The
New Strategic Mantra:
Indian Cyber Security Needs
Foreign Help
Prabir Purkayastha
IT
is ironical that along with the government announcing that the
telecom
companies are the first line of defence in cyber security, it
has also
announced 100 percent Foreign Direct Investment (FDI) in
telecom. So 100
percent foreign owned companies are now going to be our first
line of defence
for cyber security. If this were not enough, we now have a
Joint Working Group
on Cyber Security set up with the private sector that includes
officials from
foreign companies.
It
is not that the government is unaware of the implications of
foreign ownership
when it comes to the telecom sector. It has been highly
suspicious of telecom
manufacturers such as Huawei and ZTE, fed in part by the
claims that the US security
agencies have been making about the Chinese owned telecom
giants. It stopped
BSNL from buying equipment from Huawei on this count. However,
it does not see
any similar threat from telecom service providers that have
foreign ownership –
Vodafone (UK), AT&T, Verizon (US), all of whom have
different levels of
presence in India;
or even having them on committees where cyber security
policies are being
decided.
Meanwhile,
the Snowden disclosures is increasingly making it clear that
against the
unsubstantiated charges of “secret back-doors” in Huawei
equipment, American
companies have worked as partners of the US, not only in
helping the NSA get
access to the fibre optic cable backbone of the US, but also
to hack into the telecommunications
networks of other countries. O Globo (Brazil)
and Der Spiegel (Germany)
have provided detailed reports on Brazil
and Germany
of how their telecom networks have been hacked, with help from
American
companies. Not only does the US
partner its own telecom companies, it also has agreements with
more than 80
foreign telecom companies to provide access to their
fibre optic
networks. Two Indian companies – Reliance Communications and
VSNL (a Tata group
company) have also signed such agreements, details of which
are now publicly
available. Under these agreements, the US
government agencies can monitor any communication that is
flowing out or into
their fibre optic cables, as one end of this network is in the
US.
Reliance
and VSNL not only provide access to the US security agencies, but even the
information of what access it
has provided and what data it has furnished to the US agencies
cannot be
disclosed to either the Indian government or even its own
management/board
of directors.
US, A HUB OF GLOBAL
INTERNET TRAFFIC
Before
the Snowden breakthrough came exposing the US
and its global hacking network, the US
was in a comfortable position.
It controlled the internet – ICANN the key internet body
operates under a US
Department of Commerce contract.
It also
controlled the fibre optic cable network of the world. There
are very few
direct fibre optic cable links between countries; almost all
cables between
continents and countries go through the US.
The largest internet companies
in the globe are mostly located in the US
and so are the servers that host
their services. All of it means that probably more than 80
percent, if not
more, of global traffic passes through the US
and therefore is directly
accessible to the NSA. Even communications between two Indians
are mostly
routed through the US;
this
is even when such services are provided by Indian companies as
even their
servers are likely to be hosted in the US.
The
telecommunications network that runs the bulk of the internet
does not come
under ICANN, which the US
controls. It comes under the International Telecom Union (ITU)
that is a
multilateral agency under the United Nations. The ITU has not
only been
involved in expanding internet services in the global south
but has also been
involved in internet security. For example, when Iran's
oil industry was under
attack, it turned to ITU for help, who in turn asked Kaspersky
Lab, a Russian
anti-virus company to investigate. That brought out in the
open that it was a
cyber attack mounted by the US;
it had code embedded in it that was also there in the cyber
attack involving
Stuxnet and Duqu, the two viruses that had targeted Iran's
nuclear fuel facility in
Natanz. The role
of the US
in creating
Stuxnet and Duqu – including a wealth of details – is public as it has
taken credit for delaying
the Natanz operations.
In
order to forestall any role for ITU on internet related
issues, the US mounted a
vicious attack on the ITU, targeting its director general in
particular. To
reduce China's
voice,
it also ran an international campaign against the Chinese for
spying
against US companies and government agencies using the
internet. As a
corollary, it also released a large amount of “information” to
all and sundry
claiming that all countries were at risk from Chinese cyber
spying. India
was specifically targeted with regular
leaks coming from “sources” that identified attacks on Indian
networks as
originating from China.
Snowden's
disclosures are particularly harmful to the US
as he has disclosed how the US
agencies have regularly broken into Chinese computer and
telecom networks. So
it would be comparatively easy to mask the US
cyber penetration of other countries as coming from China.
Snowden has thus blown a
continental sized hole through this elaborate propaganda war
that the US
has been
conducting.
This
is not to argue that the Chinese are as pure as driven snow.
The brutal truth
is that today against a possible threat from China,
we have documented and detailed information of what the US
is doing.
The frightening picture that emerges is that while the US
may – and
indeed it is only may at this time – provide some
protection to the privacy
to its citizens, it provides none for foreigners.
This is a part of
the FISA Act that foreign citizens have no protection under US
law. This is
now confirmed from the statements of its top leadership and
the “security” –
read spying – agencies. The NSA routinely vacuums up all the
data that passes
through the global fibre optic cable network and stores it on
its servers. In
this, it is aided by its telecom companies, the GCHQ of UK – UK's
equivalent
of the NSA – and to our shame, even Indian telecom companies.
In
the World International Telecom Conference (WCIT 2012) last
year in Dubai, the US
and its allies walked out claiming that ITU was going beyond
its brief by
discussing cyber security. While the other BRICS countries
stayed and signed on
to the new International Telecom Regulations that came out of
WCIT, India
preferred to abstain and later made noises saying it would not
sign the ITR's
for a variety of rather flimsy reasons. It has also withdrawn
its proposal –
made jointly with Brazil
and
South
Africa
– of internet governance being brought under a UN agency.
If
we now look at the cyber security discussions, it becomes
clear what is
happening. Instead of aligning with other countries such as Brazil, South Africa, China,
Russia,
etc., on internet
governance, it is specifically now aligning with the US.
TAPPING
NETWORKS
Meanwhile,
the Indian security agencies are also trying their version of
NSA and tapping
into the Indian telecom networks. Under its licensing powers –
similar to what
NSA is using to coerce telecom companies operating in the US
– it is
asking all Indian telecom licensees to provide access to their
networks. No more
tapping into a specific target but the ability to syphon off
as much as it
wants of data and conversation in virtually real time; and of
course, all the
famous metadata – who is talking, to whom, from where and for
how long.
The
Indian government is not bothered that Google, Facebook and
others are
providing wholesale the data of its Indian users to the NSA.
What it is asking
is that the Indian security agencies should have the same
access to data from
the global internet companies as they provide to the NSA.
Indians have no
privacy rights – whether in the eyes of the US
government or in the eyes of the
Indian government. They just want to be “equal opportunity”
governments for
spying on Indian citizens.
This
is what Shiv Shankar Menon appears to be saying about the need
to have
partnerships with “other” countries – read the US
– to address our intelligence
needs. We need US help to snoop on our citizens; our fight
with Googles and RIM
(Blackberry) is only for locating their servers here so that
legally India
can also
demand access to the data of Indians. This is why a cyber
security initiative
by the Indian government includes executives of companies who
have been
identified as being NSA's probable global partners.
In
the global strategic battle, India
appears to have decided that it is only a bit player. It has
given up
manufacturing, so today must import equipment from either China
or the
west. The telecom companies – its first line of cyber defence
– are no longer
Indian. It is unable with its own resources to even get access
to its citizens’
data without help from the US.
Therefore, succumb to the US,
become a subordinate ally and hope to get intelligence crumbs
from the US.
And pretend
that the real enemy is China
against which we have to mount our defences; with help from
Big Brother.
The
Left during UPA-1 had brought out the need to keep foreign
ownership out of
telecom as it is a strategic sector. It had also proposed
using India's
huge
internal telecom market to develop equipment manufacturing and
had pointed out
the success of Chinese companies such as Huawei. At that time,
Chidambaram
called the Chinese model of developing the industry as the
“infant industry”
protection model. Today, we do not have even an infant
industry out there to
protect, while Huawei has become the second largest telecom
equipment
manufacturer in the world.
India
has either the option to become a US satellite; or it can
champion the right of
all citizens to privacy as a fundamental human right; protect
its own citizens
against a predatory, if incompetent Indian security
bureaucracy; fight the
battle for all the global citizens to be free of this
all-pervasive snooping of
Big Brother, the US. Given the public endorsement of India's
foreign minister of US snooping – on not only the world but
even its own
embassy in Washington
and the Indian delegation including the PM in the G20 summit
last year – the
straws in the wind do not portend well.
This
is the battle we all have to fight; in India
and indeed all over the
world.