Indian Government Plans Digital Central Monitoring System – CIS India

Starting from this month, all telecommunications and Internet communications in India will be analyzed by the government and its agencies. This means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities. This totalitarian type of surveillance will be incorporated in none other than the Central Monitoring System (CMS).
The Central Monitoring System (CMS)
The Central Monitoring System (CMS) may be another step in the wrong direction, especially with the lack of privacy laws to protect Indian citizens against potential abuse. Yet, all telecommunications and internet communications are to be monitored by Indian authorities through the CMS, despite the fact that it remains unclear how our data will be used.
The CMS was prepared by the Telecom Enforcement, Resource and Monitoring (TREM) and the Centre for Development of Telematics (C-DoT) and is being manned by the Intelligence Bureau. The CMS project is likely to start operating this month. The Information Technology Amendment Act 2008 enables e-surveillance. The government plans to create a platform that will include all the service providers in Delhi, Haryana and Karnataka creating central and regional databases to help central and state level law enforcement agencies in interception and monitoring. Without any manual intervention from telecom service providers, CMS will equip government agencies with Direct Electronic Provisioning, filter and provide Call Data Records (CDR) analysis and data mining to identify the personal information and provide alerts of the target numbers.
The estimated cost of CMS is Rs. 4 billion. It will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Agencies which will have access to the CMS include the Research and Analysis Wing (R&AW), the Central Bureau of Investigation (CBI), the National Investigation Agency (NIA), the Central Board of Direct Taxes (CBDT), the Narcotics Control Bureau, and the Enforcement Directorate (ED). Last October, the NIA approached the Department of Telecom requesting for connection with the CMS to help it intercept phone calls and monitor social networking sites without the cooperation of telcos. NIA is currently monitoring eight out of 10,000 telephone lines and if connected with the CMS, NIA will also get access to e-mails and other social media platforms. Essentially, CMS will be converging all the interception lines at one location for Indian law enforcement agencies to access them. CMS will be capable of intercepting our calls and analyzing our data on social networking sites, and also tracking encrypted signals. Thus our attempts to protect our data from ubiquitous surveillance would be futile.
In light of the CMS installation, the Mumbai police set up a ´social media lab´ last month to monitor Facebook, Twitter and other social networking sites. Staffed with 20 police officers, this lab would keep an eye on issues being publicly discussed and track matters relating to public security. According to police spokesman Satyanarayan Choudhary, the lab will be used to identify trends among the youth to plan law and order accordingly. However, fears have arisen that the lab may be used to stifle political debate and freedom of expression. The arrest of two Indian women last November over a Facebook post during Bal Thackeray’s death was proof that the monitoring of our communications can potentially oppress our freedom and human rights. Now that all our online activities will be under the microscope, will the CMS security trade-off be worth it?
Surveillance in the name of Security
In a digitised world, threats to security have been digitised. Terrorism is considered to be a product of globalisation and the internet appears to be a tool used by terrorists. Hence governments all around the world are convinced that surveillance is probably one of the most effective methods in detecting and prosecuting terrorists. So all movement, action, interests, ideas and everything that could define an individual are closely being monitored. If everything about our existence is closely monitored and analysed, it seems likely that we will be instantly detected and prosecuted if engaged in illegal activity. But according to security expert Bruce Schneier, searching for a terrorist through data mining is like looking for a needle in a haystack. Generally, the bigger the amount of data, the bigger the probability of an error in matching profiles. Hence, when our data is being analysed through data mining, the probability of us being charged for a crime we did not commit is real. Nonetheless, CMS is going to start operating soon in an attempt to enable law enforcement agencies to tackle crime and terrorism.
A few days ago, I had a very interesting chat with an employee at SAS Institute (India) Pvt. Ltd. in Bangalore, a wholly owned subsidiary of SAS Institute Inc. SAS produces software solutions and services to combat fraud in financial services, identify cross-sell opportunities in retail. All the business issues it addresses are based on three capabilities: information management, analytics and business intelligence. Interestingly, SAS also produces social network analysis which ‘helps institutions detect and prevent fraud by going beyond individual and account views to analyze all related activities and relationships at a network dimension’. Thus, a social network analysis solution uncovers previously unknown network connections and relationships, even to a terrorist organisation enabling more efficient investigations.
According to the SAS employee I spoke to, the company provides similar analysis to Indian law enforcement agencies and aims to support the CMS project in an attempt to tackle crime and terrorism arguing that their social network analysis solution only analyzes open source data thus respecting online individual privacy. Cyber security experts have argued in favour of the Mumbai social media lab stating that the idea that the privacy of our messages and online activity would be intercepted is a misconception.
It was also argued that there is no harm in creating monitoring centres, especially since other countries, such as the U.S., are conducting similar surveillance, thus justifying it in the name of security.
CMS targeting individuals: myth or reality?
Does CMS really target us individually as the cyber security experts in India claim? Lets look at the following hypothesis:

The CMS can surveille and target individuals, if Indian law enforcement agencies have access to individuals content and non-content data and are simultaneously equipped with the necessary technology to analyse their data.

The two independent variables of the hypothesis are: (1) Indian law enforcement agencies have access to individuals´ content and non-content data, (2) Indian law enforcement agencies are equipped with the necessary technology to analyse individuals´ content and non-content data. The dependent variable of the hypothesis is that the CMS can target individuals, which can only be proven once the two independent variables have been confirmed.
However, the surveillance industry in India is a vivid reality. ClearTrail is an Indian surveillance technology company which provides communication monitoring solutions to law enforcement agencies around the world including, mass monitoring of IP and voice networks, targeted IP monitoring, tactical Wi-Fi monitoring and off-the-air interception, among others. Indian law enforcement agencies are equipped with technologies and solutions capable of targeting us individually and of monitoring our private online activity.
Shoghi Communications Ltd. is just another example of an Indian surveillance technology company. WikiLeaks has published a brochure with one of Shoghi´s solutions: the Semi Active GSM Monitoring System which can intercept communications from any GSM service providers in the world and has a 100% target call monitor rate without any help from the service provider. Indian law enforcement agencies are probably being equipped with such systems which would enable CMS to monitor telecommunications more effectively.
In general, many companies, globally, produce surveillance products and solutions for supply to law enforcement agencies around the world. However, if such technology is used solely to analyse open source data, how do law enforcement agencies expect to detect criminals and terrorists? In other words, how can they access our ´private´ online communications to define whether we are a terrorist or not?
Law enforcement requests reports published by companies, such as Google and Microsoft, confirm the fact that law enforcement agencies have access to both our content and non-content data, much of which was disclosed to Indian law enforcement agencies. The various surveillance technology companies ensure that Indian law enforcement agencies are equipped to analyse our data and match patterns.
Thus, the arguments brought forth by cyber security experts in India appear to be weak. So how does CMS also affect our human rights?
No privacy legislation currently exists in India. The telephone tapping laws in India are weak and violate constitutional protections. The Information Technology Amendment Act 2008 has enabled e-surveillance to reach its zenith, but yet surveillance projects, such as CMS, lack adequate legal backing.  All individuals can potentially be targeted and monitored, regardless of whether they have been involved in illegal activities. The following questions in regards to the CMS remain vague: Who can authorise the interception of telecommunications and Internet communications and access to intercepted data? Can data monitored by the CMS be shared between third parties and if so, under what conditions? Is data monitored by CMS retained and if so, for how long and under what conditions? Do individuals have the right to be informed about their communications being monitored and about data retained about them?
In order to ensure that our right to privacy and other human rights are not breached, parliamentary oversight of intelligence agencies in India is a minimal prerequisite. E-surveillance regulations should be enacted, covering both policy and legal issues pertaining to the CMS ensuring that human rights are not infringed.
A version of this post was published on Centre for Internet & Society, India website

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Turning Off IPhone Critical to Pilots Citing Interference

Play iPhones on Planes Blamed for Navigation Disruption

The regional airliner was climbing past 9,000 feet when its compasses went haywire, leading pilots several miles off course until a flight attendant persuaded a passenger in row 9 to switch off an Apple Inc. (AAPL) iPhone.

Enlarge image

The cockpit of a Boeing Co. 787 Dreamliner is shown during an event in Arlington, Virginia. Laboratory tests have shown some devices broadcast waves powerful enough to interfere with airline equipment, according to NASA, aircraft manufacturer Boeing Co. and the U.K.’s Civil Aviation Authority. Photographer: Joshua Roberts/Bloomberg

Enlarge image

Even Delta Air Lines Inc., which argued for relaxed rules, told the U.S. Federal Aviation Administration its pilots and mechanics reported 27 suspected incidents of passenger electronics causing aircraft malfunctions from 2010 to 2012. Photographer: David Paul Morris/Bloomberg

“The timing of the cellphone being turned off coincided with the moment where our heading problem was solved,” the unidentified co-pilot told NASA’s Aviation Safety Reporting System about the 2011 incident. The plane landed safely.
Public figures from U.S. Senator Claire McCaskill to actor Alec Baldwin have bristled at what they say are excessive rules restricting use of tablets, smartphones, laptops and other devices during flights.
More than a decade of pilot reports and scientific studies tell a different story. Government and airline reporting systems have logged dozens of cases in which passenger electronics were suspected of interfering with navigation, radios and other aviation equipment.
The FAA in January appointed an advisory committee from the airline and technology industries to recommend whether or how to broaden electronics use in planes. The agency will consider the committee’s recommendations, which are expected in July, it said in a statement.
Laboratory tests have shown some devices broadcast radio waves powerful enough to interfere with airline equipment, according to NASA, aircraft manufacturer Boeing Co. (BA) and the U.K.’s Civil Aviation Authority.

Airlines Split

Even Delta Air Lines Inc. (DAL), which argued for relaxed rules, told the U.S. Federal Aviation Administration its pilots and mechanics reported 27 suspected incidents of passenger electronics causing aircraft malfunctions from 2010 to 2012. Atlanta-based Delta said it couldn’t verify there was interference in any of those cases.
The airline industry has been divided. Delta said in its filing that it welcomes more electronics use because that’s what its passengers wanted. United Continental Holdings Inc. said it preferred no changes because they’d be difficult for flight attendants to enforce.
CTIA-The Wireless Association, a Washington trade group representing mobile companies, and Amazon.com Inc. (AMZN), the Seattle online retailer that sells the Kindle e-reader, urged the U.S. FAA last year to allow wider use of devices. Personal electronics don’t cause interference, CTIA said in a blog post last year.

10,000 Feet

Passengers’ use of technology and wireless services “is growing by leaps and bounds” and should be expanded as long as it is safe, the Consumer Electronics Association, an Arlington, Virginia-based trade group, said in its filing to the FAA last year.
Federal Communications Commission Chairman Julius Genachowski agreed in a Dec. 6 letter to the FAA.
Broader use of on-board electronics would help providers of approved aircraft Wi-Fi services by letting passengers use them longer. Gogo Inc. (GOGO), based in Itasca, Illinois, says it has 82 percent of that market in North America, and Qualcomm Inc. (QCOM) on May 9 won permission from the FCC to proceed with a planned air-to-ground broadband service for Wi-Fi equipped planes.
The FAA prohibits use of electronics while a plane is below 10,000 feet, with the exception of portable recording devices, hearing aids, heart pacemakers and electric shavers.
Once a flight gets above that altitude, devices can be used in “airplane mode,” which blocks their ability to broadcast radio signals, according to the FAA. There’s an exception for devices that aircraft manufacturers or an airline demonstrates are safe, such as laptops that connect to approved Wi-Fi networks.

Inflight Wi-Fi

The potential risks from personal electronic devices are increasing as the U.S. aviation system transitions to satellite-based navigation, according to the FAA. In order to improve efficiency, planes will fly closer together using GPS technology.
As a result, interference from electronics “cannot be tolerated,” the agency said last year.
While sticking with its prohibitions on use during some phases of flight, the FAA starting in 2010 issued guidelines allowing broader use of personal electronics.
Following techniques suggested by RTCA Inc., a Washington-based non-profit that advises the FAA on technology, airlines have been able to install Wi-Fi networks allowing passengers to browse the Web in flight.

No Tolerance

Four in 10 airline passengers surveyed in December by groups including the CEA said they want to be able to use electronic devices in all phases of flight. Thirty percent of passengers in that same study said they’d accidentally left on a device during a flight.
McCaskill, a Missouri Democrat, has called for lifting restrictions on non-phone devices such as the Kindle if passengers keep them in airplane mode, Drew Pusateri, her spokesman, said in an interview.
The existing rules are “ridiculous,” she said in an interview.
“I was aware from the research that’s been done that there has never been an incident of a plane having problems because of someone having a device on in the cabin,” she said.
The dangers from radio waves interfering with electronic equipment has been known for decades. A fire aboard the aircraft carrier USS Forrestal in 1967 killed 134 people, when a rocket on a fighter jet accidentally fired after a radar beam triggered an electronic malfunction, according to a 1995 NASA review.

GPS Useless

Restrictions on U.S. commercial aircraft began in 1966 after research found some portable radios interfered with navigation equipment, according to the FAA’s request last year for comments on whether it should change existing rules.
In one 2004 test, a now-discontinued Samsung Electronics Co. (005930)wireless phone model’s signal was powerful enough to blot out global-positioning satellites, according to NASA. The device, which met all government standards, was tested because a corporate flight department had discovered the phone rendered a plane’s three GPS receivers useless, NASA’s researchers reported.
While incidents haven’t led to any commercial accidents and and are difficult to recreate afterward, they continue to pile up. A log kept by the Montreal-based International Air Transport Association airline trade group recorded 75 cases of suspected interference from 2003 to 2009, Perry Flint, a spokesman for the group, said in an interview.

Ghost Theories

Peter Bernard Ladkin, a professor of computer networks at the University of Bielefeld in Germany, compiled similar accounts from pilots in Europe, he said in an interview.
“These are serious, conscientious pilots,” Ladkin said. “They know what they’re doing. They don’t subscribe to theories about ghosts or something.”
Damaged devices have transmitted on frequencies they weren’t designed for, according to David Carson, an associate technical fellow at Boeing who has participated in industry evaluations of electronics.
If those radio waves reach an antenna used for navigation, communication or some other purpose, it may distort the signal it’s supposed to receive.
Inflight Wi-Fi systems are safe in part because devices connect to them at low power levels, according to Carson, who was co-chairman of an RTCA panel that produced testing standards.
Devices searching for a faraway connection, such as a mobile phone trying to connect to a ground network in flight, send out more powerful radio waves, he said.

Pilots’ IPads

Airlines such as Delta and Alaska Air Group Inc. (ALK) have used the FAA guidelines to allow their pilots to carry Apple iPads to replace paper charts and manuals. McCaskill and others have used that as an example of why passengers should be allowed to use tablet computers during landing and takeoff.
One difference is that airlines don’t purchase tablet models that use connections through wireless phone networks. Similar devices used by passengers haven’t been tested for safety in the passenger compartment, Carson said. Plus, there’s no guarantee passengers will put the devices into airplane mode or the devices haven’t been damaged, he said.
“Something a passenger brings in, you don’t know if it fell in a mud puddle or they put a bigger battery in,” he said.
The RTCA group recommended against allowing passengers to use devices during taxi, landing and takeoff, Carson said.
The Association of Flight Attendants, the U.S.’s largest union for those workers, told the FAA last year that electronic devices should be stowed during those critical phases of flight, just as bags and purses must be.
Any decision should be based on science, not on politics or passengers’ desires to stay connected, John Cox, a former airline pilot who is chief executive officer of the Washington-based consulting firm, Safety Operating Systems, said in an interview.
“The question is: Do we want to do aviation safety based on lack of testing and certification standards?” Cox said.
To contact the reporter on this story: Alan Levin in Washington at alevin24@bloomberg.net