Page 292 - DMGT501_OPERATIONS_MANAGEMENT
P. 292
Operations Management
Notes
Caselet E-commerce-watch on Encryption Code Compliance
— by Thomas K Thomas and Rahul Wadke
nline banking operations and e-commerce transactions including purchase through
credit cards may be open to Government surveillance as a fallout of the recent
OBlackberry controversy.
The Department of Telecom is now taking steps to ensure that all providers of Internet
services strictly follow the prescribed encryption code. As per the existing law, all Internet-
based service providers are required to submit a decryption key to the Government if
they use more than 40 bit encryption code to secure the transactions.
Encryption codes are essentially a way to scramble information sent online in such a way
that only the desired recipient has the key to unscramble it and convert it back to its
original form.
However, as it was found out in the Blackberry case, a number of service providers are not
strictly following the rule and have not submitted the decryption code. The issue came to
light when telecom operators providing Blackberry services told DoT last week that the
Government was singling out one service for allegedly violating the encryption laws.
Most of the e-commerce web sites like those selling airline and movie tickets and banking
application web sites use more than 128 bit encryption code. The higher code is required
to keep the transactions secure. The problem with using higher encryption codes is that
the Indian security agencies find it impossible to track any specific transaction unless they
have the decryption codes.
However, the Internet Service Providers termed DoT's policy as archaic and said that they
have already requested DoT to raise the permitted levels from 40 bits to at least 128 bits in
line with the changing technology. "The existing encryption laws were made when Internet
services were just beginning to take shape in the country. It is really unfair to stick to the
same standards when technology is enabling more secure transactions and highly complex
transactions. If DoT insists on the 40 bit encryption then it will be taking the Internet back
to the dark ages," said Mr Rajesh Chharia, President, Internet Service Providers Association.
Industry experts said that DoT's policy was not practical on two counts. First, no company
will give away its patented codes to leaky Government departments as it could make e-
commerce applications unsecure and, therefore, useless. Second, under the existing rules,
the procedure for submitting decryption keys, which is in digital form, has not been laid
out. So even if anyone was bold enough to give the code to the Government, they would
not know how to submit it. "In developed countries like the US there is no limit on the
encryption code. Monitoring is done by their security agencies using the most sophisticated
technology. DoT should invest in setting up monitoring centres which can do the job
without limiting the scope of Internet services," said Mr Amitabh Singhal of Elxess
Consulting Services.
Source: thehindubusinessline.com
13.5.3 Scope of E-commerce
As e-commerce spreads through an industry, those that understand and use the economics of the
electronic marketplace will gain competitive advantage over those that do not. For most
286 LOVELY PROFESSIONAL UNIVERSITY
