For the past six months, a widely reported, "surreptitious surveillance" pilot project has been underway in India, and CIOs who do business there need to know about it.
Called the Indian Central Monitoring System (CMS), it is touted as India's very own Prism -- with the capability to monitor voice calls, SMS and MMS, GPRS, faxes, CDMA, GSM and 3G networks, video calls, and Internet activity. Being deployed at an estimated cost of US $64 million, the system can bypass every telecom service provider in the country and enables government agencies to lawfully intercept all data, access call data records, as well as track the geographical location of individuals in real-time.
Expected to be formally commissioned in October, the CMS program is also equipped to track all social media communication as well as search engine queries. The metadata would be subjected to pattern recognition and other automated tests to detect emotional markers like dissent, hate, and intent.
Designed by the Telecom Enforcement, Resource, and Monitoring Cells and implemented by the Centre for the Development of Telematics (C-DOT), the CMS is manned by the Intelligence Bureau, while government agencies like the Research and Analysis Wing (R&AW), the Central Bureau of Investigation (CBI), the National Investigation Agency (NIA), the Central Board of Direct Taxes (CBDT), the Narcotics Control Bureau, and the Enforcement Directorate (ED) can all access it.
The government's plans to keep an eye on communications seemed innocuous enough as reflected in a statement made in the Upper House of Parliament way back in 2009, but the CMS is now seen by many as a gross violation of privacy and security. It is being viewed with great suspicion in the backdrop of other government plans for Internet censorship, monitoring programs, collection of biometric data, proposals to create DNA profiles of offenders, government purchase of software to crack secure mobile phones and password-protected computers, and the creation of the National Intelligence Grid. Online petitions have sprung up to protest against the flood of surveillance tools coming into the open.
The largest uproar arises from the fact that the CMS does not need a court order to launch surveillance. There has been no attempt to seek the approval of the Parliament for the clandestine mass electronic surveillance system. The government has tried to appease critics citing an electronic audit trail for each phone number put under surveillance, but the fact that this audit trail will only be available to the Ministry of Home Affairs under which all the surveillance takes place has provided little comfort.
When union minister of state for communications and IT Milind Deora claimed at a Google Hangout session recently that the CMS would protect citizens from unlawful interception of communication by other agencies, it was not clear if he was referring to the domestic case of telephone tapping involving Nira Radia -- a corporate communication consultant to the Tata Group -- or to America's Prism program, which targeted India as well. In any case, the popular perception is that the CMS is more draconian than Prism.
For enterprises and CIOs, the most worrying aspect of a blanket surveillance program such as the CMS is the threat to online transactions, intellectual property, business secrets, and confidentiality of pre-grant patents and data. In the absence of targeted surveillance, vulnerabilities may be introduced into the system to enable blanket screening of the Internet. This will, in turn, increase the chances of hacking attacks -- with all the data being collected in one single repository of the CMS, the server is exposed to threats from competitors and cyber criminals alike.
Whether you are a citizen concerned with individual liberty or an enterprise concerned about data security, the CMS has to be on your radar as well as the programs slowly being made public in countries throughout the world. What do you think? Would the CMS deter your desire to do business in India? Is worldwide government-sanctioned surveillance a threat? Comment below.