A typical “Big Brother is watching” situation is emerging in India, yet again: On the 15th of October India’s Department of Telecommunications published a notice on its website directing telecom operators to implement an online authentication of their Internet subscriber base. All Internet and Broadband subscribers using WiFi are required to get themselves registered with their telecom service providers within 60 days, according to that notice. India has around 7 million broadband connections. The growth of Internet usage in the country has also been hindered by strict norms around cybercafe usage and harassment of cybercafe owners by law enforcement agencies.

The present issue clearly is the presence of open and unprotected WiFi connections that may be used by terrorists to send or receive messages. Telecom operators are required to follow strict ‘Know Your Customer’ norms as far as mobile connections are concerned; government agencies can lawfully intercept calls for specific anti-terror tracking, though there is room for misuse of this privilege.

Guidelines Issued In February Restricted Simultaneous Logins

While going through guidelines issued to telecom operators on February 23rd 2009 year (a copy here at Tata Communications), a couple of points caught my attention:

I.a.iii: Licencee (Telco) shall ensure that unique user IDs and Passwords do not have provisions for simultaneous multiple logins. Licencee may give more than one use ID and Password to a single subscriber for multiple for his Internet account

I.a.iv: Licencee shall put a clause in Subscriber Agreement of new subscribers that any WiFi connectivity deployed by subscriber has to be activated only after it is registered for centralized authentication with the Licencee.

There are similar detailed authentication norms for WiFi in public spaces and compliance by existing subscribers, and those users with their own WiFi routers were to have gotten themselves registered. We’re not sure if these guidelines issued in February still hold or have been revoked, but the overall suggestion appears to be that the government wants to monitor Internet access. Imagine if a friend is over, and wants to, say, connect to the WiFi using his laptop or mobile: that will require an additional user ID and password, and separate authentication, so that the government can track and identify the user and usage. The prevention of simultaneous multiple logins will significantly restrict Internet access. Again, please keep in mind that these point I.a.iii and I.a.iv were a part of guidelines issued in February, and may have been revoked (we hope).

Text Of Current Notice

In order to prevent misuse of Wi-Fi connectivity for internet access by unauthorized users, all Telecom service providers have been directed to implement online Centralised Authentication procedure for Internet subscribers. All Internet and Broadband subscribers using Wi-Fi connectivity are required to get themselves registered with the respective Telecom Service Providers for completing the centralized authentication procedure within 60 days from the publication of this notice.