Governments demand intrusive Web access but alienate businesses.


By CHARLIE SAVAGE

WASHINGTON - Prompted by fears of digital-era plotters, governments around the world are taking steps to implement new security regulations for the Internet.

In the United States, officials want all services that enable communications - including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows “peer to peer” messaging like Skype - to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.

The proposed legislation raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, the American bill could set an example that is copied globally.

In India, government authorities are well beyond the proposal stage. Officials are already demanding that network operators give them the ability to monitor and decrypt digital messages, whenever the Home Ministry deems the eavesdropping to be vital to national security.

The most inflammatory part of the effort has been India’s threat to block encrypted BlackBerry services, widely used by corporations, unless phone companies provide access to the data in a readable format. But Indian officials have also said they will seek greater access to encrypted data sent over Gmail, Skype and other virtual private networks .

The government has also clamped down on the importation of foreign telecommunications equipment, saying it wants to ensure that it does not contain malicious software or secret trap doors that could be used by foreign spies.

During the Mumbai attacks, said Gopal Krishna Pillai, the secretary of India’s Home Ministry, officials could not gain access to some of the communications between the terrorists and their handlers.

Other countries, including the United Arab Emirates and Indonesia, are trying to impose measures similar to India’s.

Critics say India’s actions could make foreigners think twice about doing business there.

“If there is any risk to that data, those companies will look elsewhere,” said Peter Sutherland, a former Canadian ambassador to India who now consults for North American companies doing business there.

James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group,said the American proposal had “huge implications” and challenged “fundamental elements of the Internet revolution” - including its decentralized design.

“ They basically want to turn back the clock ” on the Web, he said.

But officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers.

“We’re talking about lawfully authorized intercepts,” said Valerie E. Caproni, general counsel for the Federal Bureau of Investigation.

“We’re not talking expanding authority.”

In India, critics say that the government’s security efforts, which they describe as clumsy, may do little to protect the country, even as they intrude on the privacy of companies and citizens alike.

“This will shift users to less visible and known platforms,” said Ajay Shah, a Mumbai-based economist . “Terrorists will make merry doing crypto anyway. A zillion tools for this are freely available.”

American officials want a law that will apply broadly, including firms that operate from servers abroad, like Research in Motion, the Canadian maker of the BlackBerry.

In recent months, R.I.M. has come into conflict with the governments of India and Dubai over their inability to conduct surveillance of messages sent via its encrypted service.

Countries such as Dubai have sought leverage by threatening to block Black- Berry data from their networks.

Several privacy and technology advocates argued that requiring interception capabilities would create holes that would inevitably be exploited by hackers.

Steven M. Bellovin, a Columbia University computer science professor, noted that in 2005 in Greece. It was discovered that hackers took advantage of a legally mandated wiretap function to spy on top officials’ phones, including the prime minister’s.

“It’s a disaster waiting to happen,” he said. “If they start building in all these back doors, they will be exploited.”


KUNI TAKAHASHI FOR THE NEW YORK TIMES
India has taken steps to block encrypted messages sent by digital
devices in an effort to thwart terrorism, to the dismay of businesses.