Everything you need to know about Indian Central Monitoring System (ICMS)

Indian Central Monitoring System(ICMS) is being implemented by the Government of India(GoI) this year. GoI started implementation from April 2013. [1] #StopICMS is a campaign against the implementation of ICMS in India.

What is ICMS?

Though the main reason of ICMS is unclear to the public, we believe after the recent rise in civil society threats and other protests originating from the internet, we believe, GoI wants to have a peek into the working and plans for the next event, as soon as possible. Though, we also infer that this can be widely used against terror attacks and other violent events. But according to security expert Bruce Schneier, searching for a terrorist through data mining is like looking for a needle in a haystack.[2]

GoI mainly asks Google to remove defamatory content. Why is that? Security for themselves, in the name of safety of citizens? Content removal requests have increased by 90% from the GoI. 33% of the requests from the GoI are about either hate speech, defamation or government criticism.[3] Therefore, we can conclude that after implementation of ICMS GoI will primarily use it against hate speeches and government criticism. So, it could happen so the next time when you speak something really bad about GoI, which they dislike, you might get detained, like what happened to Tajinder Pal Singh Bagga (house arrest).

We have proof that government started working on ICMS from 2011.[4][5][6]

CMS, which costs approximately 4 billion rupees (US$73 million) to build, will be linked to the Telephone Call Interception System (TCIS) setup to monitor voice calls, SMS and MMS, GPRS, Fax Communications on landlines, CDMA, GSM and 3G networks, and video calls.[7]

We recently heard Assam police will monitor their part of the network.[11]

Why #StopICMS?

ICMS will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Agencies which will have access to the CMS include the Research and Analysis Wing (R&AW), the Central Bureau of Investigation (CBI), the National Investigation Agency (NIA), the Central Board of Direct Taxes (CBDT), the Narcotics Control Bureau, and the Enforcement Directorate (ED). Last October, the NIA approached the Department of Telecom requesting for connection with the CMS to help it intercept phone calls and monitor social networking sites without the cooperation of telcos.[8] NIA is currently monitoring eight out of 10,000 telephone lines and if connected with the CMS, NIA will also get access to e-mails and other social media platforms.[10] Essentially, CMS will be converging all the interception lines at one location for Indian law enforcement agencies to access them. CMS will be capable of intercepting our calls and analyzing our data on social networking sites, and also tracking encrypted signals.[9 (R Chandrashekhar, Secretary, DoT said, "We are still looking at such security issues internally. All the services which use encryption in one form or the other are being looked at.")] Thus our attempts to protect our data from ubiquitous surveillance would be futile.

No privacy legislation currently exists in India. The telephone tapping laws in India are weak and violate constitutional protections. The Information Technology Amendment Act 2008 has enabled e-surveillance to reach its zenith, but yet surveillance projects, such as CMS, lack adequate legal backing[14]. All individuals can potentially be targeted and monitored, regardless of whether they have been involved in illegal activities. The following questions in regards to the CMS remain vague: Who can authorize the interception of telecommunications and Internet communications and access to intercepted data? Can data monitored by the CMS be shared between third parties and if so, under what conditions? Is data monitored by CMS retained and if so, for how long and under what conditions? Do individuals have the right to be informed about their communications being monitored and about data retained about them? It, also, interferes with the Universal Declaration of Human Rights, the right to privacy.[16]

Law enforcement requests reports[12] published by companies, such as Google and Microsoft[13], confirm the fact that law enforcement agencies have access to both our content and non-content data, much of which was disclosed to Indian law enforcement agencies. The various surveillance technology companies ensure that Indian law enforcement agencies are equipped to analyse our data and match patterns. Therefore, privacy has gone into the trash for the sake of security.

We know the government today hates public criticizing it. It is evident from the arrests made in Mumbai for their Facebook posts against the bandh, called after the death of Bal Thackeray.[15] This is a stisfactory proof that the monitoring of our communications can potentially oppress our freedom and human rights. Now that all our online activities will be under the microscope, will the CMS security trade-off be worth it?

The Aadhaar numbers, issued by the government to all resident Indians, coupled with databases maintained by the criminal records bureau or the health department, can lead to misuse of profiling. Aadhaar collects biometric information like finger print scans and iris scans. In the absence of a legislation governing the Aadhaar project and lack of strong privacy laws, there is a possibility of this data being misused. Also, the government is planning create a pool of DNA profiles of “offenders.” The center will introduce the bill, first introduced in 2007, in the Parliament to legislate this. According to experts, this could lead to large scale misuse. According to news reports, the bill will also cover people who go through abortion, fight paternity suits and receive or donate organs.[17]

How #StopICMS?

Follow @StopICMS, like the StopICMS facebook page and subscribe to StopICMS.org RSS feed.

Spread the word. Share, tweet, mail this paste and details about #StopCMS. Most people do not realize how important privacy is, and hence don’t care. We cannot simply ignore blatant violations of our rights and do nothing, we did that once before, remember what happened? Yes, we lost our freedom.

Share this picture as much as you can: http://i.imgur.com/BoQ93xy.png

Inform local press and media, more attention by the press means more pressure on the government.

Sign this petition and spread it around: https://secure.avaaz.org/en/petition/Stop_CMS_Monitoring_and_respect_our_privacy

Write to the people responsible.

Kapil Sibal,
Minister of Communications and Information Technology
Office Address: 107, 1st Floor, Sanchar Bhawan
Office Phone: +91-11-23739191, +91-11-23372177
FAX: 011-23372428
E-MAIL: [email protected], [email protected]

MF Farooqui
Chairman, Telecom Commission
Office Address:210, Sanchar Bhawan, Delhi
Office Phone:+91-11-23719898
FAX:+91-11-23711514
E-MAIL:[email protected]

Rita Teotia
Additional Secretary
Phone: +91-11-23717300
FAX:+91-11-23350945
E-MAIL: [email protected]

Ram Yagya
Operations Advisor
Phone:+91-11-23036685
FAX: +91-11-23372184
E-MAIL: [email protected]

R.K. Bhatnagar
Technology Advisor
Phone:+91-11-23718460
FAX:+91-11-23329525
E-MAIL: [email protected]

Ram Narain
Deputy Director General-Security
Phone:+91-11-23716666
FAX:+91-11-23346161
E-MAIL: [email protected]

Questions to ask, to anyone:

1. Do the corporates working on the ICMS follow the Rule 5 Clause 3 of http://deity.gov.in/sites/upload_files/dit/files/RNUS_CyberLaw_15411.pdf

Rule 5 Clause 3:

While collecting information directly from the person concerned, the body corporate or any person on its behalf shall take such steps as are, in the circumstances, reasonable to ensure that the person concerned is having the knowledge of ―

(a) the fact that the information is being collected;
(b) the purpose for which the information is being collected;
(c) the intended recipients of the information; and
(d) the name and address of ―
(i) the agency that is collecting the information; and
(ii) the agency that will retain the information.

2. Who is responsible for the private data collected by ICMS?
3. Who instructs/permits to track a perticular individual?

Further Reading

The Central Monitoring System (CMS) Project Of India
Centre Of Excellence For Cyber Security Research And Development In India (CECSRDI)
India´s ´Big Brother´: The Central Monitoring System (CMS)

References

[1]: http://www.ciol.com/ciol/news/184770/governments-central-monitoring-system-operational-soon
[2]: http://www.schneier.com/blog/archives/2006/03/data_mining_for.html
[3]: http://www.google.com/transparencyreport/removals/government/IN/
[4]: http://dptenders.serverpeople.com/Tenders/EOI.doc
[5]: http://tenders.gov.in/innerpage.asp?choice=tc5&tid=karn439659&work=1
[6]: http://mha.nic.in/writereaddata/13040930061_Tr-ITJ-290411.pdf
[7]: http://www.zdnet.com/in/indias-monitoring-system-to-pilot-in-april-7000012228/
[8]: http://timesofindia.indiatimes.com/tech/tech-news/internet/NIA-wants-to-tap-phones-monitor-social-media-without-involving-telcos/articleshow/16819244.cms
[9]: http://www.business-standard.com/article/economy-policy/q-a-r-chandrashekhar-secretary-dot-111041800011_1.html
[10]: http://newindianexpress.com/nation/article1300012.ece
[11]: http://www.nextbigwhat.com/north-east-social-media-tracking-297/
[12]: http://www.engadget.com/tag/transparencyreport/
[13]: http://cis-india.org/internet-governance/blog/microsoft-releases-first-report-on-data-requests-by-law-enforcement-agencies
[14]: http://ictps.blogspot.com/2011/05/e-surveillance-policy-of-india-is.html
[15]: http://www.bbc.co.uk/news/world-asia-india-20405457
[16]: http://www.un.org/en/documents/udhr/index.shtml#a12
[17]: http://www.nextbigwhat.com/indian-government-cyber-monitoring-system-297/