Online activism ? Try Big Brother

Governments worldwide have always snooped on their citizens, and the Indian government is no exception. Your bank account application, your driver's licence, your telephone calls, even your paper mail have all been fair game to Big Brother. You don't even need to be a known lawbreaker or even a suspected one -- this is often done on a random basis, looking for possible "evidence" that could then be used to build a case, or to proceed with one. The possibilities for abuse inherent in such a system are obvious. ( for example, would you want your local neighbourhood policeman to have access to your telephone conversations ? Without your knowledge ? Without any recourse even if you do find out about it ? )

Ther are a couple of problems in running this kind of omnipresent surveillance, though. In any democratic society, the citizens would howl with outrage if they knew that they were the subject of this kind of surveillance. In India, in fact, our Constitution, Article 19, provides for Freedom of speech and Expression. Though the Constitution of India does not provide for Right to Privacy as a Fundamental Right, sufficient provisions and judgments of our Supreme court exist wherein the citizens of India are free to express certain thoughts and actions without hinderance of the State or being held accountable under law. And fear of an invisible Big Brother definitely exercises a chilling effect on free speech. Thus, unreasonable surveillance of this nature is usually extra-legal and anti-constitutional. Activists would be alarmed, and certainly raise a huge furore, if any such cases came to light.

However, this is usually handled by making such surveillance secret - to the extent of making it an offense to even let the citizen know that her privacy is being invaded in this manner. Also, where such surveillance is clearly unconstitutional and illegal, it is handled by attempting to bring it under the banner of "national security" so that further questions can be stonewalled.

The internet, however, holds the promise of making this moot. Email is sent out in such quantities that it is almost impossible to scrutinise each piece. Also, cryptographic techniques, (see here for a brief primer on how cryptography works) if used properly, can ensure that *nobody* can tap your email except the person you are sending it to. So yet again, technology has overtaken the aims of Big Brother.

Or has it, really ?

Governments worldwide are seriously alarmed at the prospect of not being to extend their "God-given right" to invade a citizen's privacy into the electronic domain. And they are attempting to handle the situation in the way they know best -- by making laws about it. Never mind if the laws are fair, constitutional, or even feasible (always a problem when technology is being regulated by people who do not really understand what the technology is and isn't capable of)

Consider, for example, the following news:

The BJP government wants to introduce an Indian Information Technology Act. That, in itself, is not a bad thing. It is, in fact, a good idea, as IT today is administered by an increasingly ragged-looking patchwork of outdated and inadequate laws. However, they just couldn't resist the opportunity to try and make things easier for them to surveil the citizenry, preferably without said citizenry's knowledge.

The draft bill which has been prepared by the Department of Electronics (DoE) has been sent to the Law Ministry for clearance. It will then be sent to the Cabinet for approval and ratification.

Some of the alarming proposals in this bill are:

Any Internet Service Provider will have to make arrangements to monitor all traffic passing through its servers, and make such traffic available to "properly constituted authorities" for "valid reasons of security". This would include agencies such as the Central Bureau of Investigation (CBI), the Intelligence Bureau (IB) and the Research and Analysis Wing (RAW). And they aren't sparing encrypted traffic, either. On demand, you will be expected to decode messages you have sent, in effect handing over your private key.

The purported reason ? "National Security".

As usual.

The proposed bill also contains some confusing references to "distant signatures" which it says will help e-commerce, but I wish to focus on the damage which the tapping provision will cause.

As the British net.activist Danny O'Brien said in response to similar legislation in the UK, these are the reasons why this is a very bad thing.

It's bad for e-commerce.

It will add billions to the cost of doing business online, and take months - even years - to implement.

People won't trust a system which gives a government-appointed stranger a back-door key to their e-mail.

Overseas consumers and businesses won't want to trade with us. They won't want to give away the keys to their data, either.

It'll impact the IT industry by driving business overseas.

There is near-zero enthusiasm for the government's proposals amongst big business. Anywhere.

It won't catch a single criminal.

Criminals won't use the government's system. It's trivially easy to bypass the proposed controls if you're planning on breaking the law. For example, all it takes is one entry in your email program to use a different server to send out your mail, thus redering the whole issue moot.

Also, there exist techniques like steganography that hide encrypted data in such a way as to escape detection.

Despite this, we've yet to hear of one example of an investigation which has been hampered by an inability to break encrypted codes. National security or otherwise.

In fact, as Fred Baker, Chair of the Internet Engineering Task Force (IETF) said in a recent announcement,

...strong cryptography is essential to the security of the
Internet; restrictions on its use or availability will leave us
with a weak, vulnerable network, endanger the privacy of users and
businesses, and slow the growth of electronic commerce.

There is still time. If government sees that there is uproar over this, they will push it underground for a while. It won't go away, but it will buy time.

An example of the kind of uproar I'm talking about is the spontaneous anger that erupted on various mailing lists when this news got out. I have collected some of the most technically and logically sound arguments here.

some URLs for more information:

Udhay Shankar N <> is a Random Networking Enthusiast who collects interesting people.