The debate between personal privacy and national security continues to rage on, but privacy advocates in India have recently been dealt a blow with the news that keyloggers will be installed in the approximately 500 Internet cafes serving the city of Mumbai. According to a report in today's Ars Technica
, "cybercafe owners must agree to the installation of the software or else they will lose their licenses." Given that terrorists seek to hide their identities and are known to frequent Internet cafes in order to stay anonymous, the government hopes to thwart terrorism by monitoring computer activities in the cafes.
Vijay Mukhi, the president of India's Foundation for Information Security and Technology, defends the decision to install keyloggers stating, "The police needs to install programs that will capture every key stroke at regular interval screenshots, which will be sent back to a server that will log all the data. The police can then keep track of all communication between terrorists no matter which part of the world they operate from. This is the only way to patrol the Net and this is how the police informer is going to look in the e-age." But will such surveillance practices actually stop terrorism or will they just leave everyday citizens feeling uncomfortable using Mumbai's cybercafes?
While public terminals are one way for people to use the Internet anonymously, it is only one of many approaches available. The Internet cafes may soon have keyloggers to prevent criminal activities, but covert activity will remain possible through the use of proxy servers and tools like Tor
. These secure solutions are not only vital for those people living under repressive regimes, but are also a natural response to attempts at limiting private access to the Internet. As such, initiatives to stifle terrorist communication will have little, if any, effect on their intended target and are likely to have a far greater impact on people who have absolutely nothing to do with terrorist activities.
In a country where uploading blasphemous material
is a crime, it seems far more likely that ordinary people will be ensnared by the keyloggers than bona fide terrorists. Of course, if the Indian government were to mandate such security under the auspices of anything other than terrorism it would generate more protest within India and throughout the world; it's much riskier to speak out against antiterror initiatives as no one wants to be labeled a terrorist sympathizer.
The other interesting element to the story is that the new law appears to only address the city of Mumbai
. While it is the largest city in India with approximately 13 million people living inside its borders, it is probably not the only city in India that offers cybercafes and it seems that people engaged in organized criminal activity could simply drive to an access point outside the city limits. It's unclear whether the program is expected to expand across India, or if terrorist activities have been isolated within the city, but given the program's limitations it does not appear that it will have any effect in curbing terrorism. It will diminish the privacy of working class people in Mumbai, and that associated cost seems far greater than any effect the law will have on stopping terrorism.