Cyber Security US breaching global laws

USA is not new to the controversies related to surveillance of its own citizens as well as its allies. Project PRISM is neither the first ever surveillance project nor is Snowden first such whistle-blower. US intelligence agencies have worked on many projects which precede PRISM (US-984XN). They have had programmes like Carnivor, DSCNet, Naruslnsight, Total Information Awareness, ADVISE, Trailblazer, ThinThread, Mainway, Turbulence, Stellar Wind, Echelon, Dropmire and Tempora.

Many of them being unconstitutional were stalled by the US Congress/Senate. Though discontinued, the software, concepts and project teams of some of the scrapped projects were redeployed for newer versions. According to reports, PRISM is presently collecting more than 1 billion records a day from E-mails, social networks, Skype, Google, Microsoft, Blog entries, telephone service providers, websites, and this data is dumped at one place. Thereafter this data is normalized, co-related, aggregated, and analyzed for preparing appropriate threat reports.

There are two facets of the PRISM controversy; one is breach of Constitution and laws of US itself; and second is information gathered from other countries. The Indian government should not concern itself with the former. However, the latter issue is serious for our national security and international relations.According to the US government, data collected is only metadata, a header information of an Internet Protocol (IP) packet (not the data), E-mail addresses and its header (not the content), telephone call detail records (not the voice), etc.

The US government further claims that contents of these communications were not gathered en-masse. In other words, it implies that for specific targets content information is also gathered. It is important to understand the concept of privacy and if compromised, its adverse effects. Privacy issues are only valid for gathering personal information by own government because the state and its officials can abuse the private information for political purpose or/and harass citizens for personal benefits. As foreign states cannot abuse the private information of an average citizen, it is fallacy to presume that such information is in breach of privacy unless this information is shared back with the government of the concerned citizen or a marketer. However, private information of influential people and decision makers and corruptible government officials can be abused by foreign powers against our national interest. Despite the fact that information collated through project PRISM could have identified terrorist modules and hawala operatives in India, India’s National Security Adviser has stated that such information was not shared.

According to the Vienna Convention on Diplomatic Relation, Article 27 guarantees free communication between a mission and its sending state by all appropriate means, and ensures that the diplomatic bag carrying such communications may not be opened or detained even on suspicion of abuse. US President Barack Obama has shrugged off allegations saying allies often spy on each other. It amounts to a brazen breach of the Vienna Convention.  The Heat Map published by ‘The Guardian’ news paper shows that India was fifth on the list of countries under surveillance for top secret information and was placed after Iran and Pakistan. Another disturbing fact is that India is one of the 38 countries whose embassies were snooped by the US.

One of the slides of PRISM leaked to the Guardian newspaper shows why: about 85 percent of world’s internet traffic flows through USA. Additionally, all important servers such as primary domain name resolution servers and internet exchanges are located under the control of the US Department of Commerce. This forces most countries to send their data to USA for processing. Several attempts to extract these servers and important internet organizations out of the clutches of US government have failed. This provides huge asymmetry in favor of USA and the Americans have breached this trust.

India must understand that in the case of information security, there is need to comprehend as to what is happening and this being a complex techno-military-diplomatic issue, an average bureaucrat cannot provide leadership. A group of professionals is required. The National Cyber Security Policy envisages requirement of about five lakh information security professionals. However, there are less 500 hundred such people in the government. The Department of Information Technology had prepared curriculum in Information Security few years ago. This needs to be implemented.