Indian Security Agencies Unable to Decipher Messages on Satellite- Based Phones

Text of report headlined “BlackBerry Scan Opens Security Can of Worms” published by Indian newspaper The Telegraph website on 8 May

New Delhi, May 7: India is not in a position to intercept or decipher messages on most satellite-based phone services operating out of the country.

Nor can it decipher encrypted messages sent over Internet-based phones using Voice over Internet Protocol technology.

The revelations followed talks between security agencies and Canada’s Research in Motion (RIM), which makes the BlackBerry, which is famous for its push-mail services and has over 12 million users worldwide.

Telecom officials conceded in internal notes that the discussions threw up disturbing questions about the ability of Indian security agencies to decipher messages on most satellite phones and Net telephony services that use more than the 48-bit encryption standard.

The higher the encryption code, the more difficult it is to crack a message.

Security agencies have long held that almost all major militant outfits, including the Lashkar-e-Toiba [Lashkar-e Taiyiba] and the Jaish-e-Mohammad, have been using satellite phones.

The BSF [Border Security Force] alone has seized over a dozen Thurayas — hand-held satellite telephones that use 128-bit encryption codes — from militants in Jammu and Kashmir.

The Pakistan Telecom Corporation is an investor in Thuraya phones.

Officials say Thurayas are preferred by militant outfits as they can be easily bought in Pakistan and Dubai and are capable of providing voice mail, SMS and email facilities to users over a secure network, which Indian agencies have not been able to penetrate easily.

Analysts say e-commerce applications, such as online banking, online purchases and money transfer, all use over 48-bit encryption codes and, therefore, fall outside the purview of the intelligence agencies.

Rajesh Chharia, who heads the Internet Service Providers Association of India, said all Internet service providers would co- operate for “routine check-up of transactions”.

“However, if the encryption codes are reduced from 128-bit to 40- bit, the entire online banking and e-commerce sector would be in jeopardy.”

The government had earlier said encryption codes should be limited to 40 bits in a directive to all telecom and Internet service providers.

But, as Chharia warned, that could make things easier for hackers who would be easily able to access information on sensitive transactions like money transfer and Internet banking.

The entire encryption debate started with intelligence agencies seeking better monitoring of emails between two BlackBerry phones, which use codes with an encryption of 256 bits.

The agencies contended that since they could not monitor emails between two BlackBerry phones, as it was in an encrypted form and servers were located in Canada, it could pose a threat to the nation’s safety as terror groups could misuse the device.

Telecom officials, RIM executives and security agencies have held several rounds of meetings to discuss possible solutions, including asking RIM to create a mirror image of all emails and data sent on these devices in India, providing decryption codes or setting up servers in India.

Originally published by The Telegraph website, Kolkata, in English 08 May 08.

(c) 2008 BBC Monitoring South Asia. Provided by ProQuest Information and Learning. All rights Reserved.