The Department of Telecommunications (DoT), which comes under the Ministry of Communications, recently released the Draft Indian Telecommunications Bill 2022 for public consultation. It was expected to be a progressive bill consolidating and replacing three current colonial laws governing the telecom industry: the Indian Telegraph Act, 1885, the Wireless Telegraphy Act, 1933, and the Telegraph Wires (Unlawful Possession) Act, 1950. However, it has been greeted with raised eyebrows by concerned digital rights organisations over the surveillance and internet shutdown mechanism it proposes.
Also Read: The Probe Impact: Government calls off Pawan Hans Disinvestment
We Have a Request for You: Keep Our Journalism Alive
We are a small, dedicated team at The Probe, committed to in-depth, slow journalism that dives deeper than daily headlines. We can't sustain our vital work without your support. Please consider contributing to our social impact projects: Support Us or Become a Member of The Probe. Even your smallest support will help us keep our journalism alive.
Messaging apps included in Telecom Services now
With the new Bill, the government has widened the definition of ‘Telecommunication Services’ under Clause 2 to include interpersonal communications services, machine-to-machine communication services and OTT (Over – The – Top) communication services/platforms. This means that all the messaging apps such as WhatsApp, Signal, and Telegram will come under this Bill’s ambit and hence shall be regulated.
Stay informed with The Probe. Get original stories, exclusive insights, and thoughtful, in-depth analysis delivered straight to your phone. Join our WhatsApp channel now! Click the link to join: https://whatsapp.com/channel/0029VaXEzAk90x2otXl7Lo0L
Will this include video call services as well? Since video call services like Google Meet, Facetime and Zoom are all OTT services, they too shall be covered by the Bill. Today, from matrimonial websites to online reselling shops, almost all browser-based platforms have a messaging option within them. However, the Bill on this front is unclear and ambiguous, to say the least. Since the phrase ‘OTT communication services’ has not been particularly defined in the Bill, it is difficult to state whether such browser-based services will come under its regulatory ambit or not.
Also Read: CoWIN Data Breach Reveals Security Gaps In India’s Critical Information Infrastructure
Encryption debate and interception
Chapter 6 of the Bill deals with “Standards, Public Safety and National Security,” which proposes provisions for Public Emergency or Public Safety. Clause 24(2)(a) and 24(2)(b) are being called out for infringing privacy and freedom by digital rights organisations. The clause empowers the government to stop transmission and allow interception of messages/calls in the “interest of the sovereignty, integrity or security of India, friendly relations with foreign states, public order, or preventing incitement to an offence”.
Currently, Section 5(2) of the Indian Telegraph Act, 1885, allows for the interception of messages through the telegraph, furthering the surveillance interests of the government. The new Bill replaces the section with Clause 24(2)(a), which is even more draconian as it authorises the surveillance of ‘telecommunication services or telecommunication network’. This Draft Telecommunication Bill is what seems to be an attack on end-to-end encryption and people’s fundamental rights.
Why is end-to-end encryption so important?
Also Read: LGBTQIA Rights: Can Government Institutionalise Stereotypes?
He further explains that “Encryption technology is the first, and in most cases, the only layer of security, within a user’s control. When you send a text to your friend over WhatsApp or Signal, the Signal Protocol (used by both platforms) converts your message into gibberish (ciphertext) which is only converted back to plaintext after landing on your friend’s phone via the encryption key. End-to-end encryption technology ensures that only the two ends of the communication, i.e., the sender (you) and the receiver(s) (your friend), have access to the encryption key that can convert the ciphertext to plaintext.”
End-to-end encryption or E2EE is a method of secure communication that prevents third parties, hackers and attackers from accessing data while it’s transferred from one end system or device to another. In E2EE, the data is encrypted on the sender’s system or device, and only the intended recipient can decrypt it. As it travels to its destination, the message cannot be read or tampered with by an internet service provider (for example, Airtel, Jio and the likes), application service provider, hacker or any other entity or service. The OTT communications services that are being dragged into the ambit of this Bill use this technology to retain users’ privacy.
Clause 24(2) of the draft bill mentions - prevention, interception, or disclosure in the interest of ‘national security’. “What may be worrying for a lot of us is the amount of due diligence put in by the respective governments before invoking such rights. I also fail to differentiate much between the proposed ‘new law’ as Rule 2(f), 2(g), 2(h), and 2(i) of The Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009 were also aimed at loosening/breaking encryption. Therefore, the way forward may not be in deciding between what is more important - privacy or public safety, but rather in regulating and delicately balancing the two. The growing encryption standards are bound to complicate things further that may force law enforcement agencies to fight encryption with encryption, something we witnessed in Operation Trojan Shield,” says Naren.
The Surveillance Debate
The state is allowed to “intercept, monitor, and decrypt any information for protecting sovereignty, national security, friendly relations with international governments, integrating public order, etc...,” under Section 5(2) of the Indian Telegraph Act of 1885 and Section 69 of the Information Technology (Amendment) Act of 2008. However, there are certain gaps in this regulatory framework for monitoring, raising issues about how it affects citizens’ rights and raising worries about how such a large scope can damage the country’s democracy. The laws now have gaps that allow state actors to conduct targeted monitoring at their discretion in the absence of adequate checks and balances.
Also Read: Fake Loan Apps Thrive As Authorities Fail To Crackdown, Leaving Consumers Vulnerable
Pranav states that “The encryption technology is also used by bad actors for nefarious purposes like spreading child sexual abuse material, sharing fake news and hate speech, hatching criminal conspiracies amongst others. For these reasons, the government seeks to identify the senders of these messages (and also intercept the communication (via Clause 24 of the Telecommunications Bill, 2022). Such identification of parties and interception of communication is not possible on end-to-end encrypted platforms, and a legal mandate enforcing one would technically break encryption. This will lead to multiple challenges. In addition to tumultuous violations of human rights, businesses will also be impacted. Also, any mechanism developed for exceptional access to encrypted communication by law enforcement can also be misused by bad actors. More importantly, the moment bad actors get a whiff that an encrypted platform has been compromised and is sharing information with the government, the savvy criminals will simply shift to another unregulated encrypted platform or develop their own encrypted platform as the technology to develop it is publicly available on GitHub. The encryption genie is out of the bottle.”
Identifying Users – A KYC?
With the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Central Government required social media “intermediaries” to trace the originator of content/information so as to identify the individual. The draft Personal Data Protection Bill that was recently withdrawn in Parliament also proposed a voluntary user verification mechanism. Now, Clause 4 of this draft bill requires the telecommunication services that acquire a licence to “unequivocally identify the person to whom it provides services, through a verifiable mode of identification as may be prescribed.” It further requires that the user identity of the person transmitting the message be made available to the user receiving such a message. One of the perks of the internet was the ability to stay anonymous, and the provision particularly aims to put an end to it. Hence, the service providers / intermediaries / telecommunication services would now be obligated to identify every user on their platform.
Lobbying by the telcos?
Experts suggest that the inclusion of OTT communication services within the definition of telecommunication services to bring them under government regulation is a result of extensive lobbying by telecom giants and their lobbies. The giant telecom companies or traditional telecom service providers have been consistently demanding the regulation of OTT communication services as they claim these services are ‘alternatives’ to the traditional service. There have been reports of losses to these companies as a result of users shifting to such platforms. These traditional service providers blame instant messaging services for their declining revenues.
According to a preliminary analysis report by Internet Freedom Foundation, the theory checks out. The findings of IFF states: “Both voice and data usage have seen a significant increase in the past few years. This exploded after Q2, 2016 when Reliance Jio started its services. The rate of growth is increasing and more people are coming online. This massive growth has coincided with a drop in per-user revenue for the major telecom players. Such fall appears to be due to a hyper-competitive environment after the entry of Reliance Jio. However, with a wave of consolidation, this period may soon end. These trends are as per statements in the press by leading executives of telecom companies and analyst reports such as Moody’s and Fitch.”
Internet Shutdowns
The Bill provides no judicial mechanism for such suspensions. The Supreme Court in Anuradha Bhasin vs Union of India stated that freedom of expression and conducting business through the internet are rights protected under Articles 19(1)(a) and 19(1)(g) of the Constitution. The mechanism for the suspension of internet services is prescribed under the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules, 2017. In the Anuradha Bhasin case, the Court has read into the procedural safeguards of the Telecom Suspension Rules. However, there’s no reform in the new Bill.
Diluting the powers of TRAI
The central government seeks to amend the TRAI act and dilute the powers of the Telecom Regulatory Authority of India. The present and functioning legislation requires the government to obtain recommendations / views from TRAI before issuing a licence to any service provider. However, the new Bill takes TRAI out of the picture and empowers the Central Government to take that decision.
Takeaway
(Please note: Change can only occur when public participation in government policies exists. Comments on the draft Indian Telecommunications Bill 2022 from relevant stakeholders have been invited till October 20, 2022 by the government of India. The comments can be sent to [email protected]. Check out the full draft Indian Telecommunications Bill 2022 here:
https://dot.gov.in/sites/default/files/Draft%20Indian%20Telecommunication%20Bill%2C%202022.pdf)