<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On Wednesday 07 August 2013 06:48 AM,
michael gurstein wrote:<br>
</div>
<blockquote cite="mid:076601ce930c$14b722c0$3e256840$@gmail.com"
type="cite">
<pre wrap=""><a class="moz-txt-link-freetext" href="http://ca.news.yahoo.com/russia-seeking-snowdens-help-data-security-17501860">http://ca.news.yahoo.com/russia-seeking-snowdens-help-data-security-17501860</a>
3.html
(I've retitled this...
M</pre>
</blockquote>
<br>
The responses of governments to Snowden revelations have many
troubling aspects. Soon, perhaps with a lot of regret, we will
realise that the Internet did not get balkanised because of attempts
to put up democratic (even if only relatively democratic) global
Internet governance structures - as the alarm has often been raised
- but that it is getting balkanised because we did not do enough to
set up such structures. It may still be time to make positive
efforts in this regard. <br>
<br>
Meanwhile, evidently, US already enforces complete 'digital
sovereignty'..... It only opposes other countries' attempt to have
some leverage over their own digital space, however legitimate their
reason may be.... Time that US's bluff is called.....<br>
<br>
From the article below.. ( at
<a class="moz-txt-link-freetext"
href="http://www.frontline.in/the-nation/indian-help/article4982631.ece?homepage=true">http://www.frontline.in/the-nation/indian-help/article4982631.ece?homepage=true</a>
)<br>
<br>
<blockquote>"<font face="verdana, sans-serif">Article 2, the key
section of the agreement, clearly outlines the obligations of
the company regarding storage of information on domestic
communications. Section 2.4 states that unless otherwise agreed
to by the parties, Yipes shall store domestic communications,
transactional data, subscriber information, billing records,
domestic network and domestic network management information
exclusively in the U.S."</font> [....] <font face="verdana,
sans-serif">Article 1.3 of the agreement says that VSNL shall
ensure that all domestic telecommunications routed over the
Teleglobe network shall not be routed outside of the U.S. and/or
Canada except in emergency situations such as a natural
disaster.</font>"<br>
</blockquote>
<font face="verdana, sans-serif"><br>
parminder <br>
</font><br>
<br>
<div class="gmail_quote"><br>
<div> <b><font size="4">Surveillance: </font></b><font size="4"><b>Indian
help</b></font></div>
<div>
<div>
<div> Frontline</div>
</div>
<div>
<div><br>
</div>
</div>
<div>
<div style="min-height:auto">
<div>
<h3><font face="verdana, sans-serif">Network security
agreements that Reliance Communications and VSNL
signed with U.S. government departments oblige them to
share data carried on their infrastructure and assist
the U.S. in its surveillance programme. </font></h3>
<h3><font face="verdana, sans-serif">By SAGNIK DUTTA in
New Delhi</font></h3>
</div>
<p><font face="verdana, sans-serif"> EVEN as the storm set
off by the whistle-blower Edward Snowden’s revelations
about the United States’ elaborate electronic
surveillance programme is raging, a set of documents
accessed by <i>Frontline </i>highlight the involvement
of two major Indian telecom companies in assisting the
U.S. in carrying out the programmes. </font></p>
<p><font face="verdana, sans-serif"> A series of Network
Security Agreements (NSAs) entered into by various U.S.
government departments with foreign communications
infrastructure providers from 1999 to 2011 allowed the
U.S. access to a considerable amount of data flowing
through the cables of these companies. </font></p>
<p><font face="verdana, sans-serif"> Reliance Communications
Limited and the erstwhile Videsh Sanchar Nigam Limited
(VSNL), which is now called Tata Communications Ltd,
signed network security agreements with the U.S. in
November 2007 and April 2005 respectively. The U.S.
government departments that were party to this agreement
include the Federal Bureau of Investigation (FBI), the
Department of Homeland Security (DHS), the Department of
Justice (DoJ), and the Department of the Treasury. </font></p>
<p><font face="verdana, sans-serif"> A close analysis of
these agreements reflects an elaborate attempt to
control and monitor the flow of information through
physical infrastructure owned by these companies. A
similar pattern is observed in the agreements in terms
of the mechanisms that are put in place to not only
control and monitor transactional and other information
of subscribers, but also protect access to the same by
foreign governments and even the management of the
company. The agreements also attempt to control foreign
ownership of telecom companies. This illustrates
attempts by the U.S. to dominate the cyberspace. </font></p>
<p><font face="verdana, sans-serif"> These agreements have
significant ramifications for cybersecurity policy in
India. A significant amount of Internet traffic across
the world, including from India, flows through the U.S.
Internet infrastructure. The existence of such
agreements makes such data available to U.S. government
departments. What is noticeable in these agreements is
the degree to which foreign control of the telecom
companies is monitored and curbed. </font></p>
<p><font face="verdana, sans-serif"> Speaking to <i>Frontline</i>,
Prabir Purkayastha, chairman of Knowledge Commons, a
body involved with Internet and free software issues,
said: “The attempt to gain control of telecom
infrastructure through surveillance is significant as 80
per cent of the Internet traffic is routed through the
U.S. Also, the contrast between India and the U.S. in
terms of telecom policy is significant. While India is
calling for lifting the ceiling on FDI [foreign direct
investment] to 100 per cent, the U.S. is exercising
considerable control over the functioning of telecom
companies.” </font></p>
<p><font face="verdana, sans-serif"> On July 22, <i>The Hindu</i> reported
that National Security Adviser Shivshankar Menon, in an
internal note, called for international cooperation to
counter cyber attacks. The note reportedly mentioned
that the security agencies of the U.S. and the United
Kingdom were “extremely stingy” in sharing information.
</font></p>
<p> <font face="verdana, sans-serif"><b>Reliance Communications’
agreement </b><br>
<br>
An agreement signed by Reliance Communications Limited
and its subsidiaries (Reliance Gateway Net Limited,
Yipes Holdings Limited and FLAG Telecom Group Limited)
with the DoJ and the DHS (referred to as USG parties) in
November 2007 provides that the communications service
providers will provide technical or other assistance
upon lawful request to facilitate electronic
surveillance relating to domestic communications
infrastructure. </font></p>
<p><font face="verdana, sans-serif"> It is significant to
note in this context that at the time of signing this
agreement, Yipes catered to financial, legal,
government, educational and health-care industries
through a network of more than 22,000 route kilometres
of optical fibre and associated equipment across 17
major U.S. metropolitan markets. The agreement also
mentions that Yipes had points of presence (PoPs) in
London, Tokyo and Hong Kong and was in the process of
deploying additional PoPs in Frankfurt, Toronto and
London. Reliance Communications completed its
acquisition of Yipes in December 2007. The acquisition
was announced in July. </font></p>
<p><font face="verdana, sans-serif"> Article 2, the key
section of the agreement, clearly outlines the
obligations of the company regarding storage of
information on domestic communications. Section 2.4
states that unless otherwise agreed to by the parties,
Yipes shall store domestic communications, transactional
data, subscriber information, billing records, domestic
network and domestic network management information
exclusively in the U.S. Article 2.5 of the agreement
clearly puts an obligation on Yipes to share such
information on request with the U.S. government
authorities. On a request made by a government
authority, Yipes will have to provide any information in
its possession and such information shall be stored
exclusively in the U.S. </font></p>
<p><font face="verdana, sans-serif"> The agreement envisages
an elaborate security framework to guard zealously this
information accessed by the service providers. It states
that within 10 business days of the effective date,
Yipes shall designate a security officer to act as a
point of contact between the USG parties regarding
compliance with this agreement. Article 3.1 of the
agreement says that the security officer will have to be
a resident U.S. citizen, hold a U.S. security clearance
and possess the authority to enforce the agreement. The
security officer is given considerable powers and access
to information. </font></p>
<p><font face="verdana, sans-serif"> The agreement states
that the security officer “shall have access to all
information necessary to perform his or her duties,
including, without limitation, security-related and
technical information and business information,
including but not limited to information regarding the
existing and emerging products and services of Yipes and
business plans of the communications service providers
affecting Yipes’ ability to perform its obligations
under this agreement”. It further states that if any
action of the security officer is blocked or if he is
denied relevant information, the officer shall
immediately report the fact to the USG parties within
five days of such an incident occurring. </font></p>
<p><font face="verdana, sans-serif"> Further, Article 3.10
of the agreement provides that Yipes, upon a request
from the USG parties, shall provide the name, date of
birth, and other relevant requested information of each
person who regularly handles or deals with sensitive
information. Also, the company is bound by the agreement
not to disclose sensitive information to any third
party, including those who serve in a supervisory,
managerial or executive role with respect to the
employees working with the information (Article 3.11). </font></p>
<p><font face="verdana, sans-serif"> Article 4 of the
agreement outlines attempts to manage the structure of
the company and exert considerable control over
ownership by foreign entities. Article 4.2 of the
agreement says that a member of the management of Yipes
acquiring information about a foreign entity acquiring
ownership in the company or the domestic communications
infrastructure above 10 per cent shall notify Yipes in
writing within 10 business days. Also, Article 4.3 of
the agreement states that if any foreign government or
foreign government-controlled entity participates in the
management of the company in a way so as to interfere
with Yipes performing the terms of the agreement, then a
member of the management aware of such developments will
notify the USG parties within 10 business days of the
timing and nature of the foreign government’s plans. </font></p>
<p><font face="verdana, sans-serif"> Article 4.7 allows the
USG parties to visit any time any part of the domestic
communications infrastructure and Yipes’ security
offices to conduct on-site reviews regarding the
implementation of this agreement. </font></p>
<p><font face="verdana, sans-serif"> Article 7.3 of the
agreement says that violation of any obligations of this
agreement shall be considered irreparable injury and
monetary relief will not be adequate remedy. The
agreement states that the USG parties shall be entitled
“to any remedy available to law or equity, to specific
performance and injunctive or other equitable relief”. </font></p>
<p><font face="verdana, sans-serif"> A detailed
questionnaire addressed to Reliance Communications
remained unanswered at the time of writing this report.
</font></p>
<p> <font face="verdana, sans-serif"><b>Agreement with VSNL
</b><br>
<br>
A similar agreement was signed between VSNL and the U.S.
government departments which also provided an elaborate
framework of surveillance in collaboration with the
telecom company. The agreement was signed by VSNL and
its subsidiaries (VSNL America and VSNL
Telecommunications (U.S.), or VSNL U.S.) with the DoJ,
including the FBI and the DHS, and the Department of
Defence, collectively referred to as the “Parties”,
between April 5 and 7, 2005. This was to be followed up
by an agreement, dated July 25, among VSNL, VSNL
Telecommunications (Bermuda) Ltd and Teleglobe
International Holdings Ltd and affiliated entities to
facilitate the filing of applications with the Federal
Communications Commission (FCC) for authorisation to
assign and transfer control of certain licences granted
by the FCC. (VSNL acquired Teleglobe in July 2005.) </font></p>
<p><font face="verdana, sans-serif"> The agreement provides
the U.S. government departments a mechanism for seamless
and holistic access to information flowing through the
physical infrastructure of VSNL and Teleglobe. Article
1.3 of the agreement says that VSNL shall ensure that
all domestic telecommunications routed over the
Teleglobe network shall not be routed outside of the
U.S. and/or Canada except in emergency situations such
as a natural disaster. The agreement also grants the
U.S. government departments unimpeded access to
information concerning technical matters and physical
management or other security measures and the right to
ensure compliance with its terms. </font></p>
<p><font face="verdana, sans-serif"> Article 2.1 states that
all domestic communications infrastructure shall at all
times be located in the U.S. and it shall pass through
the facility of VSNL America or VSNL U.S. located in the
U.S. from which electronic surveillance can be
conducted. As per Article 2.3, these two entities are
obliged to store domestic communications, wire or
electronic communications, transactional data,
subscriber information, billing records of customers who
are U.S.-domiciled, and network management information.
</font></p>
<p><font face="verdana, sans-serif"> This agreement also
provides a similar elaborate security apparatus to
enable electronic surveillance and access to sensitive
information. Article 3.2 of the agreement states a
security officer shall review visits by non-U.S. persons
to any domestic communications infrastructure. A written
request for approval of a visit was to be submitted to
the security officer no less than seven days prior to
the date of the proposed visit. Article 3.8 also talks
about points of contact to be assigned to VSNL America
and VSNL U.S. security offices who shall be available
for 24 hours a day, seven days a week, and shall be
responsible for maintaining the security of classified,
sensitive and controlled unclassified information. The
two companies are also obliged to comply with any
request from the U.S. government authorities for a
background check or a security clearance process to be
completed for a designated point of contact. The U.S.
government departments are also given considerable
powers regarding the appointment and screening of
security officers handling sensitive information. </font></p>
<p><font face="verdana, sans-serif"> The clauses of Article
3.14 clearly point to the degree of penetration that
this agreement allows to the U.S. government
departments. It states: “Upon request, VSNL America or
VSNL U.S. shall provide to the investigation services of
DHS, DOJ, FBI, and DOD, or in the alternative, to the
investigation service of the United States office of
Personnel Management (‘OPM’), all the information it
collects in its screening process of each candidate.” </font></p>
<p><font face="verdana, sans-serif"> This agreement also
states that the breach of the terms will entail
“irreparable injury” (Article 4.3) caused to the U.S.
government departments and they will have the right to
any other remedy available at law, to “specific
performance and injunctive or other equitable relief”. </font></p>
<p><font face="verdana, sans-serif"> An e-mail questionnaire
to Tata Communications about the agreement did not
elicit any response at the time of writing this article.
</font></p>
<p><font face="verdana, sans-serif"> The existence of these
agreements highlights the concerted attempts by the U.S.
government departments to appropriate global telecom
infrastructure to establish dominance in the cyberspace.
</font></p>
<p><font face="verdana, sans-serif"> The involvement of two
major Indian telecom companies in this elaborate
framework of surveillance in collaboration with U.S.
government departments has significant implications for
cyber security policy in India. The larger question
facing the advocates of Internet democracy and privacy
in communication is whether the Indian
telecommunications companies will be similarly
appropriated by an overzealous Indian government to
obtain information about unsuspecting citizens and
eventually as an instrument to control and monitor forms
of dissent both in the real and in the virtual world. </font></p>
<p><font face="verdana, sans-serif">*** </font></p>
</div>
</div>
</div>
</div>
<br>
<br>
<br>
<blockquote cite="mid:076601ce930c$14b722c0$3e256840$@gmail.com"
type="cite">
<pre wrap="">
</pre>
</blockquote>
<br>
</body>
</html>