Google, Skype targeted in India security crackdown
India has widened its security crackdown, asking all companies that provide encrypted communications — not just BlackBerry-maker Research In Motion — to install servers in the country to make it easier for the government to obtain users’ data. That would likely affect digital giants like Google and Skype.
“People who operate communication services in India should (install a) server in India as well as make available access to law enforcement agencies,” Home Secretary G.K. Pillai told reporters. “That has been made clear to RIM of BlackBerry but also to other companies.”
On Monday, India withdrew a threat to ban BlackBerry service for at least two more months after RIM agreed to give security officials “lawful access” to encrypted data.
Indian officials have for some time also been concerned about Google and Skype, neither of which maintains servers in India. Google has an Indian unit, but Gmail is offered by Google Inc., a U.S. company subject to U.S. laws. Luxembourg-based Skype has no India operations.
India began a sweeping information security review after the November 2008 terror attack in Mumbai, which was coordinated with cell phones, satellite phones and Internet calls. Officials are also eager to avoid any trouble at the Commonwealth Games, a major sporting event to be held in New Delhi in October.
At the same time, India seems to be gaining confidence in its own attractiveness as a market, taking a tougher stance with international companies, not just in telecommunications — where it is the world’s fastest-growing major market — but also in mining and nuclear energy.
“Our stand is firm. We look forward to get access to data,” Home Minister P. Chidambaram told reporters. “There is no uncertainty over it.”
RIM maintains that the geographic location of a server has no bearing on a government’s ability to crack encrypted data.
But placing a server in India does allow the government to access user content more easily, using Indian laws, rather than waiting for the cooperation of a foreign company or security agency, Indian experts say.
“The moment you will be in Indian land, you will be able to be controlled by the government’s ruling,” said Rajesh Chharia, president of the Internet Service Providers Association of India. “National security is supreme over privacy.”
He said there have been conflicts over data access in the past.
“Right now the server is located outside India. And despite our best efforts to require them to access data, they say we are not governed by your system, we will not be providing it to you,” Chharia said.
He said the government wants everyone — including RIM, Skype, Google, Nokia and MSN Hotmail — to give Indian security agencies more access to their user content.
Skype, Google and Microsoft all said Thursday they’ve yet to receive any notification from the Indian government.
Nokia has already agreed to place a server in India by Nov. 5.
The government says BlackBerry is exploring the possibility of installing a server in India, as part of ongoing negotiations that narrowly avoided a ban on its services on Aug. 31.
One possible compromise could be to set up a BlackBerry Messenger server in India for instant messaging, but keep key corporate enterprise e-mail servers abroad. BlackBerry is eager to convince corporate users that its enterprise e-mail will remain the gold standard for security, despite pressure from governments in Asia and the Middle East, which fear super-encrypted communications could be abused by militants.
Pankaj Mohindroo, president of the Indian Cellular Association, whose members include Nokia and Motorola, said Indian telecom laws are ambiguous, but can be interpreted to mean that all service providers must place servers in India.
He added that users should have faith the Indian government won’t abuse its privileges.
“Interception here is done after clearance by high levels,” he said. “Consumers should never worry some junior police officer is snooping their data. It’s rarely done, and it’s done with very good purpose.”
Looming behind the fight is a sense that India wants the same level of access granted other countries like China.
Google India spokeswoman Paroma Roy Chowdhury said Google does provide user content to law enforcement agencies, but only in exceptional circumstances. All requests are reviewed by an internal committee at Google, she said.
“There have been requests from law enforcement agencies,” she said. “These are reviewed on a strictly case-by-case basis. Only in exceptional circumstances — when there is a threat of large-scale human loss, like a bomb threat — is the content made available.”
According to Google’s website, India made 1,061 requests for user data in the second half of 2009, the most after Brazil, the U.S. and Britain. It did not disclose numbers from China because “Chinese officials consider censorship demands as state secrets.”
Google did not disclose how many requests were granted.
Skype spokeswoman Eunice Lim said by e-mail from Singapore that the company “cooperates with law enforcement agencies as much as is legally possible.”
Skype uses local servers in China and has said on its blog that chat messages into and out of China may be monitored and stored by local authorities. In places like China — where it works with a local partner, Tom Online Inc., and distributes modified Skype software — it complies with local, rather than Luxembourg, law in making data available to security agencies.
“This means there is a possibility that your communications and personal data could be stored, monitored, or blocked and made available to authorized local parties, for instance law enforcement, subject to the local legal standards,” Skype says on its website.
In 2008, a Canadian researcher discovered that the Chinese version of Skype communications software was snooping on text chats that contained certain keywords, including “democracy.”
- Can Microsoft Security Copilot provide better cybersecurity insights and fix vulnerabilities?
- KPMG: Global economy to grow at a relatively modest over the next two years
- Europol: Law enforcement agencies need to be prepared to deal with ChatGPT
- Apple may diversify, but Tim Cook proves that China remains its key market
- Bolstering cybersecurity in Malaysia: Deep observability for cloud environments