s the world follows the fast-paced, globe-trotting adventures of American whistleblower Edward Snowden, who exposed illegal data phishing activities orchestrated by America's National Security Agency (NSA), India unveiled its national Cyber Security Policy (CSP) in New Delhi.

Telecommunications and IT Minister Kapil Sibal, while introducing the new policy, said that implementing this new tool would be a challenge to begin with. "This policy is a framework document and it gives you a broad outline of our vision. The real task or the challenge is the operationalisation of this policy," said Sibal.

On the heels of Sibal's comments, other ministers such as External Affairs Minister Salman Khurshid, who is dealing with the revelations of NSA spying on Indian establishments, tried to pass on the issue by saying the US was involved in "cyber scrutiny," and not "cyber snooping".

The framework of the new cyber policy looks to specifically safeguard vital national infrastructure such as defence systems, research organisations, power infrastructure, nuclear facilities and so on. However, the "broad outline" presented to the public reportedly has gaping loopholes on how these objectives will actually be achieved.

India took its first major stride into the world of cyber snooping with the setting up of the Central Monitoring System (CMS). Devised in 2011, CMS operates under the eyes of the Intelligence Bureau. All communication that Indians do via the internet, phone, SMS and so on is going to be centrally monitored even as India continues to lag behind in creating privacy laws for its citizens against such a "totalitarian" style of surveillance. Although like many other similar spying tools, CMS will not be able to break strongly-encrypted communications. It will also not be able to access communications originating from beyond the Indian borders.

Meanwhile, CMS, according to some lawyers, is considered illegal under current judicial frameworks.

"The advantage CMS has is that India does not have sufficient privacy laws protecting its citizens. The bizarre thing is that instead of rectifying this loophole, the government seems to be willing to take advantage of it," explains a Delhi-based lawyer familiar with the matter but who did not wish to be identified.

Other Indian agencies such as the Central Bureau of Investigation (CBI), which comes under the Special Police Establishment Act, are also touted to get interception abilities under the CMS. India has already seen arrests of internet users for posting criticism of the government or decisions the government has taken. The most popular case is that of student Shaheen Dhada from Palghar, who was arrested for writing against the closure of Mumbai following the death of Shiv Sena leader Bal Thackeray. Dhadha wrote about this on her Facebook page and was subsequently arrested. Other such incidents have not been uncommon since.

{ According to a recent report, more than 6 billion pieces of data from India may have been compromised by US agencies.

Following the CMS and the CSP, India is also looking to launch the National Cyber Coordination Centre (NCCC) later this year. The NCCC is expected to create real-time working assessments on cyber security threats, which will be able to put into operational action within a short period of the threat assessment being released. Developed at a reported cost of over Rs 1,000 crore, the NCCC is expected to involve all the internet service providers. However, questions still remain within the public sphere on the use of such agencies and how the sanctity of private data of users will remain uncompromised. These concerns have been amplified since India failed to detect mass data phishing by the US. According to a recent report, more than 6 billion pieces of data from India may have been compromised by US agencies.

"The NISP (cyber policy) is silent on privacy issue. The links with various existing laws in place should be drawn out explicitly. There is no mention of abuse/misuse of power from information gathered for national security purposes by government officials/agencies. NISP must make clear and make an unambiguous policy statement as to how such cases should be treated. This will help preventing human rights violations as well as corruption," says a note of observations released by the Internet and Mobile Association of India (IMAI).

Indian ministries and agencies have been lax on the issue of protecting data from the ever increasing threat for cyber warfare.

The level of training given to government employees, specifically in sensitive agencies such as defence, foreign affairs, home affairs and so on has also come into the spotlight. Government employees today are not necessarily aware of the modern day information technology espionage threats, let alone techniques and knowledge to defend against such intrusions.

Along with new agencies, an education programme from the ground level up of governance may also be required.

"We once sat down to check Delhi's internet backbone. We found thousands of systems compromised. All were government's systems. Research and Analysis Wing, Intelligence Bureau, Military Intelligence... we don't realise how much damage has already happened," a cyber-security analyst was quoted as saying to a national monthly magazine last year.

A challenge for India to secure its administrative and government agencies is to cultivate a culture of information security in a largely technologically backward work force in this aspect.

Agencies such as the National Technical Research Organisation, Defence Research and Development Organisation and others have been targeted by hackers frequently. And in the past, warnings by these very agencies to their respective offices in the higher chain of command have reportedly gone unheeded until major losses of data had taken place.

Many countries around the world are launching such agencies as the digital age becomes a new, effective and common arena of espionage, threatening national interests and vital installations.

The "big brother" appearance of the government's role swelling to protect virtual interests at a quick pace will, in all likeliness, see further compromises on personal privacy of the Indian citizens until the legal framework catches up with the modern day digital protection needs of the country.