Welcome To The Great Indian Intranet

The greatest price that terrorism extracts, and it does that silently, is fear. This is fear is leveraged often by authorities around the world to enforce laws that don't do much more than constrain the freedom of the majority, while presenting only a minor inconvenience for the for tiny minority who cause all the harm. We see yet another example of it in India today with the news that the latest amendments to the IT Act will force email providers to keep their servers in India, so that the terror emails can be tracked and hunted down more easily.

it does not require a doctorate in computer science to figure out how silly this plan is going to be and how easily it can be worked against. All the terrorists need to do is to not use one of these email service providers and the bright plan falls apart in a second. If this is the level of domain knowledge that goes behind the decisions that are supposed to protect us the nation from script kiddies to organized Chinese and Russian hackers meticulously drilling holes into every computer network in the world, I would be more scared of what our authorities are incapable of doing than what the bad guys are capable of doing.

The greater problem here is not even that. There is a massive business cost attached to decisions like these. I run a server of my own in the US because it provides me a cost-effective deal for my needs, which I won't get in India. If, at some point, the logic mentioned earlier is extended to stipulate that any online business operating in India has to have their servers hosted here, it would very negatively impact the country. As one of the shining examples of democracy and free countries in the world, it would be a pity for India to be mentioned as an example of oppression in the same breath as the Great Chinese Firewall.

Moreover, you can extend the logic to cover everything. Why stop at email servers? We have to track every DNS request, every database query and every search query so that we can read into the minds of terrorists and go back in time after an attack has happened to see what the culprit was surfing or using. This can even be extended to cover comments posted on websites, with rules being enforced that sites that accept comments/usage from Indian IPs are illegal businesses unless they are hosted in India.

This can very easily escalate into a situation where we will have a version of the internet that is more or less an Indian intranet, where all traffic originating from India has to terminate in India. Even as incredulous as it sounds, it is easily possible if we follow further down this road. Comments such as this, “we don’t know how they are going to do it, but the government has decided to do it. Every domain company has their branch office here, and they are bound to pass on the information immediately, whenever investigation agency needs it,’’ only makes it clearer that the worst is very much possible.

I wish there was a more open and public debate on such things. There are plenty of experts in the field in India who would only be glad to help draft and design these requirements, which can be done without being intrusive and also be effective at the same time. Honestly, I am more worried about how easy it is still to sneak in anything into most hotels and markets in Delhi than about people sending crazy “we shall overcome” emails to media houses. We are really getting our focus wrong here and barking up the wrong tree with a vengeance.