Rediff Logo Infotech Find/Feedback/Site Index
HOME | INFOTECH | HEADLINES
November 26, 1999

HEADLINES
SHAREWARE
DISCUSS
POLICY POLICE
JOBS
ARCHIVES


Search Rediff

Sidestepping the wardens

Srikant Sreenivasan

You may be buying some expensive gifts from an online shopping mall, looking at adult content, sending and receiving very personal email or chatting with friends on the Internet blissfully unaware that you have unwelcome company. Yes, Big Brother (read the Government of India) could be watching all your online activities over your shoulder.

Email this report to a friend. The government has made it mandatory for every Internet Service Provider wishing to set up an International gateway to set up special monitoring equipment on its gateway systems.

At this rate you might have the Intelligence Bureau or the Research and Analysis Wing breathing down your neck every time you are online. This is particularly disturbing as our lives become increasingly Netcentric.

Now whenever I buy an expensive book from, say, Amazon.com, I will be paranoid that the government will be watching and send the income tax authorities to check on my financial status.

An exaggeration, some of you might say, but however improbable it might seem it is certainly not impossible. And this is coming from a government that, despite several stumbling blocks, was responsible for helping spread of the Internet.

If monitoring you online was not bad enough, the government has laws restricting the use of encryption and cryptographic keys like in the United States.

A similar policy governing encryption and the infamous 'Clipper Chip' failed to take off in the United States after several prominent industry players and Netizens lobbied against it.

However, even now the United States bans the export of products, both hardware and software, which has more than 48-bit encryption technology.

This is because government computers can break 48-bit encrypted data in a reasonable period of time whereas it would take years to crack data encrypted with higher key lengths.

A very early opponent of these policies was the legendary Phil Zimmermann who developed the free Pretty Good Privacy -- PGP -- encryption utility with super-strong security for the common man. To date, PGP remains one of the most popular ways for the common Netizen to exchange data securely without the fear of eavesdroppers.

To quote Phil Zimmermann: "If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable military grade public-key cryptographic technology. Until now.

"PGP empowers people to take their privacy into their own hands. There's a growing social need for it. That's why I wrote it."

So what does one do if the Indian government does go ahead and implements these policies? Well, as they say, rules are meant to be broken, of course keeping well within the law.

Take charge

Let's look at what most typical Internet users do online:

Email -- The numero uno Internet application. With approximately 12 million users worldwide sending more a billion messages every month, indeed email is to this decade what the fax machine was to the last.

Web Browsing, Chat, Instant Messaging -- Most people spend a lot of time searching for information using popular search engines or read online publications.

Download -- Downloading of games, shareware and evaluation copies of other software is extremely popular. People are smitten with the "latest" bug and are perpetually downloading the latest versions of their favourite software.

e-Shopping -- A relatively new but promising use of the Net is electronic shopping. Right from buying software, gifts and books to more esoteric stuff, the Internet has made it easier for shopoholics.

Now, how does one go about protecting this? Here goes...

e-mail

Thankfully e-mail can be easily protected. Simply use free Web mail sites like Hushmail or Ziplip. These sites use strong encryption keys to secure the mail during sending and receiving.

Also being outside India, these sites are not subject to DoT's encryption guidelines. Another alternative is to use PGP. Plug-ins for popular mail clients like Eudora and Outlook Express are available to make it simple to use PGP.

However, please note that you cannot legally use PGP keys longer than 48 bits unless you first deposit the keys with the DoT. That is something that no right-minded person is likely to do as the security of the keys with DoT is suspect. DoT has not made it clear as to how they intend to secure the keys themselves.

Web Browsing, Chat and Instant Messaging

If you do not like the idea of Big Brother keeping tabs on the sites that you visit, use an anonymiser service such as Anonymizer.com.

For a small fee, many anonymisers will give you better connectivity and throughput for faster anonymous browsing. (Click here to read Dawn ).

Another approach is to surf the Net via a proxy server. This way only the proxy servers IP address can be logged by DoT's security software and it is more difficult to pinpoint the exact user visiting a particular site without analysing the proxy servers log files that can be deleted frequently.

Most good software like ICQ and AOL's IM, etc are proxy-aware and, with some simple configuration, can be made to access the Net via a proxy.

e-Shopping

Despite rumours to the contrary, shopping online is quite safe. This is because most shopping sites are already very security conscious and have secure Web servers with digital certificates.

On entering such sites a secure channel is established between your browser and the site's Web server.

But be warned that many browsers downloaded from the Internet have only 48-bit encryption technology (Only the US versions have higher key lengths). So even if a particular site supports higher key lengths, you can effectively get only 48-bit encryption due to your browser's limitation.

One way to have tighter security is to download the OpenSource Mozilla browser with 128-bit encryption.

While security is definitely a concern, one need not lose too much sleep over it. This is because it will certainly be a daunting task for any government to monitor hundreds of thousands of users.

A government certainly does have the right to impose certain restrictions if they are warranted due to national security concerns, but to be routinely subjected to online examination is a definite harassment.

The people and the IT industry must come out against such unnecessary policies to safeguard our online privacy.

Further reading and software:

EFF -- www.eff.org (www.eff.org/goldkey.html)
FSF -- www.fsf.org/philosophy/basic-freedoms.html
History of PGP -- www.dcs.ex.ac.uk/~aba/timeline/
Download PGP -- www.pgpi.org
Hushmail -- www.hushmail.com
ZipLip -- www.ziplip.com
Mozilla -- www.mozilla.org
GnuPGP -- www.gnupgp.org or www.openpgp.org.

Tell us what you think

HOME | NEWS | BUSINESS | SPORTS | MOVIES | CHAT | INFOTECH | TRAVEL | SINGLES
BOOK SHOP | MUSIC SHOP | GIFT SHOP | HOTEL RESERVATIONS | MONEY
EDUCATION | PERSONAL HOMEPAGES | FREE EMAIL | FEEDBACK