COLUMN: Is it the job of Google, Twitter & ISPs to maintain India’s National Security?

On the sidelines of an event on event on ‘Ethics, Governance and Technology’, India’s young and tech-savvy junior IT minister Sachin Pilot said the government had asked websites like Google, Facebook and Twitter to install “real time” monitoring system for national security.

While on the face of it, the request looks like just another of India’s attempts to monitor terrorist activity, a closer inspection reveals that it may be more than that.

The whole “real time” monitoring conundrum has its origins in India’s telecom laws. Under them, all telecom operators are supposed to have a facility, to be made available to the government on request, to listen to any conversation made by anyone in India over the phone.

Over time, voice simply became another form of data as telecom networks converted all voice conversations into the Internet traffic for ease of shipping. Not to be outdone, the government, over time, introduced newer and newer clauses in Internet (ISP) licenses that required all Internet offering companies to be able to “monitor” the content passing through their network.

It is another matter that such a requirement is not only impossible to fullfill, but will also make much of the global e-commerce as we know it today impossible. Most banks and shopping sites, for example, use “unbreakable” coding and decoding software to ensure that no-one, not the ISP, nor any government in between, can sniff out details such as credit card numbers and banking passwords.

Companies do the same too, to protect their internal data and communication.

The level of encryption is so high and affordable that such services are even available “free” in the form of Skype calls, encrypted Gmail, hushmail etc..

The government tried, for years, to get the ISPs comply. It wanted ISP’s to put ‘filters’ at core interconnection points — such as where their network ended and India’s national Internet backbone (NiXi) started and of course, at the exit points from the country where data effectively left the Indian shores.

The Internet Service Providers Association of India (ISPAI), in its reponse three years ago, pointed out that wholesale monitoring of Internet traffic was an extremely costly business. It, however, suggested an alternative that such a system can be tried only at a handful of major ‘junctions’ in the country.

It said:

“The infrastructure and resources required for data monitoring for security purposes is very high. Since the amount of internet traffic is very large and constantly growing, the setup required to capture, analyse, store and filter the relevant data for security agencies needs to be very elaborate.

“As demand for bandwidth multiplies the cost of equipment, installation and maintenance is also going to become significantly high… an ISP will have to deploy this elaborate monitoring facility at virtually every point of presence. Although an alternative option of centralised monitoring is provided in the regulation, it is an equally expensive and impractical solution, since the entire traffic from all nodes will have to be carried to the central site resulting in a requirement of huge bandwidth for NLD transportation and consequent data processing equipment…

“In either situation, the ISP business becomes financially unviable even for large ISPs thereby making cost of Internet Bandwidth at service provider end and customer end exceptionally high. To what extent this will effect the spread of Broadband will need to be analysed from a strategic viewpoint,” it pointed out.

In its suggestion, it said monitoring need to be done only at the entry-exit points (national boundary) and between the junctions of ISPs.

“All traffic that is exiting/enter India do so only at the defined International gateway points. Hence by monitoring at these points 100% of international traffic is monitored.

“All domestic traffic that is exchanged between ISPs traverse through the Tier 1 ISPs who in turn peer with overseas ISPs. Hence by monitoring all the peering links of Tier 1 ISPs, the entire traffic can be monitored,” it pointed out.

Now, the question is, if the data is anyway being monitored and checked by the Internet Service Providers like Bharti Airtel, BSNL and Reliance, what is the purpose of asking websites to check the data as well?

It may be noted that the emergence of the new media (Internet) has forced mainstream media, which used to ignore many inconvenient allegations against the government, to be more “aggressive” in its pursuit and treatment of news about the Government.

In addition, a recent report from Google had pointed out that the Indian government is the third largest seeker of its users’ private details and made one of the largest number of requests for content censorship.

On the other hand, if the government is really serious about maintaining national security, perhaps it is high time it expected private companies to do its job on its behalf.