The premise of diplomacy is negotiation, to sit at the table and peek into the partner's mind. In the hustle of bilateral deal-making, balance is an art. Nothing more should be offered than what we think the partner deserves, nothing less than it secretly expects. If inequity in such a marriage gives rise to the suspicion of infidelity, then India's misguided pursuit of cybersecurity cooperation with the US is fraught from the very beginning.
A landmark cyber assistance framework has been sought from the US. It would be incorrect to call it a deal as it's unclear what India has to offer in return. Yet, more alarming is the blinding ignorance of the diplomatic advisers nudging the Prime Minister into a national security quagmire.
My last file noting before I left the National Technical Research Organisation (NTRO) arrived just a few days after the first set of leaks by Edward Snowden. I had appealed for the urgent creation of a multi-agency task force roping in electronic intelligence experts from the Indian Air Force, counter-espionage operators from the Army, cryptanalysts from the Navy and hackers from the NTRO. The idea was to deploy a tactical airborne system to tap into and study the signals emanating from the National Security Agency's (NSA) elaborate spying apparatus deployed nationwide.
I had appealed for [the deployment of] a tactical airborne system to tap into the signals emanating from the NSA's elaborate spying apparatus...
Three years down the line, I think that quixotic idea still carries some credibility. In fact, so miffed was German chancellor Angela Merkel by the NSA's break-in that she did something similar: flew a chopper over the US Consulate in Frankfurt to hunt for mischievous antennas.
Thousands of classified documents later, some more assumptions from that nostalgic dossier seem providential in hindsight. Such is the dearth of coverage on the explosive revelations in the media and its impact on India that I am now coerced by my conscience to write a little.
Like any other bureaucracy resistant to change, the NSA had only scaled up the proven template of ECHELON -- a legacy project that eavesdropped on global telecommunications during the Cold War --to cover cyber. I still get overwhelmed by the giant technological leaps of the agency when going through old reports claiming that ECHELON was performing automated speech recognition on millions of calls per second way back in the eighties, while popular voice assistants like Siri have a hard time recognizing the Indian accent even today.
It leveraged the inter-disciplinary experience of the American intelligence community. Where passive interception fell short, active exploitation was undertaken. Where overt cooperation failed, covert action was deemed necessary. The harness of this dragnet is not controlled by the NSA, but a "black budget program" called the Special Collection Service (SCS). This is a clandestine force that mixes the human intelligence capabilities of the Central Intelligence Agency (CIA) with the wizardry of the NSA, delivering a heady cocktail that allows access to the most impenetrable of targets.
Even if we do swallow the bitter pill of being surveilled, how do we plan to keep our end of the diplomatic bargain?
Interestingly, the US Embassy at Delhi has emerged as one of the prominent sites of the SCS -- its fabled faux roof hiding a variety of transceivers. It is certain that vital installations and offices of India have been bugged.
The complete domestic electromagnetic spectrum has become a massive command-and-control relaying pried information. With its dominance over the global technology trade, the US has managed to sabotage most communication interfaces -- right from the first semiconductor chip to the last of the software that goes into a computing device. Needless to say, American vendors, bleeding profusely after the Snowden leaks, are regretting their decision to accommodate the "strategic partnership" with the NSA.
Coming back to the recent agreement with the US, there are two schools of thought that are dominating the debate. The idealists accept that unhinged American ambition is like a manifested reality of the modern world --- it has nothing to do with us, but them. It should be ignored, written off as an irritating anomaly. After all, it really doesn't pose any direct harm. They know that India, much like Pakistan, is a tertiary "SIGINT partner" of the US, pun intended.
A preliminary risk assessment would prove that American infrastructure suffers from the same systemic vulnerabilities that the CIA and the NSA have a penchant for exploiting.
Then there are the realists who see a comedic fallacy in the Western crusade. By its own volition, the US has become the gatekeeper to purloined information so vital that it can break governments and economies. A preliminary risk assessment would prove that American infrastructure suffers from the same systemic vulnerabilities that the CIA and the NSA have a penchant for exploiting. What if that information falls into even worse hands? What if the US becomes the victim of its own chaotic democracy, failing to keep the intimate secrets and sins of others, as has happened many times in the past? As a case in point, look at the amount of geopolitical volatility that Snowden and Assange have generated.
Unbeknownst to us, their risk becomes ours because the information was ours. This is what the strategic community has to take cognisance of. The implicit idea of instability in the digital age. It is impossible for connected societies to remain fully sovereign now.
One even senses subtle racism in all this, knowing that the US liberally shares the gathered intelligence with the "Five Eyes", the rest of the "White" world. It is as if a certain neo-imperialist global order is at play here, deliberately keeping us down.
From the Indian cybersecurity specialists largely employed by multinational corporations, to a cyberspace powered by foreign hardware, government agencies and a private sector that rely on overseas procurement, policy pundits and think tanks that borrow progressive notions from Western democracies, and a bureaucracy racing to usher in a new liberal regime, the message is getting lost in translation by the time it reaches the Prime Minister's ears.
The perception that even cyber-defence entails the involvement of "cutting-edge" foreign vendors is rather counter-intuitive.
Even if we do swallow the bitter pill of being surveilled, how do we plan to keep our end of the diplomatic bargain? How do we even size up what the bargain was in the first place?
At one of the seminars organized by FireEye, a wildly popular cybersecurity vendor, its Indian executive headlined a slide explaining the cyber spying nexuses originating from China, Taiwan and North Korea as "The Axis of Evil". This, in 2014, when even the ignoramuses within the Indian government were racked with l'affaire Snowden. FireEye was at one time funded by In-Q-Tel, the venture capital arm of the CIA with an uncanny talent for spotting promising security technologies.
When I questioned the executive as to why their product -- reputed for detecting hitherto unknown attacks -- had never stumbled upon Western malware, the answer was expectedly vague. Such is the soft power associated with American tech that even prominent Indian lobbying groups like NASSCOM get swayed by their definition of evil.
The pre-Snowden times were simple. You set up a committee on hardware security surreptitiously scheming to clamp down on the Huaweis and ZTEs of the world, like we did after the infiltration of the Prime Minister's Office. You buy into the Western pandemonium about the march of the Chinese cyber army. Now, you have to choose from the lesser of evils.
Not a week goes by without India figuring in the list of countries targeted by some cyber-espionage campaign or the other. Take the recent disclosure about Suckfly, which burrowed deep into multinational enterprises of Indian origin. The barrage of negative media surrounding the incident severely undermines the confidence of India's outsourcing industry and its diminishing ability to protect sensitive customer data.
India needs to put itself in high gear on the road to information sovereignty, or it may trail further behind in the race for dwindling global resources.
In terms of technicality, the attack was rather unsophisticated. Casually sifting through its details, I found a vital clue that could have possibly led to the identity of the attackers. One of the domains used in the operation was registered with an Indian hosting company, thus allowing easy access to its billing and technical logs. A systematic and timely investigation could have helped set a precedent.
I am dumbfounded that no agency of the government, be it the Indian Computer Emergency Response Team or the National Critical Information Infrastructure Protection Centre, ever responded to the matter. As this blitzkrieg over the ether sets back our economy and security by decades, blissful ignorance on the part of the establishment seems to have become the norm.
We haven't heard anything meaningful from India's first cybersecurity czar Dr. Gulshan Rai since his appointment two years ago. The perception that even cyber-defence entails the involvement of "cutting-edge" foreign vendors is rather counter-intuitive. Like other sensitive technologies restricted by the export control regimes, the notion that a certain country could profess superiority in the domain is as flawed as the generalization that all Russians are good at chess.
There are no allies to be sought in this war of attrition. Canada, Britain, Germany, Romania, Israel, Saudi Arabia, Pakistan, South Korea or Japan, we are fair game for all. The Global Common that is the Internet has been subjected to many uncommon transgressions. India needs to put itself in high gear on the road to information sovereignty, or it may trail further behind in the race for dwindling global resources.
Also see on HuffPost: