India examines security rule extension
India is considering extending tough new security rules covering imports of telecoms equipment to include all communications services offered in the country.
The government proposes to force firms to provide details of how to crack data encrypted at over 40 bits – the maximum level its security forces can currently deal with – in a move that could hit smartphone makers and e-mail providers.
Firms would be required to supply the details in a so-called ‘sealed envelope’ escrow account, so authorities can readily access the details in the event of a security scare the Economic Times reports.
The move would impact services including RIM’s BlackBerry e-mail, Gmail, Skype, Nokia messaging services, and wireless Internet access via data cards, which all typically use 256-bit encryption.
GK Pillai, India’s home secretary, discussed the idea with members of India’s Intelligence Bureau and the Department of Telecommunications (DoT) at a recent meeting to examine how encrypted messages could be intercepted, the newspaper said.
India’s prime minister’s office recently suspended tough new security rules for foreign infrastructure vendors, following a raft of criticism.
It ordered the DoT to review the measures, and decide if alternative methods would be more suitable.
However, the home ministry said operator’s licenses already include the escrow rule, noting that it simply hasn’t been enforced until now.
Smartphone vendor RIM is already facing a ban unless it offers a technical fix allowing India’s security forces to access its encrypted BlackBerry e-mail and messenger services.
The firm has assured the government it would have a fix ready next week, the Economic Times reported, apparently reversing its previous stance that it would only allow access under the orders of a judge.