The Indian Government have revealed that their new mass online surveillance project, called the Centralised Monitoring System, will go live during the first quarter of 2017.
The revelation comes as part of the Government’s Universal Periodic Review, a review of their own performance, which this year touches on issues such as online privacy and censorship for the first time.
Centralised Monitoring System
The Centralised Monitoring System is a process by which the Indian Government will intercept and monitor all mobile phone voice and data records, landline records, and online activity.
It is a process with huge scope and typically vague details being in the public domain. A report on the project in 2016 by the Indian Democracy Project highlights some of the gaping holes in public knowledge about how the system will work. “No information has been made available about whose data will be collected, how the collected will be used, or how long the data will be retained,” they pointed out.
No attempt appears to have been made to make the scope and focus of the project any clearer. But the Government has attempted to stress the safeguards build into the scheme which they claim means there is nothing for people to worry about.
As they say in the Universal Periodic Review, “India believes… that safeguards in the law, including safe transmission of content, the requirement for authorization from senior officials, and the existence of a Review Committee to oversee such authorisations, are sufficient to address concerns regarding privacy and freedom of speech.”
But nothing in the review answers any of the fundamental questions that campaigners have been asking about the scheme consistently over the past couple of years.
Universal Periodic Review Contradictions
This year’s Review includes a whole section on ‘Fundamental Freedoms’ which includes two rather contradictory statements which appear in close proximity to each other.
Firstly, the report states that “India recognises the importance of extending free speech guarantees to activities on the internet.” This is nothing if not encouraging for privacy advocates and Indian citizens.
However, the report then goes on to note that the government believes it is necessary to control “misuse of the Internet for inciting violence, spreading rumours and hatred or committing other illegal activities”. This is the purpose of the Centralised Monitoring System, and it is a statement that couldn’t sit less comfortably with the former statement if it tried. But there was more.
The report went on to highlight the safeguards which it claimed were being put in place around the new powers and cited a landmark 2013 Supreme Court Ruling which prevents any arrests being made under Section 66A of India’s Information Technology Act. Which would be great if this ruling hadn’t already been struck down.
The lack of clarity is astonishing and only made worse by the constant delays the project has encountered from the outset. In December 2015, a Government Minister, Ravi Shankar Prasad, claimed it would be operational by the end of that financial year, before saying in April 2016 that actually it was already operational in Mumbai and Dehli, with the rest of the country to be phased in in due course.
It is thought the main cause of these delays was India’s vast size and the poor digital infrastructure which still exists in more detached areas such as Haryana and Madhya Pradesh.
It has also been rumoured that delays were caused after it was discovered that some of the surveillance equipment was from China, with India not willing to take the risk of inadvertently sharing information with one of their big regional rivals. This has not been publicly acknowledged to be a factor, however.
The Indian Government are clearly aware of the big concerns many people have about the new system. In the Review, they note that “in recognition of the potential of such a system to impinge on the freedom of speech, the Government is in the process of legislating on right to privacy.”
Again, this has all the hallmarks of a hollow promise lacking in detail or substance. An Indian Privacy Bill is known to have been drafted as far back as 2010, but it is still yet to see the light of day.
All of which leaves Indian internet users largely in the dark still. They know that a mass surveillance project is being rolled out, but not who it is targeting or when it will be operational. And they know the Government acknowledges their privacy concerns, but neither if nor when they will address them.
So, for those Indian’s not using a VPN to protect their online privacy and security, it is a deeply uncomfortable and uncertain time to be going online.