[liberationtech] we don't need no steenkin PRISM

[Eugen Leitl]

http://timesofindia.indiatimes.com/tech/enterprise-it/security/India-sets-up-nationwide-snooping-programme-to-tap-your-emails-phones/articleshow/20678562.cms

India sets up nationwide snooping programme to tap your emails, phones

Reuters | Jun 20, 2013, 12.32 PM IST

India has launched a wide-ranging surveillance program that will give its
security agencies and even income tax officials the ability to tap directly
into e-mails and phone calls.

Hackers try to break into NIC serversStudy reveals data breach costs for
Indian companiesMalicious or criminal attacks cause 37% of data breaches

NEW DELHI: India has launched a wide-ranging surveillance program that will
give its security agencies and even income tax officials the ability to tap
directly into e-mails and phone calls without oversight by courts or
parliament, several sources said.

The expanded surveillance in the world's most populous democracy, which the
government says will help safeguard national security, has alarmed privacy
advocates at a time when allegations of massive US digital snooping beyond
American shores has set off a global furor.

"If India doesn't want to look like an authoritarian regime, it needs to be
transparent about who will be authorized to collect data, what data will be
collected, how it will be used, and how the right to privacy will be
protected," said Cynthia Wong, an Internet researcher at New York-based Human
Rights Watch.

The Central Monitoring System (CMS) was announced in 2011 but there has been
no public debate and the government has said little about how it will work or
how it will ensure that the system is not abused.

The government started to quietly roll the system out state by state in April
this year, according to government officials. Eventually it will be able to
target any of India's 900 million landline and mobile phone subscribers and
120 million Internet users.

Interior ministry spokesman KS Dhatwalia said he did not have details of CMS
and therefore could not comment on the privacy concerns. A spokeswoman for
the telecommunications ministry, which will oversee CMS, did not respond to
queries.

Indian officials said making details of the project public would limit its
effectiveness as a clandestine intelligence-gathering tool.

"Security of the country is very important. All countries have these
surveillance programs," said a senior telecommunications ministry official,
defending the need for a large-scale eavesdropping system like CMS.

"You can see terrorists getting caught, you see crimes being stopped. You
need surveillance. This is to protect you and your country," said the
official, who is directly involved in setting up the project. He did not want
to be identified because of the sensitivity of the subject.

No independent oversight

The new system will allow the government to listen to and tape phone
conversations, read e-mails and text messages, monitor posts on Facebook,
Twitter or LinkedIn and track searches on Google of selected targets,
according to interviews with two other officials involved in setting up the
new surveillance program, human rights activists and cyber experts.

In 2012, India sent in 4,750 requests to Google for user data, the highest in
the world after the United States.

Security agencies will no longer need to seek a court order for surveillance
or depend, as they do now, on internet or telephone service providers to give
them the data, the government officials said.

Government intercept data servers are being built on the premises of private
telecommunications firms. These will allow the government to tap into
communications at will without telling the service providers, according to
the officials and public documents.

The top bureaucrat in the federal interior ministry and his state-level
deputies will have the power to approve requests for surveillance of specific
phone numbers, e-mails or social media accounts, the government officials
said.

While it is not unusual for governments to have equipment at
telecommunication companies and service providers, they are usually required
to submit warrants or be subject to other forms of independent oversight.

"Bypassing courts is really very dangerous and can be easily misused," said
Pawan Sinha, who teaches human rights at Delhi University. In most countries
in Europe and in the United States, security agencies were obliged to seek
court approval or had to function with legal oversight, he said.

The senior telecommunications ministry official dismissed suggestions that
India's system could be open to abuse.

"The home secretary has to have some substantial intelligence input to
approve any kind of call tapping or call monitoring. He is not going to
randomly decide to tape anybody's phone calls," he said.

"If at all the government reads your e-mails, or taps your phone, that will
be done for a good reason. It is not invading your privacy, it is protecting
you and your country," he said.

The government has arrested people in the past for critical social media
posts although there have been no prosecutions.

In 2010, India's Outlook news magazine accused intelligence officials of
tapping telephone calls of several politicians, including a government
minister. The accusations were never proven, but led to a political uproar.

No privacy law "The many abuses of phone tapping make clear that that is not
a good way to organize the system of checks and balances," said Anja Kovacs,
a fellow at the New Delhi-based Centre for Internet and Society.

"When similar rules are used for even more extensive monitoring and
surveillance, as seems to be the case with CMS, the dangers of abuse and
their implications for individuals are even bigger."

Nine government agencies will be authorized to make intercept requests,
including the Central Bureau of Investigation (CBI), India's elite policy
agency, the Intelligence Bureau (IB), the domestic spy agency, and the income
tax department.

India does not have a formal privacy law and the new surveillance system will
operate under the Indian Telegraph Act - a law formulated by the British in
1885 - which gives the government freedom to monitor private conversations.

"We are obligated by law to give access to our networks to every legal
enforcement agency," said Rajan Mathews, director general of the Cellular
Operators Association of India.

Telecommunications companies Bharti Airtel, Vodafone's India unit, Idea
Cellular, Tata Communications and state-run MTNL did not respond to requests
for comment.

India has a long history of violence by separatist groups and other militants
within its borders. More than one third of India's 670 districts are affected
by such violence, according to the South Asia Terrorism Portal.

The government has escalated efforts to monitor the activities of militant
groups since a Pakistan-based militant squad rampaged through Mumbai in 2008,
killing 166 people. Monitoring of telephones and the Internet are part of the
surveillance.

India's junior minister for information technology, Milind Deora, said the
new data collection system would actually improve citizens' privacy because
telecommunications companies would no longer be directly involved in the
surveillance - only government officials would.

"The mobile company will have no knowledge about whose phone conversation is
being intercepted", Deora told a Google Hangout, an online forum, earlier
this month.