Date: Thu, 17 Dec 1998 11:02:13 +0530 From: Raj Mathur
To: S Chetan Kumar , email@example.com Cc: Udhay Shankar N , Abhay Kushwaha Subject: Re: Idiocy as art form X-Mailer: VM 6.31 under 20.2 XEmacs Lucid Reply-To: firstname.lastname@example.org Sender: email@example.com >>>>> "Chetan" == S Chetan Kumar writes: Chetan> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chetan> On Thu, 17 Dec 1998, Udhay Shankar N wrote: Chetan> Nothing much mentioned about the encryption. Will Chetan> encryption of emails still be legal after according to Chetan> this act. I could see some thing about encryption, which Chetan> states (in this message) <\quote> In case of encrypted Chetan> messages, the onus to decode will rest with the sender. Chetan> <\unquote> Chetan> What does this mean ?. Personally I strongly oppose Chetan> making encrypion illegal. Apparently the government is not making it illegal, they're only saying that if you send an encrypted message, and they (the government) ask you to, you will have to decrypt it. In the US they are planning to keep keys in escrow with judicial controls. In India, given the facts that (a) it's easy for vested interests to bypass the judiciary and (b) sheer mass and inertia are unlikely to let the clause that Udhay mentioned be applied even once, I feel that we can happily let the clause stand as it is and leave it to our slow, ponderous bureaucracy and judiciary to convert it into a non-starter. -- Raju
Date: Thu, 17 Dec 1998 16:41:36 +0530 From: Vipul Ved Prakash
To: Udhay Shankar N , CYBERCOM@MAELSTROM.STJOHNS.EDU, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Cc: Abhay Kushwaha, The Cooking Pot Subject: Re: Idiocy as art form Reply-To: email@example.com Mail-Followup-To: Udhay Shankar N , CYBERCOM@MAELSTROM.STJOHNS.EDU, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, Abhay Kushwaha, The Cooking Pot X-Mailer: Mutt 0.93.2i X-Operating-System: Linux fountainhead 2.0.36 X-PGP-Fingerprint: D5F78D9FC694A45A00AE08606249892 Sender: email@example.com On Thu, Dec 17, 1998 at 08:15:08AM -0500, Udhay Shankar N wrote: > > If the BJP has its way with the new Cyber Laws, the government will > be empowered to intercept any Internet message, coded or otherwise, > and keep a tab on all websites created by subscribers. So, pornogr- > aphic sites are out, so is Internet telephony. > > Set to be introduced in current session Parliament, the new laws > put a government-appointed Central Authority Controller at the helm > of cyber affairs in the country. The draft Bill - to be called > Information Technology Act, 1998 once okayed - has been > finalised > by the Department of Electronics (DoE) and sent to the Law Ministry > for clearance. It will then be forwarded to the Cabinet for > approval. > > The Act provides for interception of messages coming through any > Internet Services Provider (ISP) and not just through Videsh > Sanchar Nigam Limited (VSNL). In case of encrypted messages, > the onus to decode will rest with the sender. This, DoE sources > said, is to safe-guard the country's security. LAME. The same old 'Horsemen of Infocalypse' argument, and I wonder how they plan to implement it. Does "the onus to decode an encrypted message" also entail ISPs' "responsibility" to trace any packet generated on their networks? Will the ISPs be required to keep detailed caller-id logs or provide static-ip-only connections to make this possible? Or will they simply ask the users to sign a "no crypto" agreement? (to save themselves the trouble of maintaining records.) What if the users employ steganography and amplified noise channels provided by techniques like "chaffing and winnowing"? Will they be required to provide an alternate semantical perspective on the data when asked? Their plans to monitor traffic will not bear fruit, I am sure. It'll just make the network a hell of a lot slower than it already is. They are too clueless to manage and 'successfully' run a system of that complexity. But this effort firmly establishes their agenda to remain in central control and their intention to follow a strict "Cartesian Theater" model of connectivity where all traffic comes together at the central servers, which are regulated by the Central Authority Controller. > Intelligence and security agencies - the Central Bureau of Investi- > gation (CBI), the Intelligence Bureau (IB) and the Research and > Analysis Wing (RAW) - will have dedicated lines to intercept > messages for "valid reasons of security" but will require the > permission of the Central Authority Controller. According to DoE > secretary Ravindra Gupta, the Information Technology Act, 1998 will > also ensure security of information. For that, a system of "distant > signature" will be introduced, which is like a user password. wtf is a "distant signature"? a public key cryptosystem where key generation and distribution is done by the controlling authorities? > the user hands over his password to someone else, he will be liable > for punishment. eh? > > Moreover, the Act will have comprehensive provisions to tackle > computer offences. This will entail amendment of existing laws > including the Indian Evidence Act, Reserve Bank of India Act, 1934, > Banker's Act, Section 29 of the Indian Penal Code, Income Tax Act > and the Copyright Act. > Income Tax Act? > Those accused of computer offences will be tried by special courts > - and not civil courts - to be constituted under the Act. As for > pornographic sites and Internet telephony, it will be the responsi- > bility of the ISP to ensure that these can't be assessed. > It might be a good idea to setup an anonymous remailer network within the country. Those of us who provide internet consultancy and network setup services to private firms can install remailing software on these networks. Sensible clients shouldn't have a problem with this, it only makes their network communication more secure and confidential. -- vipul. -- "Everything is what it is because it got that way." -- D'arcy Thompson. VIPUL VED PRAKASH | Cryptography. firstname.lastname@example.org | Distributed Systems. http://vipul.net/ | Network Agents. 91 11 2233328 | Perl Hacking. 198 Madhuban IP Extension | Linux. Delhi, INDIA 110 092 | Networked Media.
((the following is a reply I made to Chetan, quoted above)) -----BEGIN PGP SIGNED MESSAGE----- At 09:44 AM 12/17/98 +0530, S Chetan Kumar wrote: >Nothing much mentioned about the encryption. Will encryption of emails >still be legal after according to this act. I could see some thing about >encryption, which states (in this message) ><\quote> >In case of encrypted messages, the onus to decode will rest with the >sender. ><\unquote> > >What does this mean ?. I have no idea what it means. I suspect we have here the same old tired issue of technology being regulated by people who don't have a clue what the technology is and isn't capable of. My reaction is very simple: it is very easy to get around any such law. For one thing, it is not possible to monitor all SMTP servers for encrypted traffic. Secondly, using steganography and suchlike, it is not even possible to tag it as encrypted traffic. However, who gives these bureaucrats the right to read my private correspondence ? HOW DARE THEY ? Udhay PS: another example of spectacular cluelessness strikes me here - how can the onus to decode rest with the sender ? If I don't keep a copy of the plaintext, and if I have encrypted to your public key, I cannot decrypt it even if I wanted to. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com> iQB1AwUBNnlEFBy8FKuZ28T1AQGv2AMAgjKCFNb9X9Kx72FnAuLpZGZ9E4JBc32T 5ZMGSA0Q1lpJa/XsAGRDT1y8WDigmme9oHS4LPqzQphHliM5CDxh2eEW6mqW38DN 122M3Qk2W6tolLYpv5Ettu80qRqJtsjC =7/GH -----END PGP SIGNATURE-----
Date: Sun, 3 Jan 1999 23:35:18 -0800 (PST) X-Authentication-Warning: snyside.sunnyside.com: listserv set sender to listserv-reply-errors using -f Reply-To: amehta@GIASDL01.VSNL.NET.IN Originator: email@example.com Sender: firstname.lastname@example.org From: Arun Mehta
To: "Multiple recipients of list email@example.com" Subject: Re: Indian Telecom Bill X-Comment: CPSR GII/Telecom Issues in India X-Info: For listserv info write to firstname.lastname@example.org with message HELP X-Message-Id: <2124900087316.LTK.email@example.com> At 04:20 31/12/98 -0800, Craig A. Johnson wrote: > >This sounds rather draconian. What steps are being taken to fight this Act? >>Bankok Post Database technology section, 30 December 1998 >> >> The ruling BJP in India announced details of the country's >>first Information Technology Act, to be introduced shortly; it >>sets up a government-appointed Central Authority Controller >>authorised to monitor and intercept all material coming through >>Internet providers; You are right, Craig, this is draconian. Freedom House has just changed India's label from "partly free" to "free", but maybe they did not look too closely at our National Security Act, the Armed Forces Special Powers Act, the Indian Telegraph Act, and myriad other legislation that is repressive in the extreme. >>senders of encrypted messages will have to >>decode their mail for the government when asked -- or be >>sentenced to jail by a new, special court to be established under >>the controller; the government will fund special, dedicated >>telecoms lines for military and civilian intelligence bureaus to >>monitor electronic messages. So far, the ISP was liable for anything objectionable carried by it, a completely unworkable law. However, this law isn't any better. There seems to be a lack of understanding of public key encryption here -- the sender *can't* decode the message, only the receiver can. For those unfamiliar with encryption, there are plenty of good pointers on the net. I myself wrote an introductory article on the subject for the Financial Express, available at http://www.cerfnet.com/~amehta/crypto.htm . Those determined to hide information from the government will use steganography, with which you can hide an encrypted message in a picture, a sound file, or what have you -- the government won't even come to know that encryption is being used. It is the rest of us who will be affected. These days, encrypted communication takes place without your doing anything -- browsers routinely switch to it when you send sensitive information to a secure site. When I fill up a form on the Web, I don't keep a copy, and if the government comes back to me with some encrypted material that my browser has sent, I won't be able to decode it. There are those (like Raj Mathur, I think) who feel that we should just leave this alone -- it is a stupid bill. I think, however, that we should fight it, for two reasons: 1) You never know how this might be misused by imaginative law enforcement officers (this isn't an oxymoron!) 2) Fighting the bill will increase people's awareness of encryption. The more people use encryption, the more effective encryption becomes: if only a few people use it, and that too rarely, as is currently the case, the government knows which messages to target. And if they are sufficiently determined, they can devote the computing power and people to crack the code. But if people routinely encrypt, they won't know which message to attack. First step: we need to get a copy of the bill. With all the holidays, I haven't been able to reach my government friends. Does anybody else have a copy? I'd like to put it up on our web site. And by the way, encryption is really easy to use, and I encourage everyone to start. Sending unencrypted mail is like sending a postcard, anyone along the way can read it, at Monica Lewinsky, Bill Gates, Lawrence Lessig and countless others have discovered. -- if you use Eudora, like I do, go to http://www.pgpi.com and download a plug-in which is a breeze to set up, and after that, to encrypt, you only need to click on a button. Let me know if you need help in this. Arun Mehta firstname.lastname@example.org, moderator india-gii, http://members.tripod.com/~india_gii/ B-69, Lajpat Nagar-I, New Delhi-110024. Phone 6841172. To subscribe, send the message subscribe india-gii your name to email@example.com