National Cyber Security Policy? No thanks.
This week, India unveiled its National Cyber Security Policy, a document that reads very much like my first-year Engineering Mechanics exam; it’s 10 pages long, full of words that say nothing, and very likely primed for failure. The policy was launched at a press conference by the Human Firewall Kapil Sibal, and Milind Deora, who was there because unlike the rest of the UPA, he was invented after the computer. In an effort to stay with the times, this cyber policy was launched on paper, and is only available online as a scanned PDF copy with pen marks.
The policy seeks to improve India’s ability to police the internet. This is especially important after its first policing attempt, which involved cops taking hafta from website owners and forcing them to shut at 11, failed. This time our government will design and implement complex software systems that can monitor all online content and communication, 74 per cent of which is LinkedIn invitations. The policy is as vague as an A Raja interrogation transcript, but makes three key points:
1. We want to see your private sh*t.
2. I mean, we really, really want to.
3. No seriously, show it.
The gist of it is, the Department of Electronics & Information Technology and the Ministry of Communications and Information Technology has released the National Cyber Security Policy, which aims to set up “a National Critical Information Infrastructure Protection Center” to monitor “all Information and Communication Technology users”, and will require all organisations to hire “a Chief Information Services Officer”, and all information crime will be attended to by the “National Level Computer Emergency Response Team”. Long story short, DEITY and MCIT give you the NCSP to build NCIIPCs to monitor ICT users with the help of CISOs, enforced by the CERT-In. In layperson’s terms, that’s triple-word score times two, and it’s an all-play, so draw four cards, and colour changes to blue, checkmate.
The policy demands the setting up of so many new institutions and jobs (“a workforce of 500,000 in the next 5 years”) that it reads more like a tender than a vision statement. More worrying is its goat-legged cousin, the Centralised Monitoring System, which gives government agencies direct access to all your communication in real time. And it could be active as early as December this year. Without seeking any authorisation, agencies could monitor your phone calls in real time. However, as an added service, they will swear at, and then hang up on the credit card company for you.
My personal communication is so uninteresting that Vidhu Vinod Chopra wants to buy the movie rights to it. It’s bills, and bank statements, and a lot of those smiley faces with sunglasses on. I’m not afraid of a government accessing my stuff, I’m worried about OUR government accessing my stuff. The United States has a PRISM programme that sounds terrifying. But here’s the thing. When I look at Barack Obama, I feel like four beers down, I’d tell him way too much about myself anyway. When I look at Kapil Sibal, I feel like three beers down, I’d probably pepper-spray him. Again, I’m not saying Barack Obama’s poop smells like the cure for cancer, but I am saying that our dear leaders scare me more than cancer.
To add to my concern, unlike the USA, India doesn’t have any domestic privacy laws to turn to if we feel like our information is being abused. In this country, you’re only as private as your neighbour’s tongue. If Sushil Kumar Shinde uses my login to buy Letters to Penthouse off Flipkart, I want a law (and a RedTube subscription) I can throw at him. You want my information? Give me a hardcore Right to Privacy Act first so you can work it. You can have my information, dear government, but only when you become the sort of people I’m comfortable giving my information to, and only when I feel like you’re doing this for our benefit and not for your gain. When you’re ready, just send me an invite at LinkedIn.
Rohan Joshi is a writer and stand-up comedian who likes reading, films and people who do not use the SMS lingo.