• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• BL Club
• Smartbuy
• Books

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

Dr Samir Kelekar

D. Murali

Many security aspects are being discussed threadbare in the context of the recent Mumbai terror attack. From an information technology (IT) perspective, the most important issue seems to be that the 26/11 terrorists allegedly used VoIP (voice over IP) to communicate with their masters in Pakistan while conducting the attack, observes Dr Samir Kelekar, MD, Teknotrends Software Pvt Ltd, Bangalore ( www.teknotrends.com).

For starters, VoIP is a method of voice communications using the computer or Internet-enabled mobile phones. Worldwide, VoIP is slowly replacing traditional telecom lines. In the case of the 26/11 attack, reports state that the terrorists used SIM cards bought by forging identities, and that the VoIP service that they used belonged to a New Jersey, US-based service provider.

Reminding us of these, Dr Kelekar adds that there are conflicting reports about whether the investigating agencies were able to tap VoIP calls of terrorists. “If they weren’t able to either block or tap VoIP in real-time then it is a grave setback. It is particularly sad that the terrorists talked to their masters over the VoIP phones and took specific instructions to decide whether to kill a particular person or not,” he rues, in the course of a recent e-mail interaction with eWorld.

What is important, says Dr Kelekar, is the ability to tap (and in the absence of which block) VoIP protocols. “Of course, this needs to be done legally and in the interest of national security only, so relevant laws have to be put together.”

He cautions that the laws should incorporate provisions so that no misuse of the above is done. “This is not an easy thing to do. Second, blocking of VoIP services for commercial gain is something I am opposed to. Such blocking happens in many authoritarian countries.”

Excerpts from the interview:

The use of satellite phones has also been in the news…

True. According to reports, the terrorists — when they were sea bound — used satellite phones to communicate with their masters. Again, there are conflicting reports as to whether Indian investigative agencies have the technology to tap satellite phones. It is extremely important that there is ability to tap satellite phone conversations over Indian territory. In the absence of such a capability, there ought to be capability to jam satellite phone conversations. Again, this needs to be done legally and in national interest, and not for commercial gains or for privacy violation.

These are aspects of information security where we have been seen as starkly inadequate. We need to also improve our information security overall; our ISP (Internet service provider) networks need to be secure. Our computers, and wireless and wired routers, need to be secure.

Is blocking of sites or software on the Net a sound strategy at a national level?

Blocking of sites worldwide is generally carried out only by authoritarian regimes. In the Western democracies such as the US, any blocking is illegal and ISPs who indulge in blocking are penalised. Thus, I don’t believe blocking as a strategy is a wise one.

Blocking of particular services may be carried out if service providers don’t comply with national laws on wire tapping.

Does it become necessary for unblocking software providers to cooperate with governments for investigations? What are then the risks involved?

There are a couple of issues involved here — legal, ethical, etc. Due to the boundary-less nature of the Internet, a service hosted in a particular country can be accessed by people in some other country. A government would not have jurisdiction over the service if it is located in some other country.

Besides, many governments outright block whatever they want. Basically, authoritarian countries block sites at will. Many do so in order to curb the freedom of their populace.

Many authoritarian countries also block services such as VoIP in order to make money. By only allowing VoIP services owned by their own governments and blocking all others, they are trying to keep monopoly on their businesses.

Thus, to what extent unblocking service providers should cooperate is a difficult question to answer. Ethically speaking, unblocking service providers shouldn’t allow their service to be used as a conduit to promote activities which are generally considered detrimental by the civilised world — activities such as those promoting terrorism, criminal activities, child pornography, etc.

Stories about credit card identity theft and e-commerce fraud abound. Do you foresee these to adversely affect growth of e-commerce? So, from a security perspective, what should financial institutions do to popularise Net transactions?

Financial institutions should be highly security-conscious. They should get top security experts to hack into their sites, and then fix the holes found. I am sorry to be alarmistic, but if they do not do this, there is a high chance that a disaster could happen. For instance, it is not too unrealistic to imagine a scenario where a significant portion of a bank’s Internet customers’ passwords are stolen.

Any popularisation of e-commerce should go hand in hand with increased security consciousness and implementation as mentioned above.

At the corporate level, is network/information security getting its due attention? Where are the gaps?

I don’t think we have learnt our lessons yet. Security is generally considered as a cost as it does not generate revenue to the company. The return on investment (ROI) on security is reverse. In the sense that you will lose money, if you don’t have security; you won’t make money if you have security.

However, there are intangibles such as loss of reputation which companies need to consider. Also, a stitch in time saves nine. Why wait till a disaster strikes? It costs much less to secure one’s networks proactively than it would if one loses a whole lot due to a security breach.

What are the myths about information security that the common PC/Net user harbours?

Well, I don’t think common people are aware of the security risks they are exposed to. There is something about the electronic medium that makes the common people vulnerable.

While when we write a letter on a piece of paper, we seal the envelope carefully before mailing it, in the electronic medium we aren’t even aware that all our data communication could be potentially exposed. There is a lot of awareness education that needs to be done in this area.

Dr Samir Kelekar did his B.Tech. in Electrical Engineering from IIT-Bombay in 1983, MS in Computer Engineering from Clemson University, US, and PhD in Electrical Engineering from Columbia University, New York. He has worked for Motorola, Alcatel, and BFL-Mphasis, apart from start-ups such as Sanware and Narus. His essay, included in ‘Reflections by IITians,’ a book released during the recent PanIIT event in Chennai, is titled, ‘IITs – Gift of our Freedom,’ in which he argues that IITs have achieved the status that they have primarily because of the quality of students taken.

dmurali@thehindu.co.in

More Stories on : Interview | Security

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Copyright © 2009, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line