nettime's_roving_correspondent on Thu, 14 Jan 1999 06:36:55 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> India mulls ban of US financial crypto [and curious subtexts]

Red alert issued against US network software

Mayur Shetty


The [Indian] Defence Research and Development
Organisation (DRDO) has issued a 'red alert' against
all network security software developed in the US. And
the Central Vigilance Commissioner, N Vittal, is
following up on the warning - he might make it
mandatory for all Indian banks and financial
institutions to buy only software developed in India.

The DRDO's concern about US-developed software stems
from one basic insecurity - the data traffic and
network security software that comes from the US can be
easily hacked into and could prove to be a security
hazard. Currently US software vendors can export only
those "encryption software products" that can be
'broken' by the US National Security Agency. This makes
the quality of the US software exported to India
doubtful from a security point of view.

In a letter to the CVC, the centre for artificial
intelligence of the DRDO, Bangalore, has said that it
has begun to develop secure communication tools and
will have an indigenous prototype in place in three
months. The CVC is expected to wait for the final
product before deciding on the action to be taken.

The centre has developed software tools that protect
wide area networks from hostile attackers. It is also
developing software tools for protecting traffic
passing through the network.

"The encryption part of the software is complete and
only the communication protocols remain to be written,"
the DRDO unit's letter says. "Since the software has
been written by ourselves, there is no upper limit on
the security level provided by the encryption in the
software exported from the USA," it added.

Pointing out the defects in imported software, the
letter says that the present 'firewall' products on
sale by commercial vendors incorporate only rudimentary
packet level filtering. These can be compromised

It also points out that as per US law, "no encryption
software products can be exported from the US if they
are too strong to be broken by the US National Security

The letter says: "To put it bluntly, only insecure
software can be exported. When various multinational
companies go around peddling 'secure communication
software' products to gullible Indian customers, they
conveniently neglect to mention this aspect of the US
export law.

"Another related point is that when we buy an imported
software product that is a 'black box' to us, we cannot
be sure that the software package does not contain a
time bomb of sorts, to cause havoc to the network when
an external command is issued by a hostile nation."

Mr Vittal is also believed to have agreed to this and
said he was in favour of working towards developing the
indigenous software within three to four months.
However, banks are yet to receive any directive from
the CVC on this issue.
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: and "info nettime-l" in the msg body
#  URL:  contact: