The New Strategic Mantra: Indian Cyber Security Needs Foreign Help

The New Strategic Mantra: Indian Cyber Security Needs Foreign Help

Image Courtesy: flickr.com

IT is ironical that along with the government announcing that the telecom companies are the first line of defence in cyber security, it has also announced 100 percent Foreign Direct Investment (FDI) in telecom.

So 100 percent foreign owned companies are now going to be our first line of defence for cyber security. If this were not enough, we now have a Joint Working Group on Cyber Security set up with the private sector that includes officials from foreign companies.

It is not that the government is unaware of the implications of foreign ownership when it comes to the telecom sector. It has been highly suspicious of telecom manufacturers such as Huawei and ZTE, fed in part by the claims that the US security agencies have been making about the Chinese owned telecom giants. It stopped BSNL from buying equipment from Huawei on this count. However, it does not see any similar threat from telecom service providers that have foreign ownership – Vodafone (UK), AT&T, Verizon (US), all of whom have different levels of presence in India; or even having them on committees where cyber security policies are being decided.

Meanwhile, the Snowden disclosures is increasingly making it clear that against the unsubstantiated charges of “secret back-doors” in Huawei equipment, American companies have worked as partners of the US, not only in helping the NSA get access to the fibre optic cable backbone of the US, but also to hack into the telecommunications networks of other countries. O Globo (Brazil) and Der Spiegel (Germany) have provided detailed reports on Brazil and Germany of how their telecom networks have been hacked, with help from American companies. Not only does the US partner its own telecom companies, it also has agreements with more than 80 foreign telecom companies to provide access to their fibre optic networks. Two Indian companies – Reliance Communications and VSNL (a Tata group company) have also signed such agreements, details of which are now publicly available. Under these agreements, the US government agencies can monitor any communication that is flowing out or into their fibre optic cables, as one end of this network is in the US. Reliance and VSNL not only provide access to the US security agencies, but even the information of what access it has provided and what data it has furnished to the US agencies cannot be disclosed to either the Indian government or even its own management/board of directors.

US, A Hub of Global Internet Traffic

Before the Snowden breakthrough came exposing the US and its global hacking network, the US was in a comfortable position. It controlled the internet – ICANN the key internet body operates under a US Department of Commerce contract. It also controlled the fibre optic cable network of the world. There are very few direct fibre optic cable links between countries; almost all cables between continents and countries go through the US. The largest internet companies in the globe are mostly located in the US and so are the servers that host their services. All of it means that probably more than 80 percent, if not more, of global traffic passes through the US and therefore is directly accessible to the NSA. Even communications between two Indians are mostly routed through the US; this is even when such services are provided by Indian companies as even their servers are likely to be hosted in the US.

The telecommunications network that runs the bulk of the internet does not come under ICANN, which the US controls. It comes under the International Telecom Union (ITU) that is a multilateral agency under the United Nations. The ITU has not only been involved in expanding internet services in the global south but has also been involved in internet security. For example, when Iran’s oil industry was under attack, it turned to ITU for help, who in turn asked Kaspersky Lab, a Russian anti-virus company to investigate. That brought out in the open that it was a cyber attack mounted by the US; it had code embedded in it that was also there in the cyber attack involving Stuxnet and Duqu, the two viruses that had targeted Iran’s nuclear fuel facility in Natanz. The role of the US in creating Stuxnet and Duqu – including a wealth of details – is public as it has taken credit for delaying the Natanz operations.

In order to forestall any role for ITU on internet related issues, the US mounted a vicious attack on the ITU, targeting its director general in particular. To reduce China’s voice, it also ran an international campaign against the Chinese for spying against US companies and government agencies using the internet. As a corollary, it also released a large amount of “information” to all and sundry claiming that all countries were at risk from Chinese cyber spying. India was specifically targeted with regular leaks coming from “sources” that identified attacks on Indian networks as originating from China.

Snowden’s disclosures are particularly harmful to the US as he has disclosed how the US agencies have regularly broken into Chinese computer and telecom networks. So it would be comparatively easy to mask the US cyber penetration of other countries as coming from China. Snowden has thus blown a continental sized hole through this elaborate propaganda war that the US has been conducting.

This is not to argue that the Chinese are as pure as driven snow. The brutal truth is that today against a possible threat from China, we have documented and detailed information of what the US is doing. The frightening picture that emerges is that while the US may – and indeed it is only may at this time – provide some protection to the privacy to its citizens, it provides none for foreigners. This is a part of the FISA Act that foreign citizens have no protection under US law. This is now confirmed from the statements of its top leadership and the “security” – read spying – agencies. The NSA routinely vacuums up all the data that passes through the global fibre optic cable network and stores it on its servers. In this, it is aided by its telecom companies, the GCHQ of UK – UK’s equivalent of the NSA – and to our shame, even Indian telecom companies.

In the World International Telecom Conference (WCIT 2012) last year in Dubai, the US and its allies walked out claiming that ITU was going beyond its brief by discussing cyber security. While the other BRICS countries stayed and signed on to the new International Telecom Regulations that came out of WCIT, India preferred to abstain and later made noises saying it would not sign the ITR’s for a variety of rather flimsy reasons. It has also withdrawn its proposal – made jointly with Brazil and South Africa – of internet governance being brought under a UN agency.

If we now look at the cyber security discussions, it becomes clear what is happening. Instead of aligning with other countries such as Brazil, South Africa, China, Russia, etc., on internet governance, it is specifically now aligning with the US.

Tapping Networks

Meanwhile, the Indian security agencies are also trying their version of NSA and tapping into the Indian telecom networks. Under its licensing powers – similar to what NSA is using to coerce telecom companies operating in the US – it is asking all Indian telecom licensees to provide access to their networks. No more tapping into a specific target but the ability to syphon off as much as it wants of data and conversation in virtually real time; and of course, all the famous metadata – who is talking, to whom, from where and for how long.

The Indian government is not bothered that Google, Facebook and others are providing wholesale the data of its Indian users to the NSA. What it is asking is that the Indian security agencies should have the same access to data from the global internet companies as they provide to the NSA. Indians have no privacy rights – whether in the eyes of the US government or in the eyes of the Indian government. They just want to be “equal opportunity” governments for spying on Indian citizens.

This is what Shiv Shankar Menon appears to be saying about the need to have partnerships with “other” countries – read the US – to address our intelligence needs. We need US help to snoop on our citizens; our fight with Googles and RIM (Blackberry) is only for locating their servers here so that legally India can also demand access to the data of Indians. This is why a cyber security initiative by the Indian government includes executives of companies who have been identified as being NSA’s probable global partners.

In the global strategic battle, India appears to have decided that it is only a bit player. It has given up manufacturing, so today must import equipment from either China or the west. The telecom companies – its first line of cyber defence – are no longer Indian. It is unable with its own resources to even get access to its citizens’ data without help from the US. Therefore, succumb to the US, become a subordinate ally and hope to get intelligence crumbs from the US. And pretend that the real enemy is China against which we have to mount our defences; with help from Big Brother.

The Left during UPA-1 had brought out the need to keep foreign ownership out of telecom as it is a strategic sector. It had also proposed using India’s huge internal telecom market to develop equipment manufacturing and had pointed out the success of Chinese companies such as Huawei. At that time, Chidambaram called the Chinese model of developing the industry as the “infant industry” protection model. Today, we do not have even an infant industry out there to protect, while Huawei has become the second largest telecom equipment manufacturer in the world.

India has either the option to become a US satellite; or it can champion the right of all citizens to privacy as a fundamental human right; protect its own citizens against a predatory, if incompetent Indian security bureaucracy; fight the battle for all the global citizens to be free of this all-pervasive snooping of Big Brother, the US. Given the public endorsement of India’s foreign minister of US snooping – on not only the world but even its own embassy in Washington and the Indian delegation including the PM in the G20 summit last year – the straws in the wind do not portend well.

This is the battle we all have to fight; in India and indeed all over the world.