According to the internet archive, it's from 2006 http://wayback.archive.org/web/*/http://www.dot.gov.in/isp/g...
Last week it announced the 'Guidelines and general information for setting up of international gateways for Internet'.
There is a view in the industry that 40-bit key length is too weak for most commercial applications and can be easily broken.
Surprisingly, Singhal [secretary, Internet Service Providers' Association of India] is not very worked up over this. He clarifies that it is just an initial step. "It is not a hard and fast rule that higher bit encryption is not allowed. If encryption over 40 bits is used then the key will have to be given to the government. The DoT seems to have taken the worldwide standard. As and when they receive complaints that it can be easily broken, they will consider going for stronger encryption.
My apologies for jumping the gun. Its easy to get confused as there was no date on that page.
PS: I'm the one who should apologize.
This proposal is just one way of destroying their call centres and any Internet based transaction system they may want to develop with the outside world.
You might also want to note the following:
14. The ISP should block Internet sites and individual subscribers,
as identified by Telecom Authority.
15. The Government(Licensor) reserves the right to make changes in
the security considerations.
Every international gateway location and/or the ISP node with a
router/switch having a capacity of 2Mbps or more shall be equipped with
a monitoring Centre at the cost of the ISP."
Is this really still in effect?
This is their "Department of Telecommunication"! But the site could have been slapped together by a 12 year old. It looks like an abandoned server - full of flashing "New!" images...
And down the bottom it says:
This site can be best viewed at 800x600 resolution in IE 4.0/ Netscape 3.1 or above
Copyright � 2002, Department of Telecommunications, India
However, while this looks to be abandoned, the front page says that the last time it was updated was on 22nd May, 2012. Something seems very wrong with the Indian Government's IT department!
Edit: it's getting worse. Check out the contacts list:
They have government officials using hotmail acounts! But this isn't that old - they have Gmail accounts for officials. If that's not bad enough, the Legal Advisor for the Deputy Director General is using a Yahoo account and the actual Deputy Director General is doing the same!!!
Something is very, very wrong with the Indian Government's IT security.
NIC acts as a complete "mean guard at the door" for anyone trying to get work in government. NIC insists on doing things "their way" or you just take "the highway".
Here is an example of a few thing we have to deal with every day. There is a small Java Swings app built by a government department which generates a few reports everyday. A few beauties:
- Hard coded mysql host(localhost), db name, username(root) and no password.
- Run it from command line(java -jar) and you can see a hellish amount of debugging statements scroll by(e.g. "I am here", "Inside Xyz.abc", "asdasdasd" etc). A lot of sensitive info is also printed out on the console that even, we vendors, might not be supposed to know.
- This app requires a 0777 permission on '/home' directory. Yes '/home', not '/home/<someuser>'
- If it's 1 minute past midnight there is absolutely no way to generate day's report. According to Cheif Programmer of that department this is a security feature. Oh wait, we just change the system date.
- When our project in-charge (politely) confronted this "Chief Programmer" about this he just said that I was lying and there is absolutely no problem in 'sudo chmod 777 /home'. "we do it all the time"
I know this because we have been working with the government on some quite big projects.
If this is the parlous state of both the government and the bureaucracy, then I suspect that growth will be hampered.
The govts only contribution to IT was nothing. It's the best they could ever do.
When it first started, back with modems which went to 14.4k, the fact that no one understood it or it's implications was the only reason it succeeded.
Otherwise the rent seekers or the security focused would have probably killed it at inception.
Individuals/Groups/Organisations are permitted to use encryption upto 40 bit key length in the RSA algorithms or its equivalent in other algorithms without having to obtain permission. However, if encryption equipments higher than this limit are to be deployed, individuals/groups/organisations shall do so with the permission of the Telecom Authority and deposit the decryption key, split into two parts, with the Telecom Authority.
And I think you're overestimating the "impartiality" of the law in the First World.
Halliburton has become the object of several controversies involving the 2003 Iraq War and the company's ties to former U.S. Vice President Dick Cheney. Cheney retired from the company during the 2000 U.S. presidential election campaign with a severance package worth $36 million. As of 2004, he had received $398,548 in deferred compensation from Halliburton while Vice President. Cheney was chairman and CEO of Halliburton Company from 1995 to 2000 and has received stock options from Halliburton. In the run-up to the Iraq war, Halliburton was awarded a $7 billion contract for which 'unusually' only Halliburton was allowed to bid.
I'm Lebanese(small country sandwiched between Israel and Syria that specializes in fighting proxy wars) and I've been around(not to the US, but to quite a few places in Europe as well as other Arab countries). Things are just not comparable from one place to another.
Yes, human nature is corrupt. Yes, with enough money you can buy people's consciences(at least a lot of them). But it's extremely different when it's systemic rather just one-off individuals being corrupt. Government employees here expect to be bribed, you literally cannot get anything done without bribery.
A few examples. I know quite a few engineers who work in construction, ask any of them and they'll tell you that they have a well-defined budget for bribes. Whenever there's a construction project anywhere, police officers will drop in for surprise inspections and expect to be bribed or else will stop work from getting done. Most of the time there are no violations, but they'll disrupt you enough that it's just cheaper to pay them off.
Another example, a friend of mine drives a motorcycle. They are actually quite rare here(and nobody bikes). This is due to the fact that road conditions and driving skills of people are really bad so it's extremely dangerous for anything that's smaller than a car to be on the road. We have a vehicle tax here and along with paying that tax you have to take your vehicle for a yearly inspection(it's one process). This is extremely streamlined for cars(as there are many of them and it has to be a fast process) so not much bribery to do there. But my friend tells me he pays about triple the actual tax where the rest if bribing people to accept his tax payments and confirm that he's had the bike inspected.
I've been to Syria a lot and it's even worse there. It starts right at the border. If you don't bribe the officer conducting the inspection they will just keep opening bags, laptops and asking you about every single detail of every single item and being general dicks until you pay them ~20$(a lot of money in Syria). I was at some point traveling there with a friend who didn't want to pay on principle, they held us up for ~3hrs at least and then he payed anyway.
The list goes on and on, and this is just for personal stuff. For doing business(getting stuff shipped, getting any kind of license, etc...) it's even worse. My friend's father is an executive in the local branch of a big multinational fast moving consumer goods company and he's told me that they have a lot of problems operating in these parts because they have a lot of internal policies that forbid them from doing a lot of things that are just facts of life here.
TL;DR corruption in the 3rd world is something that permeates almost everything that you do. Equating it with some individuals being corrupt and self-serving is just not right. You won't know what I mean until you've tried it I guess.
 Note: this does not include a lot and a lot of un-registered, illegally-aquired, scooters that are some of the most annoying as well as dangerous things on the road. These are mostly driven by poor people and immigrants who can't afford anything else. Unfortunately none of them have ever actually learned to drive and it shows. But most of them don't really have a choice so how to deal with them is not clear.
EDIT: fixed typos and grammar.
20 years ago people where hailing the Internet as a bastion of freedom and espousing how it would liberate people around the world, it was supposed to be the death knell of censorship.
Sadly it seems more likely that it will be used to reduce the freedoms and liberties of all men across all nations, unless we stand firm in our convictions and remain unafraid to raise our voices in protest.
But it still is. Now more than ever. It's toppled regimes, unmasked government secrets. If authorities try to take away what has once been given to the people, there will be protests.
The internet is a tool for communication. If you co-op that communication then it is a tool for propaganda and oppression. I am not seeing a trend lately for more openness, instead I am seeing more and more laws for restricting what can be done, and governments demanding back doors into all aspects of our communication. of course I maybe blind and misinformed, but I see governments and corporations making a land grab for our individual freedoms.
It's taken governments time to wake up to it and to figure out how to handle it.
All governments around the world today no longer see the Internet as what technologists did. They see it as a threat. Theyve finally figured out what to do about it.
This was the end game visible from the start, the net makes it too easy for people to get together and as a result removes and creates its own power centers.
The state has to then assert its control over those centers and naturally they will do it by laws, and later by force.
And this does not look like a proposal, more like a TOC for establishing a gateway.
Nevertheless, a terrible thing.
EDIT: Nope, it is for everyone - It is same clause in Cable Landing Stations for ISPs using offshore Gateways. See here - http://www.dot.gov.in/isp/landing_station.doc
Now I wonder why aren't ISPs already blocking. The documents don't look old, they are still linked on their site.
EDIT 2: Document is too old. Doesn't hold.
I am not sure why, maybe they are just brainwashed or simply not used to having as many rights as people in the western world are accustomed to. In any case, terrorism is a real threat in India and I suspect they are all a bit touchy.
Meanwhile, the real bad guys are going to find a way around it - and will the govt of India pay me damages if my private key ended up on piratebay because someone stole it from their servers? Nope, don't think so.
Most Indian's have been brainwashed into accepting flaws/weaknesses in (big)governance, kind of like - "its a feature, not a bug"
My guess is that once tech. penetration reaches a critical mass where the rewards for breaking into a low security server outweighs the hassle for the poor or smart people, only then will the government policies be upgraded.
I'm not too concerned because of the standard 'I've got nothing to hide' line, but there's always the chance of corrupt officials and poor data security in their wiretapping centers. Anyways, it doesn't seem like this rule is enforced since the document has been there for a while and SSH traffic works just fine.
In that case, they've got no reason to look.
But I think like quite a few other comments say, it's old document.
Democracy in that sense is an empty word. You mean it's a democracy because people get to vote? In the US the democratic part amounts to getting to chose between the same two century old parties, which have heavy corporate backing and dead-ringer platforms. With the main issues (economic policy, foreign policy, educational policy, labour laws) are only debated superficially, reduced to slogans and yes/no decisions.
Still, the democratic US snoops on its own citizens, maintains (and demands ISP's maintain) huge backlogs of private data, has the Patriot Act, has private prisons, the list goes on and on...
Considering how corrupt and inefficient government and the officials are there, its not gonna work well or will be too frustrating and may require bribing.
There are companies that do disallow ssh or require you use a null cipher/key to a gateway before going to the outside world.
I'm not sure how this will be enforced, however from prior comments, it looks like it may be an old policy?
How are these companies still in business? You're just asking to get cracked.
What level of monitoring would be necessary to detect a user's traffic was encrypted?