Has ZTE Facilitated E-Surveillance In Iran?

Human rights protection in cyberspace is an area that requires urgent attention of United Nations and international community. The way national governments are engaging in illegal and unconstitutional e-surveillance, civil liberties in cyberspace are in great danger.

Further, cyber security concerns of telecom equipments have also put forward their own unique questions. Although we have no applicable telecom equipments security framework of India yet Indian government has shown great concerns regarding telecom security. Indian government has also announced that telecom equipments must be certified by TEC in India before use. This is the reason why telecom equipment providers like Huawei and ZTE were trapped in telecom security tangle of India.

Now ZTE has been facing accusations of selling powerful e-surveillance systems to Iran that are capable of monitoring telephone and Internet communications. Reacting sharply to these accusations, ZTE has announced that it will curtail its business in Iran. It has also been reported that despite a longtime U.S. sales ban on tech products to Iran, ZTE's "Packing List" for the contract, dated July 24, 2011, included numerous American hardware and software products.

India is also planning to install a similar e-surveillance system known as central monitoring system of India that can achieve similar results. India has also announced to establish an Indian national cyber coordination centre (NCCC). However, while doing so the big brother in India must not exceed its limits. Such initiatives can strengthen national security only if civil liberties and procedural safeguards aspects are taken care of. India’s telecom security policy is needed to legally manage the human rights and civil liberty issues.

As far as foreign telecom equipment providers like Huawei and ZTE are concerned, they must keep their business very clean and far from suspicion. Issues like e-surveillance, backdoor allegations, etc must be avoided to retain a stake in Indian market.

Turf War In India Is Compromising Indian National Security

Indian national security is vulnerable from many angles and regarding many aspects. Whether it is internal security, external security, cyber security, anti terrorism capabilities, etc, India has to cover a long gap before Indian national security can be considered to be robust and effective.

It is not the case that India has not tried to work in this direction. But almost all the initiatives undertaken in this regard have either created multiple authorities and systems or they have been stalled for one reason or another.

For instance, Indian government launched projects like Aadhar, national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), national counter terrorism centre (NCTC), central monitoring system (CMS), centre for communication security research and monitoring (CCSRM), etc. None of them are governed by any legal framework and none of them are under parliamentary scrutiny.

Similarly, a majority of these projects are simply overlapping with one another. They are supported by different ministries and departments of Indian government and their main purpose is to serve the concerned ministry or department alone. This has resulted in the emergence of a turf war between these ministries and departments.

For instance, while projects like NCTC, Natgrid, etc are essential for national security of India yet both Natgrid and NCTC have already been downsized. Turf war is preventing various ministries and departments in cooperating and collaborating various national security related projects.

For instance, the intelligence bureau (IB) director Nehchal Sandhu is not keen on the Natgrid and NCTC initiatives of home minister of India P. Chidambaram. Sandhu believes the two will dilute the IB’s vast charter.

A few days after the Delhi blasts in September this year, Sandhu shot off a missive to his senior-most officers seeking concrete suggestions on how to improve the agency’s counter-terrorism efforts. He was worried that the IB had failed to anticipate the terror attacks. More so, after Chidambaram admitted that “there was no prior intelligence” available.

Sandhu views NATGRID with suspicion. According to senior officials, NATGRID would be a major encroachment on the IB’s established terrain and also put fetters on its free access to sensitive data such as phone call records, intercepted emails, financial data, etc., that the agency currently enjoys complete access to. NATGRID will place elaborate protocols in place that seeks authentication of those who seek the information and also bars them from seeking anything that is beyond the set parameters.

It is high time to consider national interest first rather than own self interests that are jeoparadising the national security of India.

National Intelligence Grid (Natgrid) Project Of India

National Intelligence Grid (NATGRID) Project of India is one of the most ambitious Intelligence Gathering Project of India. It has been launched at a time when the Intelligence Infrastructure of India is in a bad shape.

The recent decision of a Government Panel rejecting the proposal to ban Encryption Service Providers like Blackberry, Gmail, Skype, etc has further made the task of Intelligence Agencies of India more tedious. Since the E-Surveillance option has gone now they have to acquire Techno Legal Intelligence Gathering Skills to deal with sophisticated and encrypted communications.

Meanwhile, the Cabinet Committee on Security (CCS) has also given only “Partial In Principle Approval” to NATGRID Project. Since NATGRID Project is not supported by any Legal Framework and Parliamentary Oversight, the “Crucial Stages” of NATGRID Project has not yet been approved by the CCS. Thus, NATGRID Project of India is still in troubled waters as lack of Privacy Laws and Data Protection Laws has put it in doldrums.

Meanwhile similar Security and E-Surveillance Projects have also been launched by Indian Government. These include Projects like Central Monitoring System of India (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Aadhar Project of India, Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), etc. Once again, all these Projects are without any Legal Framework and Parliamentary Oversight.

To make the matter worst, the Law Enforcement Agencies and Intelligence Agencies of India are also practically not governed by any Legal Framework and Parliamentary Oversight. Whether it is Central Bureau of Investigation (CBI) or Intelligence Agencies of India, none of them are presently “Accountable” to Parliament of India.

It is only now that the Draft Central Bureau Of Investigation Act, 2010 and the Intelligence Services (Powers and Regulation) Bill, 2011 have been proposed. They have still to be made “Applicable Laws” in India by Parliament of India. In other words, there is no Legal Framework and Parliamentary Oversight for our Law Enforcement Agencies and Intelligence Agencies as on the date.

In this background, we have to “Proceed With” Projects like NATGRID, CCTNS, CMS, CCSRM, Aadhar Project of India, etc. As far as NATGRID Project is concerned, it is still not within the limits of “Constitutionality”.

NATGRID Project is an essential requirement for robust and effective Intelligence Agencies and Law Enforcement functions in India. The urgent requirement is to ensure that its “Abuses” can be anticipated, prevented and remedied. Further, Natgrid Project of India must also be supported by a Legal Framework and Parliamentary Oversight.

The aim of NATGRID is to ensure a readily available and real time information sharing platform between Intelligence Agencies, Law Enforcement Agencies, etc of India. Information gathering and its timely distribution is also an essential part of Cyber Crisis Management Plan of India. While the NATGRID system is a must for India, yet India has to make it sure that it is not abused for “Political Purposes” and in a manner that goes against the provisions of the Constitution of India.

The scope for misuse is tremendous as NATGRID is planning to link 21 categories of databases maintained by different public and private agencies for ready access by the country’s Intelligence Agencies. There must be “Mechanism” to ensure that this wonderful system may not be abused and nothing is better than Parliamentary Oversight.

Illegal Phone Tapping In India Under Scrutiny

Phone Tapping in India has been in controversies for long. Whether it is Illegal Phone Tapping by Private Individuals or Unaccountable Phone Tapping by Indian Government and its Agencies, Phone Tapping in India has never been smooth.

On the front of Legal Framework as well we have no Dedicated and Constitutionally Sound Lawful Interception Law in India. The Indian Telegraph Act, 1885 and other similar Laws are not in “Conformity” with the Constitution of India, especially Fundamental Rights of Indians. Even the Home Ministry of India is considering enactment of a Lawful Interception Law in India.

On the top of it we have Central Monitoring System of India (CMS of India). It is suffice to say that this Unconstitutional Phone Tapping in India and Illegal E-Surveillance in India is a “Constitutional Failure of India”. India urgently needs a Valid Phone Tapping Law.

Now the Central Government has shown some concerns regarding Illegal Phone Tapping happening openly in India. The Centre has asked the Government Agencies and State Governments to return all surveillance equipment. The Home Ministry of India has now issued directions in this regard.

All Central and State Monitoring Agencies have been told to return any GSM equipment used for illegal tapping of phones back to the Department of Telecommunications (DOT). A secret MHA advisory to all State Police Departments says there will be crackdown on private individuals as well, which means Corporate India is included.

A DOT advisory dated December 31, 2010 to return the illegally imported equipment had evinced a poor response. In fact, till six months ago, passive interception machines could be easily imported under the Open General Licence. It's now been placed in the restricted list.

The Department of Revenue Intelligence suspects there are over 1100 machines that have been imported in the past 3 years alone. But the exercise could be a shot in the dark as the end users of these machines are still being traced. In fact, an internal audit by the CAG of the NTRO had revealed that these machines were placed more frequently in cities rather then the international borders or even in naxal or insurgency hit areas - for which they were acquired. This has given rise to suspicion that they were being used for tapping political and corporate rivals. Let us see how effective these directions of Home Ministry would be in preventing Illegal Phone Tapping and E-Surveillance in India.

Indian Centre For Communication Security Research and Monitoring (CCSRM)

An Indian centre for communication security research and monitoring (CCSRM) was proposed by the Union Cabinet in the past. The Department of Telecommunication (DOT) was asked to do the needful in this regard. The DOT came up with the proposal of establishment of Central Monitoring System (CMS) that can help security agencies and law enforcement agencies in intercepting mobile phone calls and monitor internet traffic.

None can doubt about the utility of a CMS or CCSRM. However, there are many technical, administrative and legal issues that have to be addressed before implementing either CMS or CCSRM.

On the technical side, intelligence agencies and law enforcement agencies of India need to develop skills for intelligence gathering and their analysis. If we keep in mind the latest development, it can be assumed that services of Blackberry, Gmail, Skype, etc would not be banned in India for some more time. Naturally, their highly encrypted services would continue in India that intelligence agencies and law enforcement agencies of India cannot monitor unless they are skilled enough to do so.

On the legal side, in India intelligence agencies and law enforcement agencies are practically governed by no law. Even the constitutional validity of national investigation agency act, 2008 is still doubtful. Further, India does not have a constitutionally sound lawful interception law. Phone tapping in India is still done in an unconstitutional manner and at times by private individuals as well.

On the administrative side, the intelligence infrastructure of India is in big mess. There seems to be a tussle between various Ministries of Indian government and this is preventing the successful implementation of various projects like national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), national counter terrorism centre (NCTC), central monitoring system (CMS), etc.

However, nothing is more offensive than an absence of Parliamentary oversight of intelligence agencies, law enforcement agencies and projects like Natgrid, CCTNS, NCTC, CMS, etc.

Fortunately, our Prime Minister Dr. Manmohan Singh is taking interest in these projects and he has recently has sought clarifications on the upcoming CCSRM system. I hope the Cabinet Committee on Security (CCS), Union Cabinet and Prime Minister’s Office (PMO) would bring some order in the otherwise chaosed world of intelligence agencies and law enforcement agencies of India.