India’s new surveillance network will make the NSA green with envy

Even when you’re this close, the CMS can get between you.
Even when you’re this close, the CMS can get between you.
Image: AP Photo/Tsering Topgyal
We may earn a commission from links on this page.

India doesn’t seem to worry that the surveillance scandal recently rocking the US might perturb its own citizens. The country is going ahead with an ambitious program that will let it monitor any one of its 900 million telecom subscribers and 120 million internet users.

The Centralised Monitoring System (CMS) will be operational in 10 of the country’s 22 telecom “circles” (i.e., regions) by the end of the year, according to the Press Trust of India. The far-reaching surveillance program rivals the worst in the world, and makes the US National Security Agency (NSA) look like a model of restraint.

The NSA, as revealed in media reports earlier this month, has been monitoring phone-call metadata (such as phone numbers and call durations) on a widespread basis for years, but has to get the approval of a (albeit secret) court to spy on the calls themselves or the content of emails. The CMS, by contrast, will give nine Indian government agencies—including the tax department—the power to access, in real-time, phone conversations, video conferences, text messages, emails, and even internet search data and social media activity, and will work without any independent oversight, Reuters reports; the agencies can start monitoring targets without the approval of the courts or the parliament. The top bureaucrat in charge of the federal interior ministry and selected state-level officials will reportedly be authorized to approve surveillance requests.

Moreover, with the CMS, security agencies won’t need to request users’ information from telcos. They’ll be able to get it directly, using existing interception systems that are built into telecom and data-service networks. According to the Hindu newspaper, the system will have dedicated servers and extensive data-mining capabilities that can be used for surveillance.

Naturally, many fear that the system will be abused. India does not have a formal privacy law, and the CMS will operate under the archaic Indian Telegraph Act, formulated by the British in 1885. The Center for Internet and Society argues that parliamentary oversight is a minimum prerequisite for the program:

E-surveillance regulations should be enacted, which would cover both policy and legal issues pertaining to the CMS project and which would ensure that human rights are not infringed. The overall function of the CMS project and its use of data collected should be thoroughly examined on a legal and policy level prior to its operation, as its current vagueness and excessive control over communications can create a potential for unprecedented abuse.

India already has a shaky track record of protecting its citizens’ freedoms online. In 2012, it made 4,750 requests to Google for user data, behind only the US. In November last year, a businessman was arrested for a tweet about the son of finance minister P. Chidambaram. In the same month, two young women in Mumbai were arrested for questioning the total shutdown in the city for political leader Bal Thackeray’s funeral. Members of the internet hacking group Anonymous have staged protests across 15 Indian cities against the government’s crackdown on the internet. They have also started a #StopICMS campaign against the surveillance program.

The government has so far played down fears of abuse. Senior government officials told the Times of India that since “CMS will involve an online system for filing and processing of all lawful interception requests, an electronic audit trail will be in place for each phone number put under surveillance.” And who will audit the audit trail? The same ministry that authorizes the surveillance requests. Hardly a reassuring safeguard.