Government plans to access your mobile data
NEW DELHI – The government plans to put in place systems and regulations that will allow law enforcement agencies to trace cellular phone users and provide access to targeted communication, text messages, information data and even value added services on a real-time basis, according to the draft guidelines of the country’s telecom security policy.
The telecom department (DoT) has proposed comprehensive norms in the draft policy after the ministry of home affairs expressed strong reservations since the department had not created provisions for law enforcement agencies to intercept communication.
In a version of the draft policy that addresses national security concerns, which was accessed by ET, the DoT has said that the policy would ‘put in place effective systems, processes and regulations to ensure the traceability of telecom users or devices in terms of identity, permanent address and current location with specified accuracy and resolution in the case of need.’
India intends to deal with telecom security issues in an in-depth manner as the open telecom environment has made it easier to intrude on networks and cause damage to information they contain.
Besides addressing challenges for law enforcement agencies from complex encryption techniques, an overall telecom policy will factor in implications on other aspects related to the telecom security.
The policy also envisages providing analysis of information and data including decrypted messages, flowing through the telecom network, stored in systems and devices. Abilities of security agencies to analyse information quicker will be enhanced by making latest technology and systems available which will cut down delays and minimise information leakage.
However, security agencies will uphold privacy rights of Indian citizens, the draft norms said. A Telecom Security Directorate (TSD) has been proposed for implementing and updating this policy. Meanwhile, security certification centre for testing telecom equipment, centralised monitoring system for interception and monitoring and emergency response team (Cert) for detecting and analyzing cyber attacks, internet traffic hijacks and telecom sectoral frauds would be created.
DoT is of the opinion that the sector requires a separate security policy since the cybersecurity policy is not sufficient to deal with security issues specific to the telecom industry that has created critical information infrastructure.
The government will largely depend on mobile phone companies that will implement the security instructions as a key stakeholder and also share the cost with the government. Telecom operators would have to build systems, procedures and methods to make their network resilient so that any damage has a minimum impact on the network and it can be revived quickly.
According to the draft norms reviewed by ET, telcos would have to share information on attacks on their networks, intrusion and frauds with government agencies, including telecom sectoral Cert, the national Cert and the National Cyber Coordination Centre, that may monitor all web traffic passing through internet service providers in the country and issue ‘actionable alerts’ to government departments in cases of perceived security threats.