Feb 25, 2019 21:32:06 IST
It was reported that Jaish-e-Mohammed (JeM) terror group, which is suspected of being behind the Pulwama terror attacks used peer-to-peer software service YSMS to coordinate the attack.
Incorporating the Security Guard (1965). Aadhaar and in online messaging apps like Whatsapp and Telegram .
Terrorists are increasingly relying on communication services. For instance, in the 26/11 terror attacks in Mumbai, attackers use Blackberry phones to communicate with their handlers . During an investigation, the Indian intelligence agency Research in Motion (RIM) is using the BlackBerry devices used by terrorists. While RIM was initially reluctant to comply with the government's demands, RIM allowed the partial access to encrypted information in the face of a prospective ban on BlackBerry in India.
In the 2017 London Bridge terror attack used in the UK, Whatsapp which features end-to-end encryption; Similarly, in 2015 the FBI recovered from iPhone belonging to Syed Rizwan Farook, the suspect in the San Bernardino terror attacks. The iPhone was locked using a combination of encryption software and hardware;
In the Pulwama terror attacks, the JeM group communicated through YSMS messages, which uses an ultra-high radio frequency model for sending encrypted messages. Unlike popular messaging apps like Whatsapp and Telegram which also uses encryption, YSMS other than the fact that it involves discrete hardware (radios) and Android app. In fact, the app is said to be available only through the Dark Web .
Encryption may be both hardware or software-based. Today, one of the most popular methods of encrypted communication between terrorists includes Whatsapp and Telegram . The use of encryption by terrorists has resulted in wanting access to any encrypted information;
National security vs privacy and innovation
Any attempt by the state to regulate encryption is often met with opposition by civilians and companies which offer encrypted products / services. Internet users fear that the state's access to encrypted messages would be "right to privacy". Central Intelligence Agency (CIA) employee, Edward Snowden, leaked information that the US and UK governments were carrying out a wide-scale internet and surveillance . [Government] 19659009] Internet companies are relied upon to give access to the encrypted data of their users, or mate in their products, as they would make their products less appealing to their consumers, namely, internet users. From a security point of view, companies argue that they are vulnerable to attacks by malicious hackers.
Historically, they have sought to regulate the export of encrypted technology due to national security concerns through to international agreement known as the Wassenaar Arrangement (WA). The WA restricts inter alia the export of weapons and technologies which are dual-use in purpose and on the agreed list of the WA; this includes certain cryptography products. One of the goals of the WA is to prevent the acquisition of controlled goods by terrorists . In December 2017, India became the 42nd nd Member of the WA. In the 1990s, the US witnessed "crypto-wars" when the National Security Agency (NSA) attempted to introduce the Clipper Chip (an encryption device to be incorporated by telecommunications companies for voice and data messages) backdoor). Encryption laws in India
India does not have a law dedicated to governing encryption. The RBI and SEBI have laid down encryption standards for online banking and securities trading over a mobile phone and a wireless application platform respectively.
Section 69 of the Information Technology (IT) Act, 2000 applies inter alia to over-the-top (OTT) communication services like Whatsapp and other messaging apps. Under section 69, a government agency has issued a letter to the government of the State of the United States commission of any cognizable disclosure ". Upon request, a person in charge of a "computer resource" (including data) wants to "extend all facilities and technical assistance" to decrypt information. Section 69 Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 .
Under section 84A of the IT Act, the Central Government may prescribe the modes / Methods of Encryption for Electronic Security and the Promotion of e-Commerce.
The draft Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018 (draft intermediary guidelines) were released by Meity recently to tackle fake news incidents in India. Under Rule 3 (5) of the draft intermediary guidelines, a government agency can require an intermediary to enable tracing out of the originator of content on its platform; Rule 3 (5) are state security, cyber security or investigation / prosecution / prevention of offense (s). The Traceability clause has been written down by certain companies and civil rights organizations  In 2015, the government released a draft
Approaching to set up encrypted apps in other jurisdictions.
only Australia has formally passed laws compelling internet companies to build into their products ;
It was reported in 2016 that the US government and whatsapp were involved in a legal case to allow the US government to read / eavesdrop on conversations on Whatsapp . While this is not a terrorism case, the case highlights the technical difficulty which faces in accessing encrypted information even with a judicial order allowing "wire-tapping";
Need to dig deeper
While encryption by internet companies is desirable it keeps sensitive users data (financial information, medical health records, etc.) safe, encryption can be problematic when it hampers law enforcement.
A deep concern is in cases where state access to encrypted information is allowed, they claim they have no means of decrypting that information. However, some argue that this is not true, and whatsapp (which uses end to end encryption) may, in fact, access its users' chats.
Some suggest that this is a viable solution for the government to engage in hacking (also known as, "equipment interference") to break encryption . The government should engage only in 'targeted hacking' and only after obtaining a warrant .
The in-house team of cryptographers and hackers on decrypt communications in cases of terrorism. Quantum computers, which are expected to become viable in a few years, are considered to be […] instantly.
At the same time, States should be aware of the alternative ways in which terrorists communicate, for instance, through online gaming platforms.
Any approach to regulating encryption, including through state-sanctioned hacking or the use of quantum computing, should be taken only after an extensive study of the underlying issues involved; this is because it is an esoteric subject and there is a need for greater clarity on the technical aspects of encryption.
The author is a policy analyst at Nasscom. Nasscom or any of its members.
Tech2 is now on WhatsApp. For all the buzz on the latest technology and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.