Tuesday, December 8, 2015

Proposed National Telecom Security Policy Of India 2014 Must Be Balanced And Constitutional

The Telecom Security Policy of India 2014 was originally discussed by the Congress led Government. However, the Congress Government faced a defeat in the elections and now it is for the Narendra Modi led BJP Government to come out with a Telecom Security Policy for India. The Telecom Security Policy declared by Congress was defective on numerous counts and now we have to see what BJP led Government would do in this regard.

If we consider the media reports, the Central Government has proposed a new Telecom Security Policy of India. It has made few changes to the Policy declared by Congress Government. The National Telecom Security Policy is unlikely to include measures on standards that would protect public health and safety. The Government authorities have deleted the portion that emphasised rules regarding “public health and safety” in the revised draft of the Telecom Security Policy. The issue of radiations from mobile towers in India is a controversial one and the proposed Policy seems to be ignoring that aspect.

The proposed Policy has made it sure that Law Enforcement Agencies of India would be allowed to request interceptions and e-surveillance activities. Of course, in order to exercise this power, there is a dire need to modernise the Police force of India. Similarly, a lawful and constitutional interception law in India is also needed to make such requests immune from legal attacks. With the proposal to allow satellite based mobile services in India, a “Techno Legal Framework” must be formulated by the Government as soon as possible. Such a Legal Framework must be “Constitutionally Sound” and not just a collection of “Legal Jargon” as was done during the Congress Government time.

Recently Vodafone declared that Indian Government has been using Secret Wires to indulge in e-surveillance. This approach of Indian Government is definitely violation of Fundamental Rights of Indian Citizens. Realising the gravity of the situation, the Department of Telecommunication (DOT) has been ordered to investigate the issue. However, the stand of Narendra Modi Government regarding e-surveillance projects like Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India is still not clear. This would create troubles for the Government as well as for the Telecom Security Policy in the near future.

For instance, the draft Telecom Security Policy prescribes that cellular operator will mandatorily have to allow Law Enforcing Agencies to intercept calls, messages, and any other communications and the access to monitor it in real time, while keeping the communications secured. However, there is no Constitutional Lawful Interception Law in India as on date and this requirement would be a violation of Fundamental Rights of Indian Citizens.

The revised draft Policy also states that telecom service providers should endure that user data is not revealed or duplicated or copied or shared with recipients other than those designated by the sender, and should ensure that user data is not being routed outside the infrastructure within India when the end points of communication are inside Indian territory. This requirement would strengthen the Privacy Rights in India of the Indian Citizens. Privacy Rights in India in the Information Era require a totally different strategy and this provision would strengthen the same. This provision is also required to comply with the provisions of the Public Records Act, 1993.

Telcos will also be required to ensure authentication of end user, authorised access to services and attribution of activities and payloads to end users. However, this is not an easy task especially when Authorship Attribution in Transborder Cyber Crimes cases is very difficult to maintain. India is not very good at use of Cyber Forensics Practices. There is an urgent need to develop Cyber Forensics Investigation Solutions in India that are missing as on date. Indian law Enforcement Agencies must also understand that an IP Address should not be the Sole Criteria for Arrest and Conviction in India. The Cyber Forensics Trends and Developments in India (PDF) do not support the type of responsibilities attributed to Law Enforcement Agencies by the propose Telecom Security Policy. Even Regulations and Guidelines for Effective Investigation of Cyber Crimes in India are missing.

The proposed policy also directs that the attribution in the form audit, forensic and tracking mechanisms should ensure tracking of inappropriate use, criminal activities and enforcement of IT and cyber security laws of the Government. Earlier, the Government had differences with Blackberry over the encrypted message and email services the firm provides to customers. Fearing that such encrypted services can be used to plan and execute terrorist strikes, India had also threatened to ban the providers of such services if they failed to accommodate the legitimate demands of Law Enforcement Agencies.

It has been claimed that Silent Circle can provide safe, secure and encrypted electronic and wireless communications to its clients and Law Enforcement agencies may find it difficult to crack its encryption. However, we cannot effectively tackle encryption related issues till we have Encryption Policy of India (PDF) in place that must be based upon a dedicated Encryption Law of India. We also need dedicated Cyber Security Laws in India to manage cyber security relate issues. The Cyber Security Trends in India (PDF) have proved that India has a Poor Cyber Security Infrastructure. Intelligence Agencies Reforms in India must also be undertaken as soon as possible.

The proposed Telecom Security Policy of India must address all these issues in order to be “Balanced and Constitutional”. However, from media reports it is not clear whether the proposed Policy covers all these issues or not.

Illegal International Racket Using Unauthorised Gateways To Divert The VOIP Calls Landing In India Busted

Telecom related issues faced many challenges in the past. However, the regulatory environment for telecom sector of India is fast changing now.  Telecom security policy of India is also in pipeline that may streamline many telecom related issues in India.  The Telecom Commission has also approved satellite based mobile services in India. Satellite phones may also be allowed to be used by adventure tourists where no telecommunication connectivity is available in India.

Few areas in the field of telecom sector are still problematic in nature. For instance, Voice over Internet Protocol (VOIP) has always been a problematic aspect in India. Intelligence agencies of India have been insisting that Internet Telephony and VOIP service providers must establish servers in India. Further, Intelligence Bureau (IB) of India is also expediting the testing of VOIP interception system in India.

Meanwhile, crackdowns on illegal VOIP activities continue in India. In one such latest crackdown, the cyber crime wing of Cyberabad police arrested six persons on the charge of running an illegal international racket by setting up unauthorised gateways to divert the VOIP calls landing in India. The accused were using illegal VOIP gateways and diverted the international calls originating from cheap network providers in Pakistan, Middle East, US and UK.

According to the Police, those who receive such calls will have to pay lesser charges as against what the actual provider charges and will also not come under the government scanner.

The international VOIP grey traffic is purchased as per the daily prevailing rates from international carriers. The modus operandi used by illegal grey operators includes arranging international traffic from various VoIP operators across the globe and terminating it on their own illegal VoIP gateways using broadband connections. This traffic is then distributed to the domestic destination numbers using GSM SIMs, CDMA RUIMs and Public Switched Telephone Network (PSTN) connections.

Telecom Trends In India 2014

Perry4Law Organisation (P4LO) is on the forefront of providing various techno legal trends of India since 2006. The latest to add to this list are Cyber Security Trends and Developments in India 2014 and Telecom Related Trends and Development in India 2014. The cyber security trends of India 2014 have also been covered here1 and here2.

In this work, Perry4Law’s Techno Legal Base (PTLB) is providing the summary of the telecom trends of India 2014. The telecom trend of India in the year 2014 witnessed a combination of progressive and regressive steps being taken by Indian Government.

On the progressive side the Telecom Commission of India has allowed satellite based mobile services in India in the year 2014. On the regressive side, the Indian Government has failed to protect civil liberties in cyberspace once again. In fact, telecom operator Vodafone revealed use of secret wires for government e-surveillance and eavesdropping worldwide, including in India.

Indian Department of Telecommunications (DoT) promised to investigate govt snooping allegations of Vodafone but it failed to do so till the end of December 2014. The dangerous central monitoring system (CMS) of India was also activated without any legal framework and Parliamentary oversight.

Similarly, the redundant and outdated telecom related laws remained on the statue book in the year2014. For instance, the telegraph and cyber law of India remained outdated, colonial and draconian in the year 2014. Similarly, encryption related dedicated laws in India are also missing till the end of December 2014.

Further, new lawmaking was also missing in the year 2014. For instance, there is no dedicated laws regarding cell phones and their dealings in India and the same continued till the end of December 2014 as well. In particular, the cell site data location laws in India and privacy issues are still not redressed by Indian Government so far.

India is also one of the countries where phone tapping is possible without any court order/warrant. This is a serious civil liberty violation that continued in the year 2014. A lawful and constitutional interception law in India is urgently needed. Privacy rights in India in the information era (PDF) have still not been recognised by Indian Government.

Overall, the telecom trends of India in the year 2014 were far from satisfactory. Rather they were on the negative side of development that must be taken care of by Indian Government in the year 2015.

Online Petition And Survey By CCICI Regarding Cyber Law Due Diligence In India

Interpretation and analysis of the judgment of Supreme Court of India in Shreya Singhal v. Union of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF) has already been started by various cyber law stakeholders of India. Most of them have based their observations upon Section 66A alone leaving aside other sections like Section 69A and Section 79 of the Information Technology Act, 2000.

However, it seems while doing justice to freedom of speech and expression in India, the Supreme Court has erred in reading down Section 79 and Rule 3 of Information Technology (Intermediaries Guidelines) Rules, 2011 (PDF) that pertains to Internet Intermediary liability and observance of cyber law due diligence (PDF) by them. In fact, it has been claimed that Supreme Court has killed cyber law due diligence in India to a great extent.

Cyber Crimes Investigation Centre of India (CCICI), the premier cyber crime investigation centre of Perry4Law Organisation (P4LO), has been covering these issues from the very beginning. Now CCICI has taken this interpretation and effort to another level by starting an online petition and survey titled “Do We Need a Stronger Cyber Law Due Diligence in India?”

Unfortunately, most of the interpretations and observations regarding the judgment of Supreme Court were directed towards Section 66A alone and the issue of cyber law due diligence was totally ignored. This has serious ramifications for all cyber victims whose locus standi has been taken away by the Supreme Court to approach the Intermediary.

It is of utmost importance that this issue must be discussed in great detail and then taken up before the Supreme Court through a review petition. Similarly, the collective inputs can also be shared with Indian government and Parliament so that they can come up with a more potent and effective cyber law due diligence requirement in India.

If you are a cyber victim or you know a person who has been a cyber victim, please share your views through this petition and survey. Your views would shape the cyber law of India and make it more meaningful. If you have ever suffered from harassment over e-mail, SMS, chatting, Social media, etc or you know a person who has been so harassed, then please share your views at the petition/survey page. Collectively let us make a responsible cyber society and culture in India.