|
Vol. XXXVII
No. 30 July 28, 2013 |
The
New Strategic Mantra:
Indian Cyber Security Needs
Foreign Help
Prabir Purkayastha
IT
is ironical that along with the government announcing that the
telecom
companies are the first line of defence in cyber security, it
has also
announced 100 percent Foreign Direct Investment (FDI) in
telecom. So 100
percent foreign owned companies are now going to be our first
line of defence
for cyber security. If this were not enough, we now have a
Joint Working Group
on Cyber Security set up with the private sector that includes
officials from
foreign companies.
It
is not that the government is unaware of the implications of
foreign ownership
when it comes to the telecom sector. It has been highly
suspicious of telecom
manufacturers such as Huawei and ZTE, fed in part by the
claims that the
agencies have been making about the Chinese owned telecom
giants. It stopped
BSNL from buying equipment from Huawei on this count. However,
it does not see
any similar threat from telecom service providers that have
foreign ownership
Vodafone (UK), AT&T, Verizon (US), all of whom have
different levels of
presence in
or even having them on committees where cyber security
policies are being
decided.
Meanwhile,
the Snowden disclosures is increasingly making it clear that
against the
unsubstantiated charges of secret back-doors in Huawei
equipment, American
companies have worked as partners of the US, not only in
helping the NSA get
access to the fibre optic cable backbone of the US, but also
to hack into the telecommunications
networks of other countries. O Globo (
and Der Spiegel (
have provided detailed reports on
and
of how their telecom networks have been hacked, with help from
American
companies. Not only does the
partner its own telecom companies, it also has agreements with
more than 80
foreign telecom companies to provide access to their
fibre optic
networks. Two Indian companies Reliance Communications and
VSNL (a Tata group
company) have also signed such agreements, details of which
are now publicly
available. Under these agreements, the
government agencies can monitor any communication that is
flowing out or into
their fibre optic cables, as one end of this network is in the
Reliance
and VSNL not only provide access to the US security agencies, but even the
information of what access it
has provided and what data it has furnished to the US agencies
cannot be
disclosed to either the Indian government or even its own
management/board
of directors.
US, A HUB OF GLOBAL
INTERNET TRAFFIC
Before
the Snowden breakthrough came exposing the
and its global hacking network, the
was in a comfortable position.
It controlled the internet ICANN the key internet body
operates under a US
Department of Commerce contract.
It also
controlled the fibre optic cable network of the world. There
are very few
direct fibre optic cable links between countries; almost all
cables between
continents and countries go through the
The largest internet companies
in the globe are mostly located in the
and so are the servers that host
their services. All of it means that probably more than 80
percent, if not
more, of global traffic passes through the
and therefore is directly
accessible to the NSA. Even communications between two Indians
are mostly
routed through the
this
is even when such services are provided by Indian companies as
even their
servers are likely to be hosted in the
The
telecommunications network that runs the bulk of the internet
does not come
under ICANN, which the
controls. It comes under the International Telecom Union (ITU)
that is a
multilateral agency under the United Nations. The ITU has not
only been
involved in expanding internet services in the global south
but has also been
involved in internet security. For example, when
oil industry was under
attack, it turned to ITU for help, who in turn asked Kaspersky
Lab, a Russian
anti-virus company to investigate. That brought out in the
open that it was a
cyber attack mounted by the
it had code embedded in it that was also there in the cyber
attack involving
Stuxnet and Duqu, the two viruses that had targeted
nuclear fuel facility in
Natanz. The role
of the
in creating
Stuxnet and Duqu including a wealth of details is public as it has
taken credit for delaying
the Natanz operations.
In
order to forestall any role for ITU on internet related
issues, the
vicious attack on the ITU, targeting its director general in
particular. To
reduce
voice,
it also ran an international campaign against the Chinese for
spying
against US companies and government agencies using the
internet. As a
corollary, it also released a large amount of information to
all and sundry
claiming that all countries were at risk from Chinese cyber
spying.
was specifically targeted with regular
leaks coming from sources that identified attacks on Indian
networks as
originating from
Snowden’s
disclosures are particularly harmful to the
as he has disclosed how the
agencies have regularly broken into Chinese computer and
telecom networks. So
it would be comparatively easy to mask the
cyber penetration of other countries as coming from
Snowden has thus blown a
continental sized hole through this elaborate propaganda war
that the
has been
conducting.
This
is not to argue that the Chinese are as pure as driven snow.
The brutal truth
is that today against a possible threat from
we have documented and detailed information of what the
is doing.
The frightening picture that emerges is that while the
may and
indeed it is only may at this time provide some
protection to the privacy
to its citizens, it provides none for foreigners.
This is a part of
the FISA Act that foreign citizens have no protection under
law. This is
now confirmed from the statements of its top leadership and
the security
read spying agencies. The NSA routinely vacuums up all the
data that passes
through the global fibre optic cable network and stores it on
its servers. In
this, it is aided by its telecom companies, the GCHQ of UK
equivalent
of the NSA and to our shame, even Indian telecom companies.
In
the World International Telecom Conference (WCIT 2012) last
year in
and its allies walked out claiming that ITU was going beyond
its brief by
discussing cyber security. While the other BRICS countries
stayed and signed on
to the new International Telecom Regulations that came out of
WCIT, India
preferred to abstain and later made noises saying it would not
sign the ITR’s
for a variety of rather flimsy reasons. It has also withdrawn
its proposal
made jointly with
and
Africa
of internet governance being brought under a UN agency.
If
we now look at the cyber security discussions, it becomes
clear what is
happening. Instead of aligning with other countries such as
etc., on internet
governance, it is specifically now aligning with the
TAPPING
NETWORKS
Meanwhile,
the Indian security agencies are also trying their version of
NSA and tapping
into the Indian telecom networks. Under its licensing powers
similar to what
NSA is using to coerce telecom companies operating in the
it is
asking all Indian telecom licensees to provide access to their
networks. No more
tapping into a specific target but the ability to syphon off
as much as it
wants of data and conversation in virtually real time; and of
course, all the
famous metadata who is talking, to whom, from where and for
how long.
The
Indian government is not bothered that Google, Facebook and
others are
providing wholesale the data of its Indian users to the NSA.
What it is asking
is that the Indian security agencies should have the same
access to data from
the global internet companies as they provide to the NSA.
Indians have no
privacy rights whether in the eyes of the
government or in the eyes of the
Indian government. They just want to be equal opportunity
governments for
spying on Indian citizens.
This
is what Shiv Shankar Menon appears to be saying about the need
to have
partnerships with other countries read the
to address our intelligence
needs. We need US help to snoop on our citizens; our fight
with Googles and RIM
(Blackberry) is only for locating their servers here so that
legally
can also
demand access to the data of Indians. This is why a cyber
security initiative
by the Indian government includes executives of companies who
have been
identified as being NSA’s probable global partners.
In
the global strategic battle,
appears to have decided that it is only a bit player. It has
given up
manufacturing, so today must import equipment from either
or the
west. The telecom companies its first line of cyber defence
are no longer
Indian. It is unable with its own resources to even get access
to its citizens
data without help from the
Therefore, succumb to the
become a subordinate ally and hope to get intelligence crumbs
from the
And pretend
that the real enemy is
against which we have to mount our defences; with help from
Big Brother.
The
Left during UPA-1 had brought out the need to keep foreign
ownership out of
telecom as it is a strategic sector. It had also proposed
using
huge
internal telecom market to develop equipment manufacturing and
had pointed out
the success of Chinese companies such as Huawei. At that time,
Chidambaram
called the Chinese model of developing the industry as the
infant industry
protection model. Today, we do not have even an infant
industry out there to
protect, while Huawei has become the second largest telecom
equipment
manufacturer in the world.
India
has either the option to become a US satellite; or it can
champion the right of
all citizens to privacy as a fundamental human right; protect
its own citizens
against a predatory, if incompetent Indian security
bureaucracy; fight the
battle for all the global citizens to be free of this
all-pervasive snooping of
Big Brother, the US. Given the public endorsement of
foreign minister of US snooping on not only the world but
even its own
embassy in
and the Indian delegation including the PM in the G20 summit
last year the
straws in the wind do not portend well.
This
is the battle we all have to fight; in
and indeed all over the
world.
