Encryption: Envisaging a privacy enabling National Security regime & E-Commerce ecosystem
The #SecDevTalks, a series that focuses on cybersecurity and evolution of digital security and allied issues, is a collaborative effort by the Tech Policy Non-Profit group, The Dialogue and NullCon in partnership with CNN News18. The idea behind this series is to drive a discourse on the fundamental right to privacy, and enhancing cybersecurity..
In previous episodes we interviewed Mr P V Kumar, former Chairman of NTRO, who also spent most of his career with India’s external intelligence agency, R&AW. This was possibly the first time a former Indian intelligence chief spoke extensively on the need for privacy and forming due process for gathering information by security agencies. Mr Kumar felt that there is a need to overhaul India’s surveillance laws, strengthen privacy for citizens, use end-to-end encryption and the proposed data protection law to ensure better security for Indian citizens.
In the second episode, the Former Secretary (Security) and Special Director, Intelligence Bureau, Mr Yashovardhan Azad talked about the need for strong encryption and an independent data protection authority to ensure the privacy of Indian citizens.
In the latest episode of #SecDevTalks we have Dr Taher Elgamal, a renowned cryptographer and entrepreneur. He is recognized as the “father of Secure Sockets Layer (SSL)” and TSL, while working at Netscape, which helped in establishing private and secure communications on the Internet and made e-commerce possible. Much of the digital ecosystem and commerce that exists today, is largely thanks to his pioneering work to make online spaces and transactions safe.
Dr Elgamal, who is currently the Chief Technology Officer (Security) at SalesForce Global, believes that, “individuals are entitled to privacy and law enforcement agencies for national security are entitled to defend their countries. But to move forward it is necessary for them to consult each other. It is a matter of collaboration that we lacked to work over the last few years.”
A recipient of the lifetime achievement award at the RSA conference in 2009, he said that the objective of building SSL was to enable e-commerce. SSL is one of the key reasons for the success of e-commerce since it solved the challenges around secure transactions. Cyber-crimes have increased recently, but this is not due to the lack of encryption, but due to the user-dependency on passwords, which is where most security breaches take place.
Dr Elgamal reiterated, “nobody likes criminals but that does not mean that citizens do not deserve privacy. It is a double-sided problem and solving one without the other is not the right thing.” Ultimately, the goal is to ensure that the data is only visible to those who are authorised to see it.