Cyber terrorism is becoming India's biggest concern and if none looks at the laws in place, it is clear that our approach has been more reactive than preventive, feels Vicky Nanjappa.
The government has proposed to bring about a law that would make it mandatory for internet firms and intermediaries to provide real time information to security agencies in a bid to prevent a cyber strike by terrorists.
Indian agencies have often been caught off guard in the lead up to a terror strike as they do not have access to real time information about what is happening on the web space. If Indian security agencies had this information, a lot of terror strikes could have been prevented.
A source out that since most of the planning of such attacks is done online, it has become a major headache for them. The use of mobile technology which was extremely high a couple of years back, has taken a back seat thanks to better mechanism in place which tracks conversations with much ease.
The Intelligence Bureau has suggested that it needs to have access to real time information pertaining to terrorism cases.
"The planning can be tracked with much ease, and our response could be preventive when compared with reactive," says an IB source.
The case of David Headley is a very good example to show why India needs such a mechanism in place. With the current system, the National Investigation Agency can only seek for further information about what has already happened.
Had India had access to real time information from service providers or internet firms, they could have possibly prevented a huge attack such as 26/11.
While India studies the pros and cons of bringing about such a law, cyber security expert Pavan Duggal explains the following. This proposal is emerging out of the need to tackle issues concerning national security in real time.
"Traditionally our approach has been more reactive in nature. It is only once an incident takes place that we investigate. By seeking real time data, the government wants to be on par with pro-effective efforts to stop or prevent on national security. Currently, we have the IT Act of 2000 which has been amended in the year 2008," he explains.
According to the amendment, all service providers have been mandated to provide information as and when asked by the government. However, the scope is not clear in terms of real time data, and hence, there is a dire need to come up with a new legislation or legal provision which can help the government such data from service providers or internet firms," he adds.
In the recent past, Indian agencies have found that the use of the web space has gone up ten fold. Apart from sending out mails to communicate regarding a terror strike, there have also been instances when terrorists have saved messages in their drafts in a bid to dodge being tracked.
"If the proposed law comes up, then suspects could be placed under the scanner and their activities tracked real time. It however, cannot be considered to be a foolproof method; but there would be a fear among such persons that they are being constantly monitored.
For terror organisations, it is very important that they go through the initial part of the operation without being noticed.
"The proposed law would act as a deterrent to terror organisations. The new law would not only help agencies track the planning, but would also help them keep a check on other activities the most important of them being fund transfer. During a lull, terrorist groups continue to transfer funds and also carry out recruitment activities through the internet," he explains.
India is probably very high on the security risk map where cyber terror is concerned. This has even been recognised by the European Union which recently invited India to take part in the cyber security and crime project.
This project would require India to take part in an exercise which would involve counter-terrorism on the cyber space. While India would need time to study the pros and cons of such a new law, the biggest challenge would again be in respect to privacy.
"There is a careful need to study the law before bringing it out in the open," says Duggal. "This law should have adequate safeguards to prevent a misuse by the government and security agencies," he adds.There ought to be a proper monitoring committee and a set of guidelines that need to be followed just like in phone tapping cases before a requisition could be made to the internet firm to provide real time information on any person. Only once the committee is convinced should a go ahead be given to seek such information.