A typical “Big Brother is watching” situation is emerging in India, yet again: On the 15th of October India’s Department of Telecommunications published a notice on its website directing telecom operators to implement an online authentication of their Internet subscriber base. All Internet and Broadband subscribers using WiFi are required to get themselves registered with their telecom service providers within 60 days, according to that notice. India has around 7 million broadband connections. The growth of Internet usage in the country has also been hindered by strict norms around cybercafe usage and harassment of cybercafe owners by law enforcement agencies.
The present issue clearly is the presence of open and unprotected WiFi connections that may be used by terrorists to send or receive messages. Telecom operators are required to follow strict ‘Know Your Customer’ norms as far as mobile connections are concerned; government agencies can lawfully intercept calls for specific anti-terror tracking, though there is room for misuse of this privilege.
Guidelines Issued In February Restricted Simultaneous Logins
While going through guidelines issued to telecom operators on February 23rd 2009 year (a copy here at Tata Communications), a couple of points caught my attention:
I.a.iii: Licencee (Telco) shall ensure that unique user IDs and Passwords do not have provisions for simultaneous multiple logins. Licencee may give more than one use ID and Password to a single subscriber for multiple for his Internet account
I.a.iv: Licencee shall put a clause in Subscriber Agreement of new subscribers that any WiFi connectivity deployed by subscriber has to be activated only after it is registered for centralized authentication with the Licencee.
There are similar detailed authentication norms for WiFi in public spaces and compliance by existing subscribers, and those users with their own WiFi routers were to have gotten themselves registered. We’re not sure if these guidelines issued in February still hold or have been revoked, but the overall suggestion appears to be that the government wants to monitor Internet access. Imagine if a friend is over, and wants to, say, connect to the WiFi using his laptop or mobile: that will require an additional user ID and password, and separate authentication, so that the government can track and identify the user and usage. The prevention of simultaneous multiple logins will significantly restrict Internet access. Again, please keep in mind that these point I.a.iii and I.a.iv were a part of guidelines issued in February, and may have been revoked (we hope).
Text Of Current Notice
In order to prevent misuse of Wi-Fi connectivity for internet access by unauthorized users, all Telecom service providers have been directed to implement online Centralised Authentication procedure for Internet subscribers. All Internet and Broadband subscribers using Wi-Fi connectivity are required to get themselves registered with the respective Telecom Service Providers for completing the centralized authentication procedure within 60 days from the publication of this notice.
This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.
11 Comments until now.
This is so absurd, it's not funny. How do ISPs or the Government intend to stop me from operating an unregistered WiFi network at home? Does this then mean that I can't have an 'always-on' connection, and will have to sign in independently everytime I want to get online? Usability disaster, and much damage to user convenience.
FAIL
Seconding Sumant. Just praying that our so-called "intelligence agencies" who have influence in inverse proportion to their efficiency don't get in on the act. Unlike the VOIP issue, where I guess there are strong lobbies on both sides, here, it is only the hapless customer who is going to bear the brunt of such irrational policy decisions.
WTF are these chaps smoking? Seriously?
Heh.. This is technically not possible.. They cannot track how many users are there on a single line..
i dont think u guys got it… all that the notice says is have a password to your Wi-Fi router… thats is.. simple.
Why is that so irritating guys? Waiting for a dear one from your family to die in a blast.
@Kaiz: I assume you have been reading too many Tom Clancy novels. I am eager to learn if a single terror incident in India has used 'unsecured' WiFi networks to plan and execute a blast. So far, to the best of my knowledge, such networks have been used only to send self-congratulatory emails, after the event. The rest is highly suspect media hype, fanned by persons who are very likely to have a vested interest in selling 'security' systems, and some policemen who are very eager to face TV news cameras.
Also, you apparently find it difficult to understand the notification. Nobody is interested in users having passwords to log into private networks, the notification asks for all users to be centrally registered with the ISP. This is a backdoor method to empower ISPs to begin identifying subscribers on the basis of numbers of users per subscription ID, and the logical next step will be differential rates. I am rather more interested in a regulatory framework that will govern the leaking of such personal information to third parties (at the moment, there is none, so…).
Such registrations will in no way help security agencies to identify malafide users of home networks, which (ie IEEE 802.11x compliant) are inherently not designed for high-security environments. Have you registered, or been asked to register, all your family members and guests who use the home (cordless) telephone? Would it serve any useful purpose? QED.
Quite obviously the govt. never heard of TOR. Nor of encryption. The cluelessness of our security "experts" astounds me. All i require to send those messages in plain old voice is a one of the millions of public phones. Aha I get it. We will use fingerprint scanners and face recognition algorithms to identify potential suspects at public phones.
I don't understand this rule at all. How can ISPs find out if someone is using wifi or not? A lot of people use routers and not all them have wifi turned on always. Will they make it mandatory for everyone with routers to register too?
@chupchap : there's no enforceable way of registering WiFi users. I don't think an ISP can track whether a person is using WiFi or not.
What they're trying to do is, get all the people with ISP given WiFi to register with ISP for a username and password for access, and then get people with additional users to do so as well. It makes it easier for the government to track connections, which specifically have wifi routers connected.
I think Seykun? was quite right with the comment, but it isn't for differential rates, but for monitoring purposes. Anyway, the new IT Act includes conditions for significant monitoring of users by ISPs, even storing copies of all the data they have accessed.
This is hillariously stupid. I'd love to meet the people who came up with this.
MTNL has a registration form up..look at the url. http://comptrack.mtnl.net.in/regwifi.html