Google Will Respond to "Valid Requests" for Data From India
Google recognizes the legitimate investigative needs of law enforcement agencies across the world, including in India, and will respond to valid requests for information that are received in accordance with applicable laws, the company said on Thursday.
The company also noted in a statement that its services such as Gmail are provided by Google Inc., a U.S. company subject to U.S. law.
Google appears to be saying that it will cooperate with Indian requirements, but will invoke U.S. law if pushed hard, said an analyst on condition of anonymity. In legal cases involving private parties, Indian subsidiaries of Internet companies have sometimes claimed that they are not liable for actions by their parent companies that are governed by U.S. laws.
Google will however not be able to avoid India's requests for interception of information on Gmail on the grounds that it is a U.S. company, said Pavan Duggal, a cyber law consultant and advocate in India's Supreme Court.
The statement from Google followed a report on Thursday in an Indian newspaper, The Economic Times, which quoted a Google executive as saying that Google will not share encryption keys to Gmail with Indian security agencies as that would compromise the privacy rights of millions of Gmail users.
The newspaper quoted Google India products chief Vinay Goel as saying that Google is open to offering the Indian government access to encrypted Gmail communication in the event of a large-scale risk to human life and property.
The Indian government is worried that terrorists are using online communications to plan and execute attacks.
Multinational communications and online companies are caught between the need to maintain the privacy of their customers, and the demands of the Indian government for access to online communications.
India's Information Technology (Amendment) Act, 2008 provides for the interception of communications under certain conditions.
The IT Act recognizes that the Internet has made geography irrelevant, and it is possible for anybody located outside India to access networks that are located physically in India, Duggal said. The Act hence makes its provisions applicable to entities and persons of any nationality and anywhere in the world, so long as the offending activity impacts a computer, computer system or computer network that is located in India, he added.
As Google's service is available upon, and hence impacts, computers located within India, Google is covered under the IT Act in its capacity as an intermediary, Duggal said.
If there is something impacting the security, sovereignty, and integrity of India, or friendly relations with other countries, or public order, the government in India can direct any intermediary whether located in India or abroad to comply with the provisions of the country's IT Act, Duggal said.
The Indian government also has the option to block from public access services and web sites that do not fall in line with the IT Act, Duggal added.
The interception rules provide for directions to be issued to intermediaries for interception only on a case-to-case basis, he said.
India is currently negotiating with Research In Motion to provide greater access to communications on the BlackBerry. While agreeing to provide access to BlackBerry Messenger communications on a case-by-case basis, RIM has however said it cannot provide access to corporate communications on BlackBerry Enterprise Server for which the encryption keys are only available from customers.
The Indian government has said previously that it would want similar interception facilities from online communications providers like Google and Skype. Google said in its statement that the country's home ministry was not in touch with the company over Gmail.