The Telecom Security Policy of India 2014 was originally discussed by the Congress led Government. However, the Congress Government faced a defeat in the elections and now it is for the Narendra Modi led BJP Government to come out with a Telecom Security Policy for India. The Telecom Security Policy declared by Congress was defective on numerous counts and now we have to see what BJP led Government would do in this regard.
If we consider the media reports, the Central Government has proposed a new Telecom Security Policy of India. It has made few changes to the Policy declared by Congress Government. The National Telecom Security Policy is unlikely to include measures on standards that would protect public health and safety. The Government authorities have deleted the portion that emphasised rules regarding “public health and safety” in the revised draft of the Telecom Security Policy. The issue of radiations from mobile towers in India is a controversial one and the proposed Policy seems to be ignoring that aspect.
The proposed Policy has made it sure that Law Enforcement Agencies of India would be allowed to request interceptions and e-surveillance activities. Of course, in order to exercise this power, there is a dire need to modernise the Police force of India. Similarly, a lawful and constitutional interception law in India is also needed to make such requests immune from legal attacks. With the proposal to allow satellite based mobile services in India, a “Techno Legal Framework” must be formulated by the Government as soon as possible. Such a Legal Framework must be “Constitutionally Sound” and not just a collection of “Legal Jargon” as was done during the Congress Government time.
Recently Vodafone declared that Indian Government has been using Secret Wires to indulge in e-surveillance. This approach of Indian Government is definitely violation of Fundamental Rights of Indian Citizens. Realising the gravity of the situation, the Department of Telecommunication (DOT) has been ordered to investigate the issue. However, the stand of Narendra Modi Government regarding e-surveillance projects like Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India is still not clear. This would create troubles for the Government as well as for the Telecom Security Policy in the near future.
For instance, the draft Telecom Security Policy prescribes that cellular operator will mandatorily have to allow Law Enforcing Agencies to intercept calls, messages, and any other communications and the access to monitor it in real time, while keeping the communications secured. However, there is no Constitutional Lawful Interception Law in India as on date and this requirement would be a violation of Fundamental Rights of Indian Citizens.
The revised draft Policy also states that telecom service providers should endure that user data is not revealed or duplicated or copied or shared with recipients other than those designated by the sender, and should ensure that user data is not being routed outside the infrastructure within India when the end points of communication are inside Indian territory. This requirement would strengthen the Privacy Rights in India of the Indian Citizens. Privacy Rights in India in the Information Era require a totally different strategy and this provision would strengthen the same. This provision is also required to comply with the provisions of the Public Records Act, 1993.
Telcos will also be required to ensure authentication of end user, authorised access to services and attribution of activities and payloads to end users. However, this is not an easy task especially when Authorship Attribution in Transborder Cyber Crimes cases is very difficult to maintain. India is not very good at use of Cyber Forensics Practices. There is an urgent need to develop Cyber Forensics Investigation Solutions in India that are missing as on date. Indian law Enforcement Agencies must also understand that an IP Address should not be the Sole Criteria for Arrest and Conviction in India. The Cyber Forensics Trends and Developments in India (PDF) do not support the type of responsibilities attributed to Law Enforcement Agencies by the propose Telecom Security Policy. Even Regulations and Guidelines for Effective Investigation of Cyber Crimes in India are missing.
The proposed policy also directs that the attribution in the form audit, forensic and tracking mechanisms should ensure tracking of inappropriate use, criminal activities and enforcement of IT and cyber security laws of the Government. Earlier, the Government had differences with Blackberry over the encrypted message and email services the firm provides to customers. Fearing that such encrypted services can be used to plan and execute terrorist strikes, India had also threatened to ban the providers of such services if they failed to accommodate the legitimate demands of Law Enforcement Agencies.
It has been claimed that Silent Circle can provide safe, secure and encrypted electronic and wireless communications to its clients and Law Enforcement agencies may find it difficult to crack its encryption. However, we cannot effectively tackle encryption related issues till we have Encryption Policy of India (PDF) in place that must be based upon a dedicated Encryption Law of India. We also need dedicated Cyber Security Laws in India to manage cyber security relate issues. The Cyber Security Trends in India (PDF) have proved that India has a Poor Cyber Security Infrastructure. Intelligence Agencies Reforms in India must also be undertaken as soon as possible.
The proposed Telecom Security Policy of India must address all these issues in order to be “Balanced and Constitutional”. However, from media reports it is not clear whether the proposed Policy covers all these issues or not.