Monthly Archives: June 2014

Proposed National Telecom Security Policy Of India 2014 Must Be Balanced And Constitutional

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBThe Telecom Security Policy of India 2014 was originally discussed by the Congress led Government. However, the Congress Government faced a defeat in the elections and now it is for the Narendra Modi led BJP Government to come out with a Telecom Security Policy for India. The Telecom Security Policy declared by Congress was defective on numerous counts and now we have to see what BJP led Government would do in this regard.

If we consider the media reports, the Central Government has proposed a new Telecom Security Policy of India. It has made few changes to the Policy declared by Congress Government. The National Telecom Security Policy is unlikely to include measures on standards that would protect public health and safety. The Government authorities have deleted the portion that emphasised rules regarding “public health and safety” in the revised draft of the Telecom Security Policy. The issue of radiations from mobile towers in India is a controversial one and the proposed Policy seems to be ignoring that aspect.

The proposed Policy has made it sure that Law Enforcement Agencies of India would be allowed to request interceptions and e-surveillance activities. Of course, in order to exercise this power, there is a dire need to modernise the Police force of India. Similarly, a lawful and constitutional interception law in India is also needed to make such requests immune from legal attacks. With the proposal to allow satellite based mobile services in India, a “Techno Legal Framework” must be formulated by the Government as soon as possible. Such a Legal Framework must be “Constitutionally Sound” and not just a collection of “Legal Jargon” as was done during the Congress Government time.

Recently Vodafone declared that Indian Government has been using Secret Wires to indulge in e-surveillance. This approach of Indian Government is definitely violation of Fundamental Rights of Indian Citizens. Realising the gravity of the situation, the Department of Telecommunication (DOT) has been ordered to investigate the issue. However, the stand of Narendra Modi Government regarding e-surveillance projects like Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India is still not clear. This would create troubles for the Government as well as for the Telecom Security Policy in the near future.

For instance, the draft Telecom Security Policy prescribes that cellular operator will mandatorily have to allow Law Enforcing Agencies to intercept calls, messages, and any other communications and the access to monitor it in real time, while keeping the communications secured. However, there is no Constitutional Lawful Interception Law in India as on date and this requirement would be a violation of Fundamental Rights of Indian Citizens.

The revised draft Policy also states that telecom service providers should endure that user data is not revealed or duplicated or copied or shared with recipients other than those designated by the sender, and should ensure that user data is not being routed outside the infrastructure within India when the end points of communication are inside Indian territory. This requirement would strengthen the Privacy Rights in India of the Indian Citizens. Privacy Rights in India in the Information Era require a totally different strategy and this provision would strengthen the same. This provision is also required to comply with the provisions of the Public Records Act, 1993.

Telcos will also be required to ensure authentication of end user, authorised access to services and attribution of activities and payloads to end users. However, this is not an easy task especially when Authorship Attribution in Transborder Cyber Crimes cases is very difficult to maintain. India is not very good at use of Cyber Forensics Practices. There is an urgent need to develop Cyber Forensics Investigation Solutions in India that are missing as on date. Indian law Enforcement Agencies must also understand that an IP Address should not be the Sole Criteria for Arrest and Conviction in India. The Cyber Forensics Trends and Developments in India (PDF) do not support the type of responsibilities attributed to Law Enforcement Agencies by the propose Telecom Security Policy. Even Regulations and Guidelines for Effective Investigation of Cyber Crimes in India are missing.

The proposed policy also directs that the attribution in the form audit, forensic and tracking mechanisms should ensure tracking of inappropriate use, criminal activities and enforcement of IT and cyber security laws of the Government. Earlier, the Government had differences with Blackberry over the encrypted message and email services the firm provides to customers. Fearing that such encrypted services can be used to plan and execute terrorist strikes, India had also threatened to ban the providers of such services if they failed to accommodate the legitimate demands of Law Enforcement Agencies.

It has been claimed that Silent Circle can provide safe, secure and encrypted electronic and wireless communications to its clients and Law Enforcement agencies may find it difficult to crack its encryption. However, we cannot effectively tackle encryption related issues till we have Encryption Policy of India (PDF) in place that must be based upon a dedicated Encryption Law of India. We also need dedicated Cyber Security Laws in India to manage cyber security relate issues. The Cyber Security Trends in India (PDF) have proved that India has a Poor Cyber Security Infrastructure. Intelligence Agencies Reforms in India must also be undertaken as soon as possible.

The proposed Telecom Security Policy of India must address all these issues in order to be “Balanced and Constitutional”. However, from media reports it is not clear whether the proposed Policy covers all these issues or not.

Telecom Commission Approves Satellite Based Mobile Services In India

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBThe Telecom Commission is an essential and core segment of Indian Department of Telecommunications (DoT). It has been playing a major role in bringing order to the chaotic telecom situation existing in India. The Commission along with the DoT manages the policy formulation, licensing, wireless spectrum management, administrative monitoring of PSUs, research and development and standardization/validation of equipment etc.

The Telecom Commission was constituted by the Government of India vide Notification dated 11th April, 1989 with administrative and financial powers of the Government of India to deal with various aspects of Telecommunications. The composition of the Commission consists of a Chairman, four full time members, who are ex-officio Secretary to the Government of India in the Department of Telecommunications and four part time members who are the Secretaries to the Government of India of the concerned Departments.

One of the areas covered by the Commission pertains to satellite based services management in India. The Satellite phones are permitted in India only with specific permission from DoT. Presently use of specific types of International Mobile Satellite Organisation (INMARSAT) terminals is only permitted as per details available under the link INMARSAT.

In a welcome move, the Telecom Commission has given the approval for introducing satellite based mobile services in India. The approval comes after a recommendation from the Telecom Regulatory Authority of India (TRAI) to introduce a regulatory mechanism to govern satellite phones. Initially, the services will be offered by Bharat Sanchar Nigam Ltd through a partnership with INMARSAT. INMARSAT provides its satellite services with a constellation of four satellites which are located in the Geo-stationary earth orbit.

Currently, in India, the satellite services of INMARSAT are used by maritime users through the Tata Communications Ltd under its international long-distance licence. Some limited numbers of users of land mobile have also been permitted by the DoT on a case-to-case basis.

Satellites provide telephone and broadcasting services, covering large geographical areas. A satellite-based communication system provides an ideal solution for connecting remote and inaccessible areas. In addition, satellite communication is widely used for the transmission of emergency traffic, such as distress and safety messages, to and from vessels at sea or remote locations.

While the INMARSAT services cater to maritime communication, the Government had envisaged satellite services, namely, Global Mobile Personal Communication by Satellite (GMPCS) in the new telecom policy 1999. Under this licence, satellite-based communication services were permitted. However, establishment of GMPCS Gateway in India by the licensee was a mandatory license condition, which dampened interest from potential investors. This required substantial financial expenditure which was not feasible to be recovered from the limited number of users.

Now the regulatory environment for telecom sector of India has changed and there is good sense in making such expenditure. The FDI Policy in telecom sector of India 2014 (PDF) is also conducive for investment purposes. Indian government has also given approval to establish two semiconductor wafer fabrication manufacturing facilities in India (PDF). This is in conformity with the policy of India government to encourage electronic system design and manufacturing in India. The new merger and acquisition (M&A) guidelines issued by Indian government is also seen as a pro active step by many telecom stakeholders. These developments would encourage establishment of GMPCS Gateway in India by the concerned licensee and widespread use of Satellite Based Mobile Services in India.

Until now, DoT was giving permission to procure the INMARSAT handsets and taking services from a foreign service provider was given to meet the requirement of paramilitary forces and disaster management. However, there are security related limitations in this arrangement.  There is a possibility of monitoring of calls outside the country as the earth station is located outside the country. In view of the above drawbacks, the Defence forces have not procured these handsets. They are continuing to use the old terminals. However, as declared by the INMARSAT, some of these old terminals will cease to be supported by their satellites from September. Thus, the decision by the Telecom Commission to permit BSNL to offer satellite services could help tide over the problems.

Indian Department Of Telecommunications Would Investigate Govt Snooping Allegations By Vodafone

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBIt is no more a secret that Governments across the world are indulging in e-surveillance and eavesdropping using technology and telecom infrastructures. India is no exception to this practice. Rather India is one of the most endemic e-surveillance nations in the world. The draconian laws like Telegraph Law and Indian Cyber Law are helping Indian government and intelligence agencies to indulge in unreasonable and unfettered e-surveillance at anytime and at any place. There is also an urgent need to bring intelligence agencies reforms in India as the intelligence infrastructure of India is in big mess.

Recently, the telecom giant Vodafone revealed existence of secret wires to facilitate e-surveillance by various Governments. It has been reported that even India has been using this service to indulge in e-surveillance. We have no constitutionally sound e-surveillance laws in India (PDF) as on date. Even e-surveillance policy of India is missing and there is a complete chaos in this regard. We have no telecom security policy of India as well that can prevent unauthorised e-surveillance and security threats against telecom infrastructure of India.

India has become notoriously infamous for her e-surveillance exercises and India cannot afford to maintain this negative image any further. This is the reason why Narendra Modi Government may be analysing the e-surveillance projects like The Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India.

In line of this approach, the Communications and Information Technology Minister Ravi Shankar Prasad on Tuesday said the Department of Telecommunications (DoT) would look into allegations made by Vodafone regarding use of secret wires by India along with other countries.

The Congress led Government was well known for its “Anti Constitutional and Pro Surveillance” approach. Only time would tell whether Narendra Modi led Government would continue this approach or bring order in the chaos created by the Congress led Government.

Whatever the case may be, we need to ensure civil Liberty Protection in Cyberspace for Indian Citizens “At All Costs and By All Means”. The digital life of Indian citizens is not at all safe and is open to various forms of e-surveillance and eavesdropping. In the absence of support form Indian Government, Self Defence is the only viable option left before Indian Citizens to safeguard their digital lives. The initiatives titled PRISM Break and Reset the Net are worth exploring in this regard as a “Starting Point”.

Vodafone Confirms Existence Of Secret Wires For Government E-Surveillance And Eavesdropping Worldwide

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBFrom time to time media has reported that intelligence agencies around the world are using backdoor access to computers, servers and telecom infrastructures. Special equipments and arrangements have been made to grant intelligence agencies direct access to various infrastructures so that they can indulge in e-surveillance at will.

The Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India are the Indian versions of this practice. This is possible as we have no dedicated privacy laws in India. There is also no need to get a court order or warrant to tap telephone in India as it is purely an “executive act”. This result in illegal phone tapping and e-surveillance activities at mass scale in India that cannot be reported or ascertained due to limitations placed under various Indian laws.

We need to repeal the laws like Information Technology Act, 2000 (IT Act 2000), Indian Telegraph Act, 1885, etc and come up with better laws so they remain Constitutional. These laws have become an instrumentality to violate Civil Liberties in Cyberspace of Indian Citizens by both our politicians and intelligence agencies of India. Further, there is an urgent need to maintain a “balance” between law enforcement requirements and civil liberties protection in India.

In United States (U.S.), James Clapper had confirmed that NSA has been targeting foreign citizens for surveillance. Radio waves and Malware have also been used by NSA for world wide e-surveillance. Malware like FinFisher are increasingly being used for global electronic spying, e-surveillance and eavesdropping. Further, GCHQ and NSA have intercepted and stored webcam images of millions of innocent Internet users.

While the White House has limited options in this regard yet courts in different States of U.S. have shown their sensitivity towards e-surveillance and privacy violation issues. In fact, U.S. government has been seeking an order from FISA court for extended storage of telephone metadata and call records.

Although this practice of intelligence agencies of various nations was well known yet no company or individual came forward for long to expose the same. Edward Snowden came forward with the largest disclosures about illegal e-surveillance by intelligence agencies around the world. Now Vodafone has made some disclosures about the dark side of e-surveillance by intelligence agencies.

Vodafone, one of the world’s largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond. The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people. The company said wires had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer. Privacy campaigners said the revelations were a “nightmare scenario” that confirmed their worst fears on the extent of snooping.

Direct-access systems do not require warrants, and companies have no information about the identity or the number of customers targeted. Mass surveillance can happen on any telecoms network without agencies having to justify their intrusion to the companies involved. Industry sources say that in some cases, the direct-access wire, or pipe, is essentially equipment in a locked room in a network’s central data centre or in one of its local exchanges or “switches”. Government agencies can also intercept traffic on its way into a data centre, combing through conversations before routing them on to the operator.

Vodafone’s group privacy officer, Stephen Deadman, said: “These pipes exist, the direct access model exists. “We are making a call to end direct access as a means of government agencies obtaining people’s communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used”.

Encryption Laws In India

Encryption Laws In IndiaEncryption has become an indispensable technology these days. Whether it is online banking, e-commerce or e-governance services, encryption is commonly used in all these services. Encryption ensures authenticity and legality to various transactions provided the same is done within permissible limits and in accordance with the applicable laws of India.

Unfortunately, we have no dedicated encryption law of India and encryption policy of India (PDF) as on date. This has made the entire scenario very complicated. In fact, as on date most of the online service providers in India are in active violations of the encryption related laws, regulations and compliance requirements.

Cloud computing and virtualisation service providers are also violating the laws of India relating to encryption and cyber law due diligence (PDF) requirements. Even the telecom security policy of India has failed to address the encryption related issues properly. The cyber security trends of India (PDF) have also highlighted the inadequacies of cyber security of India and a part of the same is attributable to inadequate encryption and decryption capabilities of India.

Provisions pertaining to encryption usages in India can be found in the by license conditions (PDF) of telecom service providers. Thus, telecom companies and internet service providers (ISPs) cannot used more than the prescribed limits of encryption in India unless certain regulatory conditions are duly complied with. Similarly, the Information Technology Act, 2000 (IT Act 2000) also incorporates some provisions pertaining to encryption but they have remained dormant and ineffective till date.

Any individual or company that wishes to deploy encryption levels beyond the permitted ones would be potentially making himself/itself liable to legal action in India. It would be a good idea to ensure techno legal compliances in this regard before launching a project based upon encryption in India.