Internal Security through Communication Networks

INTERNAL SECURITY CYBER SECURITY
17 Oct, 2022

NEWS HIGHLIGHTS

Theme : Cyber Security
Paper : GS - 3

Among other things, the proposed Draft Indian Telecommunications Bill 2022 brings digital communications applications like Signal and Telegram under telecommunications law and regulation and treats them like internet and telecom service providers and broadcasters.

TABLE OF CONTENT

  1. Context
  2. Current Regulations of Communication Networks
  3. Why is Security of Communication Network Crucial?
  4. Necessity of New Bill
  5. Criticism over the New Bill

Context : Among other things, the proposed Draft Indian Telecommunications Bill 2022 brings digital communications applications like Signal and Telegram under telecommunications law and regulation and treats them like internet and telecom service providers and broadcasters.

Current Regulations of Communication Networks :

  • Information Technology Act 2000: Digital communication applications are currently governed by the Ministry of Electronics and Information Technology (MeitY) and the Information Technology Act 2000 where there is no licensing requirement.
  • Telecom Regulatory Authority of India (TRAI): The move has been debated for some years now, with the Telecom Regulatory Authority of India (TRAI) issuing multiple consultations on the matter, most recently in 2018.
  • National Digital Communications Policy in 2018: DoT may have legitimate grounds for extending its jurisdiction over digital communications applications, including a policy mandate established by the National Digital Communications Policy in 2018. However, there is a conflict that must be resolved, namely the jurisdictional overlap between the prospective law and the existing information technology framework.

Why is Security of Communication Network Crucial?

  • National security: Communication networks are a part of our critical information infrastructure which was defined in the IT Act, 2000 as “the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.”
  • Protecting critical Infrastructure: Communications networks are crucial to the connectivity of other critical infrastructure, viz. civil aviation, shipping, railways, power, nuclear, oil and gas, finance, banking, communication, information technology, law enforcement, intelligence agencies, space, defense, and government networks. Therefore, threats can be both through the networks as well as to the networks.
  • Ready to Information Warfare (IW): Because of the increasing relevance of information technology (IT) to people’s lives, individuals who take part in IW are not all soldiers and that anybody who understands computers may become a fighter.
  • To stop the adverse impact on the information system: IW is inexpensive as the targeted party can deliver a paralyzing blow through the net and it may be difficult for the latter to discern where the attack originated. Large amounts of useless information can be created to block or stop the functioning of an adversary’s information system.
  • For Possible mass mobilization: Thus, a People’s War in context of IW can be carried out by hundreds of millions of people, using open-type modern information systems. Even political mobilization for war can be achieved via the internet, by sending patriotic e-mail messages and by setting up databases for education.

Necessity of New Bill :

  • No obligation on communication applications: A key reason for the DoT to bring such applications under telecommunications law is national security. Licensed telecom service providers must provide law enforcement authorities access to their networks and intercept messages in the course of investigations.Conversely, there is a contention that there is no corresponding obligation on digital communications applications, potentially leaving a gap in safeguarding national security interests.
  • For increased Encryption and secrecy: A further assertion is that the encryption used by most digital communications apps hampers investigative efforts as it becomes difficult to ascertain user identity on these platforms and stop malfeasance.
  • Necessary to Ensure security: The draft telecom bill attempts to address this gap by including a provision which enables the government to undertake measures in the name of national security, including issuing directions regarding the use of any telecommunication service.
  • Licensing for more transparency: Presumably, licenses issued for digital communications applications under the proposed legislation will prescribe conditions that would require these apps to give law enforcement authorities access to their systems for monitoring and intercepting communications.

Criticism over the New Bill :

  • Existing law is sufficient: the IT Act already has provisions to enable lawful interception and monitoring of messages sent through digital communications applications. Under Section 69 of the IT Act, the central or state government may issue directions to do so in the interest of preserving, among other things, national security and public order. Moreover, rule 4 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) 2021 requires digital communications applications with 50 lakh users or more to enable identification of those sending messages on their platforms.
  • Possible mass surveillance by Government: The implication here is that digital communications apps would have to break encryption and create meaningful pathways for the surveillance of their services. Importantly, while rule 4 has been challenged, it has not been stayed by any court, meaning digital communications apps must comply with it.
  • New laws will overlap with IT Act: It would appear, then, that the provisions regarding national security in the draft telecom bill and the IT Act overlap. So how would the situation be resolved, as both have clauses that give them the ability to override provisions in other laws? Specifically, both the Draft Telecom Bill, 2022 and the IT Act have a non-obstante clause, a provision that enables a statute to uphold the enforceability of its provisions over others that contradict it. Thus, in case of a contradiction between these two laws, which would prevail?
  • Introducing Digital India Act will likely to override other laws: Reports indicate that MeitY aims to introduce a newer version of the IT Act, namely the ‘Digital India Act’. This law will likely deal with matters related to lawful interception and other matters related to the governance of digital communications applications. If such a law is passed, the ‘Digital India Act’ would override the enacted version of the telecom bill.

FAQs :

1. How are Communication Networks defined in IT Act 2000?

Answer : Communication networks are a part of our critical information infrastructure which was defined in the IT Act, 2000 as “the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.”

2. What is Section 69 of the IT Act?

Answer : Under Section 69 of the IT Act, the central or state government may issue directions to do so in the interest of preserving, among other things, national security and public order.