
India plans to send a formal notification to about 500,000 employees, banning them from US based e-mail service providers such as Gmail
America claims that the controversial secret cyber spying programme PRISM run by America’s National Security Agency (NSA) foiled more than 50 potential terrorist plots in as many as 20 countries, including India.
“The plot included a previously undisclosed plan to blow up the New York Stock Exchange,” according to the testimony of NSA chief General Keith Alexander before the House Intelligence Committee. Alexander said these programmes are critical to the intelligence community’s ability to protect the US and its allies. They assist the intelligence community efforts to connect the dots, he added. “These programs are limited, focused and subject to rigorous oversight. They have distinct purposes and oversight mechanisms. We have rigorous training programmes for our analysts and their supervisors to understand their responsibilities regarding compliance.”
Cyber-spying Fallout
Last week, Indian newspaper The Times of India reported, that the government plans to send a formal notification to about 500,000 employees, banning them from e-mail service providers such as Gmail, which have their servers in the U.S. The employees would instead have to use official e-mail services by India’s National Informatics Center (NIC), J. Satyanarayana, Secretary, DeitY, said in the report. “Gmail data of Indian users resides in other countries as the servers are located outside. Currently, we are looking to address this in the government domain, where there are large amounts of critical data,” Satyanarayana said.
Surveillance Slips
Prism, the contentious U.S. data-collection surveillance program, has captured the world’s attention ever since whistle-blower Edward Snowden leaked details of global spying to the Guardian and Washington Post. However, it turns out India, the world’s largest democracy, is building its own version to monitor internal communications in the name of national security.
Last week, Indian government announced in Parliament that it will soon come up with a new email policy to secure official government communication. According to communications and IT minister Kapil Sibal, the new policy will make it mandatory for all government officials stationed in Indian missions abroad to use only static IP addresses, virtual private networks and one-time passwords for accessing Indian government email services.
The minister suggested the new policy was necessitated by the fact that most of the major email service providers have their servers in the US and t
hat Indian websites which have set up servers in the country can only protect emails within India.
Acknowledging that better indigenous snooping capabilities may not be enough to protect India’s cyber security, National Security Advisor Shivshankar Menon has advocated formulating a set of “standard operating procedures” (SOPs) — ground rules for cooperation which would help India succeed in obtaining Internet information from major powers that control much of cyber space.
Infrastructure for telephony and Internet data is still U.S.-owned
American agencies and ISPs are “extremely stingy” in sharing information, when India like countries seek data about or action against malicious or criminal activity, the US government and ISPs plead inability to respond due to privacy laws, as when social media were used to create panic and drive out North-Easterners from south and west India last summer.
The main problem is that basic infrastructure for telephony and Internet data including the root servers and Internet service providers or ISPs is overwhelmingly U.S.-owned and based.
In an internal note focusing on the cyber security challenges that India faces today and the way forward, Mr. Menon has said that apart from striving to augment its own capabilities, India needs to counter cyber warfare/terrorism through international cooperation rather than go it alone, particularly when attacks, espionage and anarchy in cyber space would remain a reality for a long time to come.
Instead of chasing a chimera and tying our prestige to it, it would be better to use our cyber security dialogues and international cooperation to achieve practical results. India like countries might press partners for the sharing of data harvested from Indian users and sites, the purposes for which they were used, and the legal basis on which the acquisition was authorised. A practical goal would be to seek SOPs for security cooperation in cyber space with other major IT powers, rather than attempting grand pursuits.