“All ILD [international long distance] and ISP [internet service provider] licensees are mandated to connect their systems to the CMS [Centralized Monitoring System] facility,” and “law enforcement agencies are provided facility for on-line and real-time monitoring of traffic,” the Internet Service Providers Association of India said in a filing with the Department of Telecommunications obtained by Entrackr under the RTI Act.
“This facility makes the obligation of providing physical space (10 work stations with access control) a redundant real estate facility at the Licensee gateway locations,” ISPAI said.
This submission indicates that the Indian government and law enforcement agencies have far wider and easier access to Indian internet users’ web traffic than previously known, and access to this data is so accessible remotely that physically visiting an internet provider’s premises is no longer required for government agencies.
The CMS is an ambitious post-26/11 project to expand government surveillance capabilities of telecommunications in India. While its implementation has been delayed several times, this ISPAI filing indicates that enough infrastructure is in place for the government to monitor web traffic real time.
Addison Litton, a lawyer currently working as a litigation counsel at Zoom, wrote in a note in 2015 that the Indian government can use the CMS to gain access to communications without a telecom operator’s knowledge. “Interception through LIS happened by interception requests which were made by law enforcement agencies to the Nodal Officers of the TSPs,” the Internet Freedom Foundation said in 2020. The CMS, however, undercuts these requests by letting the government access data in real time without individual requests.
The scale at which the Indian government is using this access is unclear. But this is not the first time industry officials have inadvertently revealed details that indicate that the ease of surveillance has significantly increased. Rajan Mathews, then the Director General of the Cellular Operators Association of India, revealed in an interview in 2020 that telecom operators had started to remotely provide access to phone calls that were subject to lawful interception requests.
More recently, telecom operators and the Department of Telecommunications did not respond to Entrackr’s queries on whether the Indian government was tapping internet traffic that was flowing through the undersea cables that connect India to the global internet. The island nation of Mauritius underwent a political crisis amid allegations that engineers endorsed by the Indian government were dispatched to build such capabilities at a cable landing station in the country, leading to the resignation of a top telecom operator’s CEO.
Read Entrackr’s coverage of other responses to the Department of Telecommunications’ pre-consultation on a new legal framework for telecom in India: Jio, Airtel, American Chamber of Commerce in India, SIA-India, TRAI.