The New York Times yesterday filed a report on India’s efforts to force communications companies that rely on encrypted or hard-to-track communications systems, like Blackberry and Skype, to make their technology accessible or risk being banned from the country. This new step is unsurprising given talk in the UAE last month of forcing compliance with surveillance efforts and the disclosure yesterday of plans in this country to require companies to be able to provide clear text of encrypted communications if so ordered by a court.
It is interesting that for all of concerns put forth in the article of potential consequences of this new rule for India — such as fear of increased government reach, concerns about inadequate privacy protections, and lack of capacity to actually deal with this information flow — the author focuses on the impact increased pressure on communications companies could have for India’s business interests:
The most inflammatory part of the effort has been India’s threat to block encrypted BlackBerry services, widely used by corporations, unless phone companies provide access to the data in a readable format. But Indian officials have also said they will seek greater access to encrypted data sent over popular Internet services like Gmail, Skype and virtual private networks that enable users to bypass traditional telephone links or log in remotely to corporate computer systems.
Critics say such a threat could make foreigners think twice about doing business here. Especially vulnerable could be outsourcing for Western clients, like processing medical records or handling confidential research projects, information that is typically transmitted as encrypted data.
“If there is any risk to that data, those companies will look elsewhere,” said Peter Sutherland, a former Canadian ambassador to India who is now a consultant to North American companies doing business there.
S. Ramadorai, vice chairman of India’s largest outsourcing company, Tata Consultancy Services, echoed that sentiment in a newspaper column on Wednesday. “Bans and calls for bans aren’t a solution,” he wrote. “They’ll disconnect India from the rest of the world.”
India certainly does not want to scare away businesses who rely on encrypted communications in a globally competitive marketplace. Yet what is more worrisome about this entire effort is that it represents another example of governments pursuing more and more information without trying to analyze and where necessary reform how that data is actually used.
While it is attractive (and understandable) for governments concerned with their security situation to want to be able to access different means of communication, the allure of more access to data could allow countries like India to acquire more and more information, making it harder to find what they need to break up plots and prevent attacks. This is in part what has happened in the United States, where we have created a massive intelligence bureaucracy devoted in part to taking in as much information as possible, while sometimes not taking steps to process the information more intelligently or effectively.
In the rush acquire data and improve security, governments must continue to evaluate not just what they need but also how they evaluate what they already have, in order to ensure that new efforts to improve security don’t just make an already dangerous situation worse.
— Andrew Lebovich