The memo was posted on Pastebin, but both it and its Google cache have since been removed. There is no way of confirming its legitimacy. Nevertheless, it has caused considerable consternation among commentators. With the rising importance of India to the global economy and the increasing use of Indian resources for data storage, and product support and development, some commentators have questioned the safety of both Western commercial and national secrets.
This may be an over-reaction. The security industry itself is largely underwhelmed. Kaspersky’s David Emm highlights the dilemma for manufacturers. “If they refuse to comply, it may be that they have to forego doing business in that country and place themselves at a competitive disadvantage.”
But, he adds, the real issue goes beyond just India. Business must “be aware of the potential risks of confidential data falling into the hands of *any* third party. Organizations must focus on securing their roaming work-force, while employees need to understand the potential impact of what they say and do online. The growing use of the cloud for storing data makes this even more important - your data could be held anywhere and your security may depend on those over whom you have little control.”
In this instance, the suggestion is that the threat is actually the Indian government. But it’s just another threat that needs to be tackled. And anyway, says Emm, “the last 12 months has shown ample evidence that governments everywhere are paying close attention to cyberspace and the implications for national defense.” In other words, if India is doing this, then it is almost certain that other governments are doing similar, and that our own governments know about the backdoors and have their own defensive (as well as offensive) strategies in place.
For example, where telephone conversations are necessary, encryption solutions are available. “Secure communication is a growing concern internationally,” admits Bjoern Rupp, the CEO of GSMK Cryptophone, “with many powers trying to get their hands on confidential information in political as well as in commercial contexts.
“In this scenario, traditional phones cannot offer the necessary security armour to protect users working in politically sensitive areas. The only way to ensure guaranteed protection of calls and prevent organizations of any kind from snooping on confidential information,” he adds, “is to invest in true end-to-end encryption and 360-degree mobile device security technology. This allows calls to fly under the radar and means that phone services won't be disrupted or intercepted.”
In short, if these backdoors exist (and in security terms we should assume they do), business and government should simply accept them as another security threat and deal with it accordingly.