E-Surveillance and Eavesdropping is on rise World over. It is wrong to blame United States (U.S.) alone for E-Surveillance as it is difficult to accept that other Nations, including India, are not engaging in such activities. Spying and E-Surveillance has many decades of history and only the form has changed with the advent and use of Information and Communication Technology.
However, what is problematic is the “Fact of Denial” of such E-Surveillance by various Countries. Even worst is the fact that almost all of these E-Surveillance and Eavesdropping activities are performed in an “Unconstitutional Manner”.
In the past it has been reported that U.S. is the biggest buyer of Malware in the World. It is well known that Global Cyber Espionage Networks are being actively and covertly used to Spy on other Nations. This is evident from the fact that the Command and Control Servers of Malware FinFisher were also found in 36 Countries, including India.
Countries across the World have started to strengthen their Cyber Security Capabilities. While protecting their own Cyberspace domain, various Countries must understand that Cyber Security is an International Issue (PDF) and not a National one. Therefore, an International Cyber Security Treaty is Required (PDF). As far as India is concerned, the Cyber Warfare Policy of India (PDF) and E-Surveillance Policy of India (PDF) must be urgently drafted and implemented. Similarly, Self Defence and Privacy Protection in India must be ensured.
During the exposure of engagement of E-Surveillance by the National Security Agency (NSA) of U.S., James Clapper confirmed that NSA is targeting Foreign Citizens for Surveillance. This E-Surveillance is further “Combined” with Tactics and Techniques of Cyber Warfare, Cyber Espionage and Cyber Terrorism, etc. Highly Sophisticated Malware like Stuxnet, Duqu, Flame, etc have been made and used by Nations as Cyber Tools to launch Stealth Cyber Attacks against other Nations.
These Malware used Cyber Attack Methods and Vectors that are far beyond the Capacity of Traditional Cyber Security Mechanisms to Trace and Prevent. This becomes a serious Cyber Security Issue when Critical ICT infrastructures are at stake. For instance, the critical Infrastructure Protection in India and its Problems, Challenges and Solutions (PDF) are still to be looked into with Great Priority by Indian Government. It is only now that India has declared that NTRO would protect the Critical ICT Infrastructures of India. Similarly, a Tri Service Cyber Command for Armed Forces of India is in Pipeline. Nevertheless, the Cyber Security Infrastructure of India is Weak and it must be improved as soon as possible.
Recently, Defence Research and Development Organisation (DRDO) Computer Systems were breached and sensitive files were leaked. India must ensure both Offensive and Defensive Cyber Security Capabilities. Cross Border Cyber Attacks, Authorship Attribution and Cyber Crimes Convictions are very “Difficult to Prove”. This gives lot of space for “Blame Game” and denying the “Culpability” for Cyber Attacks. Countries around the World are blaming each other for Cyber Espionage and Cyber Attacks while not admitting their own Acts and Omissions.
The present Cyber Attack Techniques and Methods are not only “Evolving” but they are “”Specifically Designed” do that they remain “Untraceable” and “Anonymous”. For instance, it has been reported that NSA has been using Radio Waves and Malware for engaging in world wide E-Surveillance. Thus, whether a Computer System is Online, Offline or an Isolate one, the “Combined Technique” of Malware Imbedded Hardware, Spyware and Malware and Radio Waves can allow NSA to get the “Relevant Information” with some effort in this regard.
India’s own Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Internet Spy System Network And Traffic Analysis System (NETRA) of India, etc are violative of Civil Liberties Protection in Cyberspace. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.
Recently United Nations (UN) Third Committee Approved Text Titled Right to Privacy in the Digital Age. However, this is not “Deterring” Countries to engage in E-Surveillance in an “Unconstitutional Manner”. Privacy Rights in India in the Information Age need to be protected at the “Constitutional Level” otherwise Privacy would have no meaning in India. This equally applies to other Countries and something must be “Seriously Done” in this regard so that Civil Liberties in Cyberspace can be protected. We must not forget that When Rights are Outlawed only Outlaws will have Rights.