| nettime's_roving_correspondent on Thu, 14 Jan 1999 06:36:55 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| <nettime> India mulls ban of US financial crypto [and curious subtexts] |
http://www.economictimes.com/120199/lead2.htm Red alert issued against US network software Mayur Shetty MUMBAI 11 JANUARY The [Indian] Defence Research and Development Organisation (DRDO) has issued a 'red alert' against all network security software developed in the US. And the Central Vigilance Commissioner, N Vittal, is following up on the warning - he might make it mandatory for all Indian banks and financial institutions to buy only software developed in India. The DRDO's concern about US-developed software stems from one basic insecurity - the data traffic and network security software that comes from the US can be easily hacked into and could prove to be a security hazard. Currently US software vendors can export only those "encryption software products" that can be 'broken' by the US National Security Agency. This makes the quality of the US software exported to India doubtful from a security point of view. In a letter to the CVC, the centre for artificial intelligence of the DRDO, Bangalore, has said that it has begun to develop secure communication tools and will have an indigenous prototype in place in three months. The CVC is expected to wait for the final product before deciding on the action to be taken. The centre has developed software tools that protect wide area networks from hostile attackers. It is also developing software tools for protecting traffic passing through the network. "The encryption part of the software is complete and only the communication protocols remain to be written," the DRDO unit's letter says. "Since the software has been written by ourselves, there is no upper limit on the security level provided by the encryption in the software exported from the USA," it added. Pointing out the defects in imported software, the letter says that the present 'firewall' products on sale by commercial vendors incorporate only rudimentary packet level filtering. These can be compromised easily. It also points out that as per US law, "no encryption software products can be exported from the US if they are too strong to be broken by the US National Security Agency". The letter says: "To put it bluntly, only insecure software can be exported. When various multinational companies go around peddling 'secure communication software' products to gullible Indian customers, they conveniently neglect to mention this aspect of the US export law. "Another related point is that when we buy an imported software product that is a 'black box' to us, we cannot be sure that the software package does not contain a time bomb of sorts, to cause havoc to the network when an external command is issued by a hostile nation." Mr Vittal is also believed to have agreed to this and said he was in favour of working towards developing the indigenous software within three to four months. However, banks are yet to receive any directive from the CVC on this issue. --- # distributed via nettime-l : no commercial use without permission # <nettime> is a closed moderated mailinglist for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@desk.nl and "info nettime-l" in the msg body # URL: http://www.desk.nl/~nettime/ contact: nettime-owner@desk.nl