D Sampath Kumar

What’s wrong with the encryption policy

D SAMPATHKUMAR | Updated on January 22, 2018 Published on September 23, 2015

Crystal Eye Studio/shutterstock.com

The government could have avoided being called a voyeur had it phrased the draft properly

At least, in my aunt’s eyes, my grandmother’s postcards to her husband (my uncle) were encrypted. This was a bit annoying for her as most of my grandmother’s letters were about the mounting costs of construction of the family house in Srirangam in Tamil Nadu — code for a demand for additional remittance from my uncle.

That was until one day she decided to crack the encryption code so that she wasn’t dependant solely on her husband’s version of what the mail contained. She got hold of the key to the encrypted mail which was a book titled, Learn Tamil from Telugu in 30 Days.

She had done her schooling in Andhra Pradesh and thus could only speak Tamil but not read or write it. Armed thus, with the knowledge of the Tamil script or rather, the key to the encrypted mail, she had a sneak view of all its contents.

Now, substitute my aunt for the government of India; a member of the Students Islamic Movement of India (SIMI) for my grandmother; my uncle as the Al Qaeda/Islamic State of Iraq and Syria (ISIS) handler; the postcard for a ‘closed user group’ communication on ‘WhatsApp’; and its content not so much about a demand for some extra cash as about a fresh consignment of RDX to be deployed on the Mumbai suburban network, of the Western Railway…

You get an idea of the government’s larger objective with regard to its draft encryption policy on digital communication.

Where they went wrong

That they messed it up is not in doubt, as is evident in the government’s own admission in withdrawing the draft policy. But where they erred was in not structuring it suitably inasmuch as the draft policy not only enabled the government to monitor conversations between former members of SIMI and their ISIS handlers but also millions of innocuous conversations among perfectly law abiding citizens.

Since the present communications and IT minister is a lawyer, and a successful one at that before he became a minister, he will be able to readily understand how he could have avoided all the embarrassment for his government if the draft policy had been presented to him as a case for legal opinion by one of his corporate clients. Except that in the instant case, the general public is the legal expert and his ministry is the corporate client.

Restructuring the policy

Here is how the draft policy could have been structured as a case for legal opinion:

Background: India, regrettably, harbours forces that are inimical to the country’s growth and well-being. This is despite the efforts of successive governments over the last 60 years in pursuing policies that are aimed at promoting social cohesion and communal harmony within the country.

These forces would like to indulge in acts of terror that consume the lives of innocent people besides causing disruption to the even tenor of economic activity in the country. They are also not above seeking external help to further their aims, as documented cases from the past indicate.

The world has evolved as a global community that is digitally connected. The growth of internet and the mushrooming of platforms of social communication have not only made communication easier but also more secure. This has made the task of law enforcement from the perspective of preventive vigilance against potential acts of terror extremely difficult.

The problem has been compounded by additional features in these social communication platforms such as the option to firewall communication between select groups of individuals; in-house versions of software for encryption of such communication besides allowing user-defined encryption software to be allowed to ride on these social communication platforms.

Now opinion is sought on:

1. Whether there is a need to strengthen the mechanism of preventive vigilance against potential acts of terror in view of the increased threat perceptions?

2. If the answer to Question 1 is in the affirmative, whether such a mechanism could consist of an ability to monitor communication flowing through such social media platforms?

3. Since potential acts of terror involve a certain gestation period and if the government is not always able to get to know about it from day one, would the mechanism of preventive vigilance require an ability on the part of the law enforcement authorities to sift through past communication involving persons contemplating such acts of terror?

4. Is it possible to filter communication of only such persons identified in Question 3, from the millions of other communication without clubbing them all in the first place?

5. Does the existing legal framework enable the government to compel an individual resorting to exchanging encrypted communication with another individual or compel the business entity offering to host such encrypted communication to provide the key to deciphering it?

6. If answer to Question 5 is in the negative, whether there is a need to strengthen the legal mechanism to enable law enforcement authorities to demand that such key to deciphering be made available?

7. In the context of a legal mechanism, already in place or needing to be put in place anew, whether the efforts of law enforcement authorities in arriving at the truth would not be frustrated unless the individual or the business entity, as the case may be, are also compelled by law to preserve a transcript of such encrypted communication so that the output of the text using the key is compared with the original?

No guarantees

Presenting the government case in this manner is of course no guarantee that the public would be persuaded to toe the official line.

After all the public might well say that fundamental right or not, considerations of preserving the purity of private communication overrides the potential for saving a few hundred lives from acts of terror. That would be the public choice.

But at least the government would have been spared the odium of being branded a voyeur.

Published on September 23, 2015
This article is closed for comments.
Please Email the Editor