The BlackBerry mess is on track to get India a reconfirmation of its almost iconic status of messing up the contours of economic engagement with the rest of the world, on a regular basis. In every case this stems from our Freudian antipathy to put specialists in charge of negotiations, instead bowing to the classic IAS dictum that every one of them can fill in for any one of them.
What are the technological demons that the Indian government is fighting with in the case of the BlackBerry?
To get some basic technical issues clear in a very muddled discourse, a BlackBerry device uses the same level of encryption at 256 bit as the entire IT and ITeS industry does. Every time those IT companies in Gurgaon and Bangalore receive data from their clients abroad to process and send back, the level of encryption is at par with BlackBerry.
Incidentally, a 256-bit encryption means the use of the entire set of symbols that are available in a computer keyboard to generate a random set of passkeys for each packet of data. The permutations are generated randomly and are zillions in number, which makes decoding them a serious challenge. In any case, banning that level of encryption could immediately put our annual $60 billion IT export industry out of business. If sensitive information is being transmitted over BlackBerry, the same can be done through the telecom network serving these companies. Surely no one is contemplating a ban on these operations.
The alternative suggested by the security agencies is classic government speak. Turn the clock of technology back to where the government can read the encrypted data. The Indian government agencies have the ability to break only a 40-bit encryption, which is outmoded in any telecom network. That too is difficult as far as the IT and ITeS companies are concerned as the amended (in 2008) Information Technology Act does not give the government the power to hack into their system. Just as an aside the financial sector in India uses encryption standards of more than 40 bits.
The problem lies somewhere else. As we said earlier, the Indian government in its laid-back style did not wake up to the challenge the research and development centres of major IT companies in the world were erecting.
In fact, the current challenge, had it been posed the right way, would have been a splendid opportunity to equip the domestic IT industry to develop such capacity. There was every justification to finance such research and the results would have started pouring in. Instead of the Rs 3,066 crore annual budget of IT department (less than $1 billion) a princely sum of Rs 36 crore has been allocated for all cyber security projects. Centres at Bangalore, especially at those of IBM and others have begun to do pioneering work in computer technology globally, and this was just the right sort of project to engage them on as a public-private partnership.
The other technological windmill the government is charging at is the mythical server. When a person exchanges information on a mobile with another who holds a BlackBerry device, the data passes through a Research In Motion (RIM) relay, after it comes from the respective telecom operator?s switch. The relay is essentially a traffic cop directing the traffic to the correct address and does not encrypt or decrypt the data.
This relay is, therefore, a router but around which the Indian and some of the other governments seem so fixated on. Locating it in India will still not solve the matrix of the tougher encryption standards, but could give it a sense of victory, that is often much more easy to cash on politically than substantial results.
From the router the data lands at the receiver?s mail. The decryption takes place at this level. The BlackBerry enterprise server sits at this point as a gate keeper to the company?s server that is receiving the mail. To get decrypted data, the security agency needs to track every one of these enterprise servers the company has sold and will sell in future. Presumably we will have a room of files in one of the Bhawans where a section will store all the mass of decrypted data to be read at some date in future.
What the government seems to be egging on the company is to create a sort of master key at some level that will decode the data. Fortunately the prospects look slim. Because the alternative is an agency or even RIM that has the ability to break into any corporate mail. RIM, for its part, has disclaimed any such ability, which is reassuring or else it or a company providing a similar platform becomes the ultimate mega corporation. Such an omnibus entity is too scary even to contemplate and makes for a world where the big brother is absolutely real.
subhomoy.bhattacharjee@expressindia.com
