Central Monitoring System

The Central Monitoring System, abbreviated to CMS, is a clandestine mass electronic surveillance data mining program installed by the Centre for Development of Telematics (C-DOT), an Indian Government owned telecommunications technology development centre,[1] and operated by Telecom Enforcement Resource and Monitoring (TERM) Cells.[2] The CMS gives law enforcement agencies centralized access to India's telecommunications network[3] and the ability to listen in on and record mobile, landline and satellite[4] calls and voice over Internet Protocol (VoIP), and read private emails, SMS and MMS and geolocate people via their cell phones,[5] all in real time.[6] Telecom operators in India are required by law to give access to their networks to law enforcement agencies.[7] From 2014 onwards, mobile network operators will be required to include in the Call Data Records details of the caller's location, the number called, the duration of the call, and the mobile tower used.[8]

Prior to CMS, agencies had to obtain a court order for surveillance.[9] The Ministry of Home Affairs now has the sole power to decide whom to monitor.[10] The system was created without approval from Parliament,[11] provides no means of addressing abuse, and places no consequences in case of abuse.[6] The government stated that the cost of implementing CMS was INR400 crore (US$63 million). However, on 21 June 2013, The Hindu, reported that it had obtained project documents relating to CMS, which showed that the project's budget was "nearly double" that amount.[12]

History

The 2007-08 annual report of the Department of Telecommunications (DoT) stated that the requirements for the CMS project had been finalized by the Telecommunication Engineering Center (TEC), after deliberations with security agencies, and that the first phase of the project, covering the "national capital", was scheduled to be implemented by 31 March 2008. It also stated that C-DOT had finalized the "scope, architecture and dimensioning of the network".[13] The 2008-09 annual report stated that proof of concept had been demonstrated and that R&D activities for the project were "ongoing".[14] The Government of India budgeted $150 million for the system as part of its 12th Five Year Plan, with Cabinet ultimately approving a higher amount.[15] The CMS was fast-tracked following the 2008 Mumbai attacks. However, it faced repeated delays and missed the original deployment deadline of the end of 2012,[16] and the next deadline of March 2013.[17]

CMS was first announced publicly in a press release by the Press Information Bureau (PIB), dated 26 November 2009.[18] The release lacked details on the system but stated that CMS was a "centralized system to monitor communications on mobile phones, landlines and the internet in the country" and claimed that the project would "strengthen the security environment in the country".[19] CMS was mentioned by Minister of Communications and Information Technology Kapil Sibal on 1 January 2011, while addressing the media to announce his 100-day agenda for the Indian telecom sector. Sibal mentioned it in passing, telling the media that "Steps will be taken to establish the Central Monitoring System which will facilitate and prevent misuse of lawful interception facility."[20][21] The announcement was described as "muted" by Time magazine.[22]

On 9 March 2011, Minister of State for Communications & Information Technology, Sachin Pilot stated that the CMS was to be set up for the "Lawful Interception and Monitoring of communications to address the national security concerns. It will automize the present manual system of interception and monitoring, which will enhance the secrecy of intercepted numbers and will cut down the delay in provisioning."[23]

On 15 October 2012, The New Indian Express reported that the National Investigation Agency (NIA) had requested for authorization to access CMS once it became functional. The paper also stated that a pilot trial was underway.[24] Mint cited an internal note from the DoT dated 10 June 2013, which reportedly said that CMS had "undergone successful pilots" and was "likely to be commissioned" by the end of 2013.[25] The government began rolling out the CMS, state by state, in April 2013.[7]

In July 2013, BlackBerry granted the Indian Government access to its messaging services.[26] It is presumed that CMS will be used to monitor these services,[27] although it may be done through C-DOT's Lawful Intercept and Monitoring (LIM) system.[28] It will make two amendments to the Indian Telegraph Act to allow for intercepting and monitoring through the CMS and to allow "collecting, storing and analyzing message pertaining to information of any nature by the Telegraph Authority".[29]

System details

The Indian government agencies known to have been authorized to make intercept requests through CMS are the Central Board of Direct Taxes (CBDT), the Central Bureau of Investigation (CBI), the Defence Intelligence Agency (DIA), the Directorate of Revenue Intelligence (DRI), the Enforcement Directorate, the Intelligence Bureau (IB), Narcotics Control Bureau (NCB), National Investigation Agency (NIA) and the Research & Analysis Wing (R&AW),[30] as well as Military Intelligence of Assam and Jammu and Kashmir, and the Home Ministry.[12] The Securities and Exchange Board of India claims that it requires CDRs in order to "establish links between two or more parties who might have had conversations among themselves before or after the incidents of insider trading and to prevent black money coming to market or other manipulative activities in the market".[31]

Government view

Minister of state for information technology, Milind Deora defended the project on 7 June 2013, saying that it would "safeguard your [Indian citizens] privacy and national security".[7][32][33] He also revealed that "The mobile company will have no knowledge about whose phone conversation is being intercepted."[34] However, Deora's guarantees were dismissed by the Indian media. Mint stated that being "asked to repose faith in the government as a custodian of the data it collects" was "a laughable proposition".[35]

Speaking to reporters at the Association of Southeast Asian Nations (ASEAN) regional forum meeting on 2 July 2013[36] in Bandar Seri Begawan in Brunei,[37][38] Minister of External Affairs Salman Khurshid defended the United States PRISM surveillance program saying, "This is not scrutiny and access to actual messages. It is only computer analysis of patterns of calls and emails that are being sent. It is not actually snooping specifically on content of anybody's message or conversation. Some of the information they got out of their scrutiny, they were able to use it to prevent serious terrorist attacks in several countries."[39] The media felt that Khurshid's defence of PRISM was because the Indian government was rolling out CMS, which was similar to the PRISM program.[40][41][42]

Media reaction

Business Standard criticised the fact that a warrant need not be obtained.[43] Firstpost criticised the lack of information from the government about the project and the lack of a legal recourse for a citizen whose personal details were misused or leaked.[18] The Hindu also criticised the lack of information available about the system.[44]

The Indian Express criticised the introduction of the system in the absence of accountability and "any reasonably effective safeguards" to protect privacy.[45] The Times of India criticised the introduction of CMS without public debate or Parliamentary accountability. The paper also felt that Indian privacy laws were "lax",[46] and "far worse than American law on these matters".[46]

Forbes India pointed out that a consequence of CMS would be that innocent citizens could be wrongly accused of criminal activity.[8] The New York Times argued that India did not need centralised interception facilities to have centralised tracking of interception requests. The paper also expressed supported for a strong privacy law, and advised Indian citizens to "take greater care of their own privacy and safeguard the security of their communications".[30]

Human rights and civil-liberties groups reactions

Human rights and civil-liberties groups have expressed concerns that the CMS is prone to abuse, and is an infringement of privacy and civil liberties.[47] Critics have described it as "abuse of privacy rights and security-agency overreach".[15]

Meenakshi Ganguly, the South Asia director of Human Rights Watch, felt that the move toward extensive "surveillance capabilities enabled by digital communications" suggests that governments are now "casting the net wide, enabling intrusions into private lives". Ganguly also felt that increasing surveillance around the world was an attempt by governments to "grapple with the power of social media that can enable spontaneous street protests".[15]

Praveen Swami, strategic affairs editor of Network18, felt that "There is also the argument that the threat of a cyber attack is deliberately overplayed ... it is far-fetched. So there is a need for balance".[48] Cynthia Wong of Human Rights Watch described CMS as "chilling, given its [the Indian government] reckless and irresponsible use of the sedition and Internet laws". She also said that, "New surveillance capabilities have been used around the world to target critics, journalists, and human rights activists."[11][49] Pawan Sinha, a human rights teacher at Delhi University, believes that bypassing courts was "really very dangerous" and could be "easily misused".[7]

Anja Kovacs of the Internet Democracy Project, and a fellow at the New Delhi-based Centre for Internet and Society, felt that there was "a growing discrepancy and power imbalance between citizens and the state" and that in the Indian scenario, there were "no checks and balances in place".[15]

Sunil Abraham, executive director of Bangalore-based non-profit Centre for Internet and Society, advised Indians to "stop using proprietary software, shift to free/open source software" and "encrypt all sensitive Internet traffic and email using software like TOR and GNU Privacy Guard".[50]

Pranesh Prakash, director of policy at the Centre for Internet and Society, warned that the lack of privacy laws and government accountability makes the programme "very worrisome."[5] Cyberlaw specialist Pavan Duggal stated that the "system is capable of tremendous abuse" and "even legitimate conversations could end up being tracked".[5] Mishi Choudhary, executive director, Software Freedom and Law Center stated that, "There has been no public consultation on this issue. No one knows what they have proposed or whether it has parliamentary mandate. We don't even have empirical data on phone tapping from the government. It's like a black hole."[51]

Human rights activist Neingulo Krome described CMS as "a threat to democracy" and also felt that the agencies involved could "soon challenge the authority of the government itself".[52]

See also

References

  1. "Annual Report 2011-12" (PDF). Department of Telecommunications (DoT). Retrieved 2013-07-14.
  2. "Annual Report 2012-13" (PDF). Department of Telecommunications (DoT). Retrieved 2013-07-14.
  3. "Indian monitoring system threatens rights: rights body". Tech2.in.com. 2013-06-12. Retrieved 2013-07-14.
  4. Joji Thomas Philip (2013-06-21). "Central monitoring system put off till December, telecom test lab to October". The Economic Times. Retrieved 2013-07-14.
  5. 5.0 5.1 5.2 "Government can now snoop on your SMSs, online chats". The Times of India. 2013-05-07. Retrieved 2013-07-14.
  6. 6.0 6.1 "India: Privacy in peril". Frontline.in. 2013-07-12. Retrieved 2013-07-14.
  7. 7.0 7.1 7.2 7.3 Kotoky, Anurag (2013-06-20). "India sets up elaborate system to tap phone calls, e-mail". Reuters. Retrieved 2013-07-14.
  8. 8.0 8.1 "Is CMS a Compromise of Your Security?". Forbesindia.com. 2013-07-09. Retrieved 2013-07-14.
  9. Ann, Dhanya (2013-06-13). "India's Own Surveillance Program - India Real Time". Blogs.wsj.com. Retrieved 2013-07-14.
  10. "India rolls out 'unrestricted' spy programme". E & T Magazine. 2013-06-20. Retrieved 2013-07-14.
  11. 11.0 11.1 "India: New Monitoring System Threatens Rights". Countercurrents.org. 2013-07-10. Retrieved 2013-07-14.
  12. 12.0 12.1 Shalini Singh (2013-06-21). "India's surveillance project may be as lethal as PRISM". The Hindu. Retrieved 2013-07-14.
  13. http://www.dot.gov.in/sites/default/files/English%20annual%20report%202007-08_0.pdf
  14. http://www.dot.gov.in/sites/default/files/AR_English_2008-09_0.pdf
  15. 15.0 15.1 15.2 15.3 Trivedi, Anjani (2013-06-30). "In India, Prism-like Surveillance Slips Under the Radar". Time. Retrieved 2013-07-14.
  16. "Beyond Snowden: US surveillance system a useful model for democratic, terror-hit India". The Economic Times. 2013-06-27. Retrieved 2013-07-14.
  17. "Telecom Central Monitoring System in 10 circles by December". Firstpost. PTI. 2013-06-28. Retrieved 2013-07-15.
  18. 18.0 18.1 Raza, Danish (2013-07-10). "India's Central Monitoring System: Security can't come at cost of privacy". Firstpost. Retrieved 2013-07-15.
  19. "Press Information Bureau English Releases". Pib.nic.in. 2009-11-26. Retrieved 2013-07-14.
  20. Sandeep Joshi (2011-01-01). "100-day plan: Sibal promises transparency in telecom sector". The Hindu. Retrieved 2013-07-14.
  21. "Govt to come out with new telecom policy: Sibal". The Times of India. PTI. 2011-01-01. Retrieved 2013-07-14.
  22. Trivedi, Anjani (2013-06-30). "In India, Prism-like Surveillance Slips Under the Radar". World.time.com. Retrieved 2013-07-14.
  23. "Press Information Bureau English Releases". Pib.nic.in. 2011-03-09. Retrieved 2013-07-14.
  24. Yadav, Yatish (2012-10-15). "NIA seeks Central Monitoring System to tap phones". The New Indian Express. Retrieved 2013-07-14.
  25. Leslie D’Monte & Joji Thomas Philip (2013-07-03). "How the world's largest democracy is preparing to snoop on its citizens". Livemint. Retrieved 2013-07-14.
  26. "Government, BlackBerry end dispute over interception of BB devices". The Economic Times. 2013-07-10. Retrieved 2013-07-14.
  27. Phil Muncaster (2013-07-11). "BlackBerry gives Indian spooks BBM and BIS access". The Register. Retrieved 2013-07-14.
  28. http://motherboard.vice.com/blog/india-spies-on-its-internet-users-too
  29. tech2 News Staff (2013-07-10). "Norms for interception of calls and messages expected to be finalised by August end". Tech2.in.com. Retrieved 2013-07-14.
  30. 30.0 30.1 Prakash, Pranesh (2012-10-11). "Can India Trust Its Government on Privacy?". Hyderabad: India.blogs.nytimes.com. Retrieved 2013-07-14.
  31. "Govt to Install 'Fool-Proof' Phone Tapping Setup Soon". The Times of India. 2013-06-17. Retrieved 2013-07-14.
  32. Abhi Manyu (2013-06-08). "Milind Deora Actually Believes That CMS Will Protect Your Privacy". Gizmodo.in. Retrieved 2013-07-14.
  33. "Google+ Hangout with Milind Deora". YouTube. 2013-06-06. Retrieved 2013-07-14.
  34. Nishtha Kanal (2013-06-21). "India's surveillance programme will track Facebook, Twitter and LinkedIn along with phones and emails". Tech2.in.com. Retrieved 2013-07-14.
  35. Sevanti Ninan (2013-07-10). "Privacy vs government vs media". Livemint. Retrieved 2013-07-14.
  36. "Snowden has not sought asylum in India: Salman Khurshid". Yahoo! News India. ANI. 2013-07-02. Retrieved 2013-07-14.
  37. Elizabeth Roche (2013-07-02). "India not an open house for asylum seekers: Khurshid on Snowden". Livemint. Retrieved 2013-07-14.
  38. "India rejects Edward Snowden's request for political asylum". Zee News. 2013-07-02. Retrieved 2013-07-14.
  39. "Salman Khurshid defends US surveillance programme, says 'it is not snooping'". CNN IBN. 2013-07-02. Retrieved 2013-07-14.
  40. Muzaffar, Maroosha (2013-07-04). "Why India is taking the U.S.'s Side in the Snowden Scandal". New Republic. Retrieved 2013-07-14.
  41. Brindaalakshmi K (2013-07-08). "MP Starts Public Petition For Disclosure Of Indian Data Accessed By PRISM". MediaNama. Retrieved 2013-07-14.
  42. Champion, Marc (2013-07-08). "Indians See a Gift in NSA Leaks". Bloomberg. Retrieved 2013-07-14.
  43. Shukla, Ajai (21 June 2013). "India's digital battleground". Business Standard. Retrieved 7 December 2014.
  44. Deepa Kurup (2013-06-16). "In the dark about 'India's Prism'". The Hindu. Retrieved 2013-07-14.
  45. "Way to watch". Indian Express. 2013-06-26. Retrieved 2013-07-14.
  46. 46.0 46.1 "Indian surveillance laws & practices far worse than US". The Economic Times. 2013-06-18. Retrieved 2013-07-14.
  47. R. Jai Krishna (2013-07-06). "India's Surveillance Program Stalled". Blogs.wsj.com. Retrieved 2013-07-14.
  48. "India's digital battleground". Business Standard. 2013-06-21. Retrieved 2013-07-14.
  49. Cynthia Wong (2013-06-07). "India: New Monitoring System Threatens Rights". Human Rights Watch. Retrieved 2013-07-14.
  50. "Cyber experts suggest using open source software to protect privacy". The Times of India. 2013-06-22. Retrieved 2013-07-14.
  51. http://articles.timesofindia.indiatimes.com/2013-05-12/security/39203096_1_cms-interception-and-monitoring-surveillance
  52. "Nagaland Latest & Breaking News, Northeast & India News - Mother India IS Watching You". The Morung Express. 2013-06-20. Retrieved 2013-07-14.