Data Encryption and Surveillance

Living amidst modern technologies comes with a number of threats and precautious that have to be taken by the individuals. In cryptography, encryption means encoding a message in such a way that only the authorized persons can use it. Unauthorized persons are denied access. The main objective of encryption is to protect private information by putting it into a form that can only be read by people who have access to it. On the other hand, surveillance means keeping a watch on someone’s actions by different means such as cyber cells, intelligence bureaus, etc. Surveillance is primarily done to prevent criminal activities from taking place in the country by keeping a watchful eye on the suspects.

Many a times when a person, regardless of their religion, caste or community, is suspected of something illegal by the authorities, he is kept under the process of surveillance. This is done so that the intelligence bureaus can record their actions through various branches which conduct investigations while following their own criteria.

For those who fear restrained government surveillance, encryption is an obvious technical response. Governments around the world are taking several measures to protect their citizens and to strengthen their nation by introducing and regulating various structural reforms at regular intervals. A variety of technical and administrative measures have also been proposed to address law-enforcement and privacy concerns. Data privacy is the main concern for today’s youth as a number of activities are now regulated and conducted through technological means. Gathering in large groups and connecting through social networking sites is also a serious concern. Maintaining a strict attitude towards such actions and being cautious is necessary. This article will further discuss the different parts of encryption, its functioning and surveillance database.

The Primary Function of Data Encryption

The main and most important function of data encryption is to maintain data confidentiality as many documents are transmitted via various computer devices on a daily basis. The outdated data encryption standard (DES) has now been replaced by modern encryption algorithms that play a critical role in the protection and security of IT systems and communications.[1]

Challenges faced by Contemporary Encryption

The basic method used in today’s world is “brute force”, i.e., applying various innovative techniques until the right technique simply works. The method of applying a technique partly depends on the person taking charge. Alternative methods of breaking a cipher include side-channel attacks and crypto-analysis.

Crypto Wars in India

Despite being a rapidly maturing digital economy, India is still not experienced in crypto wars. However, policy developments such as the Draft Personal Data Protection Bill, the proposed amendments to India’s intermediary liability laws indicate and remind us that regulation on encryption based on its perceived hindrance of lawful data collection is imminent[2]. Regardless of other campaigns and strategies, India has undergone a tectonic shift in the past few years while delivering specifically targeted schemes launched for the purpose of strengthening the Commerce Industry and delivering a welfare system.

The Current Encryption Scenario

Looking at India’s current take on data encryption, it wouldn’t be wrong to suggest that it does have restrictions on sectorial parts – such as telecom industries – as well as any other plans which may issue general implications. Some examples of such sectorial regulators are the RBI and SEBI as they mandate minimum encryption standards for entities and transactions acknowledging the key role played by encryption in enabling trust and security.

Laws regarding Encryption

Section 84 of the Information Technology Act, 2000 empowers the government to prescribe methods of encryption by issuing required rules.[3] This was attempted in 2015 when the Ministry of Electronics and IT issued disastrous a ‘draft encryption policy’ which was withdrawn almost immediately

Section 69 of the Information Technology Act of 2000 empowers the government to issue directions for ‘decryption of any information generated, transmitted, received or stored in any computer resource’[4].

The effect of Regulations on Encryption                                  

The most signified effect of such rules and regulations have been on the private sector. Sub optimal information security are roadblocks to innovation. For instance, telecom companies are not allowed to deploy ‘bulk encryption’ and the same license requires them to assure that ‘no unauthorized interception takes place. Both of these objectives cannot be achieved without systematic and strong encryption policies in place which could deeply put an emphasis on how to put restrictions on the encryption problems. Highlighting the objectives of the government behind mandating weak encryption in telecom sector was presumably to make interception and surveillance easier. While this might have once worked, over the last decade practically all sensitive or personal communications have moved to heavily encrypted internet applications which are technically resilient and should not be subjected to restrictions. It is also unclear whether India’s Intelligence Agencies really have the ability to break the currently ubiquitous strong encryption algorithms.

Obligations on Individuals to Assist Authorities

This refers to national legislations or policies which provide for state authorities to be able to require individuals to decrypt of encrypted communications[5]

Countries with Obligations to Individuals

Australia

Australia comes under the list of top countries with respect to the rules and legislations they generally impose on their citizens. Their authorities and the substantial steps taken by them not only protect the rights of their citizens but also record their actions. As per the rules of encryption The provisions of section 3LA of the crimes act 1914 impose the same obligations on individuals as on providers

United Kingdom

The provisions of part 3 of the Regulation of Investigatory Powers Act, 2000 impose the same obligations on individuals as on providers.

Data Surveillance and Monitoring

People across the world have always been confused by the trade-off between security needs and personal privacy, including data privacy. The government, as a part of such monitoring activities, conducts various functions regarding data services and as well as surveys and monitors them.

It can be clearly seen that whenever any terrorist attack occurs in our country, people always tend to favor the government and its surveillance programs organized by strict application of their authorities. However, when the same government tries to implement measures for monitoring the activities of the citizens, it is met with protest, harsh comments and harassment via social media platforms.

What is the Purpose of Surveillance?

The primary objective behind conducting surveillance is to check on ‘suspicious activities’ by people going about their normal lives. The author would like to point out a positive aspect of this surveillance – it does not discriminate on the basis of caste, color or religion.

The Difference between Monitoring and Surveillance

There is no doubt that Monitoring and Surveillance are done to protect the privacy of the people. There still exist a lot of aspects that are overlooked. Monitoring and Surveillance differ from each other on a fundamental level.

A simple explanation is that “monitoring” refers to the simple observation of people for commercial purposes. On the other hand, “surveillance” comes with a much wider meaning. It can be defined as a silent act of monitoring and collecting important data from the device(s) of a suspicious person.[6] Surveillance is primarily done by the Government for security reasons and ensuring that the statehood policies and its dignity is not in danger to maintain the country’s safety.

Measures Taken regarding Surveillance

Some recent steps have been taken by the authorities with a view to improvise the policies regarding surveillance. On the 7th of November, 2019, a ”Facial Recognition System” was introduced by the government for easily indicting those suspected of illegal activities.

FRS is basically a camera based technology implemented at various public spaces so as to record the actions of the people with the objective of capturing them. It is a technology capable of identifying or verifying a person from a digital image or a video frame .

Facebook’s DeepFace

Living in a modern era with social media platforms generating a lot of traffic, it is always recommended that the actions of these websites is constantly watched by criminal investigation agencies to prevent misuse of users’ data. Recently, Facebook’s DeepFace has become the subject of deep concern. Several active class lawsuits have been filed under the Biometric Information Privacy Act. It has been alleged that Facebook is collecting and storing facial recognition data of its users without obtaining informed consent from them which is a direct violation of the Biometric Information Privacy Act. The most recent case was dismissed in January 2016 due to lack of jurisdiction of the court.[7] Therefore, it is still unclear whether the Biometric Information Privacy Act will be effective in protecting what it is supposed to. In December 2017, Facebook rolled out a new feature which indicated when any friend uploads and tags the user in a photo.

Pursuant to this, Facebook will automatically tag the user according to their facial features without taking prior consent for it. This new feature not only violates right to privacy but will also give birth to a number of obstacles in the future. Facebook has attempted to frame a new functionality in a positive light amidst prior backlashes.[8] Whether or not facial recognition technology generates less accurate results for people based on their competitiveness is still a contested issue.[9] Experts fear that the novel technology might have an adverse impact on the lives of people. The authorities are protecting these claims by alleging that FRS is implemented for security reasons and not for any other undesirable purpose.

The lack of regulations holding facial recognition technology and its developers to requirements of racially biased testing can be a significant flaw in its adoption and use in law enforcement.

COVID-19 and Surveillance

The outbreak of COVID-19 across the globe is no news. Every individual feels its impact on some level. The situation is worse in countries deemed as developed such as Italy, Spain and USA. The unfortunate step taken by a lot of people as a means to overcome the frustration of being locked in their homes is to not adhere to the social distancing guidelines and live their ‘normal’ lives. Curbing these tendencies and holding the people responsible for their actions is crucial for law enforcement agencies. To achieve this, the intelligence bureau, via the FRS, keeps an eye on the citizens. As a result, the intelligence bureau and other committees have charged the offenders with procured punishment and also put necessary restrictions in place.

Conclusion 

Data encryption and surveillance tools are necessary to ensure the smooth functioning of social media platforms as well as to protect data. Simultaneously, “Private Privacy” should also be taken into consideration and maximum effort should be put in to ensure that pursuant to intelligence terminals conducting surveillance on any individual’s data, measures must be taken to protect that data from any unauthorized person.


[1] Data Protection 101, http://www.digitalguardian.com by Nate Lord accessed 08 May 2020 5:30 pm

[2] The Encryption Debate in India-William Thomas accessed and retrieved 08 May 2020 5:35 pm

[3] Information and Technology Act 2000,Sec 84

[4] Information and Technology Act 2000,Sec 69

[5] India’s upcoming encryption wars-Factor Daily,factordaily.com accessed 08th may 2020 5:45 pm

[6] Data Surveillance, Monitoring and Spying by Cathy Nolan accessed and retrieved 09th may 2020 10:30 pm

[7] ‘Facebook keep getting sued over Face Recognition Software’-International Business Times

[8] ‘Hera Dana Judge tosses Illinois privacy law vs Facebook over phototagging,Cookcountryrecord.com accessed and retrieved 09th May 2020 10:45 PM

[9] ‘Facebook can now find your face even when it’s not tagged’-TIMES NOW published and accessed 09th may 2020 11:05 PM

Prabhjot Singh from Fairfield Institute of Management and Technology

EDITOR: SANSKRITI SOOD

Processing…
Success! You’re on the list.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: