Why you should be wary of India's CMS

The Countess of Snowdon, Princess Margaret, had once famously said, “I have as much privacy as a goldfish in a bowl.” While she did not expect her statement to hold so much relevance today, the truth in it is for all to see.

Is your online life private? (Image credit: Getty Images)

Never before in the history of the Internet has the topic of Internet surveillance, privacy or interception been more discussed than it is now. Thanks to the Internet, the world you and I live in is a well-connected one and it promises a whole range of options to explore and share. The recent developments in the world – the US PRISM programme being one – have forced one to worry about their privacy in the “digital world”. NSA contractor Edward Snowden first leaked classified documents to the press about the PRISM programme last month and ever since, the Internet has been abuzz with speculations surrounding the extent of user data in possession of the US government.
 
Data privacy in India and the Central Monitoring System
In India too, privacy continues to remain a topic of great debate and these have been only getting louder since the time the news about India’s Central Monitoring System got out. The CMS has been in the works for sometime now and it is expected to start functioning very soon. Once it is functional, the Rs 400 crore project will allow government agencies in the country to access all communication – online activities, phone calls, SMS, social media conversations and even the geographical location of individuals.

Simply put, using the CMS government agency officials like the National Investigation Agency or those in the tax department will have access to every byte of communication. According to The Centre for Internet & Society, the agencies that will have access to the nation’s CMS include the Research and Analysis Wing (R&AW), the Central Bureau of Investigation (CBI), the National Investigation Agency (NIA), the Central Board of Direct Taxes (CBDT), the Narcotics Control Bureau, and the Enforcement Directorate (ED). The Central Monitoring System will be developed through C-DOT or The Centre for Development of Telematics. An autonomous body, C-DOT aims to develop telecommunication technology for the Indian telecommunication network.

Why is it worrying?
The IT law – enacted in 2000, amended in 2008 and in 2011 – confers upon government officials the authority to intercept phone calls, SMS, emails and even monitor websites, but only for “reasonable security practices and procedures”. 

While the move has national security at its helm, it is giving sleepless nights to those championing the cause of privacy and Internet freedom in the country. Last month, the Human Rights Watch (HRW) wrote that with the installation of the CMS, the Indian government should put in place laws that ensure “increased surveillance of phones and the Internet does not undermine rights to privacy and free expression". Pranesh Prakash, Policy Director, The Centre for Internet & Society told us as a matter of fact that the CMS isn’t doing something completely new, since data interception happened even before it, albeit in a decentralised fashion. The new system, he said, will be essentially consolidating the two systems. Pranesh, in fact, went on to term both the existing system and CMS as “illegal”.
 
When reports about India’s proposed CMS began doing the rounds, Pranesh in a detailed piece noted that taking into consideration India’s weak privacy laws, “this kind of development is very worrisome.” He further added that the task of setting up the CMS was done with neither public nor parliamentary dialogue, a stark contrast to the idea that in a democracy, the government ought to be accountable to its citizens.
 
The foundation stone of the CMS was laid in the wake of the terrorist attacks in Mumbai in November 2008. Post that incident, the government reportedly took on the task of making itself technologically adept to “eavesdrop on digital communications”. While it may sound fairly achievable in concept, trying to sift suspicious communication from a vast sea of data in practice is akin to finding a needle in a haystack, and at the rate at which we’re moving, this haystack is only growing. The government should instead focus on collecting data more intelligently, rather than trying to just get access to more and more data.

Only time will tell how well India manages to Implement CMS in a country like India, the second most populous nation in the world. A Cisco report released recently expects India to have 348 million users by 2017, meaning that much more data will come by. Pranesh told us that the lack of manpower already delayed the implementation of CMS once.

Some aspects on India’s Central Monitoring System are worrying (Image credit: Getty Images)

CMS aside, a bunch of surveillance technology companies already offer their services to law enforcement agencies in the country. ClearTrail is one such company and it has been around for some 10 years now. The organisation offers solutions to law enforcement and intelligence agencies. Its description on the site reads, “ClearTrail solutions enable the LEAs to perform MASS, TARGETED & TACTICAL Monitoring and Analysis across a variety of communication networks.”

On the topic of India’s CMS, Cynthia Wong, a senior Internet researcher said, “The Indian government’s centralized monitoring is chilling, given its reckless and irresponsible use of the sedition and Internet laws. New surveillance capabilities have been used around the world to target critics, journalists, and human rights activists.”
 
Wong stressed that the Indian government needs to make necessary changes to the Information Technology Act . Elaborating on that she said that the authorities ought to make amendments to the existing law and also to the rules that protect free speech and expression. The government she said, needs to be “fully transparent about any surveillance system that might chill people’s willingness to share opinions and information.”

Even the Mumbai Police recently opened doors to India’s first “Social Media Lab”. They say that the Social Media Lab will let them keep a tab on the happenings in the social media – Facebook, Twitter, and YouTube. But, like the CMS, there are doubts being raised on the abuse it could lead to if it is not used only for the above mentioned reason.

What now?
There are loopholes in the data protection laws in India and considering the powers CMS would give the government, citizens fear its abuse. The Internet is full of dissenting voices, reflecting how unhappy netizens are with the idea of surveillance of this kind. Some have even taken to popular sites like Facebook to make their displeasure public. Stop India CMS is one such example. The initiators aim to get the government to not implement the CMS; they have even started a petition to that effect. The Stop India CMS page on Facebook has received 427 likes so far and they have 382 followers on Twitter.

Data protection is treated much differently elsewhere in the world. Estonia, for example, has some provisions set aside for the rights of individuals. The general privacy laws recognised by the Estonian Constitution include the right of privacy, right to privately exchange information and the right of data protection. Importantly, the Estonian constitution explicitly states that every individual in the country has a right to secrecy when it comes to messages sent via post, telegraph, telephone or other general means. In Taiwan, citizens have freedom with respect to correspondence and any infringement to the right to privacy may invite civil liabilities under the Civil Code. Data protection in Ukraine is governed under various laws like the Law on Information, the Ukranian Constitution and the Civil Code. The Law on Information comprises legal principles for receiving, using, distributing and keeping information.
 
The government will have to first ensure transparency in its system – keep users informed about the nature of the data they will need to intercept on a timely basis.

However, not all about the CMS is known. Answers to questions like the name of the ministry that will be responsible for looking after the day-to-day working of the CMS, and officials who can be approached if an individual’s right to privacy is breached, remain unknown.

Cover image credit: Getty Images