An IIPM Initiative
Tuesday, July 16, 2019


Flawed cyber security?


If Indian agencies do their job well, then there is no need to rely on the US
Tags : Shiv Shankar Menon | cyber security | National Cyber Security Policy 2013 | US spying programme | onage |

Recently National Security Adviser in the PMO Shiv Shankar Menon  (PMO) stated that indigenous snooping capabilities may not be enough to protect India’s cyber security. He seemed to favour a policy of cooperation with major powers in the world in order to obtain internet information. Menon was quoted as saying that “We might press partners for the sharing of data harvested from Indian users and sites, the purposes for which they were used, and the legal basis on which the acquisition was authorized.” This statement coming from such a senior official raises pertinent questions. The government barely a few weeks ago announced the National Cyber Security Policy 2013. Is it now admitting that the policy is not effective enough? Is the government clear about the objectives?

The other disquieting issue is the aspect of cooperating with major powers like the United States. Given the past history of espionage activities carried out against India, the moot question remains – can we trust the Americans enough on such sensitive matters? There are also serious ethical concerns, especially from ordinary citizens bothered about their individual liberties and privacy. They do not want the US or anyone else snooping into their affairs.

Very few people would doubt the need for such a policy, given the grave challenges to national security posed by terrorism. The government has proposed to set up a National Critical Information Infrastructure Protection Centre (NCIIPC), which will ward off cyber security threats in strategic areas such as air control, nuclear and space. It will function under the National Technical Research Organization (NTRO), a technical intelligence gathering agency controlled directly by the National Security Adviser. The existing agency, Computer Emergency Response Team (CERT), will handle all public and private infrastructures.

Indeed, if all these agencies perform their functions ably, why do we need to rely on the United States? Recent documents leaked by former NSA contractor Edward Snowden exposed the extent of US spying on India, especially the American surveillance on the Indian Embassy in Washington DC. The writings of the recently demised Indian intelligence official and scholar B Raman have constantly warned us about the extent of American spying and infiltration in India. They have also succeeded in whisking away a highly-placed intelligence official from RAW, Rabinder Singh, who had been a mole working for them. This defection inflicted a terrible blow on the morale of our intelligence agencies. Clearly the Americans are not very reliable allies. The objectives of the government in spelling out a National Cyber Security Policy appear a little ambiguous. There is the concern for preserving national security and strategic online assets. This is coupled with a desire to secure the transactions of citizens and companies on the web. The blatant misuse of Section 66A of the Information Technology (IT)Act 2000 by the government in the recent past does not inspire much confidence. Shaheen Dhada was arrested by the Mumbai police for a rather innocent Facebook post which alluded to the demise of a political leader. Her friend, Rinu Srinivasan, was also detained for liking the post.

Professor Ambikesh Mahapatra was held under this section for forwarding caricatures on Trinamool Congress chief Mamata Banerjee on Facebook. Ravi Srinivasan was arrested under the ambit of this section for his tweets on reports of corruption. India’s Central Monitoring System (CMS) allows the government to indulge in telephonic and internet surveillance of citizens in violation of their privacy. Disturbingly, the CMS has no legislative or judicial oversight.

The national policy on cyber security seems to have no place for the concerns of civil society; it has instead vested all powers in the hands of a few ‘nodal’ agencies. The parameters of privacy have not been defined. The policy does not allude to the processes of the collection of data or its end use. This is a glaring omission given the serious concern that such policies often result in a loss of civil liberties. It does not talk about aspects of implementation; in fact it does not even mention the Information Technology Act, 2000.This is surprising given that the chances of cyber security policy coming in conflict with the IT Act are very high. In such a scenario of conflict the IT Act will prevail because it was passed by Parliament, while the cyber security policy is an executive order.

Apart from all these legal shortcomings, the key concern remains an ethical one. Nations that claim to be democratic, need to value and respect the liberty of its citizens. During the Cold War various Communist countries spied on their own citizens. Everybody who valued freedom and human rights condemned it. If that was wrong then, how can it be right for democratic countries to be doing the same now?

Rate this article:
Bad Good    
Current Rating 5.0
Post CommentsPost Comments

Issue Dated: Feb 5, 2017