JOIN USRecently, the National Security Advisor Shivshankar Menon stated that indigenous snooping capabilities may not be enough to protect India’s cyber security. He seemed to favour a policy of cooperation with major powers in the world in order to obtain Internet information. He said that –“We might press partners for the sharing of data harvested from Indian users and sites, the purposes for which they were used, and the legal basis on which the acquisition was authorized.” This statement coming from such a senior official, raises a few pertinent questions.
The government barely a few weeks ago announced the National Cyber Security Policy 2013. Is the government now admitting that it is not effective enough? Is the government clear about the objectives of this policy? The other disquieting issue is the aspect of cooperating with major powers like the United States. Given the past history of espionage activities carried out against India, the moot question remains – Can we trust the Americans enough on such sensitive matters?
Very few people would doubt the need for such a policy, given the grave challenges to national security posed by terrorism. The government has proposed to set up a National Critical Information Infrastructure Protection Centre (NCIIPC), which will ward off cyber security threats in strategic areas such as air control, nuclear and space. It will function under the National Technical Research Organization (NTRO), a technical intelligence gathering agency controlled directly by the National Security Adviser in the Prime Minister's Office. The existing agency, Computer Emergency Response Team (CERT), will handle all public and private infrastructure.
Constant warning
If all these agencies perform their functions ably, why do we need to rely on the United States? The recent documents leaked by former NSA contractor Edward Snowden exposed the extent of US spying on India, especially the US surveillance on the Indian Embassy in Washington DC. The writings of the recently demised Indian intelligence official and scholar B Raman have constantly warned us about the extent of American spying and infiltration in India. They have also succeeded in whisking away a highly placed intelligence official from R&AW Rabinder Singh, who had been a mole working for them. This defection inflicted a terrible blow on the morale of our intelligence agencies. Clearly the Americans are not very reliable allies.
The objectives of the government in spelling out a National Cyber Security Policy appears a little ambiguous. There is the concern for preserving national security and strategic online assets. This is coupled with a desire to secure the transactions of citizens and companies on the web. The blatant misuse of Section 66A of the Information Technology (IT)Act, 2000 by the government in the recent past does not inspire much confidence.
Shaheen Dhada was arrested by the Mumbai police for a rather innocent Facebook post which alluded to the demise of a political leader. Her friend, Rinu Srinivasan, was also detained simply for liking the post. Professor Ambikesh Mahapatra was arrested under this section for forwarding caricatures on Trinamool Congress chief Mamata Banerjee on Facebook. Ravi Srinivasan was arrested under the ambit of this section for his tweets on reports of corruption.
The national policy on cyber security seems to have no place for the concerns of civil society. It has instead vested all the powers in the hands of a few ‘nodal’ agencies. The parameters of privacy have not been defined in this policy. The policy does not allude to the processes of the collection of data or its end use. This is a glaring omission given the serious concern that such policies often result in a loss of civil liberties. The policy does not talk about aspects of implementation. In fact the policy also does not even mention the Information Technology Act of 2000. This is rather surprising given that the chances of the cyber security policy coming in conflict with the IT Act are very high. In such a scenario of conflict the IT Act will prevail because it was passed by Parliament, while the cyber security policy is an executive order.
Apart from all these legal shortcomings, the key concern remains an ethical one. Nations that claim to be democratic need to value and respect the liberties of its citizens. During the Cold War various communist countries used to spy on their own citizens. Everybody who valued freedom and human rights condemned it. If that was wrong then, how can it be right for democratic countries to be doing the same now?