Wrong call

DoT asking for mass data records is worrying

The Cellular Operators Association of India (COAI), the industry body that represents telecom service providers, has questioned repeated requests for mass call data records (CDRs) by the Department of Telecommunications (DoT). According to the industry body, CDRs were sought by the DoT for February 2, 3 and 4, for every mobile subscriber in Delhi. Similar mass CDR requests have been made for specific days in recent months in the Andhra Pradesh, Haryana, Himachal Pradesh, Jammu and Kashmir, Kerala, Odisha, Madhya Pradesh, and Punjab circles. This leads to apprehensions about a mass surveillance programme, violating the privacy of citizens on a large scale. In particular, anti-Citizenship Amendment Act agitations were on in Delhi during early February and there was also intense political campaigning, given the impending elections.

The ad hoc requests violate the norms laid down in 2013, according to which such a request for CDRs can be made only by an officer of the rank of superintendent of police or above, and the district magistrate must be informed of the CDRs being obtained every month. The sheer number of the CDRs requested is unusual. The DoT has subsequently clarified that it is trying to study the pattern of call drops, and stated that the data is anonymous and being analysed via “big data” programmes. Unfortunately, that explanation does not allay anxieties.

Such requests for mass CDRs have been made for several months, according to the COAI, and the explanation was provided only when information about these entered the public domain. The DoT, which is a government body, asked for the CDRs. However, technical parameters like call drops and network quality are normally studied and reported by the independent regulator, the Telecom Regulatory Authority of India (Trai), which has never asked for mass CDR data. In any case, it is not necessary for studying call drops. It is also not easy to completely anonymise such records. Even if this is attempted, it is possible that such a database of anonymised records can be “de-anonymised” with little effort. Phone calls are tied to location, and every handset has a unique handset number, even if the mobile numbers and names are redacted. Those records can be easily misused.

Unfortunately, there are no safeguards to protect the privacy of citizens against surveillance by the state, despite the assertions that privacy is a fundamental right by the Supreme Court in August 2017. Even the proposed Personal Data Protection Bill gives state agencies a blanket exemption to collect data on citizens, under opaque and broad-ranging clauses. In effect, this means that the state may track and monitor citizens as it pleases. The repeated requests for CDRs on a mass scale suggest some arm of the government, not necessarily the DoT, may be doing just that. The Personal Data Protection Bill as initially drafted by the Justice Srikrishna Committee incorporated some safeguards to prevent this sort of violation of privacy by the state. However, these safeguards were removed when the Bill was redrafted. In its present format, it has been described as “Orwellian” by Justice Srikrishna himself. Even that diluted legislation is still pending, more than two years after the court delivered its landmark judgment. In the absence of safeguards, India may easily slide into being a surveillance state, with privacy being violated repeatedly, on a mass scale.