Indian Home Ministry and Intelligence Bureau- Encryption would make monitoring difficult.
Indian mobile manufacturers like Reliance India Mobile (RIM) and Blackberry have been having a enduring tussle in the last few years because the mobile phones they were offering did not allow the authorities to monitor communications.
A government committee comprising of members from the telecommunications and IT ministries was setup and they have made the following recommendations:
- Improve upcoming Central Monitoring System’s capabilities to intercept communication over these services
- Developers of the Central Monitoring System should consult top Indian IT firms (Infosys, TCS, Tech Mahindra) in improving the system’s interception capabilities
- Consider impact of banning or blocking encrypted services on businesses and the industry
- Raise encryption levels in India from 40bits to 256bits
- If an enterprise needs to have overseas email communication servers for its employees in India, remote access to these emails should be provided
- Servers in India would have to be registered with the Department of Telecom and service providers
The Home Ministry and Intelligence Bureau (IB) made the following reservations on the panel’s recommendations:
- Proposing that the CMS decrypt communication is a problem since the government’s recent experiences show it is difficult to access the encrypted communication
- Raising encryption from 40bits to 256bits will make it all the more difficult to intercept the communication
Ministry of Home Affairs have made it clear that any communication through the telecom networks should be accessible to the law enforcement agencies and all telecom service providers including third parties have to comply with this. Most technologically developed nations use 128 bit encryption standard for secure financial transactions over the internet. India on the other hand does not legally allow encryptions beyond 40 bits on the grounds that its security agencies lacked capability to monitor data transfers on the internet when the encryption is beyond this limit. Technologically savvy users continue to use software such as TrueCrypt which is open source and freely available to download to encrypt their data before transfer.