Conversations of ordinary citizens are being tapped round-the-clock without so much as a by-your-leave or Constitutional sanction. Amit Bhardwaj explains why the pilot project already underway in Delhi threatens privacy and security like never before.

Do you stay in Delhi? If so, it’s time to recall all the mobile phone conversations you had with friends, family and associates. It’s time to recall the private messages and pictures you shared on WhatsApp and other social networking sites. It’s time to remember the sensitive data meant for your close associates, your lawyer or chartered accountant. If you believe that the secrets you share electronically remain between you and your partner, you are probably wrong! All this while, shadowy figures have been tracking each and every detail you shared, and they work for agencies of the Government of India itself.

Taking a cue from the United States National Investigation Agency (NSA) clandestine surveillance project PRISM, the central government has developed a Central Monitoring System (CMS) in India. The project is designed for ​‘lawful interception and monitoring communication’ over phone and internet. While the government is planning to make CMS operational throughout the country by the end of this year, Delhi has been the first to get a taste of it. Documents with TEHELKA show that C‑DoT (Centre for Development of Telematics), the State’s telecommunication R&D centre, proposed implementation of the CMS pilot project in Delhi in 2011-12 by two telecom service providers (TSPs). C‑DoT’s Result Framework document says lab testing of the CMS was completed in financial year 2009-10. A year after, infrastructure was set up for the pilot project. Milind Deora, former MoS (Communication & IT) informed the Lok Sabha in December 2012: ​“Development work of the system is largely completed. Pilot project has been completed by September 30, 2011 at Delhi under which C‑DoT has installed two ISF servers, one each for MTNL and Tata Communications”

Post the Mumbai terror attack of 2008, the central government felt a need for securing the internet space and keeping tabs on the flow of communication. The UPA government came up with the idea of intercepting and monitoring all platforms of e‑communication and C‑DoT was ordered to develop a competent mechanism, subsequently laying down the foundations of CMS. In November 2009, the Rajya Sabha was told, ​“The government proposes to set up a centralised system to monitor communications on mobile phones, landlines and the internet in the country. The CMS is envisaged to be implemented by DoT to strengthen the security environment.” However, neither the Congress government nor the present BJP government took pains to get parliamentary sanction for the Rs 400 crore-plus project. A blind copy of the PRISM project, CMS falls short not only on the legal front but also on its premise of curtailing civil rights by infringing the right to privacy.

Adding to the unrestrained power of taping phone calls, there is a fogginess around checks and balances. Speaking to TEHELKA, ADG Home Affairs KS Dhatwaliya said, ​“National security is our priority. Government is authorised to carry such surveillance. Moreover India is not a lone case here; many other countries have a similar arrangement. The CMS will prove to be an asset for national security.”

Unfortunately, the credentials of CMS being fruitful are a big question mark. According to revelations of Edward Snowden, the NSA whistleblower who jolted the world by exposing US’s PRISM, only 1.5 percent of data collected by the clandestine surveillance project is useful for national security. The CMS project aimed at doing away with unnecessary hurdles and unwanted personnel’s involvement in the old phone-tapping process. At present, tapping is governed by the Indian Telegraph Act and IT Act.

> “..All the databases with agencies are governed by statutory Acts like in income tax and others. There is no law which allows them to share it with any other state agency. Sharing of information between Income Tax, ED, CBI is per se illegal. You cannot impinge upon civil liberties without getting approval from Parliament for programmes of this nature (CMS). If at all there is a project which assaults civil liberties, irrespective of whichever government might have conceived it, it is illegal and would be challenged and struck down in an appropriate court of law..” > > Manish Tewari – former I&B minister, UPA‑2

Calls can be intercepted and monitored after due approval of the Home Secretary. The law also states that any TSP not adhering to the instructions given by the law enforcement agencies can be booked. The government’s argument is that CMS cuts down one step. While, as per provisions of the IT Act, any interception can be carried out for maximum period of 60 days, CMS is unrestrained.

Earlier, the authorisation for tapping a suspect’s phone was issued by the Home Secretary and was forwarded to the respective telecom operator. Sources in the National Technical Research Organisation (NTRO) informed TEHELKA that, in the earlier case chances of leakages of information and possibility of alarming the suspect were high. However, fresh amendments in unified license (access services) agreement Law Enforcement Agency (LEAs) will surpass the telecom operators as all the data and speech, i.e., text-internet communication and calls will be directly transferred to Regional Monitoring Centres (RMCs).

Telecom companies cannot challenge these amendments as they are governed by the licence agreement wherein the right to modify terms and conditions is reserved by the central government.

Under the national roll-out, as of today, two central monitoring centres at Delhi and Bengaluru and 14 out of 21 RMCs will track data from servers of all 195 locations. Interestingly, as per reports, Jammu & Kashmir has been left out. Also, Internet Service Provider (ISP) monitoring system was expected to be ready at 45 out of 50 locations by 2012 itself. This suggests our activities on the internet were already being monitored by the LEAs.

> Landmark verdicts > > In Kharak Singh vs State of UP 1967 verdict, the Supreme Court observed: > > The right to privacy is a sacred and cherished right. There must be strong, cogent and legally justifiable reasons for law enforcement agencies to interfere with this right. Even then, proper procedure must be followed as intrusion into a person’s home, professional or family life in the name of investigation or domiciliary visits without a proper basis is not permitted. > > In PUCL vs Union of India, a 1997 Supreme Court verdict lay down the following guidelines regarding interception: > > 1. Tapping of telephones is prohibited without an authorising order from the Home Secretary, Government of India or the Home Secretary of the concerned state government > > 2. The order, unless it is renewed, shall cease to have authority at the end of two months from the date of issue. Though the order may be renewed, it cannot remain in operation beyond six months > > 3. Telephone tapping or interception of communications must be limited to the address(es) specified in the order or to address(es) likely to be used by a person specified in the order > > 4. All copies of the intercepted material must be destroyed soon as their retention is not necessary under the terms of Section 5 (2) of the Indian Telegraph Act, 1882

Mass surveillance programmes have faced acute public criticism across the globe. Human rights activists believe that surveillance projects like the CMS will turn democracies into police states. According to Anja Kovacs, founder of Internet Democracy, ​“CMS will enable intelligence agency to intercept and track private conversation of every citizen, even of those who are not suspected of committing any anti-national activity. Being tracked as a criminal is unacceptable in any democracy.” Citizens live in constant fear of being always on the radar.

Activists believe that such projects create an environment of insecurity and fear. Insensitive mass interception cannot be justified in the name of national security. Also, the intention of bureaucrats and politicians who will be in charge of such sensitive data is a major concern, as India is yet to create a culture where its bureaucrats are equally sensitive about the privacy of their countrymen like in the west.

> “..Those who are not in the wrong and are not involved in antinational activity, shouldn’t be afraid of CMS. Don’t talk of human rights and democratic rights, they are bullshit. National security is our priority..” > > KS Dhatwaliya – ADG HomeAffairs.

Talking to TEHELKA, CPM leader Brinda Karat declared the CMS to be ​“nothing but snooping by another name and violative of basic individual civil rights.” Pertinent questions related to legal viability of such surveillance has also come to the fore.

When Manish Tewari condemned the Modi government’s plan for mass surveillance, he was reminded that it was a Congress brainchild. Tewari retorted that as I&B Minister, he never heard of ​“anything called CMS”. Meanwhile, his colleague Milind Deora has come out in public with a contrary claim that the previous Congress government chose not to implement CMS considering the lack of check and balances. However, told that documents with TEHELKA say otherwise, Tewari said, ​“If at all there is a project which assaults civil liberties, irrespective of the fact whichever government might have conceived it, it is illegal and it would be challenged and struck down in appropriate court of law.”

> “..Supreme Court has laid down specific guidelines for phone tapping. The landmark decisions by the courts, say that phone tapping is illegal, unless justified by authority of law. CMS is illegal if enough checks and balances are not maintained in the due process..” > > Prashant Bhushan – Supreme Court lawyer

The CMS project is capable of paralysing political and civil movements in the country. The larger implication of the project can be understood in the light of implementation of wire services in India after the revolt of 1857. Traditional tapping methods enabled the British government to defuse debates in public discourse and subsequently curb organised movements. In the CMS era, governments will be a step ahead of those protesting. We might not ever see movements like the JP movement and India Against Corruption, which would have the potential to expose misdeeds of the ruling government. Chances of short circuiting and defeating the Opposition’s plans cannot be denied after implementation of such restrictive measures. No ruling party will want to leave an opportunity of becoming Lord Voldemort (Harry Potter) who can sneak into opponents’ brains.

Also, the unrestrained powers of interception that CMS will extend the ruling government will be equal to that of the repealed MISA. The horror of mass arrests and curtailing of civil rights by Indira Gandhi during the emergency was result of similar unrestrained tapping powers. In a recent interview to Indian Express, LK Advani said ​“the forces that can crush democracy… I don’t have the confidence that it (Emergency) cannot happen again.” According to Advani, we have failed to do anything which can safeguard civil liberties.

> “..It will become easier for hackers to dent the private data of citizens. By attacking the integrated database of CMS hackers will get access to lives of all Indians..” > > Sunil Abraham – Co-coordinator of Centre for Internet security

Ugly chapters of phone tapping and misuse of state agencies like CBI are abundant. ADG Dhatwaliya assures us, ​“Trust on your bureaucrats, they will not wrong you.” But there are counter claims. ​“Instances of intercepting people with ulterior political motive are common practice. I can recall at least two occasions when I was asked to tap two seniormost officials of the home ministry” said a source at NTRO.

The drawbacks of CMS don’t end here. Experiences worldwide show that integrated databases have become a soft target for hackers. Interestingly, the credentials of the communications and it ministry too are under a question mark, as its own website was taken for a ride a few days back.

> “..This (CMS) is a clear violation of human rights and right to privacy. The government should come in public so that a debate can be initiated..” > > Meenakshi Ganguly – Human Rights Watch

Also, there is no clarity about how the project will tackle the possible spills and leakages while transferring data to law enforcement agencies. The subsequent misuse of such data by rogue officers of the enforcement agency is yet other issue of concern.

The central government has been opaque and thrown a blanket of secrecy around CMS. Several parliamentarians and officials whom we contacted had no clue about the project. Even after repeated attempts by TEHELKA, the ministry chose to remain silent on the matter. Every call to C‑DoT went unaddressed by the officers authorised to speak to media. Others refused to divulge any information, citing it to be matter of ​‘national security’. ​“Executive action cannot be used as a handle for by-passing the requisite legislative mandate from the Parliament,” says Pavan Duggal.

> March of the Spy Brigade > > 2008 Post Mumbai terror attack, government plans to implement a mass surveillance programme. Task given to C‑DoT. Rajya Sabha informed about massive rollout of the project in Nov 2009 > > 2009 Network Traffic Analysis (NETRA) e‑surveillance programme commissioned. Designed by the DRDO’s CAIR. So far it has failed to tackle encrypted communication > > 2009-10 Lab testing of CMS completed. Infrastructure set up for piloting. > > 2011-12 Pilot implementation of CMS in Delhi at two TSPs > > 2015 National rollout of CMS through 21 RMCs and 195 ISF locations

Delhi government spokesman Nagendra Sharma, when approached by TEHELKA merely said, ​“If true, we strongly disapprove it. Telecom companies should challenge it.”

Post Snowden’s expose, the west has become more sensitive towards eavesdropping. Even the US, taking a lesson from the public uproar against PRISM passed the US Freedom Act in June this year. The law will end the collection of Americans’ mass surveillance through phone records by NSA and other state agencies. Taking a cue from activism in the west, public debate on the issue must start; otherwise the State will have in its hands a tool more lethal than the repealed Section 66A of the IT Act. Unfortunately, once CMS is operational, agencies will refuse to divulge any information by citing national security. In such a scenario, the generation to come will have to live in a police state unless India comes up with its own version of Edward Snowden.