On Internet freedom, India’s perilous trajectory

By the time the first story based on former NSA contractor Edward Snowden’s disclosures splashed across the front pages of the world’s newspapers, India had reportedly begun deployment of its own major surveillance architecture, the Central Management System (CMS). The system is a $132 million project that allows central access to all communications content and metadata carried over Indian telecommunications networks. According to documents reviewed by The Hindu:

the CMS will enhance the government’s surveillance and interception capabilities far beyond ‘meta-data,’ data mining, and the original expectation of “instant” and secure interception of phone conversations.

The interception flow diagram, hitherto under wraps, reveals that the CMS being set up by C-DoT — an obscure government enterprise located on the outskirts of New Delhi — will have the capability to monitor and deliver Intercept Relating Information (IRI) across 900 million mobile (GSM and CDMA) and fixed (PSTN) lines as well as 160 million Internet users, on a ‘real time’ basis through secure ethernet leased lines.

Although the system is not yet fully operational, The Hindu further reported in September 2013 that all of India’s 160 million Internet users were by that time “already being subjected to wide-ranging surveillance and monitoring,” much of it “in violation of the government’s own rules and notifications for ensuring ‘privacy of communications.'”

And things only seem to get worse. Just last week, The Times of India reported that the Indian government will soon deploy NETRA, an Internet spy system capable of real-time keyword analysis on all manner of Internet communications, from public tweets to private emails, as well as Voice over Internet Protocol traffic such as calls made via Google Talk and Skype.

According to The Hindu, all authorizations for surveillance under the system remain secret, and contained within government departments. Thus, Indian authorities may program a keyword search, then monitor “all traffic of every and any Internet user for as long as it desires, without any oversight of courts and without the knowledge of [Internet Service Providers].”

Journalists who have sought to shed light on such systems have found themselves obstructed. Speaking to CPJ, Economic Times senior reporter Indu Nandakumar stated that after she published information about India’s surveillance capabilities, “Indian government authorities, particularly top decision-makers at CERT-In [a government agency responsible for cybersecurity and surveillance] have stopped talking to me, and many other journalists who cover these issues.” She added, “That makes it very hard to cover this topic.”

Compounding concerns over the Indian government’s technical capabilities, and the lack of independent oversight of its powerful tools, is a dearth of strong individual privacy protections under Indian law. As BBC South Asia Correspondent Andrew North wrote in October, “the intelligence agencies still report straight to the prime minister and the home minister.” Bhairav Acharya, a constitutional lawyer who practices before the Supreme Court of India, agrees. Writing for the South Asian media watchdog website The Hoot in November, Acharya said, “For ordinary Indians who want to protect themselves and their communications from state encroachment, the law currently offers little solace.” Even Internet users who wish to engage in self-help by using encryption–as journalists frequently do–are afforded little to no protection: pursuant to Section 69 of India’s Information Technology Act, the government may put an individual who fails to comply with a governmental decryption order in prison for seven years.

From user data requests, to media ownership, to the deaths and imprisonment of journalists, India’s track record on Internet and press freedom leave little reason to trust that authorities charged with unilaterally operating the country’s powerful surveillance systems will choose not to turn them on journalists.

There is an additional irony. Although Indian officials have been reticent to make specific statements about disclosures by Snowden, government officials– following requests by Indian tech companies–have begun looking into ways to wall the country off from the broader Internet. (Although ostensibly driven by a desire to “limit the capacity of foreign elements to scrutinize intra-India traffic,” as an unnamed Indian official told The Hindu, forced localization would benefit the companies’ bottom lines, the paper also noted.) Whatever the motivation, such efforts to fragment Internet resources help facilitate worldwide surveillance and censorship, both in the nation-state itself, and ultimately worldwide. Many commentators believe that if taken to their logical end, such maneuvers could pose an existential threat to the Internet as a neutral medium for journalism and other forms of free expression.

It remains to be seen whether the world’s largest democracy will continue to emulate the misguided spy strategies of the United States, or take up more constructive solutions. For now, it appears that the Indian government is set on laying the groundwork for a sprawling, panoptic future, while employing harmful tactics that threaten to compound the issues raised by pervasive NSA surveillance, not solve them.

In present-day India, the future of Internet freedom appears bleak.