India: Big Brother up and running

Centre for Development of Telematics (C-Dot)

The Indian government carefully refrained from joining the wave of condemnation that followed Edward Snowden’s revelations of the scandalous scale of NSA surveillance. India had reason for silence. The extensive Indian surveillance system has been expanded since the Mumbai attacks in 2008. The Central Monitoring System, developed by the Centre for Development of Telematics, allows the government direct, unlimited and real-time access to a wide variety of electronic communications without relying on internet service providers.

 The fact that a surveillance system of that magnitude can be established is due to the absence of a legal protection of privacy and personal data. The mission of the Centre for Development of Telematics, created in 1984 by the Ministry of Telecommunications and Information Technology, initially consisted of developing digital communication technology.

Gradually, and in the absence of a law authorizing surveillance, this research centre has become the main contributor to a government-directed monitoring system designed on the massive scale that its objective required. Of India’s 1.2 billion citizens, 213 million are web users and 13 per cent of the population use smartphones (Wearesocial.net, January 2014).

 The ITA, a law crafted for surveillance

Initially, licence agreements signed by the government in 2002  compel internet service providers to transmit to the government private data concerning their customers. The companies, which bear the cost of software modified to perform this task thus pass on to customers the cost of monitoring them. In addition, some laws, above all the Information Technology Act, known as ITA-2000, authorize the collection of personal data on behalf of the government.

Amended in 2008 with no parliamentary debate, this law has prompted intense debate in civil society. Many organizations demand that the law be repealed or modified. This is not surprising, as some provisions of the law give the authorities a free hand to mount major surveillance operations against users of the web and other telecommunication technology.

Section 44 authorizes heavy financial penalties against any individual who refuses to provide “any document, return or report” to the government.

Section 66A provides for up to three years in prison for posting “grossly offensive” or “menacing” messages online. The use of vague definitions allows great latitude for officials who are targeting web users, effectively authorizing arbitrary practices. This provision has been singled out for heavy criticism. Some argue that it violates the principle of free expression, in violation of guarantees of fundamental rights in Part III of the Indian constitution. In late 2012, a legal claim a seeking judicial declaration that the provision was invalid was filed in the Allahabad High Court.

Section 69 authorizes the interception of any information transmitted by computer. Likewise, any person who refuses to decrypt his private information upon official request faces up to seven years in prison.

Section 80 authorizes the arrest of suspects even without an arrest warrant.

Since 2011, a series of amendments to the ITA, entitled the Guidelines for Cyber Cafe (PDF) requires internet cafe owners, already required to apply for business licenses, to register the identifies of their customers and save all users’ search data, including their log-in information, for one year. A cafe owner must provide these data on demand from any police officer.

The heart of the organism: the Central Monitoring System

This surveillance system, established in 2008 and publicly disclosed in 2009, was designed by the Centre for Development of Telematics. The system is run by no fewer than 34 telecommunications surveillance units, known as Telecom Enforcement Resource and Monitoring cells. At an officially disclosed cost of $72 million, the system intercepts all telecommunications in the country, centralizing the data collected by regional control centres in all states.

Architecture of Central Monitoring System (source: Centre for Internet and Society)

The “Lawful Intercept and Monitoring Program” is an element of this giant surveillance system. Established amid great secrecy, then made public in September 2013, it covers all kinds of telecommunications in addition to the internet. The system allows authorities to mount web searches using keywords deemed “sensitive,” without specific authorization, and without notice to internet service providers. This program clearly violates a 2006 government commitment to a policy entitled “Instructions for ensuring privacy of communications.” The policy followed a wiretapping scandal. The LIM, established by the Centre for Development of Telematics, allows analysis of all internet activities, including standard navigation, emails and even Voice over Internet Protocol programmes such as Skype.

With all service providers using  a LIM system, itself built on of an “interception, store and forward” server, the collected data is transmitted directly to a “Regional Monitoring Centre.” These regional offices feed their traffic to the Central Monitoring System. The CMS is thus a national database created by the linking of regional databases, who mine user data via surveillance tools deployed by service providers.

Traditional interception systems transmit data only upon official request. But the CMS automates the interception process. The monitoring cells, as well as government agencies, enjoy direct access to web users’ data, which is collected without service providers’ approval from the internet or mobile phone networks. Agencies with access to this national database include the Intelligence Bureau, the Central Bureau of Investigation, the Directorate of Revenue Intelligence, the Research and Analysis Wing and the National Investigation Agency.

Silence in Kashmir

The Indian government keeps tight control over the internet in Kashmir. Frequently, the government orders internet service providers to suddenly and totally cut off internet access at certain times. The aim is to head off disturbances and, for example, to prevent demonstrations from being organized via social media. This was the case in 2010 and 2012, as well as in July 2013, following the killing of six civilians by Border Security Force officers.

The victims had joined a demonstration protesting a government raid on a mosque. The military responded by shutting down all internet and 3G mobile service in the region. The government subsequently denied having ordered the blackout, but telephone companies said they had been ordered to cut off service as a precautionary  measure. An employee of the BSNL phone network told a journalist under cover of anonymity that the firm had received a verbal order to cut off mobile internet and voice service. Downloading speed was also reduced.

NETRA, state-of-the-art spyware

Not slowing down their remarkable progress, Indian authorities have established a spying system capable of real-time detecting of oral as well as written messages deemed to pose a threat. NETRA (NEtwork TRaffic Analysis) was developed by the Centre for Artificial Intelligence and Robotics, a laboratory operated by the Defence Research and Development Organization, a government agency. After small-scale testing, Netra was to be deployed nationally for all intelligence agencies over the course of this year, according to official information reported in the Indian press. The system will cover software such as Skype, status updates and messages posted on Twitter, blogs and forums.

Indian authorities, instead of enacting laws designed to protect citizens’ private data, are vastly expanding the reach of surveillance. This policy raises the question of what will come of this endless technology race. Inevitably, repression will be one result.

First victims

With the CMS fairly recently established, only a handful of cases have come to light in which web users have been prosecuted based on the fruits of surveillance. However, a phone wiretapping scandal that broke in 2013 highlights the tendency toward mass surveillance. The so-called “Snoopgate” case grew out of evidence that Gujarat Chief Minister Narendra Modi and his interior minister were involved in wiretapping a young woman. The wiretaps allegedly conducted on behalf of the two men date back to 2009 and allegedly were installed by the state police upon Modi’s order.

Another example of the trend toward surveillance in India occurred in November 2012, when two 21-year-old woman were arrested by the police, and placed in detention under Section 66A of the ITA-2008. One of the two, Shaheen Dhada, had commented on Facebook about a national halt of mass transit during the funeral of Indian politician Bal Thackeray. The other young woman, Rinu Shrinivasan, had “liked” the comment. They were freed on bond before the end of the 14-day detention period.