Bit by bit, India begins raising data security standards

NEW DELHI: India seems to have woken up to the poor standards of its data security, with the government seeking help from telecom companies, software makers and internet service providers (ISPs) to frame regulations and raise encryption levels, a measure of data security.

Recommendations from market and banking regulators to step up data security may have prompted the move, along with improved technological capabilities of the country���s intelligence agencies to monitor data exchanges.
Encryption means converting data and emails into codes that travel through the network and later get reassembled into the original form.

The government seeks to raise encryption levels from the present 40 bits to 128 bits, before eventually moving to 256 bits, which is the standard in Europe and the US. A higher encryption level will ensure more secure financial transactions on personal computers and cell phones. It is also vital for protection from hackers.

Most western countries do not allow financial transactions on the internet through computers and mobile handsets, if the encryption level is less than 128 bits.

Last year, the government had forced all ISPs in the country to reduce encryption levels to the 40-bit standard. The logic was that India���s security agencies lacked the technological capabilities to monitor data transfers on the internet when encryption levels were higher than 40 bits. Many industry experts agree that the low encryption standard in India is the reason for low transactions on the internet.

The issue of encryption came to the fore last year when the communications ministry threatened to ban Canada���s RIM, maker of BlackBerry handsets that are popular with corporates and professionals, as data transferred on these devices used the 256-bit advanced encryption standard.

The communications ministry had demanded that RIM reduce its data security standard to 40-bit encryption, a level that can be intercepted by Indian security agencies.