Central Monitoring System covers all calls, SMSs, emails, web browsing, videoconferencing, multi-media streaming and even video games

Project documents relating to the new Centralized Monitoring System (CMS) reveal the government’s lethal and all-encompassing surveillance capabilities, which, without the assurance of a matching legal and procedural framework to protect privacy, threaten to be as intrusive as the U.S. government’s controversial PRISM project.

These capabilities are being built even as a debate rages on the extent to which the privacy of Indian Internet and social media users was compromised by the PRISM project. A PIL petition on the subject has already been admitted by the Supreme Court.

The documents in the possession of The Hindu indicate that the CMS project now has a budgeted commitment nearly double that of the Rs. 400-crore estimate that senior officials mentioned in a recent briefing to the media. Once implemented, the CMS will enhance the government’s surveillance and interception capabilities far beyond ‘meta-data,’ data mining, and the original expectation of “instant” and secure interception of phone conversations.

The interception flow diagram, hitherto under wraps, reveals that the CMS being set up by C-DoT — an obscure government enterprise located on the outskirts of New Delhi — will have the capability to monitor and deliver Intercept Relating Information (IRI) across 900 million mobile (GSM and CDMA) and fixed (PSTN) lines as well as 160 million Internet users, on a ‘real time’ basis through secure ethernet leased lines.

The CMS will have unfettered access to the existing Lawful Interception Systems (LIS), currently installed in the network of every fixed and mobile operator, ISP, and International Long Distance service provider.

Mobile and long distance operators, who were required to ensure interception only after they were in receipt of the “authorisation,” will no longer be in the picture. With CMS, all authorisations remain secret within government departments.

This means that government agencies can access in real time any mobile and fixed line phone conversation, SMS, fax, web-site visit, social media usage, Internet search and email, including partially written emails in draft folders, of “targeted numbers.” This is because, contrary to the impression that the CMS was replacing the existing surveillance equipment deployed by mobile operators and ISPs, it would actually combine the strength of two — expanding the CMS’s forensic capabilities multiple times.

Even where data mining and ‘meta-data’ access through call data records (CDRs) and session initiation protocol data records (SDRs) — used for Internet protocol-related…

(Continued on Page 10)

CMS covers all calls, SMSs, emails, web browsing, videoconferencing, multi-media streaming and even video games