Forget snooping via CMS, now govt plans to trace your mobile phones, locations

The threat to your privacy is very real. All your personal data, including your bank account details, already resides with small vendors who collected this for Aadhaar cards recently. There is no comprehensive privacy law in India that prevents these vendors from sharing such sensitive data with potential criminals and even terrorists. But the bigger worry is that the government will soon be activating a mega surveillance programme which can further spy on your daily activities.

The Central Monitoring System (CMS) is a mega surveillance system which can monitor all your calls, track a mobile phone and its user’s location, read all your text messages, personal e-mails and chat conversations. It can also see all your Google searches, website visits, usernames and passwords if your communications are not encrypted.

It can read SMSes, track your MMSes and all data and voice transmissions in 3G/4G/Long Term Evolution (LTE) including video call or Voice Over Internet protocol (VoIP).

Besides, requests for interception, monitoring and decryption of information generated, transmitted, received or stored in any computer resource or any other device, handheld or otherwise, which can transact data or store data on such device can be made by an authorized Government officer.

Rajya Sabha MP Rajeev Chandrasekhar told Firstbiz recently that the absence of privacy laws in India puts “the rights of citizens in a twilight zone. Since such laws don’t exist, bureaucrats or others could misuse such surveillance for personal vendetta. We need laws enshrining privacy of each citizen”.

In a letter to the Prime Minister earlier, Chandrasekhar has also pointed out that there is at present no Parliamentary oversight for reporting such targeted surveillance of citizens.

Along with CMS, the government is now also readying a separate policy on telecom security issues. Among other things, this policy wants to put in place systems “to ensure traceability of telecom users/devices in terms of identity permanent address and current location with specified accuracy and resolution” in case the country’s security agencies need such information. In other words, your mobile device can be traced and its location revealed by your service provider in case national security agencies want this information.

This policy also envisages providing analysis of information and data flowing through the telecom network, which is stored in systems and devices. A draft of this policy, which was reviewed by Firstbiz, says security agencies can then analyse information quicker if these systems are put in place.

On its part, the government would have us believe that the new interception system it is putting in place is the most secure yet. CMS has been devised to facilitate centralized government access to all communications and content through all telecom networks in India.

An earlier internal note prepared by the Department of Telecom suggests that instead of hacking into citizens’ private mails and listening in to phone conversations, the CMS actually provides even greater privacy than you and me enjoy at present in our communication. The note points out that with CMS, there would be no need for an intercepting agency to take permission from the nodal officer of a telecom service provider before beginning to tap a phone, thereby eliminating at least one additional link in the interception chain.

It also says that when CMS becomes operational, the provisioning and intercepting agencies would be separate, which is not the case now. Provisioning will be done by the CMS authority while monitoring will be done by law enforcement agencies. So the provisioning agency will not be able to know the content of your phone call while the monitoring agency cannot order a phone tap.

Under CMS, your service provider cannot provision for interception and the CMS system will maintain a non-erasable command log of all provisioning activities so that any unauthorized provisioning can be detected immediately. CMS in fact will enable security agencies to lawfully intercept phone numbers without manual intervention from service providers.

A recent story in the Hindu newspaper points out that in seven of the 11 states covered in the first phase, the Centre for Development of Telematics (C-DoT) - a government agency - has already installed the equipment for this massive snooping programme. Over 50 per cent of the overall testing is over.

It has been completed in Delhi and is underway in Haryana.

Tests for “remote provisioning” and those related to protocol testing are underway. The Intercept Storage and Forwarding (ISF) servers of the Government are being tested for integration with the telcos and ISPs’ legal intercept (LI) system.
Additionally, the licence conditions of telecom operators, which currently place the obligation for surveillance on the operators, are being amended by the Government; Section 419(A) of the Indian Telegraph Rules related to interception, will also be amended soon.

So is CMS good for national security but invasive into our personal lives? Should we even have what is called lawful interception unless there are much stronger privacy laws in India? These questions need to be addressed.