Public Records Expose Indian Government’s Full Access To Nation’s Internet Traffic
from the mass-surveillance,-minimal-expense dept
The government of India continues to increase its monitoring of residents’ day-to-day lives. Like pretty much every other country in the world, India relies on the internet to handle communications, data, and multiple services used by residents.
The government, under Prime Minister Narendra Modi, has become less democratic and more authoritarian. To keep dissent to a minimum, the government has repeatedly expanded its power to surveil internet traffic and communications, under the theory that doing so will somehow make the nation more secure.
Expansions of government power are codified with alarming regularity — much of it focused on controlling narratives, snooping on residents, and bending foreign social media platforms to its will.
Under Modi’s government, platforms and service providers have been stripped of safe harbor protections in order to be held directly responsible for user-generated content. In addition, the government has added compelled assistance mandates, which force service providers to log tons of user data continuously and provide government on-demand access to this information. The end result has been proactive removal of questionable content by service providers in order to avoid being punished by the Modi government for allowing “illegal” content to be spread by India’s internet users.
The government’s cyber law continues to morph, stripping protections and expanding government power with each iteration. Expansive mandated access to internet data and communications have resulted in ever more proactive activity from service providers — something inadvertently exposed in public records obtained by Entrackr.
“All ILD [international long distance] and ISP [internet service provider] licensees are mandated to connect their systems to the CMS [Centralized Monitoring System] facility,” and “law enforcement agencies are provided facility for on-line and real-time monitoring of traffic,” the Internet Service Providers Association of India said in a filing with the Department of Telecommunications obtained by Entrackr under the RTI [Right to Information] Act.
“This facility makes the obligation of providing physical space (10 work stations with access control) a redundant real estate facility at the Licensee gateway locations,” ISPAI said.
Whoops. There’s a lot of quiet parts being said out loud here. First off, the service providers group is admitting it gives the government on-demand and real-time access to traffic flowing through their servers and services. But the second part is even worse: the data the government already has access to (thanks to these mandates) makes in-house access by government surveillance entities redundant. The overall point seems to be that ISPs are already at max compliance, so there’s no need to mandate on-location access points.
Not only is this remote access so easy to use ISPs and long distance providers feel on-site access would be redundant, it’s also so easy to use the government doesn’t even need to inform or otherwise involve the entities housing this data. As early as 2015, the Indian government was already accessing this data without service providers’ knowledge. All that appears to have changed is that this access is now codified.
“Interception through LIS happened by interception requests which were made by law enforcement agencies to the Nodal Officers of the TSPs,” the Internet Freedom Foundation said in 2020. The CMS, however, undercuts these requests by letting the government access data in real time without individual requests.
Entrackr says the scale of the government’s access is “unclear.” Well, when service providers aren’t even given notification that their data and traffic are being accessed, it’s left up to the government to be honest about how often it’s using these powers. Cutting ISPs out of the equation allows the government to keep its own set of books, so to speak. And when government surveillance is almost completely discretionary, it’s highly unlikely the data collected by the government on its internet surveillance activities will be accurate.
All of this makes Indian residents little more than data generators the government can surveil at will. They’re not really citizens. They’re just open wallets and open books to a government that, under its current leadership, considers citizens something to be governed, rather than something it serves.
Filed Under: india, internet, internet surveillance, surveillance