Sucheta Dalal :Government all set to kill wireless in the name of national security
Sucheta Dalal

Click here for FREE MEMBERSHIP to Moneylife Foundation which entitles you to:
• Access to information on investment issues

• Invitations to attend free workshops on financial literacy
• Grievance redressal

 

MoneyLife
You are here: Home » What's New » Government all set to kill wireless in the name of national security
                       Previous           Next

Government all set to kill wireless in the name of national security  

October 21, 2009

 

For those who access the Internet over wireless here is some bad news. The Indian government has issued instructions to all Internet services providers to keep a record of each and every user using the Wi-Fi Internet, similar to records kept by cybercafés. This recordkeeping is so difficult that it could kill the Wi-Fi connectivity.

According to a government notification, it appears that the authorities are concerned about the use of Wi-Fi networks by 'anti-social elements'. However, instead of tightening the noose around those 'anti-social elements' the Department of Telecom (DoT) has found an innovative way to gag the registered users.

What does this new directive mean for a common Wi-Fi user? Firstly, it means you need to have a separate username and password to access your Wi-Fi connection at home, in case if the connection is not in your name. So you will have to assign username and passwords for all family members. It’s very simple, isn’t it? But wait... after assigning username and passwords to all your family members; you will have to maintain a record of everyone's usage. If this sounds like a difficult task, then imagine what will happen to colleges and offices which use Wi-Fi.

Here is the text of DoT's latest public notice... "In order to prevent misuse of Wi-Fi connectivity for Internet access by unauthorised users, all telecom service providers have been directed to implement online Centralised Authentication procedure for Internet subscribers. All Internet and broadband subscribers using Wi-Fi connectivity are required to get themselves registered with the respective Telecom Service Providers for completing the centralised authentication procedure within 60 days from the publication of this notice."

There are similar detailed authentication norms for Wi-Fi in public spaces and compliance by existing subscribers, and those users with their own Wi-Fi routers will also have to get themselves registered. This is in contrast with government's initiatives to promote Wi-Fi Internet connectivity in educational institutes and public domain hot-spots. The latest directives from DoT also put a question mark on the future of wireless cities. Unwire Pune and Unwire Bangalore networks are reportedly ready for a rollout while Delhi, Ahmedabad, Bengaluru, Chennai and Kolkata have also launched initiatives towards full-scale or partial deployment of City Wireless networks in the near future.

The DoT notices are part of the government's initiatives to curb unauthorised use of Wi-Fi Internet following the series of bomb blasts that rocked Ahmedabad and New Delhi last year. Terrorists in India reportedly used hacked Wi-Fi accounts in Mumbai to send an e-mail message to news channels claiming responsibility for these blasts.

However, the notice fails to address the proper issues and instead has focussed more on curbing overall Wi-Fi usage. Ideally, the notice should have mentioned about implementation of new security standards and methods to be followed by every Wi-Fi user.

Moneylife came across some interesting debate on the Internet over the issue. One user said, "Nobody is interested in users having passwords to log into private networks, the notification asks for all users to be centrally registered with the ISP. This is a backdoor method to empower ISPs to begin identifying subscribers on the basis of numbers of users per subscription ID, and the logical next step will be differential rates. I am rather more interested in a regulatory framework that will govern the leaking of such personal information to third parties (at the moment, there is none, so...)."

Another problem is the lack of security measures on a home network. Almost all Wi-Fi networks are supposed to use Wi-Fi Protected Access (WPA) standards for security mechanisms. But recently, some computer scientists from Japan claimed to have developed a way to break the WPA encryption system used in wireless routers in about one minute. So this puts another big question mark on the security mechanisms used in Wi-Fi networks.

Wi-Fi Alliance, a consortium that promotes products based on the family of IEEE 802.11 standards, advises to use WPA 2 standard based on IEEE 802.11i which provides 128-bit AES-based encryption. WPA 2 also provides mutual authentication with pre-shared key (PSK; in Personal mode) and with IEEE 802.1X / EAP (in Enterprise mode).

According to Wi-Fi Alliance, the overall Indian Wi-Fi market, including WLAN hardware, systems integration and software services, not including embedded devices and laptops, is predicted to grow with a compounded annual growth rate (CAGR) of 61.4% to over $744 million by 2012 from the $41.57 million in 2008.

Although there is no date mentioned on the DoT's public notice, it was issued on 15th October, so you have time till 15th December to 'fall in line' else your connection will be no more.

Looking at the opportunities and potential for Wi-Fi Internet connectivity, we hope the authorities will make necessary rectifications to their order. There is already an angry community of academics and experts who are gearing up to fight the move. But most people and corporates are completely unaware about the DoT notification.
–Sucheta Dalal with Yogesh Sapkale [email protected]


-- Sucheta Dalal