- Safeguards against interception are missing in the telecom bill
- “I don’t think any end-to-end encrypted messaging service is willing to dilute security for users across the world just for the Indian market”.
- Reducing internet bandwidth from 4G to 2G “has a chilling effect on a few different dimensions of speech”
- Interception of messages can lead to mass surveillance
- There is enough legal backing to support both arguments, that controlling the medium of speech is a violation of free speech and that controlling the medium is not a violation of free speech
Policy enthusiasts, lawyers, and of course, people working in the telecom sector (and more) came together for a spirited discussion on the recently released Draft Indian Telecommunication Bill, 2022 at Medianama’s event held in Delhi on October 18th. Unsurprisingly, the event extended an hour beyond its end time as experts enthusiastically shared their take on various provisions of the bill, from licensing to national security. You can watch the full video here. In this piece, however, we’ll focus on a fairly contentious and important part of the bill – interception and internet shutdowns.
The said topics are mentioned in Chapter 6 of the bill, a complete analysis of which you can read here. In short, it allows the government to direct telecom companies to intercept messages, suspend internet services and take temporary possession of telecom services, in certain circumstances. Read on to know the attendees’ thoughts, analysis and recommendations on this specific part of the bill.
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
Challenging interception based on the fundamental right to free speech
- Regulation of medium equals regulation of speech?: An attendee asked if controlling access to the internet (which is the medium of access) will not be a violation of free speech as well. Another person replied by saying shutting down the internet (through government/court-ordered internet shutdowns) is purely stopping the expression of speech itself. “There are ways in which you can regulate the medium which will impact speech definitely, but the implication of saying that any regulation of the medium is a restriction on speech is quite grave because there is no ground in 19(2), which allows you to do ordinary regulations of the medium, like registration, like licensing. There is nothing in 19(2) that allows you to do that” the person added. “Unless we want that to happen, we can’t say that merely regulating the medium equals to restriction of speech”.
Article 19(2) of the constitution provides restrictions applicable to the fundamental right to free speech and expression, which is mentioned in Article 19(1)(a).
- Reducing internet speeds limits free speech: Decisions by any state authority to diminish internet speed (like it happened in Kashmir) has a chilling effect on a few different dimensions of speech, but more specifically the right to seek, receive and impart information, another speaker said. Moreover, when websites are developed over the internet, there is a certain understanding of the type of bandwidth available for the consumer accessing these services. “So in some ways, when you reduce the bandwidth available, then a lot of websites and content and application and services sort of become unusable”, the person added.
- Is the medium of speech not protected by the constitution (Sakal Papers case)?: “Controlling medium will have an aspect of controlling speech economically” an attendee noted. “The Sakal Papers judgement is very clear on this – if by way of controlling the medium you’re trying to put some economic restrictions that will impact speech – it has to be within the four corners of Article 19(2) alone. It can’t be beyond Article 19(2)”. The person went on to add that “The medium of speech is not protected under Article 19(1)(a), which means even if speed is reduced from 4G to 2G. It is outside the four corners of Article 19(2)” the same speaker continued. She said, “You have enough legal, sound landmark judgements to support both these arguments”.
- Open to Constitutional challenge: Another speaker said that even if this bill gets passed, the fact that there’s a law that authorizes interception doesn’t mean that the law is not open to constitutional challenge.
Understanding lawful interceptions
- The meaning of lawful interception: One speaker said that lawful interception still reminds him of 419(A) of the Telegraph rules “which sort of copies the PUCL judgement (People’s Union Of Civil Liberties vs Union Of India) and that’s actually been to some extent been manipulated in the IT Rules as well”. The language in the draft telecom bill is not very different from the 5(2) of the Telegraph Act in the sense that in case of national security emergency you can do interception and monitoring, he added. But then now you’re “extending that to everything online and pretty much everything under the sun”. Another speaker added that even “IT rules say similar things about interception and it applies to any owner of any computer records wherever it’s situated”.
419(A) of the Telegraph Rules say that before interception, prior approval from an authorised person would be needed.
5(2) of the Telegraph Act allows for the interception of messages by the government for certain reasons like public safety.
- A broad definition means more surveillance: The definition of telecommunication services and telecommunication and telecommunication networks does cover basically all communication that happens online, including machine-to-machine communication, a speaker said. “So, in theory, one could also order that IoT devices and messages from IoT devices or data from IoT devices also be provided to and intercepted by the government”. So, this is broadening the scope of the Telegraph Act of 1885, she said. It can be argued that all of these things are already covered under the definition of a telegraph, but here the bill is explicitly broadening the definition to include a wider range of communications, the speaker added.
- No definition of what is meant by things like public order: Another attendee said the bill does not define what is meant by public order or incitement to an offence.
Government’s Surveillance capabilities
- Laying down the framework for content moderation: What is the legal framework for CMS (Centralised Monitoring Systems) for example? a speaker questioned rhetorically. “Right now as far as I understand, unlawful surveillance is under challenge in a case called Centre for Public Litigation in Delhi High Court”, he continued. The person went on to add, “I think the fact that now it has been laid down (in the telecom bill) is definitely a positive step. Until now what is the legal framework for our surveillance laws? There’s pretty much nothing”. Another speaker responded to this by saying ” I’m not sure if the telecom draft bill will apply to something like CMS because it’s still talking about, from my understanding particular interception, the nature of CMS is more in the nature of mass surveillance”.
- List down tools for surveillance: It should be listed how the government plans to intercept. For example, whether they’re allowed to use malware services or not, the same speaker added. He went on to say that as of now “there’s no restriction on the tools you can use to intercept. So they amount to hacking and greater levels of surveillance… So, I think it would also be worth suggesting at least an amendment to clarify the kind of tools which can be used for interception.”.
- Identify who’s doing disclosures and interceptions: The government is allowed to intercept by ordering to “direct that any message or class of messages, to or from any person or class of persons, or relating to any particular subject, brought for transmission by, or transmitted or received by any telecommunication services or telecommunication network, shall not be transmitted, or shall be intercepted or detained or disclosed to the officer mentioned in such order”. One speaker said that it should be specified as to who is doing the disclosures, and who is doing the intervention.
- Death of end-to-end encryption platforms?: If the bill becomes a law, end-to-end platforms “just cannot offer services in India any longer and if they’re trying to bundle up all of the litigation that they’re seeing in various courts and now it’s in front of the Supreme Court and trying to squash that under this particular act, does that then mean that they’re asking for lawful access because that argument had fallen flat many, many years ago. Are they asking for traceability to be implemented in this manner? …because I don’t think any end-to-end encrypted messaging service is willing to dilute security for users across the world just for the Indian market”.
- Retrospective content moderation?: “How is this content going to be moderated? Is there a grandfathering clause? Are all service providers going to look at all the data retrospectively shared on their platforms and then prospectively as well and this is a massive amount of data to be scanned”, a speaker said.
- Changes in the network layer of the internet: “My bigger concern is then you’re interfering and you’re disrupting the whole architecture of the internet because right now we are still concerned with the content layer of the internet. Once we start going into messing with the data agnostic needs of networks then you’re messing with the network layer of the internet, which is going to be so much more expensive and it’s going to be so disruptive that networks are going to find it extremely hard and expensive to interoperate with one another and this is just within the country. When we talk about India and other countries, it’s going to be a completely different mess”, a speaker said talking about the bill’s provisions that allow the government to suspend telecommunication networks.
- Mass surveillance using section 24(1) of the draft bill: During a public emergency or in the interest of public safety, the government may want to know what topics are trending on telecommunication platforms, a speaker said. They went on to raise the question that if an order is passed by the government where it wants to know what is trending and the identity of people talking about that topic, “an argument be made that the government does not have the power in such a situation to ask who was the originator of that message”
How to make the bill better?
- Safeguards against interception missing: The bill does not put in place any restrictions to interceptions including the ones laid down in the PUCL judgment, a speaker answered. There can be a conversation on whether such safeguards should be included in the bill, she noted. “But also since PUCL, we’ve had Puttaswarmy and we’ve had Aadhar and so we have a four-prong test of which proportionality and procedural safeguards are parts of. So essentially allowing interception without safeguards of all kinds of communication that happens online would be in our view, or my view a disproportionate infringement on the right of privacy that Puttaswamy reaffirms”, the speaker said.
- PUCL-like restrictions not enough: The speaker went on to highlight the limitations of PUCL-like restrictions, “in response to some RTI requests and I think in Parliament, the government basically said that the review committee that meets once in two months in theory would be approving or examining whether or not about 15,000 to 18,000 interception requests were valid. So this obviously doesn’t work as an oversight mechanism” she said.
- Need for judicial oversight: “I believe that Puttaswamy has transformed the whole landscape of privacy and it’s wonderful time to give some legal sanctity to judicial oversight under the bill,” a speaker suggested. The person also said they were not sure whether it will be feasible to codify the proportionality standard under the bill because the bill “cannot include everything”. But since “interception is invading privacy, it must satisfy proportionality standard and we should codify that standard under this bill”, the person added. Another speaker said the interception requirements should be put to test to see if they are compliant with Puttaswammy and Aadhar judgements and also whether or not relevant safeguards are needed, the speaker continued. She suggested an “independent judicial oversight process could be something to look at”.
- Regulations should not affect the secure encryption of platforms: There are maximum standards for encryption imposed on telecom service providers and internet service providers under the licensing regime. If similar standards are imposed on OTT Communication Services like WhatsApp and Signal, there might be certain upper limits to the level of encryption these companies can use, a speaker said. “So we just need to like sort of make a concerted sort of argument or representation to the government that there are not only privacy risks when you create upper limit thresholds to encryption, but there are also cyber security risks because the fact is that there are sophisticated state and non-state actors that are always looking for vulnerabilities within cyberspace,” the person suggested.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
- Indian Telecommunication Bill 2022: What Are The Government’s Powers To Intercept Messages And Suspend Internet?
- Indian Telecommunication Bill 2022: What The Draft Says On Licensing, Registration, Authorisation And Spectrum
- Ashwini Vaishnaw On Draft Telecom Bill Regulating WhatsApp, Mandating KYC And Revealing Caller Identity
- A Complete Guide To The Indian Telecommunication Bill, 2022