The Central Monitoring System is expected to get rolled out across the country by December 2014 even as surveillance and interception remains beyond the scrutiny of parliament and judiciary
Pratap Vikram Singh | May 20, 2014
The recent efforts of the government to streamline its communications interception system against the backdrop of the explosive Niira Radia tapes by making the Central Monitoring System (CMS) operational in eight licence service areas (LSA) has revived fears of misuse of the system for extra-constitutional surveillance. The CMS will effectively remove the role of the telecom service providers in the interception. Some civil rights experts and activists want the creation of a parallel overarching judicial-parliamentary oversight for the CMS. The oversight, they say, will deter any punitive executive action to suppress the freedom of expression. According to a senior government official, who is part of the surveillance streamlining process, the department of telecommunications is all set to make the CMS operational within six months. “By December 2014 the CMS will be rolled out across the 22 LSAs,” he revealed to Governance Now. “A proof of concept has already been completed in Delhi with seven telecom service providers (TSPs).”
The CMS will allow law enforcement agencies to intercept all forms of electronic communication (calls, SMSes, fax, emails, blogs and browsing history) across CDMA, GSM and fixed line networks. In short, the CMS will cover the entire base of 90 crore mobile and telephone subscribers and 16 crore internet users.
The government is authorised to intercept communications under Rule 419A of the Telegraph Rules 1951, section 5 (2) of the Telegraph Act 1885 and IT (Amendment) Act 2008. Nine agencies that will have access to CMS interception facility include the Intelligence Bureau (IB), Research and Analysis Wing (R&AW), Central Bureau of Investigation (CBI), Enforcement Directorate (ED), Central Board of Direct Taxes (CBDT), National Intelligence Agency (NIA) and the state police.
The CMS, which is being deployed by the Centre for Development of Telematics (CDOT), automates the process of making a request for interception and receiving the intercept. The request generation by the law enforcement agency, its approval by the home secretary, routing to the CMS authority and finally getting the intercept will happen electronically over a secured network. In the first phase, the provisioning process will be made electronic. In the second phase, the process of getting approval from the home secretary and submission of authorisation to the CMS authority will be made electronic.
Ram Narain, DDG (Security), DoT, told Governance Now that after the CMS is put in place the command for interception will be approved by the ministry of home affairs (MHA) after which it will be generated by a CMS authority. The authority is being set up under the purview of DoT and will act as a single gateway for transacting intercepts. “Neither the CMS authority can see the request, nor can it access the intercept which will be encrypted,” Narain said.
The weakest link in the current surveillance mechanism is the dependence on telecom service providers, contend senior policemen and officials of the MHA and DoT. The centralisation through routing of all requests through the CMS authority will make interception much easier and real-time for the law enforcement agencies, they said. Under CMS, the information will be fetched with the help of Legal Interception System (LIS) deployed at the telecom service provider and sent to legal enforcement agency in an encrypted format through a countrywide secured network. The network is being deployed by state-run BSNL and MTNL.
The information will be received by a Legal Interception and Monitoring (LIM) tool deployed at the end of the law enforcement agency. The LIM will decrypt and analyse the available information. In the present manual system, the communication of the target is accessed by the agencies in an unencrypted format. The telecom service providers currently give access either by providing a direct line (enabling real-time interception) or sharing the recorded conversation. The CMS, said sources, would also have a keyword-based search feature. Such a feature will not only bring everyone under the ambit of surveillance, but is beyond the legal regime that only allows targeted, and not mass, surveillance. However, the MHA and DOT officials denied any such feature. “Contrary to the popular perception, CMS will quicken the process of interception, improve operation’s secrecy and protect citizens’ privacy,” said Narain.
The CMS, said sources, would also have a keyword-based search feature. Such a feature will not only bring everyone under the ambit of surveillance, but is beyond the legal regime that only allows targeted, and not mass, surveillance. However, the MHA and DOT officials denied any such feature.
While CMS could be an imperative for national security, as put by a former NTRO sleuth, and help law enforcement agencies to act swiftly, it has added to the secrecy on surveillance and interception, raising fear among people regarding its misuse. A cross-section of experts that Governance Now spoke with feel that there has to be a parliamentary or judicial oversight on surveillance activities of the security agencies. Justice AP Shah said, “There should be a joint panel of parliamentarians, judges and government officials who could review the requests made for interception and their continuance after a period.”
Although considering national security supreme, AK Verma, former director, RA&W, agreed that the surveillance in particular and activities of intelligence agencies in general should be subjected to parliamentary oversight to prevent its misuse in the larger interest of democracy and peoples’ rights.
Civil rights groups also raise concern about the time given by the home secretary in reviewing an interception request. Going by media reports, every month the home secretary receives 8,000 to 10,000 interception requests which are approved without due consideration.
Gopal Krishna Pillai, who retired as home secretary on 2011, said that the norms and procedures are followed at the centre in authorisation and their continuance after 60 days. “But the rules and norms and their compliance may not be as robust in states,” he said. As home secretary, Pillai received around 4,000 new requests and another 4,000 renewal requests for interception every month. This translates to approximately 134 new requests on a daily basis. “I spent one hour on authorisation on a daily basis. No one was allowed to enter the room during that period,” he added.
He said that the re-authorisation (renewal) requests (which are sent after 60 days of initial sanction) are given more time and consideration. “I always asked the concerned agency about the evidence they have collected so far and about the actionable inputs which would justify the continuance of surveillance,” he added. An overview committee headed by cabinet secretary meets every month to review the authorisations by the home secretary. So there is a check and balance already in place, he indicated. He said that the number of requests made by larger states including Uttar Pradesh and Maharashtra is greater than the number of requests made by the central agencies. He also pointed at the need for a revision of the charter of the IB, which allows it to listen to the conversation of leaders involved in an agitation in states. Though the ground for interception in such cases could be to monitor the law and order situation, but they could also feed the same to political masters that would help them in charting their political strategy. “This is one grey area. The IB has inherited this charter from the past. This needs to be looked at by the centre,” he said.
As home secretary, Pillai received around 4,000 new requests and another 4,000 renewal requests for interception every month. This translates to approximately 134 new requests on a daily basis.
Also, the prevalence of off air interception is major cause of concern, even though MHA has declared its usage illegal. Unlike conventional ways of targeted interception prescribed in the law, these devices suck communication data directly from the air (in a limited geography), without requiring the telecom service provider’s intervention. Off-air interception facilitates keyword based search and hence it is considered as an intrusive tool for surveillance. Only defence forces and a few intelligence agencies are authorised to have such devices. These devices were imported in large numbers by the law enforcement agencies at central and state level after the 26/11 terrorist attack. Reports indicate that several private telecom service providers as well as other agencies have it. The government had asked the IB to investigate 17 such firms which imported these devices. Recently, according to an Indian Express report, a few states including Delhi, Maharashtra, Haryana and Assam have handed over their devices to the MHA.
What is CMS?
Central Monitoring System (CMS) automates the process of making a request for interception and receiving the intercept. Eliminating the role of telecom service providers, CMS will allow law enforcement agencies to intercept all forms of electronic communication across CDMA, GSM and fixed line networks.
CMS cover the entire base of 90 crore mobile and telephone subscribers and 16 crore Internet users
Laws providing for interception and surveillance
The government is authorised to intercept communications under the rule 419 A of Telegraph Rules 1951, section 5 (2) of the Telegraph Act 1885 and IT (amendment) Act 2008.
Across the 22 LSAs by December 2014
Between '400 crore and '600 crore
Agencies having access to CMS
Intelligence Bureau, Research and Analysis Wing, Central Bureau of Investigations, Enforcement Directorate, Central Board of Direct Taxes, National Intelligence Agency and states police
Concerns related to privacy
Concerns related to keyword-based search system which might bring everyone and anyone under surveillance, though the same is denied by MHA and DOT
According to former home secretary G K Pillai, rules and norms (related to interception) and their compliance may not be as robust in states (as at the centre)
Suggested corrective step
A parliamentary or judicial oversight (or a blend of both as suggested by Justice AP Shah) on surveillance activities of the security agencies
A revision of the charter of Intelligence Bureau that allows it to listen to the conversation of leaders involved in an agitation in state
(This story was published in the December 16-31, 2013 issue of Governance Now.)
A top Reserve Bank of India official had waved the red flag, a year back, regarding the SWIFT messaging system. SWIFT was used in a fraud amounting to Rs 11,000 crore at a Punjab National Bank branch that benefited billionaire diamond jeweler Nirav Modi. Former RBI deputy gover
Delhi chief secretary Anshu Prakash’s claim that he was manhandled by Aam Aadmi Party (AAP) lawmakers in the presence of Delhi chief minister Arvind Kejriwal has kicked up a storm. Here is what transpired on Monday night and the events that unfolded through Tuesday.
Is banks` messaging system SWIFT secure enough?
Diagnosing what ails India’s governance, Bihar chief minister Nitish Kumar used to name three units or offices that are so corrupted that they are beyond redemption: village patwaris, police station darogas and Railways ticket collectors. In his stint as executive head of Bihar, he seems to have incl
Could RTI have saved banks from scams?
The Right to Information (RTI), used efficiently, could have helped activists and bankers expose irregularities much before they snowballed into full-fledged scams – the one at Punjab National Bank (PNB) being only the latest example. That is the argument coming from Shailesh Gandhi, f