Project documents relating to the new Centralized Monitoring System (CMS) reveal the government’s lethal and all-encompassing surveillance capabilities, which, without the assurance of a matching legal and procedural framework to protect privacy, threaten to be as intrusive as the U.S. government’s controversial PRISM project.
These capabilities are being built even as a debate rages on the extent to which the privacy of Indian Internet and social media users was compromised by the PRISM project. A PIL petition on the subject has already been admitted by the Supreme Court.
The documents in the possession of The Hindu indicate that the CMS project now has a budgeted commitment nearly double that of the Rs. 400-crore estimate that senior officials mentioned in a recent briefing to the media. Once implemented, the CMS will enhance the government’s surveillance and interception capabilities far beyond ‘meta-data,’ data mining, and the original expectation of “instant” and secure interception of phone conversations.
The interception flow diagram, hitherto under wraps, reveals that the CMS being set up by C-DoT — an obscure government enterprise located on the outskirts of New Delhi — will have the capability to monitor and deliver Intercept Relating Information (IRI) across 900 million mobile (GSM and CDMA) and fixed (PSTN) lines as well as 160 million Internet users, on a ‘real time’ basis through secure ethernet leased lines.
The CMS will have unfettered access to the existing Lawful Interception Systems (LIS), currently installed in the network of every fixed and mobile operator, ISP, and International Long Distance service provider. Mobile and long distance operators, who were required to ensure interception only after they were in receipt of the “authorisation,” will no longer be in the picture. With CMS, all authorisations remain secret within government departments.
This means that government agencies can access in real time any mobile and fixed line phone conversation, SMS, fax, web-site visit, social media usage, Internet search and email, including partially written emails in draft folders, of “targeted numbers.” This is because, contrary to the impression that the CMS was replacing the existing surveillance equipment deployed by mobile operators and ISPs, it would actually combine the strength of two — expanding the CMS’s forensic capabilities multiple times.
Even where data mining and ‘meta-data’ access through call data records (CDRs) and session initiation protocol data records (SDRs) — used for Internet protocol-related communications including video conferencing, streaming multi-media, instant messaging, presence information, file transfer, video games and voice & fax over IP is concerned — the CMS will have unmatched capabilities of deep search surveillance and monitoring. The CMS is designed to have access to call content (CC) on multiple E1 leased lines through operators ‘billing/ mediation servers’. These servers will reveal user information to the accuracy of milliseconds, relating to call duration, identification and call history of those under surveillance. Additionally, it will disclose mobile numbers and email IDs, including pinpointing the target’s physical location by revealing cellphone tower information.
Nationwide surveillance
The Hindu’s investigation has also unveiled the mystery relating to the CMS’s national rollout. Contrary to reports about it being active nationwide, only Delhi and Haryana have tested “proof of concept” (POC) successfully. Kerala, Karnataka and Kolkata are the next three destinations for CMS’s implementation. Till 2015, two surveillance and interception systems will run in parallel — the existing State-wise, 200-odd Lawful Intercept and Monitoring (LIM) Systems, set up by 7 to 8 mobile operators in each of the 22 circles, plus the multiple ISP and international gateways — alongside the national rollout of CMS. The aim is to cover approximately one dozen States by the end of 2013-14.
On November 26, 2009, the government told Parliament that CMS’s implementation would overcome “the existing system’s secrecy which can be easily compromised due to manual interventions at many stages.” In January 2012, the government had admitted to intercepting over 1 lakh phones and communication devices over a year, at a rate of 7,500–9,000 per month.
Privacy vs. security
Currently two government spy agencies — the Intelligence Bureau (IB), and the Research and Analysis Wing (RAW) — plus seven others, including the Central Bureau of Investigation (CBI), the Narcotics Control Bureau, DRI, National Intelligence Agency, CBDT (tax authority), Military Intelligence of Assam and JK and Home Ministry — are authorised to intercept and monitor citizens’ calls and emails, under the guidelines laid down by the Supreme Court, The Indian Telegraph Act 1985, Rule 419(A) and other related legislation.
Given the major technological advancements in monitoring and enhanced forensic capabilities in surveillance, coupled with the change in procedure which mandates the interception authorization to be kept secret between two government departments with no scope of a transparent public disclosure of who is being monitored, for what purpose and for how long, privacy and free speech activists are protesting and raising many questions. The government, meanwhile, is proceeding undeterred.
Keywords: Centralized Monitoring System, PRISM project, surveillance project, The Hindu investigation, data mining, spy agencies, CMS project
I completely agree with those supporting the government in creating this surveillance system. After all, I have nothing to hide. All these "privacy concerns" are just criminals who have things to hide. Like Mathew says, I don't care if the government knows that I am planning a trip or what my children are doing.
In fact, I urge the government to go further. I suggest implanting every Indian citizen with a video camera, so that the government can monitor everything at all times. This would ensure that people will not commit crimes and even if they do, that they are caught. Only people who have something to hide will argue against this proposals. I beseech the government to not listen to these unpatriotic criminals.
The government is like our Big Bhaiyya. I love Big Bhaiyya.
I hope they rename it as PMS [Prism Monitoring System]. What I can imagine this sytem will do
is lock in a certain type of people, and then monitor them, If it is automated, monitoring Phone
calls with Indian languages, dialects, auto mation is impossible. And one cannot employ millions
to monitor in realtime, Speech to text is a huge hurdle. Basically it will narrow down a few
people to monitor.
I hope they are successfull in catching real terrorists. in the meantime I will use Bio Ultra Low
Frequency Infra-Sound Coded Modulation device.
This is scary stuff!
Prepare for misuse and be very afraid.
The citizens must fight against this as if this were a freedom
struggle which in a way this is.
Let us see how things go forward.
I suspect there won't be an Indian Snowden who will come forward with
the design documents that will reveal the true extent of this all.
Imagine what sort of lengths these corrupt politicians will go to when
they have unfettered ability to tap anyone's phone at any time without
any need for warrants and special and specific authorization from
multiple bureaucrats.
India's PRISM? For all we know our phones are being tapped and
computer traffic monitored even right now with no oversight. Even if
someone took this up, it will all be forgotten in 6 months, like the
poor Delhi rape victim.
For those who think who have nothing to hide, think again. What
prevents corrupt government employees from selling your information to
private agencies or individuals? Of course, in your world that would
not happen. If I am a person who sympathises with the plight of anyone
someone else does not like, the police comes and picks me up from my
home at 5am like the people who posted against Chidambaram's son and
the Shiv sena. Of course, through your rose coloured glasses that will
never happen in this great democracy.
The only thing they have demonstrated is that they can collect the data successfully. What they have yet to demonstrate and that is the biggest challenge to them is to demonstrate the capacity to process and analyse the data collected and prevent/decrease any small/bigger terrorist attacks/attempts. We don't yet have any capacity to create qualified manpower for this in sufficient number in reasonable time to process the data. The only help it could do in its current form is to help agencies in investigation in post-attack scenarios and joining the link by seeing the collected data. Thus, now they can sleep easily as the data will be collected automatically. Anyway, nobody is ever held accountable and punished for failing to prevent any terrorist attack, kargil intrusion, 26/11 attack and so on. All this system is useless unless you have sufficient quality and quantity of qualified manpower with a better coordination among them working with a strong political will and responsibilities.
I am surprised by those people who 'claim' any such measure is an outright intrusion into their 'Privacy'. I guess these people try to associate these measures as something that is done to snoop into their bedrooms!!
Hey if you try to 'understand' it in the right sense and provided it is implemented with righteousness, all these surveillance are for the betterment and safety of ourselves. Come on, no body in these surveillance group/team would get goosebumps or would be even interested or even would have to look at any messages/emails/account-balances/cash-flow-patterns of any 'law abiding citizens'.
These people who out-rightly reject these kind of measures may be ignorant about how the system works!! I guess the benefits of such measures largely outweighs the mere concern that somebody might read your SMS/e-mail you sent to your girlfriend!
The cavelier attitude with which Indian public will hand over their rights of free speech and privacy is just mind boggling!.
We have seen how the government of the day has been misusing the CBI and the intelligence agencies to down protests. We have also seen how the talk of terrorism has been used to slowly erode human rights in our country.
We have also seen that irrespective of party any tool that they have in their disposal the ruling party will misuse to further their objective of cheating and stealing public money in millions upon millions of Rupees.
Inspite of all kind of tools they have not prevented any of the many atrocities. Mumbai, Delhi parliament, Pune restaurant, Bangalore stadium, Kolkata american center terrorist atttacks happened by the most crudest plans.
Terrorists will definitely not be using any of the electronic media as they know what is in store for them. So who will be the target of this BLANKET surveilance? The civil society & opposition to the govt
Good idea but as a taxpayer i am not interested in allowing my tax money
to be spent on crazy things like this. Sorry. No support for the idea.
I have no problem with a PRISM-like snooping scheme by the GoI so long as it is under oversight against misuse. India has been reeling under terrorism both from abroad and internally too. The lack of a will to fight this scourge determinedly, the lack of a will to award severe punishment, the chorus against death sentences and stringent punishments, the belief that somehow the extremists are just some 'misguided elements;' who could be returned to mainstream through advice and counselling, the practice of vote-bank politics to appease certain sections who then could be expected to vote en-bloc to certain political parties in elections etc make India one of the worst terrorism hit states in the world. The State cannot take deterrent actions due to pulls and pressures from various sides and our inherent timidity, pussilanimity and generoisity even at the cost of our very freedom and existence. Prophylaxis, in the form of preventing terror, is therefore our only hope. PRISM helps there.
@Mathew
You may not worry about government monitoring as long as you are a normal citizen. But imagine that you are a whistleblower and you have been secretly leaking the corruption of higher officials. Do you think people in surveillance team would be angelic enough not to identify you and bring you down. Going by the examples of Ishrat jahan case your life might even be at risk.
Despite all these measures, Indian government will be able to do
nothing whatsoever about Chinese cyber espionage or US cyber espionage
or even Pakistani espionage or terrorism for that matter. Real
terrorists never use Internet Service Providers. The present move is
purely to spy on political dissidents and opposition. An undeclared
Emergency going on and Indians are still in coma about Internet
censorship. The so-called "independence" or incorruptibility of the
Supreme Court is also a big myth. The fact is India has already become
a police state though the people are still sleeping. Internet
censorship in India is extremely high. India is a country where
ritualistic elections are held every five years. Beyond this, there is
nothing even remotely "democratic" about India. Fake police encounters
as well as custodial murders by the police are rampant. Human rights
situation is a big joke. Movies are censored for political content.
Books are banned. No academic freedom either.
I am really surprised to read people so naively entrusting all
their information to the government.
This is the same government that does mega scams, this is the
same government that adopts draconian measures against its own
citizens and gives two hoots about its accountability.
Is this the government to whom you want to give unfettered access
to all private data?
What if the government starts to use it to curb popular protests?
Do you not see how this will make the society more democratic and
perfectly legal protests even more difficult?
In the very least, there should be a strict independent oversight
mechanism. The government should need a court order to listen to
my data - some babu sitting somewhere in Delhi should not be able
to press a button and listen to my conversations. And this has
nothing to do with whether what I am doing is legal or not.
SSL layer of the security can be doctrined by the companies issuing the digital certificates. So it is very much possible to break the layer of security.
Although some of the commentators are right in pointing out that they have nothing to hide since they have done no wrong. They can safely say that they dont mind about losing privacy over security. I think we cannot accept this as blanket clause for all the people.
Let's leave out terrorist and other anti-social agendas that are supposed to be covered by such programs for now. During the infamours wikileaks saga, The Hindu ran some reports of IB (Intelligence Bureau) being misused by politicians to spy on each other. A few other examples would be a citizen who commented on a politician's son on twitter was scooped up by the police. Two women were arrested in Mumbai for speaking their mind on facebook. I think if you consider these examples, the scales start to tip the other way.
I am not against the government jumpstarting its cyber surveillance program, only if it is in the interests of national security and not in the intrusion of citizen privacy.
Very worrying indeed. Especially in India, there is a high chance of
abuse of this system. It is scary that we may be monitored without any
approval from courts! There is a lack of awareness of this here, kudos
to The Hindu for exposing it.
Will it be able to spy on chat conversations under SSL? How will it
monitor emails because almost all of them work under encrypted
connection? Will it be able to crack that encryption?
I don't understand this fuss about privacy. First off all, I don't
care whether any govt agencies are listening to my calls or reading my
mail. I don't need to worry anything as long as I've have done
something wrong. I need to worry only if I need to hide something from
the law. So those who oppose this will be those who have to hide
something from the law. And this is a good initiative against crime.
I simply don't mind if some govt agency reads my mail to find out that
I was drunk yesterday. I don't mind if they read that I am planning
for a trip tomorrow. I would have to worry though, if they read a mail
saying "thank you I have received the money in black". But that is a
genuine case and is something against law and so such a surveillance
would only bust the wrong.
Firstly it's a reassuring surprise that the government has such advanced capabilities for monitoring and interception of communications. As for the argument of security vs privacy, I'm willing to compromise my privacy to feel secure or atleast improve the odds of my and the nation's security. During these days of horrific terrorist attacks,I feel three measures are necessary to keep the country safe.
It will take no time to shift its objective from counter terrorism to
counter political parties, RTI activists.
I highly doubt this system is used for securing Indian assets (Seems to be used for
tapping phones of politicians) otherwise India would have at least reduced some
terrorist attacks. Hats off to America, they used it successfully for protecting their
citizens worldwide (There was no major attack on American soli after 9/11).
unfortunately not unexpected.
this is not U.S, don't expect same kind of sensitivity from Indians, though there would be some enthusiasts but will govt. pay any heed to them,of course not, the thing is we don't have that culture, anyways wishing that applicant good luck
Hmm so looks like govt would use the system to curb free speech
Lets see what our courts verdict on the PIL
These tactics are perfectly normal for any country living under the threat of Terrorism. With crime taking new forms every day, it is absolutely necessary that we as a country should welcome such act. Are you not aware of wire tapping 20 yrs ago ?, a law is enforced keeping in view of national interest, it cannot be tinkered to serve the interests of few who think otherwise. Can you bring back the lives of people lost in Mumbai attacks. When the attacks happen, it is the same public which wants the government to equip the agencies with powers to thwart the attacks, now when the laws are enacted why all the fuss? In the age of cyber warfare, it is high time that we adapt and enforce such cyber tactics to thwart rogue countries from taking advantage of spineless intelligence gathering. US and other western intelligence agencies have been doing this since a long time and have been very successful in protecting their countries from terrorism, narcotics mafia,scandals. Adapt India..Jai Hind
big brother is watching!1984=2013
Reminds me of the notorious Indira Gandhi Emergency of 1975 -1976 when the Big Sister was watching you all the time.The UPA II have not learnt their lesson
let them beef up intelligence agencies who should penetrate countries opposed to us in a subtle manner as the CIA does. What they do is to perpetrate violation of privacy of Indian Citizens.How come they are unable to provide the list of people who have stashed money in tax havens abroad?
Please Email the Editor