A lot more BlackBerries out there

Written by Ravi V. Sharada Prasad | Ravi v Sharada Prasad | Updated: Sep 4 2010, 04:43am hrs
The apparent climbdown by RIM on August 30, 2010, by permitting two of its services BlackBerry Enterprise Services and BlackBerry Messenger Servicesto be intercepted by Indias intelligence agencies will not prevent determined terrorists. Instead, it will compromise the confidentiality of prominent politicians and corporations.

There are several alternative technological solutions to guard emails and messages sent over wireless networks from being read by intelligence agencies. For instance, on a smartphone using Googles Android Operating System (those available in India are manufactured by HTC, Huawei, Samsung, LG, Motorola, Sony Ericsson, etc.), one could run the strong encryption algorithm APG (Android Pretty Good Privacy). Another encryption solution is Secure Email from JADS Ltd (both are free). For greater privacy, one can use steganographic packages like MobiStego that hide secret messages within video, audio or picture files. SMSs can be encrypted on a wide range of phones available in India using a free program called CryptoSMS.

For its part, RIM continues to maintain that even it cannot decrypt data transmitted between the BlackBerry Enterprise Server and BlackBerry smartphones. This is because the private encryption key assigned to each user is stored only in the customer companys server (such as Microsoft Exchange, IBM Lotus Domino or Novell GroupWise) and on their BlackBerry smartphone. Data sent to the BlackBerry smartphone is encrypted by BlackBerry Enterprise Server using the private key retrieved from the users mailbox, using either Advanced Encryption Standard or Triple Data Encryption Standard.

The encrypted information travels securely across the network to the smartphone where it is decrypted with the key stored there.

What is surprising is that no politician raised any objections when the UPA government passed a law in December 2008 which made tapping of phones and emails easier. Prior to the notification of the Information Technology (Amendment) Act 2008 on 5 February 2009, phone tapping was governed by Clause 5 (2) of the Indian Telegraph Act of 1885: On the occurrence of any public emergency, or in the interest of the public safety, the Central Government or a State Government or any officer specially authorised in this behalf by the Central Government or a State Government may, if satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence, for reasons to be recorded in writing, by order, direct that any message or class of messages to or from any person or class of persons, or relating to any particular subject, brought for transmission by or transmitted or received by any telegraph, shall not be transmitted, or shall be intercepted or detained, or shall be disclosed to the Government making the order or an officer thereof mentioned in the order.

Section 7 (2) (b) of the Indian Telegraph Act of 1885 mentions that the government should formulate precautions to be taken for preventing the improper interception or disclosure of messages.

But ever since 1885, no government, whether British or Indian, had formulated any such precautions.

PUCL filed a writ petition in the Supreme Court in 1991, challenging the constitutional validity of section 5(2), arguing that it infringed on the constitutional right to freedom of speech and expression, and to life and personal liberty. In December 1996, the Supreme Court delivered its judgement: Unless a public emergency has occurred or the interest of public safety demands, the authorities have no jurisdiction to exercise the powers under the said Section. Public emergency would mean the prevailing of a sudden condition or state of affairs affecting the people at large calling for immediate action. The expression public safety means the state or condition of freedom from danger or risk for the people at large. When either of these two conditions are not in exercise, the Central Government or a State Government or the authorised officer cannot resort to telephone tapping even though there is satisfaction that it is necessary or expedient so to do in the interests of sovereignty and integrity of India, etc... From this Supreme Court judgement, it is clear that most instances of tapping of the phones of politicians and journalists were illegal since the essential criteria of Public Emergency or Public Safety were not satisfied.

But now, Section 69 of the Information Technology (Amendment) Act 2008, which was passed by Parliament in December 2008, drops all references to the essential criteria of public emergency or public safety, and has thereby circumvented the Supreme Court judgement. Even the Information Technology Act of 2000 only mentioned decryption; interception and monitoring were not mentioned at all there. Section 69 of the new IT Act of 2008 enhances the scope from the 2000 version of the IT Act to include interception and monitoring. Moreover, the Information Technology (Procedures and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, notified on October 27, 2009, allow far easier tapping than the safeguards formulated by the Supreme Court in 1996.

Terrorists have many avenues to communicate without likelihood of interception. The removal of the essential criteria of Public Emergency and Public Safety in the amended IT Act of 2008 has only permitted a legal situation that is far more detrimental to personal liberty than the 1885 Telegraph Act. Section 69 of the amended IT Act of 2008 could be violative of the Supreme Courts rulings that a reasonable expectation of privacy derives from Article 21 of the Constitution.

The author is an alumnus of Carnegie Mellon and IIT Kanpur and he heads a group on C4ISRT in South Asia