The Telecom Security Policy of India 2014
was originally discussed by the Congress led Government. However, the
Congress Government faced a defeat in the elections and now it is for
the Narendra Modi led BJP Government to come out with a Telecom Security
Policy for India. The Telecom Security Policy declared by Congress was
defective on numerous counts and now we have to see what BJP led
Government would do in this regard.
If we consider the media reports,
the Central Government has proposed a new Telecom Security Policy of
India. It has made few changes to the Policy declared by Congress
Government. The National Telecom Security Policy is unlikely to include
measures on standards that would protect public health and safety. The
Government authorities have deleted the portion that emphasised rules
regarding “public health and safety” in the revised draft of the Telecom
Security Policy. The issue of radiations from mobile towers in India is a controversial one and the proposed Policy seems to be ignoring that aspect.
The proposed Policy has made it sure that Law Enforcement Agencies of
India would be allowed to request interceptions and e-surveillance
activities. Of course, in order to exercise this power, there is a dire need to modernise the Police force of India. Similarly, a lawful and constitutional interception law in India is also needed to make such requests immune from legal attacks. With the proposal to allow satellite based mobile services in India,
a “Techno Legal Framework” must be formulated by the Government as soon
as possible. Such a Legal Framework must be “Constitutionally Sound”
and not just a collection of “Legal Jargon” as was done during the
Congress Government time.
Recently Vodafone declared that Indian Government has been using Secret Wires
to indulge in e-surveillance. This approach of Indian Government is
definitely violation of Fundamental Rights of Indian Citizens. Realising
the gravity of the situation, the Department of Telecommunication (DOT)
has been ordered to investigate the issue. However, the stand of Narendra Modi Government regarding e-surveillance projects like Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India
is still not clear. This would create troubles for the Government as
well as for the Telecom Security Policy in the near future.
For instance, the draft Telecom Security Policy prescribes that
cellular operator will mandatorily have to allow Law Enforcing Agencies
to intercept calls, messages, and any other communications and the
access to monitor it in real time, while keeping the communications
secured. However, there is no Constitutional Lawful Interception Law in India as on date and this requirement would be a violation of Fundamental Rights of Indian Citizens.
The revised draft Policy also states that telecom service providers
should endure that user data is not revealed or duplicated or copied or
shared with recipients other than those designated by the sender, and
should ensure that user data is not being routed outside the
infrastructure within India when the end points of communication are
inside Indian territory. This requirement would strengthen the Privacy Rights in India of the Indian Citizens. Privacy Rights in India in the Information Era
require a totally different strategy and this provision would
strengthen the same. This provision is also required to comply with the
provisions of the Public Records Act, 1993.
Telcos will also be required to ensure authentication of end user,
authorised access to services and attribution of activities and payloads
to end users. However, this is not an easy task especially when Authorship Attribution in Transborder Cyber Crimes cases is very difficult to maintain. India is not very good at use of Cyber Forensics Practices. There is an urgent need to develop Cyber Forensics Investigation Solutions in India that are missing as on date. Indian law Enforcement Agencies must also understand that an IP Address should not be the Sole Criteria for Arrest and Conviction in India. The Cyber Forensics Trends and Developments in India
(PDF) do not support the type of responsibilities attributed to Law
Enforcement Agencies by the propose Telecom Security Policy. Even Regulations and Guidelines for Effective Investigation of Cyber Crimes in India are missing.
The proposed policy also directs that the attribution in the form
audit, forensic and tracking mechanisms should ensure tracking of
inappropriate use, criminal activities and enforcement of IT and cyber
security laws of the Government. Earlier, the Government had differences with Blackberry
over the encrypted message and email services the firm provides to
customers. Fearing that such encrypted services can be used to plan and
execute terrorist strikes, India had also threatened to ban the
providers of such services if they failed to accommodate the legitimate
demands of Law Enforcement Agencies.
It has been claimed that Silent Circle
can provide safe, secure and encrypted electronic and wireless
communications to its clients and Law Enforcement agencies may find it
difficult to crack its encryption. However, we cannot effectively tackle
encryption related issues till we have Encryption Policy of India (PDF) in place that must be based upon a dedicated Encryption Law of India. We also need dedicated Cyber Security Laws in India to manage cyber security relate issues. The Cyber Security Trends in India (PDF) have proved that India has a Poor Cyber Security Infrastructure. Intelligence Agencies Reforms in India must also be undertaken as soon as possible.
The proposed Telecom Security Policy of India must address all these
issues in order to be “Balanced and Constitutional”. However, from media
reports it is not clear whether the proposed Policy covers all these
issues or not.