Date: Thu, 17 Dec 1998 11:02:13 +0530
From: Raj Mathur 
To: S Chetan Kumar ,
Cc: Udhay Shankar N , Abhay Kushwaha
Subject: Re: Idiocy as art form
X-Mailer: VM 6.31 under 20.2 XEmacs Lucid

>>>>> "Chetan" == S Chetan Kumar  writes:

    Chetan> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    Chetan> On Thu, 17 Dec 1998, Udhay Shankar N wrote:

    Chetan> Nothing much mentioned about the encryption. Will
    Chetan> encryption of emails still be legal after according to
    Chetan> this act. I could see some thing about encryption, which
    Chetan> states (in this message) <\quote> In case of encrypted
    Chetan> messages, the onus to decode will rest with the sender.
    Chetan> <\unquote>

    Chetan> What does this mean ?.  Personally I strongly oppose
    Chetan> making encrypion illegal.

Apparently the government is not making it illegal, they're only
saying that if you send an encrypted message, and they (the
government) ask you to, you will have to decrypt it.

In the US they are planning to keep keys in escrow with judicial
controls. In India, given the facts that (a) it's easy for vested
interests to bypass the judiciary and (b) sheer mass and inertia are
unlikely to let the clause that Udhay mentioned be applied even once,
I feel that we can happily let the clause stand as it is and leave it
to our slow, ponderous bureaucracy and judiciary to convert it into a

-- Raju

Date: Thu, 17 Dec 1998 16:41:36 +0530
From: Vipul Ved Prakash 
Cc: Abhay Kushwaha, The Cooking Pot 
Subject: Re: Idiocy as art form
Mail-Followup-To: Udhay Shankar N ,
	Abhay Kushwaha, The Cooking Pot 
X-Mailer: Mutt 0.93.2i
X-Operating-System: Linux fountainhead 2.0.36
X-PGP-Fingerprint: D5F78D9FC694A45A00AE08606249892

On Thu, Dec 17, 1998 at 08:15:08AM -0500, Udhay Shankar N wrote:
>        If the BJP has its way with the new Cyber Laws, the government  will
>        be empowered to intercept any Internet message, coded or  otherwise,
>        and keep a tab on all websites created by subscribers. So,  pornogr-
>        aphic sites are out, so is Internet telephony.
>        Set to be introduced in current session Parliament, the new  laws
>        put a government-appointed Central Authority Controller at the helm
>        of cyber affairs in the country. The draft Bill - to be called
>        Information Technology Act, 1998 once okayed - has been > finalised
>        by the Department of Electronics (DoE) and sent to the Law  Ministry
>        for clearance. It will then be forwarded to the Cabinet for
>        approval.
>        The Act provides for interception of messages coming through any
>        Internet Services Provider (ISP) and not just through Videsh
>        Sanchar Nigam Limited (VSNL). In case of encrypted messages,
>        the onus to decode will rest with the sender. This, DoE sources
>        said, is to safe-guard the country's security. 

LAME.  The same old 'Horsemen of Infocalypse' argument, and I wonder how 
they plan to implement it.  Does "the onus to decode an encrypted message" 
also entail ISPs' "responsibility" to trace any packet generated on their 
networks?  Will the ISPs be required to keep detailed caller-id logs or 
provide static-ip-only connections to make this possible?  Or will they 
simply ask the users to sign a "no crypto" agreement? (to save themselves 
the trouble of maintaining records.) 

What if the users employ steganography and amplified noise channels provided
by techniques like "chaffing and winnowing"?  Will they be required to 
provide an alternate semantical perspective on the data when asked? 

Their plans to monitor traffic will not bear fruit, I am sure.  It'll just make 
the network a hell of a lot slower than it already is. They are too clueless 
to manage and 'successfully' run a system of that complexity. But this effort 
firmly establishes their agenda to remain in central control and their intention 
to follow a strict "Cartesian Theater" model of connectivity where all traffic 
comes together at the central servers, which are regulated by the Central 
Authority Controller.  

>        Intelligence and security agencies - the Central Bureau of  Investi-
>        gation (CBI), the Intelligence Bureau (IB) and the Research and
>        Analysis Wing (RAW) - will have dedicated lines to intercept
>        messages for "valid reasons of security" but will require the
>        permission of the Central Authority Controller. According to DoE
>        secretary Ravindra Gupta, the Information Technology Act, 1998 will
>        also ensure security of information. For that, a system of  "distant
>        signature" will be introduced, which is like a user password.

wtf is a "distant signature"?  a public key cryptosystem where key 
generation and distribution is done by the controlling authorities? 

>        the user hands over his password to someone else, he will be liable
>        for punishment.


>        Moreover, the Act will have comprehensive provisions to tackle
>        computer offences. This will entail amendment of existing laws
>        including the Indian Evidence Act, Reserve Bank of India Act, 1934,
>        Banker's Act, Section 29 of the Indian Penal Code, Income Tax Act
>        and the Copyright Act.

Income Tax Act? 

>        Those accused of computer offences will be tried by special courts
>        - and not civil courts - to be constituted under the Act. As for
>        pornographic sites and Internet telephony, it will be the responsi-
>        bility of the ISP to ensure that these can't be assessed.

It might be a good idea to setup an anonymous remailer network within the 
country.  Those of us who provide internet consultancy and network setup 
services to private firms can install remailing software on these networks. 
Sensible clients shouldn't have a problem with this, it only makes their 
network communication more secure and confidential.

-- vipul. 


"Everything is what it is because it got that way." 
                               -- D'arcy Thompson.

VIPUL VED PRAKASH               |  Cryptography.                   |  Distributed Systems.               |  Network Agents.      
91 11 2233328                   |  Perl Hacking.        
198 Madhuban IP Extension       |  Linux.            
Delhi, INDIA 110 092            |  Networked Media. 

((the following is a reply I made to Chetan, quoted above))


At 09:44 AM 12/17/98 +0530, S Chetan Kumar wrote:

>Nothing much mentioned about the encryption. Will encryption of
>still be legal after according to this act. I could see some thing
>encryption, which states (in this message)
>In case of encrypted messages, the onus to decode will rest with the
>What does this mean ?. 

I have no idea what it means. I suspect we have here the same old
tired issue of technology being regulated by people who don't have a
clue what the technology is and isn't capable of. My reaction is very
simple: it is very easy to get around any such law. For one thing, it
is not possible to monitor all SMTP servers for encrypted traffic.
Secondly, using steganography and suchlike, it is not even possible to
tag it as encrypted traffic. However, who gives these bureaucrats the
right to read my private correspondence ? HOW DARE THEY ?


PS: another example of spectacular cluelessness strikes me here - how
can the onus to decode rest with the sender ? If I don't keep a copy
of the plaintext, and if I have encrypted to your public key, I cannot
decrypt it even if I wanted to. 
Version: PGPfreeware 5.5.3i for non-commercial use <>


Date: Sun, 3 Jan 1999 23:35:18 -0800 (PST)
X-Authentication-Warning: listserv set sender to listserv-reply-errors using -f
Reply-To: amehta@GIASDL01.VSNL.NET.IN
From: Arun Mehta 
To: "Multiple recipients of list" 
Subject: Re: Indian Telecom Bill
X-Comment:  CPSR GII/Telecom Issues in India
X-Info:  For listserv info write to with message HELP
X-Message-Id: <>

At 04:20 31/12/98 -0800, Craig A. Johnson wrote:
>This sounds rather draconian.  What steps are being taken to fight this Act?

>>Bankok Post Database technology section, 30 December 1998
>>   The ruling BJP in India announced details of the country's
>>first Information Technology Act, to be introduced shortly; it
>>sets up a government-appointed Central Authority Controller
>>authorised to monitor and intercept all material coming through
>>Internet providers; 

You are right, Craig, this is draconian. Freedom House has just changed
India's label from "partly free" to "free", but maybe they did not look too
closely at our National Security Act, the Armed Forces Special Powers Act,
the Indian Telegraph Act, and myriad other legislation that is repressive
in the extreme.

>>senders of encrypted messages will have to
>>decode their mail for the government when asked -- or be
>>sentenced to jail by a new, special court to be established under
>>the controller; the government will fund special, dedicated
>>telecoms lines for military and civilian intelligence bureaus to
>>monitor electronic messages.

So far, the ISP was liable for anything objectionable carried by it, a
completely unworkable law. However, this law isn't any better. There seems
to be a lack of understanding of public key encryption here -- the sender
*can't* decode  the message, only the receiver can. For those unfamiliar
with encryption, there are plenty of good pointers on the net. I myself
wrote an introductory article on the subject for the Financial Express,
available at . Those determined
to hide information from the government will use steganography, with which
you can hide an encrypted message in a picture, a sound file, or what have
you -- the government won't even come to know that encryption is being
used. It is the rest of us who will be affected.

These days, encrypted communication takes place without your doing anything
-- browsers routinely switch to it when you send sensitive information to a
secure site. When I fill up a form on the Web, I don't keep a copy, and if
the government comes back to me with some encrypted material that my
browser has sent, I won't be able to decode it.

There are those (like Raj Mathur, I think) who feel that we should just
leave this alone -- it is a stupid bill. I think, however, that we should
fight it, for two reasons:

1) You never know how this might be misused by imaginative law enforcement
officers  (this isn't an oxymoron!)
2) Fighting the bill will increase people's awareness of encryption. The
more people use encryption, the more effective encryption becomes: if only
a few people use it, and that too rarely, as is currently the case, the
government knows which messages to target. And if they are sufficiently
determined, they can devote the computing power and people to crack the
code. But if people routinely encrypt, they won't know which message to

First step: we need to get a copy of the bill. With all the holidays, I
haven't been able to reach my government friends. Does anybody else have a
copy? I'd like to put it up on our web site.

And by the way, encryption is really easy to use, and I encourage everyone
to start. Sending unencrypted mail is like sending a postcard, anyone along
the way can read it, at Monica Lewinsky, Bill Gates, Lawrence Lessig and
countless others have discovered. -- if you use Eudora, like I do, go to and download a plug-in which is a breeze to set up, and
after that, to encrypt, you only need to click on a button. Let me know if
you need help in this.

Arun Mehta, moderator india-gii,
B-69, Lajpat Nagar-I, New Delhi-110024. Phone 6841172. To subscribe, send
the message subscribe india-gii your name to