What should India do about US snooping?

How do you solve a problem like Maria?

Boundless Informant Heat Map

According to reports in The Guardian—based on information illegally divulged by NSA contractor Edward Snowden—we know that India is among the top ten countries that the United States snoops on. In March 2013 alone, one of NSA’s programmes collected 6.3 billion pieces of information from India. (Yes, all the hoopla in the US about spying is limited to outrage over the US government spying on its own citizens. Spying on other countries’ citizens is somehow acceptable to many freedom- and privacy-loving Americans.)

What should the Indian government do about this? Here are some options:

1. Do nothing. High officials can express their disapproval. The foreign ministry can register a strong written protest. The US ambassador can be told in no uncertain terms that New Delhi is displeased with the snooping. Essentially, nothing actually changes.

2. Take defensive measures. It is incredibly hard to defend Indian communications networks against the kind of surveillance that the NSA is carrying out. It is impossible to harden all networks—although the government can attempt to move its employees onto more secure platforms. When so many government employees still use Gmail, Hotmail and Yahoo for correspondence with people outside government, there is a lot that the government can do to make official communications more secure. This still leaves public communications heavily vulnerable to snooping by one and all.

3. Attempt to achieve a balance-of-snooping. Start snooping on ordinary Americans (okay, suspected terrorists only) until the US government gets concerned. Then negotiate a truce to control snooping, much like arms control deals that managed arms races. Even if cyberspace offers asymmetric opportunities, the gap in capacities between India and the United States are mindbogglingly large. It will takes years of sustained investment and effort for the Indian government to do anything that’ll worry the US government enough to want to negotiate. The Chinese might be able to pull this off, though.

4. If you can’t stop them, join them. Use the India-US strategic partnership to collaborate with the United States in the cyber-surveillance and intelligence domains and use the collaboration to acquire skills, capabilities and technology that India does not currently have. Once such capabilities are acquired, India will have more options.

Update: I make some of these points in an NDTV programme.

A breach in the defence ministry?

It is too early to point fingers (especially without evidence)

Last year there was an eavesdropping controversy supposedly targeting the finance minister and his aides. It has now been reported—and denied—that the defence minister’s office might have been bugged. If it is indeed true that A K Antony’s conversations were being overhead, this is not a trifling matter. We still do not know what became of Pranab Mukherjee’s case. That obfuscation might have good reasons (in the public interest) and bad ones (in the partisan political interest). So it becomes all the more troubling to know that yet another important cabinet minister might have been targeted for eavesdropping.

While good journalism would investigate the matter, making allegations without evidence is dangerous. Most media reports somehow find it relevant to mention the recent controversy over the army chief’s date of birth in a report of suspected bugs in Mr Antony’s office. They insinuate a connection without any evidence.

India Today’s, Sandeep Unnithan goes a step further. “The needle of suspicion,” he writes using the passive voice, “has been pointed at the army. Sources say it is possible that the MI (military intelligence) team stumbled upon the bug planted by another team”. We do not know who these ‘sources’ are? We do not know why they think the MI team should ‘stumble’ upon a bug instead of ‘finding’ it as part of their professional routine?

He then says “Defence Ministry officials believe that the Army was snooping on phone conversations around South Block.” This is better. We know that it is defence ministry officials who are making these allegations, although we do not know if it is a gossiping clerk or a top official leaking information to the media in the public interest. It could be anyone.

Mr Unnithan then goes on to provide evidence that the Army has equipment that can listen in to phone conversations. But there’s a, well, bug in his story. If the Army has “off-the-air” interceptors and “passive cellular surveillance systems” why would it need to plant a bug in Mr Antony’s office? Intercepting cellphones does not require planting of bugs in the defence minister’s office. If we presume that the Army already has the ability to tap fixed line telephones, then why would they need plant a bug at all? Also it’s not only the Army that has these devices. There were at least 73,000 such passive interception devices in government and private hands last year.

The bug might have been placed to eavesdrop into offline conversations. In which case, the whole story of the Army’s surveillance equipment and ‘shadowy’ military intelligence divisions is as irrelevant or relevant as any other explanation. The needle of suspicion has many directions to point at. At this point we just do not know.

There is no doubt that recent events have increased mutual mistrust and antagonism between the civilian and uniformed defence officials. So suspicions and conspiracy theories are to be expected. Journalists have an important responsibility to ensure that these are not unduly stoked by the manner of their reportage.