The Advisory Boar

By Abhijit Menon-Sen <>

Nonsensical DoT crypto restrictions

What are the regulations governing the use of cryptography and the development of cryptographic software in India? The answer is either "there aren't any" or "nobody really knows".

One of the few official documents to discuss the subject is this one ("Guidelines and general information for setting up of international gateways for internet") published by the Department of Telecommunications (DoT) in 2001. It is not clear why an informative document inviting proposals from ISPs to set up international gateways should have anything to say about the use of cryptography in general, or whether this amounts to a rule, but here's the relevant section:

II. LEVEL OF ENCRYPTION

Individuals/Groups/Organisations are permitted to use encryption upto 40 bit key length in the RSA algorithms or its equivalent in other algorithms without having to obtain permission. However, if encryption equipments higher than this limit are to be deployed, individuals/groups/organisations shall do so with the permission of the Telecom Authority and deposit the decryption key, split into two parts, with the Telecom Authority.

There has been plenty of criticism of this section as being "too weak", but the real problem is that it's stupid and wrong (as I have explained in email one too many times; hence this post).

First, a "40 bit key length" is ridiculous when applied to RSA. The number is clearly a reference to the US export restrictions on crypto (now long gone). But that key length was prescribed for DES, not RSA. DES is a symmetric encryption algorithm, while RSA is asymmetric; the latter typically needs much longer keys for the same level of security. A 40-bit DES key is roughly equivalent to a 384-bit RSA key, but 40-bit RSA keys are laughably insecure, and have never been used anywhere to protect anything. Even 40-bit and 56-bit DES are considered trivial to crack today. Most symmetric ciphers use a key length of at least 128 bits, and the recommended RSA key length today is 2048 bits.

Second, "deposit the decryption key, split into two parts" is clearly a reference to key escrow… but that is now how it's supposed to work. The idea is to deposit one part of your key, to make it easier for the authorities to recover the other part by brute force, given a court order (in theory). If you have to deposit both parts, why split it in the first place?

Even if we look at the intent of the rule rather than its wording, there are many practical problems. The RBI and SEBI guidelines mandate 128-bit (symmetric) encryption for online banking, and that is the minimum level supported by browsers now. Most users don't know that their browser uses strong encryption, and even if they did, browsers negotiate new keys for each SSL/TLS session and there is no way to recover the keys for escrow. In any case, the keys will never be reused, so there is little point to depositing them… and we have no infrastructure for key escrow anyway. (Also, key escrow has never been successfully implemented anywhere.)

It is clear to anyone familiar with cryptography that the section quoted above was written without sufficient research by someone who had only a superficial knowledge of (then-)current best practices.

Of course, even if they were specified correctly, 40-bit DES and key escrow would be stupid and utterly impractical restrictions.

My passport, at last!

Thanks to Hassath's urging, I gathered up the courage to visit the RPO once more, to apply for ECNR status ("emigration check not required").

The information counter gave me a copy of form #2 for INR5. I filled it in, attached a photograph and a self-attested photocopy of my matriculation certificate, waited in another short queue at counter #12, submitted the application along with my passport and INR300. I was told that my passport would be returned by 1300, and that I should wait in another queue to collect it. But I got my passport back a whole ten minutes before 1300, and the ECR stamp had been deleted; the next free page had an ECNR stamp, and all was exactly as it was supposed to have been in the first place.

It's good to know that I won't have to go back to the RPO anytime soon.

Renewing my passport, part 3

A couple of weeks after I received my new passport with the incorrect residential address, I headed back to the Regional Passport Office.

Unfortunately, I discovered that the RPO is closed on Wednesdays ("no public interaction"), but the information counter at the back was open, and to my surprise, I was told that I only needed to show up at room 10 (second floor) the next day with an application for the address to be corrected. I did that, and waited in a queue for half an hour or so.

In room #10 was a stern-looking lady who put her initials on my application without looking at it, and said I should submit it to the "corrections counter" 1A (downstairs). I stood in another queue to do that, and was told to submit a photocopy of the initialled application. I stood in another queue at a kiosk outside, then rejoined the queue at counter 1A. This time, my copy was stamped and returned, and I was told the passport would be dispatched the next Monday.

The ECR stamp, however, couldn't be fixed at the same time (although I was carrying all the necessary paperwork). The lady in room #10 started breathing fire when I asked about it, and said I should have the address corrected, and then come back again later to apply for the ECR status to be changed (for a fee of INR300). My protests that their documentation implies that a copy of the PAN card is sufficient fell on deaf ears.

The passport arrived by speed post today, with a hand-written correction to the address on the second page. I'll wait a while to regain my energy before the battle for ECNR status.

Update (2010-02-05): Only one visit to the RPO was needed.

Renewing my passport, part 2

Towards the end of August, I applied to renew my expired passport. I stood in a queue to submit the application, and returned home to wait for the police to verify that the residential address I put on the form was indeed where I lived.

A month later (to the day), a Sub-Inspector of police called to tell me he was on his way. He wanted to see two separate documents proving that I had lived at the specified address for a year or more. I showed him an old lease deed and a recent phone bill for my MTNL land line. He was happy with the deed, but wanted a phone bill that was more than a year old. I didn't have one (because I send the whole year's bills to my accountant at the end of the financial year), and I happened to not have any other documents (e.g. bank statements) that he would accept instead.

He said I had three options: to produce the requisite proof somehow, or to accept that my application would fail, and to apply again later when I had all the right documents, or to "spend a little money" to ensure a favourable police report despite my (partial) lack of documentation. "A little" money turned out to be INR1000, and I didn't feel like spending that on our friendly neighbourhood SI.

I had resigned myself to failure when Hassath suggested asking MTNL for a copy of an old phone bill… and I suddenly remembered that the MTNL web site (bless its soul!) allows me to download PDF copies of all the bills I've paid in the past. I downloaded one, printed it out, cringed at how unconvincing and unofficial it looked (even in colour), and called the SI to tell him I'd found some proof. He accepted it, and went away to file his report.

Today (about forty days after the police verification), I received my new passport by courier.

But all is not well. The "7B" in my (independently verified!) address has been printed in the passport as "73". But that's not all! There's an "Emigration Check Required" stamp on the first page, even though I am (explicitly and unambiguously) exempt from that particular restriction by virtue of paying income tax and having studied in India past the secondary school level. Oh well, at least they got my name right.

I wonder how many queues it will take to get this sorted out.

Update (2009-11-23): The incorrect address has been corrected after only two trips to the RPO.

Renewing my passport

Ten years ago, I renewed the passport I got before I visited my father at Cambridge when I was eight years old. I remember standing in a queue for four hours before finally being told that I was in the wrong place. I switched queues, but the second counter closed before I reached it, and I had to go back and queue up again the next day.

That passport expired earlier this year, and I dreaded every aspect of applying for renewal. But, thanks to a Hassath who also needed to renew her passport, I finally got around to filling in the forms and going to the Regional Passport Office behind the Hyatt Regency hotel in RK Puram. (We filled in our forms together, but it later turned out that Hassath needed a different form and had to join a different queue, while I was in the bog-standard general category for renewal.)

One major difference today is that you have to queue up outside to get a "token number" stamped on your application form by a counter at the rear of the building. The applications are then processed by counters inside the office in token sequence, and the current token at each counter is displayed on electronic displays both inside and outside the building. This helps to reduce queueing time, since the first counter only needs to stamp a number on the form, and people don't need to go inside until their timetoken is nigh.

I arrived about an hour before the token counter opened at 0930. There were some twenty people in line before me. I got my token (#17) by 1000, then joined a very long queue of people waiting on the sidewalk to get inside the office when it opened at 1030. This queue (which was the only one in 1999) also drained very rapidly, because everyone just piled in when the gates opened (the guard needing to check only for a stamped form before letting people in).

While waiting inside, I realised that a lot of people don't understand the token system. For one thing, the display boards are not cleared at the beginning of the day, so they display some confusingly large numbers (451) from the day before… but also some small numbers (35) which are harder to distinguish from current numbers. Besides, parts of each display don't work, and there are still always some people who try to submit their application out of sequence. I overheard someone saying You have to watch the display. Any number could come up at any moment, and you have to rush to the counter when yours does. (translating from Hindi).

The confusion helped me: several people missed their turn at a counter, and #17 came up much sooner than I had expected. It took only a few more minutes to submit my application, have the old passport cancelled (and returned), and pay for the renewal. I got a receipt that says I can send an SMS (but only during business hours!) with "PPT file-number" to 57272 to track the status of my application.

The application form for renewal was also quite easy to fill in (though a separate "personal particulars" form must be filled in duplicate), and one needs to produce only a few documents to support it (in my case, my PAN card, a phone bill, and my old passport). While waiting in line at the passport office, I was pleasantly surprised to learn that it's even possible to apply online: you fill in the form, get a custom-generated PDF, and can submit it—without a token—at a separate counter.

Now I have to wait for the police enquiry (to verify my address and the "I'm not a criminal" check-boxes I ticked on the form). Let's see how long that takes.

Update (2009-11-04): I received my passport today, but the story continues.