Why in news? – “On October 30, multiple Indian media publications revealed that a spyware called Pegasus (made by an Israeli firm, NSO) was used to compromise phones of multiple activists, journalists and lawyers. The phones were reportedly compromised by using vulnerability in WhatsApp which allowed the Pegasus spyware software to be installed in a target’s phone by initiating a WhatsApp voice call with the target. Once installed, the spyware is able to track the activities of multiple user applications in the target’s phone including messages, mails, audio calls, browser history, contacts, and so on.” This also includes data (audio and text) that is exchanged via end-to-end encrypted systems such as WhatsApp.“
The breach of end-to-end encrypted systems needs to be focused upon because ‘Whatsapp’ had told the Supreme Court that it was not possible to provide information to the government even in law enforcement cases as the end-to-end encryption system is technologically impossible to breach even if ‘Whatsapp’ itself would want to.
“WhatsApp has expressed its inability to the Madras High Court regarding sharing users’ communication with law enforcement agencies citing its end-to-end encryption. The cross-platform messaging service was the only social media company out of Facebook, Google, YouTube and Twitter that informed the court of the impossibility to track down the original sender of a message during the hearing of a case about the assistance of social media companies to fight cybercrime.”
- According to the Internet Trends 2017 report, 27% of India’s population uses the internet.
- India will have 730 million internet users by 2020.
- 75% of the users shall be from the rural areas.
- There will be 175 million people shopping online.
- 70% of the e-commerce transactions would be done via mobile.
These set of numbers clearly indicate that the internet penetration in India is going to be huge in the near future. This digital boom shall bring with it, its own set of challenges.
What are the challenges associated with cyberspace?
- Innumerable entry points to the internet – As internet is accessible by anyone and from anywhere, the risks associated with it increase manifold. Thus, attribution of any act to any person becomes increasingly difficult.
- Automation – Offenders can use automation to scale up their activities – many millions of unsolicited bulk spam messages can be sent out by automation thus enabling unlimited attacks. Hacking attacks are often also now automated with as many as 80 million hacking attacks every day due to the use of software tools that can attack thousands of computer systems within hours.
- Lack of uniformity in safety of devices used for internet access – The widening gap between the security offered by the high-end secure phones and lower cost mobiles make it almost impossible for legal and technical standards to be set for data protection by the regulators.
- AI and IoT – With the advancement of technology, people are always connected to the internet. This makes them more vulnerable to cyber-threats.
- Transnational nature of crimes – Since the internet has enable cross-border exchange of data, the victims of cyber-crimes are mostly located in a different country than the place of origination of crime. This makes situation difficult for the law-enforcement agencies.
- Lack of awareness – There is a lack of awareness at both organisational as well as individual level. Domestic netizens can protect and be protected from the cyber attacks only if there is a guided and supervised legal framework along with adequate awareness.
- Shortage of skilled personnel – the extreme and growing shortage of skilled cybersecurity personnel to analyze and respond to cyber-security breaches is a challenge.
Steps taken by the government –
Steps taken by the Government to check hacking and cyber crimes are as follows:
- Section 43, 43A, 66, 66B, 66C, 66D, 66E, 66F, 67, 67A, 67B, 70, 72, 72A and 74 of the Information Technology Act, 2000 deal with hacking and cyber crimes. In the Information Technology Amendment Act, 2008, cybersecurity is exercised under sections 43 (data protection), 66 (hacking), 66A (measures against sending offensive messages), 66B punishment for illegally possessing stolen computer resources or communication devices), 67(protection against unauthorised access to data), 69 (cyberterrorism), 70 (securing access or attempting to secure access to a protected system) and 72 (privacy and confidentiality) among others.
- The National Cyber-security Policy has been developed to build a secure and resilient cyberspace for India’s citizens and businesses. The policy aims to protect information and the information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threats, reduce vulnerabilities and minimise damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.
- Government approved a ‘Framework for enhancing security in cyberspace’ for cyber security in the Indian cyberspace, with the National Security Council Secretariat as nodal agency.
- National Technical Research Organisation has been designated as the nodal agency for taking all measures for protection of national critical infrastructure and to handle cyber security incidents in critical sectors.
- Further, Indian Computer Emergency Response Team (CERT-In) is designated as the national agency for incident response including analysis, forecast and alerts on cyber security breaches.
- Ministry of Home Affairs is implementing the ‘Cyber Crime Prevention against Women & Children’ Scheme with the objective of handling issues of cyber crime against women and children.
- The government has undertaken a mass digital literacy programme which aims not only to give people at the bottom of the pyramid access to technology but also to enable them to negotiate technology in their local language.
Cyberspace is becoming more complex and we need continuous innovation to keep the space secure and resilient to threats. Indigenous solutions, in-house expertise and startup eco-system needs to be created to reduce dependence on foreign products and solutions for securing our critical infrastructure and defence installations.
The National e-governance Division of MeitY should periodically audit compliance of e-services offered by government organs. It should bring out a performance report of e-services with a view to improve service delivery.