Indian ISPs Continue Futile Effort To Prevent Subscribers From Using Decent Encryption

from the good-luck-with-that dept

The global war against privacy tools, VPNs and encryption continues utterly-unhinged from common sense, and the assault on consumer privacy remains a notably global affair. Reddit users recently noticed that India’s fifth largest ISP, YOU Broadband, is among several of the country’s ISPs that have been trying to prevent customers from using meaningful encryption. According to the company’s updated terms of service, as a customer of the ISP you’re supposed to avoid using encryption to allow for easier monitoring of your online behavior:

“The Customer shall not take any steps including adopting any encryption system that prevents or in any way hinders the Company from maintaining a log of the Customer or maintaining or having access to copies of all packages/data originating from the Customer.”

Of course enforcement of such a requirement is largely impossible. But You Broadband isn’t just being randomly obtuse, and while the ISP’s TOS is making headlines, this effort isn’t really new. Most Indian ISPs are simply adhering to a misguided (and still not adequately updated) set of 2007 guidelines imposed by India’s Department of Telecommunications (word doc) demanding that ISPs try and prevent their subscribers from using any encryption with greater than a 40 bit key length if they want to do business in India:

“The Licensee shall ensure that Bulk Encryption is not deployed by ISPs connecting to Landing Station. Further, Individuals/Groups/Organizations are permitted to use encryption upto 40 bit key length in the symmetric key algorithms or its equivalent in other algorithms without having to obtain permission from the Licensor. However, if encryption equipments higher than this limit are to be deployed, individuals/groups/organizations shall do so with the prior written permission of the Licensor and deposit the decryption key, split into two parts, with the Licensor.”

Which is and of itself is rather hysterical, given that since 1996 or so, most folks have considered a 40 bit key length to be the security equivalent of wet tissue paper. In fact, Ian Goldberg won $1,000 from RSA for breaking 40 bit encryption in just a few hours way back in 1997, saying this at the time:

“This is the final proof of what we?ve known for years: 40-bit encryption technology is obsolete.”

And yeah, that was twenty years ago. But this sort of policy is pretty standard fair in India, which is no stranger to censorship, internet filtering, and blind, often-mindless expansion of surveillance. India’s government has also been at the forefront of attempting to impose backdoors in encryption, and there’s a recent effort in some corners to attempt to ban Whatsapp as well.

I’ve yet to see any ISP successfully enforce this ridiculous governmental restriction (if you’re in India and you have, let us know in the comment section precisely how). But it’s still part of an over-arching mindset that sees standard, intelligent privacy and security practices as an enemy that must be thwarted. Usually either to expand government surveillance, prop up idiot ham-fisted internet filters (as we’re seeing in Russia, China and India), or to erode consumer rights in the face of what are endless attempts to monetize your online behavior.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Indian ISPs Continue Futile Effort To Prevent Subscribers From Using Decent Encryption”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Businesses want the data for targeted advertising, to sell more junk for landfill, and continue fueling the perpetual growth that is destroying life on earth.

Politicians support the businesses because they are paid by them to do so. They also want the data to build targeted political propaganda bots, and keep gaming the system by exploiting the ignorance and suggestibility of the correct subpopulations, so they can continue manufacturing “consent”.

Defense wants the data to spy on the politicians’ enemies and try to manage blowback from the politicians’ corrupt perpetual wars. Defense contractors just want the the politicians’ corrupt perpetual wars.

Civil society wants none of these things and outnumber them all by 1000000:1. Get a good VPN and never turn it off.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...