Intelligence & National Security Discussion

[Mihir]

In that picture that shows the Green Pine Radar deployed , the green grass area looks similar to Punjab sector.

Is that our GP deployed around Punjab sector ?

That picture is taken from the IAI website. It might not be in India.

[abhishek_sharma]

Defending a New Domain

Right now, more than 100 foreign intelligence organizations are trying to hack into the digital networks that undergird U.S. military operations. The Pentagon recognizes the catastrophic threat posed by cyberwarfare, and is partnering with allied governments and private companies to prepare itself.

http://www.foreignaffairs.com/articles/ ... new-domain

[Philip]

Some details about GCHQ,the most secretive of British intel outfits,where the recently discovered body of an MI6 spy earlier worked.

http://www.telegraph.co.uk/news/uknews/ ... rvice.html

Excerpt:

GCHQ: the most secretive service
Gareth Williams, the murdered spy, was working for MI6, the Secret Intelligence Service, when he was killed but was on secondment from GCHQ, its altogether more mysterious cousin.

By Nick Collins
Government Communication Headquarters (GCHQ) in Cheltenham Photo: PA Gareth Williams from Cheltenham who was found dead in a flat in Pimlico Photo: SWNS
The Government Communications Headquarters is reputed to be the most secretive of Britain's three national security agencies.

It is a reputation the agency appears to hold with pride. One brochure produced by the agency was reportedly entitled "MI5, MI6, GCH Who?"

Murdered UK spy 'may have been killed by jealous lover'
GCHQ's role is to gather intelligence for the Ministry of Defence, the Foreign and Commonwealth Office and other agencies, while Iain Lobban, its director, is responsible to the Foreign Secretary.

It advises government departments how to protect their databases and communication systems against outside threats, and itself houses one of Europe's most sophisticated computers.

But little more is known about the work that goes on at its £330 million headquarters in Cheltenham, known as "The Doughnut" due to its distinctive shape.

The agency, which employs five and a half thousand staff, was created after the First World War as the Government Code and Cipher School (GCCS).

Most of its operation was relocated to Bletchley Park during the Second World War, where its operatives were responsible for helping to decipher the German Enigma military code, regarded as a key factor in the Allies' victory.

GCHQ's low profile was put under threat in 1982 by the trial of Geoffrey Prime, a double agent who was convicted of selling secrets to the Soviet Union.

Two years later, it was at the centre of an industrial dispute when the Thatcher government prevented GCHQ employees from joining a trade union, citing the interests of national security.

In 1997 the argument was finally resolved with the creation of the Government Communications Group of the Public and Commercial Services Union.

The agency has since undergone further modernisation, moving to its new open-plan office in 2003 and targeting job advertisements at computer gamers with advanced technological skills.

[ramana]

Why is RIM stalling India when they give away to KSA? Is it the perceptionof India being a pushoever? Teh Mumbai terrorists were using Blackberries per the reports.

[Surya]

ramana and singha (who asked it elsewhere)

Could be because unlike Saudi arabia they can count on internal voices against it or even spur them on??

We always have some character who would question our Govt no matter what issue (we see that with terrorism and Pakis).

We have by giving conflicting signals lost that immediate threat\tough\mean image.

IMO etc

[ManjaM]

Why is RIM stalling India when they give away to KSA? Is it the perceptionof India being a pushoever? Teh Mumbai terrorists were using Blackberries per the reports.

Ramana ji,
RIM did not handover the encryption keys to KSA so KSA can benefit (alone). Same with UAE. UAE will not be the sole beneficiary of RIM magnanimity. In case of India, please note who will win and who all will lose if encryption is handed over. Is there only one David Headley or are there more sitting right in the diplomatic enclaves and Human Rights offices across the country.

[tarun]

Why is RIM stalling India when they give away to KSA? Is it the perceptionof India being a pushoever? Teh Mumbai terrorists were using Blackberries per the reports.

Indians have an expectation of privacy which may not be true of authoritarian states like China/KSA etc, if the Indian corporates trust the corrupt government officials snooping their email, RIM would succumb in no time otherwise they are doomed if they do doomed if they don't.

As an aside invading privacy does nothing to enhance our security.

-Tarun

[svinayak]

Indians have an expectation of privacy which may not be true of authoritarian states like China/KSA etc, if the Indian corporates trust the corrupt government officials snooping their email, RIM would succumb in no time otherwise they are doomed if they do doomed if they don't.

As an aside invading privacy does nothing to enhance our security.

-Tarun

National security overrides most of these concerns. Not in the region

[chiragAS]

saw this news on BR mainpage. is this already discussed? or is there another thread for this
http://bharat-rakshak.com/NEWS/newsrf.php?newsid=13317

[Vashishtha]

^^
Fiascos like these make me feel more and more tht we have been compromised to the highest level. Everyone has a price tag it seems.

[Rahul M]

saikat datta is the worst kind of journalist who thinks nothing about destroying careers to sell a dozen more copies. in the past he has led a vicious mud-throwing campaign against Adm Arun Prakash without a shred of evidence. more than likely that he has had run-ins with the people mentioned and is now getting back at them by destroying their reputation.
believe his 'stories' at your own risk.

[abhishek_sharma]

About that article in Foreign Affairs about cyber security

http://www.foreignpolicy.com/articles/2 ... e_internet

[tarun]

National security overrides most of these concerns. Not in the region

No wonder access to Banking or Internet in India is in the state it is today, thanks to expensive monitoring equipment at ISPs and overwhelming financial regulation apart from the usual rent seeking and massive barriers to entry. Apparently foregoing a few points of GDP growth and research into 'leapfrog technologies' is worth the 'security' provided by privacy invasion and denial of access to modern cryptographic or other research tools to private citizens of the country.

[milindc]

National security overrides most of these concerns. Not in the region

No wonder access to Banking or Internet in India is in the state it is today, thanks to expensive monitoring equipment at ISPs and overwhelming financial regulation apart from the usual rent seeking and massive barriers to entry. Apparently foregoing a few points of GDP growth and research into 'leapfrog technologies' is worth the 'security' provided by privacy invasion and denial of access to modern cryptographic or other research tools to private citizens of the country.

Care to elaborate on the access to Banking or Internet in India. Most banks in India provide internet banking and the fact is that they are very well connected to Mobile network. Every transaction I do on internet is confirmed immediately by SBI using SMS and in fact I need to enter a password provided on mobile # if the transaction is suspicious.
Once u enter the internet domain, privacy is gone. I will guarantee u that all the secure transactions are monitored. US Govt probably has access to all the cryptographic certificates.
Majority of us are willing to fore go some amount of privacy for better security..

[tarun]

http://www.foreignpolicy.com/articles/2 ... e_internet

In addition to standard computer "hygiene" (anti-virus software and firewalls)

If they need to run anti-virus on military computers and firewalls then they are already on the losing side.

Ugh! apparently security practices of NSA and enhancements it has contributed to Open Source haven't really percolated to the defense contractors and people on the field

http://www.nsa.gov/research/selinux/

[tarun]

Care to elaborate on the access to Banking or Internet in India. Most banks in India provide internet banking and the fact is that they are very well connected to Mobile network. Every transaction I do on internet is confirmed immediately by SBI using SMS and in fact I need to enter a password provided on mobile # if the transaction is suspicious.
Once u enter the internet domain, privacy is gone. I will guarantee u that all the secure transactions are monitored. US Govt probably has access to all the cryptographic certificates.
Majority of us are willing to fore go some amount of privacy for better security..

1. Banking or Internet penetration in India. The broadband penetration in India is at pathetic levels and so is access to banking facilities as a percentage of population.
1a. Privacy on Internet domain is certainly possible if one has a strong desire for it.
2. What has prevented cca.gov.in from getting their root certificates into IE/Outlook/Adobe Acrobat PDF reader/Mozilla Firefox/Opera/Thunderbird till now ? Why do our websites still need to depend on foreign providers of trust.
3. Defining what is meant by lawful interception for un-washed masses and what level of oversight and judicial scrutiny of executive actions shall be sustained would go a long way in establishing trust.
4. GOI/babudom's ham handed approach to security/KYC only results in in-convenience to citizens and breeds jugadu workarounds around the half-measures with extremely weak security chains which are easily broken.
( e.g. how hard is it to obtain a sim with a faked out identity if the security agency which does the job of verification does a half baked job ). There is no short cut to security, the current security circus provides a false comfort which is even more dangerous as it blind sides us to real dangers.
5. Lack of banking access to a large percentage of our population leaves our significant cash economy at risk of sabotage from napaki printing presses and other distortions. By all means do systematic fraud analysis of transactions and collect data for preventing tax evasion but first build a usable enough system ( or atleast don't prevent usability by moronic requirements involving multiple trips to a bank for something as simple as address change which by the way increases our dependence on middle eastern oil and indirectly provides for more funding to the top friend amongst the 3.5 that funds TSP ) that a majority feels comfortable using.

Right now the government's position on cryptography as clear as mud.

-Tarun
As someone once said: He who sacrifices freedom for security deserves neither

[VinodTK]

Building A Meaningful Strategic Relationship With China

India had been bending over backwards to accommodate China’s periodic aberrations in its fragile relations. It had always played down even reports of Chinese border intrusions and protests over Indian prime minister’s visits to Arunachal Pradesh.

Any improvement in this regard requires a change in national mindset. It is doubtful whether the present Indian national leadership, including the political community as a whole, is ready to take charge, instead of deferring decisions and debating the frivolous. Unless this is done, it is going to be increasingly difficult to deal with China. India has to foster a win-win relationship with China. It is essential for handling contentious issues that are often in conflict with national security interests of both the countries. Otherwise as national security interests gather more form and content, India would be the loser. And we cannot afford to do that

[KiranM]

1. Banking or Internet penetration in India. The broadband penetration in India is at pathetic levels and so is access to banking facilities as a percentage of population.

Internet in TFTA European countries and even Australia is majorly dial up. So much for India being bad in advanced Internet penetration.

[tarun]

Internet in TFTA European countries and even Australia is majorly dial up. So much for India being bad in advanced Internet penetration.

What is the source of your data it doesn't appear to be correct.
http://www.internetworldstats.com/dsl.htm

It is not in anyway relevant what their state of Internet is to the discussion. Can we afford to forego several %age points of GDP growth for dubious security benefits provided by ham-handed weak in chain security circus drills involving half a billion people running around for several man-days every year complying or bypassing using fraud/forgery/jugaad

-Tarun

[Philip]

What it's really like to be a British spook.A must read.

http://www.telegraph.co.uk/news/uknews/ ... a-spy.html

Annie Machon: my so-called life as a spy
The murder of MI6 operative Gareth Williams last week has turned the spotlight on the shady world of espionage. Here, a former intelligence offer for MI5 explains why the life of a British spy is an insular one

[tarun]

Tarun, could you explain for my sake, in brief points, how we will forgo any % points of GDP growth by accessing BB codes? Folks using BBs should not be complaining as much as companies providing them are, right?

Having a pervasive security security circus mindset is what is making us lose a few %age points of GDP growth. GOI wanting to access blackberry certificates for an MITM is only a symptom of that mybaap philosophy under which some moron having a brain wave means half a billion people would now be inconvenienced/dis-enfranchised/de-productivized(okay I invented this word) every year.

Say if one is a part of mobile workforce and change my job once a year, sometimes I just stay with my friends never needing to do a proper rent agreement with a landlord. Now every year one needs to buy a new mobile connection ( wither number portability ), a broadband connection, voter ID card ( okay forget that the babus at the lowest levels exercise their good judgment and basically disenfranchise you no matter how many visits you make ), share depository account , mutual fund folios ( another set of KYC ) and so on plus change in addresses on the bank accounts and sum total of these activities is more than a few days and several liters of petrol. This mobile workforce can be daily laborers or IT/BPO workers.

Some scared and incompetent PSU bankers like Oriental Bank of Commerce suddenly decide to withdraw or severely limit facilities to small entrepreneurs and personal banking users causing more grief and wasted petrol by doing stuff like this

https://www.obconline.co.in/

( ofcourse this certificate on https isn't from trusted chain originating at cca.gov.in 's Root CA because the browsers don't include that )

1. Never reveal your User id and Passwords to anybody, not even to Bank's Staff.

2. Please Change your Internet Banking Passwords immediately to avoid any Phishing attack.

3. Never access our Bank’s Internet Banking Website through any link. Always type URL https://www.obconline.co.in to login into our Internet Banking website.

4. Always check for Lock Symbol appearing on the status bar and click to verify Verisign Certificate.

5. The Inter & Intra fund transfer limit has been restricted to Rs. 5,000/- per transaction and Rs. 25,000/- per day with immediate effect.

6. Kindly avail Free SMS Alert service to track the transaction in your account.

We strongly recommend to adhere above guidelines for securing your Internet Banking account. Bank shall not be responsible for any misuse of your account due to Disclosure of Confidential details such as User id and Passwords of Internet Banking, either knowingly or inadvertantly.

Oriental Bank Of Commerce
Department of Information Technology
Head Office, New Delhi.

The above two limits were 50K and 200K respectively and there is no way to change them by even submitting an application at a bank branch. So now a lot of Oriental Bank of Commerce users need to go to a bank branch to do RTGS/NEFT transactions or stick to using Cheques.

The list goes on and on how our security circus ties us into knots and atleast once during a year makes about half a billion or more people waste several man days chasing banks, mutual funds, telcos and government agencies every year trying to get a fix on their identity.

Even simple things like Directors of private limited companies who file their PAN while they obtain their DIN instead of being asked for their DIN again with say Service Tax registration of their companies is repeatedly sought with PAN/address/age proofs and so on.

[ Obligatory Terminator franchise reference ]
If there was an Indian John Connor, then the skynet would be unable to locate him regardless of him having submitted his Photo/PAN/Address/Age proofs multiple times in triplicate to the multiple agencies of the government.

[Tanaji]

GOI wanting to access blackberry certificates for an MITM is only a symptom of that mybaap philosophy under which some moron having a brain wave means half a billion people would now be inconvenienced/dis-enfranchised/de-productivized(okay I invented this word) every year.

GOI does not want the certificates nor does it want to launch a MITM attack. All it wants is an ability is an ability to decrypt BB Messenger. Implementing the first to do the second is massive overkill and BB will never agree and will cause huge issues for normal functioning.

There are other simpler ways of doing legal intercept without getting certificates.

[tarun]

Tarun, I am afraid you're either not familiar with the online banking system or have been a victim of a bad banking experience. Switch to another provider, use your passport for ID proof, and get a driving license. Next, even if you stay with a friend, get a franked agreement (worth Rs. 50) that provides residential proof (this is legally acceptable).

So getting a franked agreement costs time and money and even then it is useless because the bank/telco/mutual fund/stock broking account/depository etc. still needs to have a verification agency to do actual verification. How they do it is quite another matter. But this process is repeatable ad infinitum and quite error prone and come un-stuck a number of times.
Also given the general stupidity of laws and discretionary power of law enforcers valid efficiency enhancing businesses that can support such mobile workers cannot take root in India. And the bad news is we need more mobile workers not less in the new economy

http://thenextweb.com/mobile/2010/02/21 ... wide-2010/

For one such example of a business would be to allow a mobile worker to change his present address online from an online portal and have all his physical mail shipped to wherever the worker is currently including a hotel. Imagine having a million, 10 million mobile workers sharing one permanent address. Laws hard coded with assumptions of rigid bureaucrats tieing in the habits of a large population to an in-efficient lifestyle addicted to petroleum and paper can not do us good in the long run.

As for the limits, ICICI Bank, Bank of India, Bank of Baroda, HDFC Bank all will agree to lower your transaction limit per day. The limits are sanctioned by the RBI. The system is tuned to help track the flow of money, and your request is perhaps what caused RBI to increase the upper limit from 1 lac to 2 lacs. However, how often does the average Indian need to withdraw more than that each day?

That is tangential to what I wrote, I am not talking about cash withdrawals here. This is how available facilities suddenly withdrawn like netbanking in a PSU bank due to security circus measures can out of the blue hit someone's efficiency and that someone ends up approaching one of the other banks until the cycle repeats
This is only one in 100s effects of the actions of our government and PSU's I can quote. Loss of Blackberry services would be a similar class of action.

For a start, let's say India's GDP growth this year will be 8.1%. The simplified GDP figure would be $1.44 trillion. What you are suggesting is that the current banking practices of safeguarding account access cause the loss of say $40-45bn (~Rs.20,000 cr) to the economy. Is that correct?

Yes that should be easy to show that the effects of current KYC norms in finance and telecom result in this much loss of productivity to the economy and don't make us any safer. There are 100s of examples which can be used to show the 'security vulnerabilities' in the KYC processes as currently defined.
-Tarun

[tarun]

GOI does not want the certificates nor does it want to launch a MITM attack. All it wants is an ability is an ability to decrypt BB Messenger. Implementing the first to do the second is massive overkill and BB will never agree and will cause huge issues for normal functioning. There are other simpler ways of doing legal intercept without getting certificates.

I didn't say 'MITM attack' only MITM. MITM is the only way of interception for SSL. As described here :-
http://www.pubbs.net/201008/squid/32331 ... lysis.html
which requires cooperation of Root CA+ISP or the application owner.
Pervasive ICAP implementation has been an MNC+cohorts+cyber_cell_of_police_body's recommendation to the GOI with plans to use encryption software/certificates registered with the government with facility for lawful interception.

The whole circus is a stupid and a sad outcome, the terrorists have already achieved their objectives if tying down our tiger economy into the region by imposing all these costs on us. There are a lot more devices other than blackberry and any of the newer devices featuring the 1 Ghz processors can run OTR like software which can be harder to decrypt in realtime and doesn't rely on a root CA owned by a single corporation or self-generated certificates. So while lawful businesses and citizens bear the cost of law interception the 'IT' (international terror ) professionals can use freely available FireGPG plugged into their browser to communicate via gmail and nobody would be any wiser.

-Tarun

[Craig Alpert]

India to verify reports of Chinese presence in PoK, says govt
seriously??? What the hell is RAW doing??? What's the point of launching Ri-Sat and other satellites with less than 1m resolution if it can't track an influx of 7-11,000 Pla Troops, (assuming the NY Times report is Correct to begin with)

[Craig Alpert]

BlackBerry agrees to monitoring of services, govt grants 60-day relief

NEW DELHI: Faced with an August 31 government deadline, BlackBerry mobile phone maker Research In Motion (RIM) today gave in promising access to Indian security agencies to monitor all its services with immediate effect.

The government, meanwhile, says it won't ban BlackBerry services for at least 60 days, easing up on the threat leveled over access to encrypted data.

The Ministry of Home Affairs says it will ``review the situation in 60 days,'' after telecom authorities examine Research In Motion's proposals to give security agencies greater access to corporate e-mail and instant messaging.

[Surya]

Seriously there is a lot more GDP lost due to cricket, religious cermonies, bandhs, protests , surfing BR etc.

[tarun]

Seriously there is a lot more GDP lost due to cricket, religious cermonies, bandhs, protests , surfing BR etc.

That is an evasive argument very similar to more people die in car accidents than due to terror attacks in India so we should stop worrying about terror attacks.

-Tarun

[tarun]

PS: Do you know how much is lost to banking fraud in this country? Please take a guess. I'll let you have three days.

Do these security measures really prevent fraud is the more important question. I am not against security improvements where it helps the market for e.g. online CNP transactions requiring another factor of authentication directed by RBI was a seriously good move. However not everything done in the name of security actually makes us more secure and is actually counter productive for the economic growth. Loss to economy is not same as loss of growth which is harder to measure. What is the cost to country for not having an innovation and economic power house like the Silicon Valley in India.

Having a few Google/Apple/Facebook/Yahoo/Tesla like companies born and grown here with revenues per year exceeding 50-100 Billion USD ( say revenues of top 100 companies created in the valley in past 5-10 years put together including revenues added to acquiring companies ) would add about 5-7% to our 1.5 Trillion USD a year economy. Does the number of 20,000 crore sound far more plausible now ?

There is no reason Bharat can't grow at 12-14% even without making 150 B USD investment into nuclear reactors or spending 100B USD on infrastructure if we can have a stable regulatory environment not driven to a lot of collateral damage due to security circus. The cost of having to lobby babus away from stupidity is simply too great for even well funded ( million dollar plus in investment ) startups in India so a lot of innovation areas would be left un-touched.

-Tarun

[tarun]

Not sure what you're intending here but I think you are suggesting a website as a front-end to a National Registry. It's a good idea -- am sure we'll get there in time. btw, what percentage of this mobile working population re-register their vehicles as per law? How can information being entered on a national registry via this website be verified any better than the franked agreement which takes about 10 minutes in all to print and frank? Any lesser would mean you want a Govt. Secy. to visit your home to sign on the agreement!

I think your we == GOI, I am not suggesting government get involved here at all. All I am saying is many types of businesses that could have evolved given the nature of opportunity arising out of rising mobile working population is being lost because of antiquated KYC requirements which add zero value to security of our financial systems because of their broken verifiability. KYC is mostly used as a CYA rather than anything else.

What if you did not have net banking at all? What %age of the developed world do you think uses net banking? How is a limit that helps reduce fraudulent withdrawals a bad thing? What security circus hit what specific functionality that you were using? Please use specifics so the discussion can be focused. Saying the moon is far doesn't help - what is your context here and what are the specific issues you face on a daily basis?

It doesn't matter what developed world does today, they have had long years perfecting manual systems, we need to leapfrog not go through the whole cycle of learning what they did wrong and fixing it by emulating them.

Here's one problem description for the purpose of illustration only :-

Entrepreneur A is advised to use a PSU bank as the corporate account since they'll not try to find ways and means to siphon off money from the account like the private banks do and possibility of raising credit against government backed credit guarantees is a bit higher. So far so good.

Part 1: Opening a current account involves submission of MoA, Certificate of Incorporation, Address/PAN proof of all the directors and a board resolution and an introduction from an existing current account holder. Time taken varies between 16 working days to 30 working days for account to be opened because of need for a board resolution to be passed. The process is bad but bearable, perhaps it could be made a bit simpler if the banks were savvy in letting bank managers simply verify provided information like PAN/DIN/Incorporation number from MCA's website and proceed with a verified account opening process. From the point of view of a bank manager she trusts the paper documents and their photocopies/printouts of documents self-attested which could very well be forged as per the current requirements. So best case scenario Entrepreneur A wastes maybe 3 working days.

Part 2: Entrepreneur A discovers the joys of using Netbanking to pay suppliers amounts upto 50K INR in a single transaction and 2L in a single day but sure payments can be spread say over 2-5 days if larger and hey account opening hassles not withstanding this is as good as any private bank. But lo and behold the central IT department of the bank one fine decides to reduce the single transaction limit to 10K and daily limit to 50K, next week they decide even this looks un-safe lets make it 5K and 25K and next they decide to disable NEFT/RTGS modules altogether. One visit to the bank branch ( 2-3 hours wasted commute+wait in queue to speak to manager )

Part 2a: Send a 'cease and desist from stupidity' letter to Bank branch explaining the need for higher daily limits to be sanctioned for atleast particular corporate account and a phone conversation where the Bank branch manager politely explains that they have no control over facilities available to customers through netbanking.

Part 3: Entrepreneur A is now wasting say 3 hours every week because of the security circus practiced by the PSU bank's central IT department's paranoia in writing cheques and following up to make sure they get delivered to suppliers, or could waste the same 3 hours making manual RTGS/NEFT requests by filling up the form at the bank branch. So the choices are tough either go get another bank account waste 2-3 working days again collecting an introduction for a current account and the paperwork related to passing a fresh board resolution spread across atleast 15-20 days ( time to call a board resolution to passing one requires a minimum advance notice to all members of board )

That is just one example of how security circus causes loss of productivity.

[Thomas Kolarek]

How come U.S. intelligence agencies do not discuss what capabilities they have to spy on Blackberry users. Are they more adept at cracking code than us ? Sounds fishy. Could be RIM's servers are already eves dropped by them.
Russia has permitted blackberry with a condition that servers had to be installed in Russia, so no wonder Indian security officials asked the same.
Blackberry Security Paper -
Blackberry Security Paper

[Surya]

That is an evasive argument very similar to more people die in car accidents than due to terror attacks in India so we should stop worrying about terror attacks.

Then come up with numbers as Marten asked. Then come up with the cost of lost security eg. 26\11.



and then compare them

then lets talk

I am assuming somewhere in this is an relation to GOI clamping on BB.

If not then I will sit back and watch

[tarun]

With your kind permission, I will let you persist with these thoughts and decline further conversation. There cannot be a discussion in the absence of knowledge.

Sure lets end it here but I need to have the last word here for the benefit of other forum visitors and for the sake of completeness.

1. I have not said accessing blackberry causes a loss of GDP but that coupled with 100s of other ham-handed actions in the context of security circus is a cause of missed growth opportunities which might be shaving off a few %age points of GDP growth which could have been.
2. Innovation happens on the sidelines in startups on low budgets and it seems that you equate corporates with corporates who can actually afford services of company secretaries or have people who can run errands for them.
3. To the extent of pointing out missed growth opportunities I have pointed to the example of Silicon Valley and its tremendous contribution as the innovation engine of growth for US economy. A 100 billion USD worth revenues contributed by top 100 companies in a silicon valley style un-encumbered setup could add 5-7% to our GDP growth numbers easily.
4. We are having the conversation on completely different planes so it is best we end it here and persist with our thoughts as at is.
-Tarun

[tarun]

If not then I will sit back and watch

+1

[tarun]

PS: Here's an RBI circular (Sep 2009) on the Fraud Risk Management System in place. Hope it enhances your understanding of why procedures are evolving all the time.

Its a document on dealing with fraud post-facto and mostly fraud due to lack of electronic clearing in near realtime using forge-able paper instruments. It doesn't cover cyber-fraud. Doesn't really add to my knowledge in anyway I am afraid.
Thanks
-Tarun

[tarun]

We need a basic understanding of security requirements for banking per Basel 2 norms.

Pardon my ignorance but it appears to me that Basel 2 norms don't have anything to do with security but rather to do with capital adequacy and quantifying risk and its management.

http://www.stockmarketsreview.com/news/ ... _20090312/

Basel II is the international capital adequacy framework tor banks that prescribes capital requirements for credit risk, market risk and operational risk. Basel II is the second of the Basel Accords recommended on banking laws and regulations issued by Basel Committee on Banking Supervision.

-Tarun

[tarun]

Blackberry Security Paper -
Blackberry Security Paper

Thanks for the link. So any idea how Blackberry can backdoor PGP as described on page 20
-Tarun

[ramana]

IT type questions should be pursued in the Tech forum.

Thanks, ramana

[Thomas Kolarek]

There is no solution to Blackberry issue, unless BB sets up its servers in India. BB would have agreed to give Indian Security officials near real time data from its Canada servers as an interim solution to elude the ban and bide time.
Once BB sets up the server in India, we can eve drop them as US, Canada, Russia do.

[tarun]

IT type questions should be pursued in the Tech forum.

Thanks, ramana

With all due respect the technology questions have a bearing on the discussion on how exactly can the intelligence agencies practice lawful interception. The problem with bureaucracy of India has been vendor driven tech knowledge where they get only a part of picture resulting in gems like these :-

http://www.dot.gov.in/isp/guide_interna ... ateway.htm

II. LEVEL OF ENCRYPTION
1. Individuals/Groups/Organisations are permitted to use encryption upto 40 bit key length in the RSA algorithms or its equivalent in other algorithms without having to obtain permission. However, if encryption equipments higher than this limit are to be deployed, individuals/groups/organisations shall do so with the permission of the Telecom Authority and deposit the decryption key, split into two parts, with the Telecom Authority.

I'll defer to your request and take IT-witi like questions elsewhere

Regards
-Tarun