TRAI issued on 24 October. These follow a Consultation Paper on VoIP issued last year. The recommendations allow users to make phone calls to both mobile phones and landlines through the internet, much like the services of WhatsApp and Skype.
The calls, significantly, are proposed to be allowed through any internet available to the customer, even if his internet is provided by a completely different provider.
The Recommendations have huge positive implications in the form of potentially cheaper and more efficient voice services to the people. At the same time, the mandatory interception requirements being proposed raise concerns about the privacy and security of these services, and the future of OTT services like WhatsApp.
These Recommendations currently apply only to TRAI licensed providers like telecom service providers and virtual network operators and exclude other entities like OTT services of WhatsApp, Skype and the like.
Internet Telephony and the ‘Public Internet’
These Recommendations are based on TRAI’s interpretation of a license term, a point on which the Department of Telecom will take the final call.
The licenses of service providers (like the Cellular Mobile Telephone Services License and the Unified Access Service License) defines ‘internet telephony’ as the ‘transfer of messages including voice signals through public internet’.
TRAI interprets the term ‘public internet’ to refer to the global information system. Such a position has huge benefits for the people, making voice calls independent of the provider of the internet used to make the call.
It enables calls to be made on any internet available to the user, whether of a different telecom service provider, home WiFi, or even public WiFi. This means that, for example, a person having an Airtel number can make a call using the data network of Vodafone, his home WiFi, or the public WiFi of BSNL.
TSPs to turn to data services for revenues
The TSPs, understandably, are not in agreement with this interpretation. Traditional voice revenues form a major portion of the revenue of TSPs, to the tune of 75-80 percent, and to have a competing voice service could mean huge losses for them.
Notably, the TSPs’ and other licenses have long since permitted the provision of internet telephony, but the service was never provided by them for the same reason. Their stand, in their and even of these Recommendations, is that a TSP can provide internet only on its own data network.
While the final decision on this issue will be taken by the Department of Telecom, TRAI in its Recommendations was not in support of the TSPs view on revenue loss. While admitting that there will be a decline in revenues to the TSPs from traditional voice services, it took the view that the unprecedented rate at which the internet was growing would generate new revenues for the TSPs from data services.
A customer would need to subscribe for the data services, even to make an Internet Telephony. Thus despite the revenue loss through one means, a new means is available to the TSPs.
TSPs calling for OTT Regulation
TSPs have also long since been calling for the regulation of OTT based VoIP services, such as those of WhatsApp, Skype and Viber. TRAI has issued a Consultation Paper for the Regulation of such Over-The-Top Services, but it is yet to take a final stand on them.
The current Recommendations exclude such services. However, despite the lack of support shown by TRAI for the TSPs contentions of revenue loss, the scope of regulating VoIP services through WhatsApp, etc., very much remains.
Interception and monitoring requirements for OTTs?
Some of the requirements imposed for the provision of internet telephony by other providers may indicate those that could be imposed on OTT services like WhatsApp as well. For example, the providers of Internet Telephony services through these Recommendations are proposed to mandatorily comply with all interception and monitoring requirements imposed in their licenses.
The security requirements imposed through licenses on TRAI licensees like TSPs are quite extensive. They are required to allow authorized interception and enable monitoring of communications, while also protecting them from unauthorized interceptions.
They must also provide connectivity with the Central Monitoring System to enable governmental interception. Bulk encryption cannot be used on their networks, and a higher standard of encryption than that recommended by the government cannot be implemented.
The implementation of these requirements on TSP based internet telephony will make it less private and less secure than those provided by OTT services like WhatsApp, which provide end-to-end encryption. However, this will only be possible so long as OTT services go unregulated.
These Recommendations for regulating internet telephony from TSPs indicate that similar provisions may be imposed on VoIP services from OTT services as well. TRAI’s , issued in August, 2017, is in fact currently considering if similar ‘data protection’ requirements, as these are called, should be imposed on internet-based voice and messaging services.
CDR requirements for OTTs?
Similarly, TRAI licenses are also required under their licenses to maintain all commercial records, Call Detail Records, and IP Detail Records for communications exchanged. Under TRAI’s new Recommendations, in addition to complying with these requirements, the public IP address used for originating and terminating internet telephony calls must also be included as a mandatory part of the Call Detail Records, to enable obtaining location data.
The location details in form of latitude and longitude should also be provided wherever it is feasible. These requirements could also be imposed on OTT services. While the location data and the Call Detail Records play a key role in criminal investigations, these need to be backed up by proper privacy protections, such as the imposition of pseudonymization to protect the data.
TRAI’s stand supports innovation and cheaper services
TRAI’s lack of support to the TSP’s stand on revenue loss is welcome, a support for innovation and cheaper and more efficient services to the people. Considering the global decline in revenues from traditional voice services with the advent of VoIP, shifting to newer and more innovative forms of revenue generation is the best move for TSPs.
The privacy and security implications of these Recommendations for VoIP services in general, however, are still a concern. In addition to the support to innovation, the benefits to people through better privacy and security must also be ensured.
Asheeta Regidi is a lawyer and author specializing in cyber law, and a certified information privacy professional.