Snooping right, left and centre
Digital spying: The project covers calls, SMSes, emails, web browsing, video conferencing, and games
government to usurp a right to information without any
oversight. A report...
A recently launched international bestseller, “The New Digital Age, Reshaping the future of people, nations and business”, argues that internet is the Glasnost of technology as it immensely empowers people and has the potential to change future discourse with increasing global connectivity. At the same time, authors Eric Schmidt and Jared Cohen caution that the digital medium by its nature will lead to erosion of privacy.
That’s precisely what is happening internationally, witnessed through the US global snooping programme that generated considerable heat forcing India, which was fifth most tapped nation, along with other countries to protest against the unauthorised eavesdropping on linked digital traffic. The UPA government is also scaling up its snooping programme through a Central Monitoring System (CMS) that will give powers to mine data flowing through internet, mobile and landline phones, fax, social media such as Facebook and Twitter and VOIP without routing any request to the service providers.
The government as usual is not willing to open up on the broad contours of CMS, except for union home secretary R K Singh telling reporters recently that, "We will soon operationalise the CMS. It will be a foolproof monitoring system".
Nine agencies, including Research and Analysis Wing, Intelligence Bureau, Enforcement Directorate, Directorate of Revenue Intelligence, Narcotics Control Bureau and NTRO, will be entitled to access CMS. The Income Tax department is also doing, said a senior officer, “360 degree profiling” of citizens to plug tax evasion.
The concept of countrywide central monitoring of communication emanating from different sources was first mooted by the IB way back in 1985 during a seminar, on the premise that monitoring of phones calls and internet was necessary given the paradigm shift in modes of interaction.
The use of the medium, especially chat rooms and VOIP, by terrorists, underworld figures and other anti-national elements gravitated the urgency to keep an eye towards the virtual world.
Till 2007, every service provider be it Airtel, Vodafone, Reliance, Tata or BSNL, had ‘switch rooms’ providing separate computers for each monitoring agency. The representatives would carry a warrant, issued by authorised senior authorities, to tap conversation about a person to be tracked or record his or her call data. And the cell operators would oblige.
Thereafter, service providers were directed to deliver call content at premises of users. The agencies had their monitoring rooms operating through lease circuits drawn from service providers.
With monitoring procedure evolving, security and investigating agencies felt the need to overcome the flaw in this system for they could not monitor outside jurisdiction calls. For this reason, a couple of years back it was decided to have CMS that would also lend confidentiality to operations.
The Delhi-headquartered CMS is designed as a three-layered comprehensive architecture, linking the main system with regional centres that may come up in state capitals and further down to district nodes. The CMS also has third party software offering tools such as for language and speaker identification, answering queries and for visual link analysis.
While the department of telecom is providing infrastructure, it will be run by security officials. The onus of giving tapping clearance to central agencies is, however, with the union home secretary who, according to an authoritative official guess, gives 250 permissions daily. For state subjects, the State home secretaries will be empowered to give such permission.
Provisions for authorisation of interception are contained in the Indian Telegraph Act, the Information Technology Act, 2000, and Information Technology (Directions for Interception or Monitoring or Decryption of Information) Rules, 2009.
A senior security officer handling snooping programmes explained, on the condition of anonymity, that the CMS will reduce running cost, increase reach and reduce manpower requirement.
A government official, however, said that though the UPA is able to construct the CMS headquarters in Delhi, it is finding it difficult to integrate regional and district hubs owing to trust deficit between the centre and the states, which had stalled other internal security programmes, including establishing National Counter Terrorism Centre.
Government sources said that while the states are on board to accept inputs culled out of monitoring of communication media, they are hesitant about sharing information generated through their own efforts. This obstinate attitude of the states has stalled construction of the other layers of listening posts.
India’s e-citizens are growing, at 900 million landline and mobile phone subscribers and 120 million Internet users. A recent report released by the Internet and Mobile Association of India said that mobile internet users will nearly double to 165 million by March 2015 given the fetish for smartphones.
Security officers insist that monitoring of traffic is essential for security and safety of the country. An intelligence agency officer said that if US could nail Pakistani American Lashkar-e-Toiba terrorist David Headley through their offshore monitoring scheme, there are several unreported achievements even in the country. The latest example is the IPL spot fixing scandal, which the Delhi police special cell tripped on while monitoring India’s most wanted Dawood Ibrahim’s phone calls. The blast cases are being solved on the basis of keeping tabs on emails and cell phones.
But, the fear is that uncontrolled monitoring is leading to a dangerous trend as checks and balance are not entirely enforced in the country unlike in the West that gives primacy to individual rights. For instance, in the US judiciary gives permission for tapping, while in the UK a commission authorises.
The extent of misuse of eavesdropping was chronicled when even senior BJP leader and lawyer Arun Jaitley’s phones were not spared. The Rajya Sabha leader of opposition’s four personal mobile phones’ call data records were sniffed out by none other than a Delhi police constable at the behest of private detectives. And worst still, even Jaitley felt vulnerable as he wrote an article charging that the police picked up only small fry – a constable and three private detectives -- while the mastermind continues to be at large.
The off the air tapping of phones, which a machine does without seeking cooperation of the service provider and by merely inserting first and last few cellphone numbers, are more dangerous. In 2010, it emerged that the NTRO had picked up conversations, without any authorisation, of several VVIPs, including that of a minister. It had led to a huge hue and cry and eventually the NTRO had to surrender mobile off-air tapping enabled vehicles.
About three years back, the DoT learnt that previous monitoring system loopholes were exploited in a big way after noticing that a large number of the off-air passive snooping machines were imported from 2008 to about 2010 by state police, agencies and private organisation without any permission. The threat to privacy and vulnerability of the government came to be known widely and the union home ministry issued a circular asking about 45 organisations that imported GSM monitoring machines to surrender. It is believed some of them have still not done it in the absence of records.
It is not known how the government will ensure that the monitoring of data mine will not be exploited for other nefarious purposes and the most scary aspect would be leaking of private and confidential exchanges as reminiscent in Niira Radia tapes scandal.
Ratan Tata had approached the Supreme Court feeling aggrieved over his conversation with corporate lobbyist Niira Radia getting leaked, as the trenches involved private chats. Intriguingly, who leaked it is not clear so far though Income Tax department did the tapping. Tata had complained that the leak infringed his right to privacy, which is not codified in the country.
Ideally, codified right to privacy should accompany the government’s move to have complete access to information, including banking details of an individual through Aadhaar and NATGRID platforms.
The government will have to enforce checks before the CMS becomes fully functional to avoid the fear of becoming an Orwellian society.
Do we need privacy laws?
Central Monitoring System - A legal viewpoint