The Indian government last week hastily withdrew the draft of a proposed encryption law that would have made citizens keep records of their encrypted messages for 90 days. But there is every indication that the quick response to privacy-loving activists on the Internet may just be a temporary reprieve .
A series of events in the very same week showed that there is every reason that the issue will come back to haunt civil society activists because law enforcers need something to lean on.
The biggest of them all was the emissions scandal that erupted in German auto giant Volkswagen when it admitted that it had hacked its own cars for years to fool US regulators on the levels of pollution from its diesel engines by using manipulative software — basically the match-fixing equivalent of the emissions game. This is a 21st century equivalent of white collar crime, and potentially makes audit of software programmes an imperative. Also last week, Apple Inc, which has historically prided itself on being a cyber-secure company, faced its first-ever large-scale attack on its App Store — from which millions of iPhone and iPad users buy thousands of apps.
As many as 25 popular apps, mainly China-oriented, were found infected with malicious software. This potentially raises concerns as the company expands Apple Pay.
Even as Apple was jolted, President Barack Obama met his Chinese counterpart Xi Jinping and reached an understanding to curb cyber espionage in the backdrop of Chinese hacking of US computers.
New Delhi’s regulators and law enforcers cannot but worry about what encryption means for dealing with China. After all, there is rivalry in everything from trade to geopolitics — and there are memories of the 1962 border war.
In June this year, the Reserve Bank of India cautioned the nation about the dangers inherent in “algo trading” – the business of using software algorithms to automatically buy and sell securities, stocks and speculative positions in electronic markets. It said it increased risks of false trades and manipulation. Now, electronic vigilance cannot possibly be possible without suitable audits or tracking of digital footprints.
Privacy activists may have their hearts in the right place, but sooner or later, have to reach an agreement with law enforcers. Authorised cyber snooping — like night patrols in crime-prone streets — may be a necessary evil.