Log In   

October 19, 2006

International Relations

Internet Security

By Nitin Desai

  

About ten days ago a controversy erupted about a “We Hate India” site in the social-networking portal Orkut.  The matter has reached the High Court in Mumbai which has issued a notice to Google which hosts the site.  Should we be exercised about this sort of use of the net?

 

If the site containing the offending material is hosted in another country then there is little that we can do if what it says is not an offence in that country.  However, there are some who argue that we should be looking at ways of policing the net and preventing people in India from accessing such material by asking local Internet Service Providers to block such sites.  This is not easy to do when the internet service industry is broken up into nearly 200 ISPs who can establish their own gateways to the global Internet.

 

Even if it could be done it would be an over-reaction in this case. The hate India group has less than a hundred members and Orkut includes many more hate groups, including one against waking up early, as also groups fond of Indian politicians (yes!), film stars and sports persons.  As long as the material disseminated is not seditious, libelous or pornographic there really is no cause for action.  As a country we must show a mature capacity to shrug off rudeness.

 

The net is policed in some countries.  But in a democracy with constitutionally guaranteed freedom of expression “policing the net” is a bad idea.  The net is not some den of vice that needs this.  The bulk of the 60 million users in India and the billion or so internationally are decent citizens who are using the net for legitimate purposes.  The real challenge is to focus on cyber crimes, the activities on the net that cause real harm to us by clogging up our e-mail with spam, spreading viruses that corrupt our computer systems, stealing confidential information illegally and perpetrating frauds.

 

For most of us the greatest menace comes from spam.  It is estimated that over half of e-mail traffic consists of unsolicited e-mails.  It can be traced, via aliases and addresses, redirects, hosting locations of sites and domains, to some 200 spam operations (with 500-600 active spammers) who account for 80 percent of spam mail.  The global rogues list of major spammers includes only 176 names as of mid-October 2006, three of whom are in India. Spam uses up bandwidth and server capacity and costs time and money to remove. Spam is not like junk mail in normal post as the bulk of the cost of spam is borne by the receiver not the sender.  Globally the cost of spam management according to one estimate is $20 billion. 

 

Spam can, and has been used by criminals and/or terrorists to take control over another person’s computer by planting codes and programmes.  The criminal activity conducted through this zombie computer is then attributed to the innocent victim of the take over.

 

Unlike many other countrie, India does not have a proper anti-spam law.  Because of this shady operators in India provide host facilities to major global spammers besides being in the business themselves.  We should be worrying about this flood of spam far more than some pathetic hate group.

 

Identity theft and fraud are linked to the ease with which spam can be sent.  All of us who have received “phishing” messages, notices of winnings for lotteries we never entered for and Nigerians and others offering us huge rewards for helping them to get money out of the country know this.  These activities are illegal per se and the real challenge is to catch the perpetrators who often reside in other jurisdictions.  This is where the police administration nationally has to be trained to understand the modus operandi of these fraudsters and to cooperate with other countries to stop and catch the criminals.

 

Hacking attacks on vital computer installations, a concerted denial of service by flooding a site or a mail box with messages are a more generalised threat to the net.  One can imagine worse – a concerted attack by an adversary to deliberately take down a country’s Internet capacity. 

 

Internet security depends on three things.  First the adequacy of security arrangements at the level of each network in the system. There are a set of standards here, the best known being ISO 17799 soon to be supplemented by a new one ISO 27001.  How many Indian companies, networks and government departments have tested their systems of security against these standards?

 

The next level of security is at the national level.  The IT Act in India provides for a Controller. Under the Act, the controller can "direct any agency of the Government to intercept any information transmitted through any computer resource". But this is like an authority to intercept mail and of little value when criminals can hide their tracks.  Security requires vigilance and cooperation between law enforcement, the service providers and the community of users.

 

Internet security also requires global cooperation because of the borderless nature of the transactions.  This is happening in a quiet way but more needs to be done.  Security is one of the themes of the UN’s Internet Governance Forum which is meeting for the first time at the end of October in Athens. 

 

The Internet is a very open space.  Security cannot come from closing doors because there are many ways of bypassing the locked gates.  It can only come from vigilance and cooperation between the participants in the network.  The challenge of Internet governance at the national and international level is to provide this without losing the great advantages that flow from the open character of the Internet. 

Comment on this article
Already Registered? Login in to your account