While the PRISM programme hogs the media limelight, a similar programme is already operational in India. The Central Monitoring System is capable of monitoring all your communication real time. But the government will have you believe that it is all for your privacy and security. With excerpts from an interview with Milind Deora, minister of state for Communications and IT.
In May of this year, the world began to hear about Edward Snowden’s leaks to the Guardian newspaper, of classified information from the United States. He introduced the world to the concept of the PRISM faculty that the United States’ National Security Agency operates. The programme enables them to eavesdrop on all kinds of communication – emails, phone calls, and more. Perhaps what got the world more alarmed than usual at the new American antic, is that this isn’t internal snooping – the Americans are exceeding their brief, and are intercepting communication of those who are not American citizens, in countries like China, Russia, Iran, Pakistan and India.
The global atmosphere was tense, with countries bristled by the US government’s interference with their citizens, and the larger diplomatic indiscretion of the US. So much so that the situation even snowballed into a historically familiar positioning of the US and Russia at odds with each other, owing to the fact that Russia has been keeping and protecting the whistleblower Snowden, in the Moscow airport. If Russia seems like an unlikely place to seek refuge from persecution based on free speech, it’s even more ironic that Snowden first took refuge in China (Hong Kong), another place not known for a history of freedom of speech.
A somewhat similar situation began to develop in India at the same time as the global debate on surveillance and privacy began to pick up pace. News reports started coming out about a ‘Central Monitoring System’ that the government had operationalised around April of this year. The system purportedly was able to do a lot of the same kind of things that the PRISM was doing. The CMS was apparently capable of intercepting all communication and monitoring it in real time. News reports were by and large light weight, with a large number of those that came out in June quoting the same press release from Human Rights Watch.
As with most issues categorised under ‘national security,’ not much was known or available on the issue. The following month, the Government inaugurated its National Cyber Security Policy which aimed to “monitor, deter and deal with cyber crimes,” all pointing to a beefing up of security, via surveillance, in the communication space. Snowden’s leaks also revealed that India was among the top five countries being surveilled by the United States, with 6.3 billion pieces of information being collected from the country’s computer and data networks in one month alone. India’s response by Salman Khurshid, External Affairs Minister, was disproportionate to the scale of data collection, with Khurshid simply saying that if such surveillance was proved, it would be unacceptable. He also explained that this far reaching “scrutiny” by the US was required for security purposes, saying nothing of the interference in India’s cyber sovereignty. This is in stark contrast to the response from Brazil who has recently called off a diplomatic visit with the US on getting wind of the fact that the US had been spying on their President’s communication. European countries reacted strongly to similar revelations as well, sending US President Obama, scrambling into damage control mode.
After the 2008 terror attacks in Mumbai, India began to actively develop a bouquet of surveillance apparatus, in the interest of national security, such as the NATGRID. The CMS is one such innovation. Exactly a year after the attacks, in November, Gurudas Kamat mentioned the CMS in the Rajya Sabha. He was Minister of State for Communication and IT. “The Government proposes to set up a centralized system to monitor communications on mobile phones, landlines and the internet in the country. Centralized Monitoring System (CMS) is envisaged to be implemented by DOT to strengthen the security environment in the country.” It aimed to clear problems of manual intervention and speed. Its proposed features included central and regional databases that could be accessed by government and law enforcement agencies. The pilot project was scheduled to be rolled out in June of 2010.
The CMS is a technological platform designed and maintained by the Ministry of Communication and IT. As a security apparatus, it will be utilised by the Home Ministry and is also accessible to several law enforcement agencies to “lawfully intercept communication,” as described by Milind Deora, the current Minister of State for the Ministry of Communication and IT. Deora clarifies that the CMS will be capable of intercepting and monitoring various types of communication, over phone and internet. In his own words, he describes it as a “way of using technology to improve the processes that already exists for the government to lawfully intercept communication.” Among the capabilities of the CMS is its ability to monitor, track and intercept communication channels in real time.
The process of monitoring and interception will follow from law enforcement agencies at the centre and state, who feel that they need to access a certain communication. The agencies will then contact the Ministry of Communication and IT, to utilise the CMS system. The application is then to be sent to the home secretary of the government of the state or centre, who then has to authorise the CMS’s lawful interception. Earlier on, the enforcement agency would have had to rely on a telecom company to gather this information but now with the CMS it can all happen internally. “The CMS hasn’t changed the standard operating procedures of determining whose conversation should be intercepted. I don’t think it is about to change,” says Deora.
Deora calls the CMS a “step in the right direction” and believes that this intercepting, which many call an intrusion of privacy, is actually “adding a level of safeguard to someone’s privacy.” He explains that with the widespread use of the CMS, there is no longer any need to rely on human characters in the process, as everything can be technological. Thus, there will be no telecom company operator in between to know who is being intercepted or what communication is being monitored, thus keeping one’s personal information between two parties, you and the State. “You will get less unsolicited calls and messages from mobile phone operators illegally listening to what customers are saying and selling this information to third party vendors,” says Deora while explaining the advances made by the CMS. How the CMS will prevent unlawful interception is not clear. In sum, Deora says that this system is a twofold boon, as it is good for individual privacy as well as national security.
Lawful interception is a controversial term. Internet activists like Pranesh Prakash from the Centre for Internet and Society, note that there has been no parliamentary approval on the CMS, similar to the controversial Unique Identification Project. “This is not the kind of system that should be implemented without public debate. There is no chain of command in place which has any sort of public accountability,” says Prakash.
For Prakash, the CMS is a “grey area” in terms of its legality and usefulness. He explains that the key is to be balanced and reasonable, and recommends that governments follow a policy of data minimisation, which is to collect only that data which is necessary. He recommends that governments collect data in a targeted fashion, always weighing it against the principles of necessary, proportionality, transparency minimisation, giving of choice and taking of consent. “Systems need to have privacy built in as per design, and not as an afterthought,” he says. While he says he understands the government’s need to collect data, he disputes the popular rationalisation of this collection, which is that only guilty people will have something to hide, and so we must all be open to privacy breaches if we are innocent. “That reasoning assumes that only criminals have the need for privacy. That is not the case. Privacy should be by default, not by exception,” he says.
As far as some citizens are concerned, there can be no such distinction between a lawful and unlawful interception of private communication. For Nikhil Pahwa, who runs the website Medianama, any interception, whoever the interceptor is, is unacceptable. He believes in a certain absoluteness and non-negotiability of privacy. “I am more concerned about abuses of power, than attacks on people,” he says. “Even when intelligence is available with the government, they fail to prevent terror attacks because they don’t act upon it.”
The lack of information on the subject and the generally closed nature of the government on issues of national security are prompting questions and misgivings. “If this system is designed to protect us, then we should be kept in the know of things, and not find out through leaks in the press,” says Prakash.
But RTIs filed by the Software Freedom Law Centre in Delhi, all returned negative. The RTIs sought basic and pertinent information on the system such as the categories of data that are being collected under it, the methods of collection, the measures for protection of data, the cost of the technology and the chain of command. All five RTIs returned with a reply saying that the answer could not be given under section 8(1)(a). This section is a clause of exemption written into the RTI Act, when the information “would prejudicially affect the sovereignty and integrity of India, the security, strategic, scientific or economic interests of the State, relation with foreign State or lead to incitement of an offence.” All this points to the graveness of the issue which is passing by without strong opposition from policy makers.
Although Deora tried to make the point that one’s life is safer being shared only between oneself, one’s confidante, and the uninvited State, the reassurances are contrasted sharply with reality. Indian society has good reason to be concerned about the CMS. Legislations like the IT Act have been used frivolously, to clamp down on dissent, as with the girl in Mumbai who was arrested for posting on Facebook about her disagreement with the city’s shut down following Thackeray’s death. Chief Minister Mamata Banerjee arrested a professor for circulating cartoons that took a jibe at her. Apart from these active misuses of prevailing laws, is the existing laxity in protecting what little privacy remains. Even the call records of Arun Jaitley, leader of opposition in the Rajya Sabha have not been safe from leaks. Likewise, the controversy created by the Nira Radia tapes also pointed to how information gathered by the government has not been subsequently protected by the government from misuse. Another example is the social media monitoring cell that was reportedly opened in Mumbai recently. Deora, however, has said that no such cell exists.
The IT Act lays down provisions for the government to step in if people make comments that are disparaging, grossly harmful, and so on. The vagueness of these terms has resulted in wild interpretations. To this, Deora says, “The CMS is not getting into the business of monitoring via 66A of the IT Act. Forget about CMS, the government isn’t doing that. The government doesn’t have the time and resource to get into any of those issues.
According to Google’s recent transparency report, there was a 90 per cent increase in take down requests from the government in 2013, as compared to 2012.
India has over 100 million internet users, 960 million telephone users and 929 million mobile phone users. What are the implications of this, in terms of the loss of privacy, for the millions of Indians who pose no security threat but are being constantly monitored? While security is the government’s motivation, the plan is inviting suspicion due to the fact that this is not counterbalanced by adequate privacy guarantees in Indian law. “Don’t worry, we won’t be intercepting you every time you say the word “bomb”, says Deora as he wraps up the interview. The global crackdown on and fight for free speech finds echoes everywhere, and this is one such tightly bound trans-Atlantic situation in India and in the US.