India literally borrows a majority of Security and
Intelligence related ideas from United States (U.S.). This creates
many unique problems for India. Firstly, these projects and ideas are
meant for western countries and they are not at all suitable for a
country like India. Secondly, if something goes wrong with the U.S.
model, the “Infirmity and Irregularity” automatically creeps into
Indian Projects and Initiatives as well.
In U.S., Civil Liberty Activists have started
challenging U.S. Government’s E-Surveillance Projects and Policies.
Even U.S. Courts have started taking a strict note of these
E-Surveillance Activities of U.S. Agencies. Recently, the
Massachusetts Supreme Judicial Court declared
that phone users have Legitimate Expectation of Privacy while using
their phones. Similarly, the Texas Appeals Court ruled
that law enforcement officials do need a warrant to search an
arrested person’s cell phone he/she has been jailed.
The U.S.
Government is also facing many lawsuits regarding illegal and
excessive gathering and retention of phone
details and metadata. The White House is also facing limited
and difficult options to restructure National Security Agency’s
phone surveillance program.
Now let us come to India that “Dedicatedly and
Blindly Follows” these U.S. Models. The Cell
Site Data Location Laws in India and Privacy Issues are still
ignored by Indian Law Makers. The Cell
Site Location Based E-Surveillance in India is rampant “without
any Regulatory Checks and Judicial Scrutiny”. We have no dedicated
Data Protection and Privacy Rights Laws in India. Even the
Fifty-Second Report of Standing Committee on Information Technology
(2013-14) titled Cyber
Crime, Cyber Security and Right to Privacy (PDF) has slammed
Indian Government for poor
Privacy Laws in India. The Cyber
Law of India and the Indian
Telegraph Act, 1885 also deserve an “Urgent Repeal”.
India has also launched E-Surveillance and Privacy
Violating Projects like Aadhar,
National
Intelligence Grid (NATGRID), Crime
and Criminal Tracking Network and Systems (CCTNS), National
Counter Terrorism Centre (NCTC), Central
Monitoring System (CMS), Centre for Communication Security
Research and Monitoring (CCSRM), Internet
Spy System Network And Traffic Analysis System (NETRA) of India,
etc. None of them are governed by any Legal Framework and none of
them are under Parliamentary
Scrutiny. Even the essential E-Surveillance
Policy of India is missing till now.
Now it has been reported that Indian Government
plans to put in place systems and regulations that will allow Law
Enforcement Agencies to trace cellular phone users and provide access
to targeted communication, text messages, information data and even
value added services on a real-time basis, according to the draft
guidelines of the country’s Telecom Security Policy.
The Department of Telecommunication (DOT) has
proposed comprehensive norms in the draft policy after the Ministry
of Home Affairs expressed strong reservations since the department
had not created provisions for law enforcement agencies to intercept
communication.
In a version of the draft policy that addresses
National Security concerns, the DOT has said that the policy would
“put in place effective systems, processes and regulations to
ensure the traceability of telecom users or devices in terms of
identity, permanent address and current location with specified
accuracy and resolution in the case of need”. India intends to deal
with Telecom Security issues in an in-depth manner as the open
telecom environment has made it easier to intrude on networks and
cause damage to information they contain. The recent allegation
of hacking by Huawei of Indian Telecom Infrastructure proves this
point. India has been planning to undergo technological
upgrade of border broadcast infrastructure due to Chinese
broadcasts. The Telecom Commission’s cellular loop’s proposal
would strengthen Mobile
Based Surveillance in India on National Security Grounds.
Techno Legal Compliances like Privacy
Law Compliances, Data
Protection Requirements (PDF), Cloud
Computing Compliances, Encryption
Related Compliances, Cyber
Law Due Diligence (PDF), etc are not followed by the Law
Enforcement Agencies of India. The Telecom Security Policy of India
must address all these issues while keeping in mind the Telecom and
National Security of India. Further, India must Reconcile
Civil Liberties and National Security Requirements as well.
The proposed policy also envisages providing
analysis of information and data including decrypted messages,
flowing through the telecom network, stored in systems and devices.
Abilities of security agencies to analyse information quicker will be
enhanced by making latest technology and systems available which will
cut down delays and minimise information leakage.
However, security agencies will uphold privacy
rights of Indian citizens, the draft norms said. This is difficult to
believe as the proposed Privacy Law of India is already facing
Intelligence
Agencies Obstacles. Even the National Cyber Security Policy of
India has failed
to protect Privacy Rights in India.
A Telecom Security Directorate (TSD) has been
proposed for implementing and updating the proposed Telecom Policy.
Meanwhile, security certification centre for testing telecom
equipment, centralised monitoring system for interception and
monitoring and emergency response team for detecting and analysing
cyber attacks, internet traffic hijacks and telecom sectoral frauds
would be created.
DOT is of the opinion that the sector requires a
separate security policy since the cybersecurity policy is not
sufficient to deal with security issues specific to the telecom
industry that has created critical information infrastructure.
The Government will largely depend on mobile phone
companies that will implement the security instructions as a key
stakeholder and also share the cost with the government. Telecom
operators would have to build systems, procedures and methods to make
their network resilient so that any damage has a minimum impact on
the network and it can be revived quickly.
Telcos would have to share information on attacks on
their networks, intrusion and frauds with Government agencies,
including telecom sectoral CERT, the national CERT and the National
Cyber Coordination Centre, that may monitor all web traffic
passing through internet service providers in the country and issue
‘actionable alerts’ to government departments in cases of
perceived security threats. Indian Government is also planning a
legislation mandating strict Cyber
Security Disclosure Norms in India.
These Proposals, Policies and Initiative are not
only “Controversial and Unconstitutional” in nature but they are
also far from being actually implemented. At the time of their
implementation, they must be supported with “Constitutionally Sound
Laws” to avoid “Constitutional Attacks”. Otherwise this would
only increase unnecessary and unproductive litigations in India.
Source: Cyber
Law In India.