Abstract
Encryption is not a modern concept but has been a prevalent ideology that was practised from the Historic era, though people treat it as a contemporary terminology, it has its origin from the past. The notion of cryptology evolved during the Spartus, it is believed that in the Fifth Century B.C formulated some techniques of coding to transmit data, by securing the privacy of the data, this was a scientific approach to delivering the descript data and protecting them, and this practice thus can be evaluated to be evident even before the Computer age. Further, this became more practical during the World Wars and gradually emerged as an alarming factor after the creation of cyberspace and information technology. This article will facilitate the readers with an understanding of the significance of Encryption or cryptology in today’s era, how the privacy of our data is at stake, and how to combat such situations, we will draw comparisons with the legal frameworks, and we will also acknowledge the updated tools with are available for securing the safety of the data, the concept of Public and Private key will also be discussed. We will also ascertain the shortfalls of the Indian legislature in protecting Cyberspace.
Keywords: Encryption, Public Key, Private Key, Cyber Space, Cryptology, Privacy.
Introduction
The term “encryption” denotes an explicit process in which a normal text message is transformed into code which would be different from the original text, it may follow a specified format of converting the original text, in simple words plain text is converted into Ciphertext, which is a distinguished file, different from the plain text. It may also use the arithmetic algorithm, such as it is used in computer languaging, to be more specific binary digits, which uses only two digits 0s and 1s. The Ciphertext is unreadable until it is decoded into plain text, which is done with the use of a decryption key, and the receiving Person should have this decryption key, which is the formula to decode the original text.
A Cryptosystem is followed for coding and decoding of the text messages. Cryptology has its origin in Greek and it means “hidden word”. The expression “cryptology” is the technique of concealing the context of the message by a code1. The aspect of cryptology is not only limited to coding or decoding but extends to scientific techniques of securing data, analysis of data and formulation of cryptographic structure and cyber research.
Significance of Encryption:
The prima facie intent of encryption is to render an easy flow of confidential data from one source to another without being diverted or being obtained by a third party, and with respect to information communication through the internet can be stated as:
- Safeguarding the data from unauthorized use.
- To keep the data secured.
- Facilitate the authenticity of the delivering the message.
- To restrict any repudiation
- To shield our personal information
- To prevent any alteration of the original message or reduction of the use of the data for illicit purposes.
This system is an essential practice for the data authenticity and this system can be segregated into two categories which form an integral part of this practice. When we use the internet for several transactions like E-commerce, E-Mail, browsing webpages, and using social media platforms, the data flows through innumerable computer sources known as routers, as there stands chance these data can be extracted at a certain point through software, and creates a risk of a third party having the access to the data and can use such data according to their whims and fancies. Thus a protective algorithm will make it difficult to interpret the data and cyberspace can be secured.
Types of Cryptographic Systems:
There are mainly two types of cryptographic systems that are widely followed, one is a symmetric form and the other is an asymmetric form. In a symmetric system it is operated with a single key, this form of encryption is the earliest form of data transportation. The Data Encryption (DES) and Improved Data Encryption Algorithm (IDEA) are used in the symmetric key ciphers, this method was considered to be an easier method of data transmission, as a written message can be encoded with a key and is delivered to someone having the same key, and the receiving party then decodes the message, but this system was not that secured as there where probabilities of theft or misplacement of the data, thus to overcome this security issues the second form of cryptography, was introduced as an asymmetric form which uses two sets of key to operate which is a public key and a private key. This key pair is used to code and decode the message and lowers the risk of being stolen or misused. The public key is designed uniquely, in which it is accessible by any individual having the key and can encode any message as per their desire, on the contrary, a private key associated with that public key can only decode the original message. The process of generating a public key is complex and requires massive computer sources to encode and decode messages, thus large or lengthy messages are often avoided, and these are mostly used for short messages and signatures. The public key is also used for encoding the symmetric keys for better-secured access.
The Need for Encryption Protection:
We are quite aware of the endless amount of data which exists in cyberspace, which belongs to individual’s personal information like bank details, contact details, medical reports, national identification, commercially valuable information, assets information, residential information and even authentication details are also at times accessible, as the data is transverse through various computer sources and there arises the opportunity of data being shared through channels and may even result in the commission of cyber security theft, fraud, financial scams or other forms of cybercrimes, thus it becomes very essentials for us to understand the importance of protecting the data and making a defence mechanism to combat such crimes. These information can not only affect an individual welfare and safety but also have global implications and can even disturb international peace and security, creating discrepancies in national security and the economy. The evolution of the IT sectors and corporate trust in computerized operations has also opened doors for cyber hacking and other illicit activities which are nearly impossible to trace or may take a lot of expertise to trace. The data in this modern era stands as vulnerable as any other victim of crime and has to be protected and secured from any malpractice.
Status of Encryption in India:
India in the contemporary set-up has faced multiple challenges to overcome national security issues and law enforcement concerns. Many scholars and government officials have highlighted the drawbacks which have been faced by counter-terrorism, circulation of fake reports and news, and has been an obstruction to ensuring women’s and children’s safety. There were continuous debates about the applicability of encryption and a concern regarding the change in regulations were also proposed by the government agencies. In the 1990s a detailed discussion on encryption policy was conducted, by the Indian Government, this was the time when the internet was made publicly available by the state-regulated internet service providers, followed by the year 2000 an act came into force to regulate the internet affairs, the Information Technology Act, which provided statues to regulate the digital signatures for Online payments, it used public key method for securing digital signatures, the banks, Reserve Bank of India (RBI) and Securities and Exchange Board Of India (SEBI) which is also known as the regulating agencies recognized and approved of the electronic payment policy, but in 2001, both RBI and SEBI can up with specified guidelines which recommended the use of 128-bit cryptographic protocol, secure Sockets Layers, for ensuring browser protection and safeguard E-Commerce in India2. Following back to 1999 the India-Pakistan conflict during the Kargil War, the Kargil review committee opined that necessary resources were not been provided to maintain and develop the encryption. The decryption skills were also lacking in India and the committee also provided insights on organized crimes and terrorists who were communicating through these encryption formulas. With the rapid growth in digital dynamics, security risks also became eminent, internet became a prime source of information transfer between nations, thus physical boundaries could not protect the Nation’s integrity.
The report by some international research organisations also informs us about the alarming rate of cybercrimes, which rose due to encryption concerns, the famous terror attack in Mumbai was a classic example of the infringement of encryption rationality. From the year 2017, we observe that there has been a lot of misuse of WhatsApp communication and some unknown sources circulated misleading information which led to violence and mob lynching and even resulted in communal wars, the social media became a scapegoat to cyber oppression and commission of crimes. According to the statistics provided by the National Center for Missing and Exploited Children it is found that the offence of child pornography is difficult to trace due to end-to-end encryption, and higher the rate of exploitation.
Several social media platforms and messaging companies have adopted mechanisms for detecting the sources, but it also has limitations as only unencrypted content, as per records it is noted that WhatsApp bans profiles which are suspected to have vulgar or illicit content.
There has been a constant disagreement between the social media community and law enforcement agencies, as both propositions are valid and ensure public and private safety, on one side the Enforcement agencies demand limited access to encryption, which would help in locating the sources of crime and play a pivotal role in restoring National Security, but on the other side individuals privacy will be compromised, making them viable to exhaustive crimes. Shreds of evidence for both instances are observed in India, so the challenges are always two-fold and only be overcome by making stringent regulations and policies for data access and data privacy, a note of harmony is established between both to combat the cybercrimes.
Updated Tools for data Protection:
We understand the need and value of encryption in global aspect, now we also need to understand that we should also develop new tools and skills in the era of autonomy of encryption, which can be interpreted both positively and negatively, and more specifically we should be aware that we are not yet free from cyberattacks. Though there is the existence of relevant legislation and judicial supremacy, law enforcement agencies should also have exclusive authority for the collection of information, search and seizure and evidence against any suspicion of crimes. Special authority should be provided to law enforcement bodies to even access the encrypted communications and special training and skills should be furnished so that the gap of understanding and decoding can be possible. The court should order for decoding an encrypted text into a plaintext by passing an order. It should also be ensured that encryption services are provided for general use only and if used for any specific purpose then it should be notified and permission is to be granted by the authority. If any violation occurs the party will be made liable. Technical support centres should be initiated with expertise officers to support and assist in investigation.
Global Approaches:
In the context of encryption, many nations have agreed upon “lawful access” of the encrypted data, which resulted in a “patchwork of multinational regulatory structure” and also implemented restrictions on data transfer, which would undermine the enforcement of International statutes3. The United Kingdom, made their own legislative regulations to regulate, which would oblige the companies to create an escape route for enforcement of laws. Australia also made their legislative framework to mandate lawful access. India made proposals to companies which are having more than five million users in 2020 to provide traceable means to identify malicious users.
Conclusion:
The encryption has always been a matter of debate, which is a matter of concern for the entire nation, especially in the 20th century. The criminals and terrorist have extended their utmost reliance on this system and have been consistently abusing the encryption, whereas the threat of data violation prevails. Cyberspace till now is not that secure, even if we have reached an elite position in science and technology, our data and its protection stand vulnerable and unprotected and on a critical note people in India are not fully transparent about the entire data protection schemes, for example in the case of Justice Puttaswamy V. Union of India4 thoroughly challenged the authenticity of the Aadhar Identification, and uplifted the right to privacy under Article 21 of the Indian Constitution, 1950. This case was a clear indication that people of Indian was not that confident about the new identification. The lack of awareness and education has also contributed to the cybercrimes in India. More emphasis is to be given in building in the citizens trust in the system and the legislature should make laws which would secure their welfare as well.
- Office of Technology Assessment, U.S. Cong., Issue Update on Information in Network Environments 11 (1995). ↩︎
- Burman, Anirudh, & Jha, Prateek, Encryption and India’s Security and Law Enforcement Challenges, in Understanding the Encryption Debate in India 10–11 (Carnegie Endowment for Int’l Peace, 2021), http://www.jstor.org/stable/resrep34854.6 . ↩︎
- Nat’l Academies of Sci., Eng’g & Med., Decrypting the Encryption Debate: A Framework for Decision Makers (2018), (https://www.nap.edu/catalog/25010/decrypting-theencryption-debate-a-framework-for-decision-makers ). ↩︎
- Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 S.C.C. 1.
↩︎
