GOVERNMENT OF INDIA
MINISTRY OF COMMUNICATIONS
DEPARTMENT OF TELECOMMUNICATIONS
UNSTARRED QUESTION NO. 3411
TO BE ANSWERED ON 31ST MARCH, 2017
CENTRALIZED MONITORING SYSTEM
Will the Minister of COMMUNICATIONS be pleased to state:
(a)The status of operationality of the Centralized Monitoring Systems (CMS);
(b)The objectives behind having the CMS;
(c)Whether the data monitored by the CMS would be shared by third parties; and
(d)Given the lack of privacy protection measures, the steps taken by Government to ensure that the privacy rights of the citizens are not breached by the CMS?
THE MINISTER OF STATE (IC) OF THE MINISTRY OF COMMUNICATIONS & MINISTER OF STATE IN THE MINISTRY OF RAILWAYS
(SHRI MANOJ SINHA)
(a)& (b) Sir, Government has decide to set up the Centralized Monitoring System (CMS) to automate the process of Lawful Interception & Monitoring of telecommunications. Technology development and pilot trials have been completed. 18 Regional Monitoring Centers (RMC) out of 21 RMC have been technically commissioned. The remaining 3 RMC and Disaster Recovery Centre for CMS are likely to be completed by near end.
(c) Lawfully intercepted information/data is meant for designated Law Enforcement Agencies (LEAs) as envisaged under Section 5(2) of Indian Telegraph Act, 1885 read with rule 419A of Indian Telegraph (Amendment) Rules, 2007. The lawfully intercepted data monitored by CMS will not be shared with third parties.
(d)Privacy protection mechanism have been incorporated in CMS. Information in transit and storage in the CMS network is encrypted and can be accessed by the desingnated LEAs only. Moreover, Government has also instructed Telecom Service Providers/Internet Service Providers under Unified License (Similar provisions in other Licenses also) to protect the interest of the stakeholders/customers and privacy of the individual as indicated below:
“37.2 Subject to terms and conditions of the license, the Licensee shall take all necessary steps to safeguard the privacy and confidentiality of any information about a third party and its business to whom it provides the Service and from whom it has acquired such information by the Service provided and shall use its best endeavors to secure that:
Provided the above para shall not apply where:
a)The information relates to a specific party and that party has consented in writing to such information being divulged or used, and such information is divulged or used in accordance with the terms of that consent; or
b)The information is already open to the public and otherwise known.
37.3 The Licensee shall take necessary steps to ensure that the Licensee and any person (s) acting on its behalf observe confidentiality of customer information.
39.4 The LICENSEE shall ensure protection of privacy of communication and ensure that unauthorized interception of messages does not take place.
39.23(xix) In order to maintain the privacy of voice and data, monitoring shall be in accordance with rules in this regard under Indian Telegraph Act, 1885”.
Moreover, lawful interception and monitoring is governed by the Section 5 (2) of Indian Telegraph Act, 1885 read with Rule 419A of Indian Telegraph (Amendment) Rules, 2007 wherein oversight mechanism exists in form of review committee under chairmanship of the Cabinet Secretary at Central Government level and Chief Secretary of the State at the State Government level. The same mechanism is applicable for the interception under the CMS also. Additionally, CMS has inbuilt mechanism of check and balance as Security Agenices/Law Enforcement Agencies cannot provision the target and the provisioning agency cannot see the content.