Public Records Expose Indian Government’s Full Access To Nation’s Internet Traffic
from the mass-surveillance,-minimal-expense dept
The government of India continues to increase its monitoring of residents’ day-to-day lives. Like pretty much every other country in the world, India relies on the internet to handle communications, data, and multiple services used by residents.
The government, under Prime Minister Narendra Modi, has become less democratic and more authoritarian. To keep dissent to a minimum, the government has repeatedly expanded its power to surveil internet traffic and communications, under the theory that doing so will somehow make the nation more secure.
Expansions of government power are codified with alarming regularity — much of it focused on controlling narratives, snooping on residents, and bending foreign social media platforms to its will.
Under Modi’s government, platforms and service providers have been stripped of safe harbor protections in order to be held directly responsible for user-generated content. In addition, the government has added compelled assistance mandates, which force service providers to log tons of user data continuously and provide government on-demand access to this information. The end result has been proactive removal of questionable content by service providers in order to avoid being punished by the Modi government for allowing “illegal” content to be spread by India’s internet users.
The government’s cyber law continues to morph, stripping protections and expanding government power with each iteration. Expansive mandated access to internet data and communications have resulted in ever more proactive activity from service providers — something inadvertently exposed in public records obtained by Entrackr.
“All ILD [international long distance] and ISP [internet service provider] licensees are mandated to connect their systems to the CMS [Centralized Monitoring System] facility,” and “law enforcement agencies are provided facility for on-line and real-time monitoring of traffic,” the Internet Service Providers Association of India said in a filing with the Department of Telecommunications obtained by Entrackr under the RTI [Right to Information] Act.
“This facility makes the obligation of providing physical space (10 work stations with access control) a redundant real estate facility at the Licensee gateway locations,” ISPAI said.
Whoops. There’s a lot of quiet parts being said out loud here. First off, the service providers group is admitting it gives the government on-demand and real-time access to traffic flowing through their servers and services. But the second part is even worse: the data the government already has access to (thanks to these mandates) makes in-house access by government surveillance entities redundant. The overall point seems to be that ISPs are already at max compliance, so there’s no need to mandate on-location access points.
Not only is this remote access so easy to use ISPs and long distance providers feel on-site access would be redundant, it’s also so easy to use the government doesn’t even need to inform or otherwise involve the entities housing this data. As early as 2015, the Indian government was already accessing this data without service providers’ knowledge. All that appears to have changed is that this access is now codified.
“Interception through LIS happened by interception requests which were made by law enforcement agencies to the Nodal Officers of the TSPs,” the Internet Freedom Foundation said in 2020. The CMS, however, undercuts these requests by letting the government access data in real time without individual requests.
Entrackr says the scale of the government’s access is “unclear.” Well, when service providers aren’t even given notification that their data and traffic are being accessed, it’s left up to the government to be honest about how often it’s using these powers. Cutting ISPs out of the equation allows the government to keep its own set of books, so to speak. And when government surveillance is almost completely discretionary, it’s highly unlikely the data collected by the government on its internet surveillance activities will be accurate.
All of this makes Indian residents little more than data generators the government can surveil at will. They’re not really citizens. They’re just open wallets and open books to a government that, under its current leadership, considers citizens something to be governed, rather than something it serves.
Filed Under: india, internet, internet surveillance, surveillance
Comments on “Public Records Expose Indian Government’s Full Access To Nation’s Internet Traffic”
no different to just about every other country, including our own! everything that governments wanted is being achieved, just like Hitler tried to do, but in this modern era, the achievement is without far less bloodshed, at the moment. sooner or later, the people everywhere are going to get fed up with the greedy few getting so much of our perconal information, destroying so much of our privacy, taking away so many of our rights that inevitably, there will be pushback and that could get very nasty!!
NO government ever has considered citizens something to serve, rather than something to be kept under control. Yes, that includes “the land of the free”. The only difference is how openly they go about it, and how heavy a hammer are they willing to swing.
Ya know, regarding those claims that “we’ll never know the exact figures” about just how much data the government is collecting… Well, it seems to me that the wrong information is being targeted in an RTI (the Indian version of our FOIA). They should be asking for server logs, and searching for known government IP addresses that are accessing the servers with an inordinate amount of requests. Simply determine the number of requests that target a specific bit of data, multiply or divide as necessary to cover a given time period, and Presto!, you have a pretty close figure of just how often the government is spying instead of serving its citizenry. Plus or minus an almost insignificant figure, of course.
Given that the ISPs are giving everything to the Indian Government, I’m wondering how long it will be before people (domestic and foreign) start holding the Indian Government responsible for the spam and scams originating from Indian soil.
They asked for control, and with control comes responsibility.
Re:
Unless your name is Modi, in which case the phrase is “with control comes money, lots of money”. (After all, money = power is a two-way formula.)
What I want to know is, how is it that 1.3 billion people are putting up with this shit?! Or am I looking through my glass belly-button, and failing to recognize a resurgence of the caste system?
Re:
It was always in the shadows.
But caste isn’t the biggest worry here; it’s that Modi has seen fit to follow the paths trodden by the likes of China.