The latest Unified License Guidelines for telecommunications in India provides legal cover to surveillance and monitoring programs mooted by the Indian Government earlier.
Besides making provisions for a monitoring agency to access Internet and telecommunications data, the recently released guidelines by the telecom department says that a service provider must maintain logs of user activity, and provide copies of all packets originating a terminating from a customer’s Internet connection to security agencies.
The Unified Licensing regime, is a new set of guidelines to which telecom operators will have to move. The single permit which comes at a one time fee will allow them to offer multiple services like internet, mobile and wired lines.
One of the guidelines under the Internet services, security conditions, states
“The licensee shall maintain log-in/log-out details of all subscribers for services provided such as internet access, e-mail, Internet Telephony, IPTV etc. These logs shall be maintained for a minimum period of one year.”
ISP’s and other services in the country have been maintaining the logs of theses activities already. The telecom companies have even set up monitoring services to keep a track of user activity.
“For the purpose of interception and monitoring of traffic, the copies of all the packets originating from / terminating into the Customer Premises Equipment (CPE) shall be made available to the Licensor/Security Agencies,” says the guidelines.
A simple search through the document shows that, these guidelines are tailor made to suit the security agencies and various other monitoring systems being implemented by the government.
Some highlights regarding ‘Security’
The licensee shall provide security agencies with monitoring systems with access to the network as required by the agency.
The licensee shall provide the security agencies with anytime unconditional access to the complete list of subscribers.
The licensee shall be subject to periodic surprise checks by Army and/or security agencies.
The licensee at its own cost shall provide appropriately dimensioned hardware and bandwidth/dark fibre up to a designated point, for establishing connectivity to the Centralized Monitoring System.
The licensee shall setup lawful Interception and Monitoring (LIM) systems to monitor Internet traffic including Internet telephony, at its own cost.
The licensee has to provide and maintain the hardware/software required for monitoring of calls at the Intercept Control Center (ICC) as also in the premise of the security agencies.
The licensee shall facilitate monitoring of calls, in addition to the the Target Intercept List (TIL), it should also be possible to carry out specific geographic location based interception for security agencies.
After reading through some of the above mentioned guidelines, it might look like a set of guidelines for setting up a monitoring system rather than one for a unified license. It looks like the government is laying down the groundwork for the grand entry of the nationwide CMS launch.
The Government agencies have been facing a lot of criticism for planned project to use surveillance tools on its citizens.
In another recent development the government had also signed a deal with Israeli cyber intelligence solution provider, Verint Systems, to provide tools to intercept communication services including Gmail, Yahoo mail, BlackBerry services, Microsoft Skype and others. Verint has already installed its hardware and software at ISP centres for many years.