second, regardless of the scope of high technology transfers, India is under no obligation to purchase anything from the US if it doesn’t want to, if push comes to shove, not even nuclear fuel or ENR technology. Third, since when has a piece of paper come to mean anything in the world today?  In a worst case scenario, what are the US’s options if India refuses to allow physical inspectors or reneges on earlier promises? Censure? Embargo? Been there, done that. Move on.

The implications of an agreement to physical inspections is less of a concern.  What is concerning however is the complete absence of a democratic exercise that examines and challenges the government on important strategic ventures it enters into (or plans to enter into) during its tenure.  A level of involved discourse of the ’60s and ’70s has given way to rowdyism.  Mulayam Singh and Lalu Prasad Yadav took the cake as they marched out the LS in protest; lest it be forgotten, it was only last week that the latter had to be corrected that the issue he was addressing the House with unswerving confidence was in fact “Global Warming”, and not “Global Farming”.

Where are the checks and balances?  What if it turns out that the UPA has misrepresented a large extent of the obligations with regard to high technology transfers, including the nuclear deal that it has entered into on behalf of the nation? The only qualification necessary to storm out in fits of rage is to be equipped with a pair of legs.  Who holds the government’s feet to the fire, if not the Opposition?

Read full story · Comments { 1 }