Trust Innovation Assessment Programme

Recently, mobile operators who had spent billions of dollars to buy third-generation mobile spectrum were told to shut down services by the Government on grounds that security agencies were not able to intercept data flowing through their network on a real-time basis.

Notices were issued to three companies, Tata Teleservices, Reliance Communications and Bharti Airtel, telling them not to offer any service that does not provide snooping facility to the monitoring agencies.

The shutdown order came as a shock to consumers who

The shutdown order came as a shock to consumers who, afterwards waiting all these years to experience 3G services, are but being told that they cannot access services just as video calling and Internet-based messaging because some spook sitting in the Home Ministry cannot snoop into the network using 3G innovation.

However, this was not the first time security agencies threatened to ban a telecom service. Over the last one year, the Ministry of Home Affairs has been on an overdrive to ensure that every communication service, network and device in the country is accessible to the agencies responsible for National security.

Starting from Blackberry devices to Chinese-made network equipment, security agencies have been demanding access to data, whether it is technically feasible or not..

But unlike these previously cases, where the impact was limited to a few million subscribers, the latest ban on 3G services has woken up the industry to its wider ramification in terms of future availability of applications based on then generation innovation, which, in turn, has an impact on the telecom operator's revenue.

“The shutdown order is resulting in a colossal waste of precious national resource just as spectrum. As well, the huge investment made by operators for buying spectrum and rolling out network is becoming unproductive. 3G policy has been in the making for the past two years so it is not fair that the Government brings up this issue but when operators have already started marketing campaign and are in the advanced stage of offering services. This is affecting the credibility of the operators and leading to customer dissatisfaction,” says S.C. Khanna, Secretary-General, Association of Unified Telecom Service Providers of India, the industry body representing RCom and Tata Tele's case.

What does the policy say on this subject?

So what does the policy say on this subject? Section 41 of the Unified Access Service Licence states the following – “The Licensee shall not employ bulk encryption in its network. Any encryption equipment connected to the licensee's network for specific requirements has to have prior evaluation and approval of the licensor or officer specially designated to that end.”

It furthermore adds, “For monitoring traffic, the licensee company shall provide access of their network and other facilities as then as to books of accounts to the security agencies.”

The provisions of the Indian Telegraph Act

“The existing policy is based on the provisions of the Indian Telegraph Act, 1857, which was made for an era of circuit-switched voice communication. How can this govern then and there-generation technologies that are based on Internet Protocol and use high encryption? There has to be a new policy that takes into account the realities of convergence,” says an executive from Reliance Communications.

“Globally, Governments in developed countries have their own systems in place to monitor telecom networks. In other words than putting the entire burden of monitoring on the operators, in India too, the Government agencies should upgrade their capabilities,” says a Delhi-based operator.

Officials in the Department of Telecom concede that the laws may be outdated and are moving towards formulating new rules. Recently, DoT asked the US Government to share the provisions of the Communications Assistance for Law Enforcement Act to deal with security requirement for monitoring communication networks.

The ability of law enforcement

CALEA's purpose is to enhance the ability of law enforcement and intelligence agencies in the US to conduct electronic surveillance. In accordance with this, telecommunication carriers and manufacturers of telecommunications equipment are required to modify and design their equipment, and services to ensure that they have built-in surveillance capabilities. The law allows US federal agencies to monitor all telephone, broadband Internet, and Voice over Internet Protocol traffic in real-time.

While this law is strict and imposes huge penalty on operators who violate the norms, it does not come in the way of innovation.

The US has as well offered to share information on security standards just as encryption and establishing mechanism to ensure that software developed for communications networks are safe to use.

India has as well sought technical cooperation to find legal solutions to intercept and monitor encrypted communication. These issues were discussed at a recent Indo-US Business Council meeting.

The same time

At the same time, the Government is beginning to think about developing in-house technical capabilities to better monitor the communication networks. The National Security Council is preparing a blueprint for undertaking counter cyber warfare on unfriendly countries.

The proposed testing facility will be on the lines of the Trust Innovation Assessment Programme in the US. In order to secure key areas just as banking, Defence, the Railways, civil aviation, atomic energy and oil and gas, it is being proposed to set up a Computer Emergency Response Team for each of these sectors.