The interconnected nature of the internet has been a boon for society. Since inception, it has facilitated ceaseless sharing of information, thus, dramatically amplifying our knowledge through collaborations.
Unfortunately, these characteristic advantages have also made the internet a breeding ground for unlawful activities. Such activities not only pose a threat to our financial system and individual privacy of the user, but also make it easier for radical groups looking to tear down the social fabric and create havoc across the globe. In this scenario, can lawful hacking become an appropriate pre-emptive measure against these threats? And if yes, is India ready for such measures?
Lawful hacking is not a completely new concept. It can be considered as an advanced form of lawful interception which is a common phenomenon amongst multiple countries across the world. Lawful hacking grants legal authority to law enforcement agencies to intercept a network communication against any contingency. This can either be done by creating a backdoor entry for law enforcement agencies or by conducting a security breach expedition for legal purposes. However, it has become a raging topic of discussion, especially after the groundbreaking global surveillance disclosure by Edward Snowden – the ex-NSA contractor. Through its surveillance program (PRISM), NSA – the intelligence organisation of USA – targeted encrypted communications that passed through the internet backbone. This received massive criticism across the globe and raised concerns relating to individual privacy. In its aftermath, USA as a nation state has experienced a significant loss of credibility and accountability.
A similar incident also occurred in India when Department of Electronics and Information Technology (DeitY) planned to rollout its National Encryption Policy. The policy draft envisaged implementing strict legal framework for national security. As part of the draft, the new policy demanded Indian users to keep their WhatsApp communication intact for at least a period of 90 days. Deleting a message could invite legal action against non-complying individuals. This was criticised severely by the media as well as by the Indian populace, thus, forcing the government to pull back its National Encryption Policy.
The political and diplomatic fallout of rolling out such a project can have far-reaching consequences for India. Such projects demand secrecy. Even the involvement of a neutral body, such as Federal Judiciary as in the case of USA, for checks and balances has been observed to have a negative effect. Due to the intrinsic nature of such operations, even court-approved orders are subject to single-sided views of the topic. This makes the end-result subject to manipulation by the concerned authority. Its confidentiality eliminates the scope of objection and thus makes it less foolproof in design. It can mar public trust greatly in the wake of negative upshots. Apart from this, the backdoors created within the security framework can also be mis-utilised by cybercriminals and serve against the purpose.
Technology is often viewed by the public with great suspicion. This is precisely the reason why even technologically-secure – as claimed by the Election Commission – EVM machines are being looked at with a sense of mistrust by a section of the public. In the wake of these events, deploying a lawful hacking program in India will sooner or later have its negative repercussions. Hence, it can be concluded that lawful hacking may not be implemented in the country. Rather, the government ought to focus on strengthening its security infrastructure and deploying state-of-the-art technologies to bolster its digital framework.
This article has been authored by Rajat Mohanty, Co-founder and CEO, Paladion Networks