Snowden, surveillance and snooping in India: FAQs
India has declined the asylum request of fugitive former CIA agent Edward Snowden who blew the whistle on a US surveillance programme. New Delhi has also sought to play down reports of US cyber snooping at its mission in Washington.
Here are the answers to some FAQs on the subject:
What is PRISM?
An internal code-name for a top-secret surveillance programme run by the US National Security Agency, with real-time access to user data (from Google, Facebook and seven others) instead of requiring ad-hoc wiretap requests or court orders for individual user data.
If it's secret, how do we know?
Edward J. Snowden, a 29-year-old NSA contractor and former CIA employee, leaked details of PRISM to the Guardian and Washington Post newspapers.
What did Google, Facebook and others say?
"We've never heard of PRISM. We don't give direct access to any government agency. We work within the law. There is no back door." (Google.) The others' statements were similar.
Are they lying?
No. Their answer may be technically correct, while not fully honest. They didn't hear of PRISM - that internal code-name wasn't used by NSA externally. NSA doesn't have "direct" access to their servers, but the two parties could talk through an API, or a querying system. The NSA could still get every piece of user data and metadata, instantly.
Does PRISM snoop on India?
Yes. PRISM covers on all countries. It reportedly snoops on 20 million calls a day in Germany alone - the US' close ally. India is reportedly among the top five surveillance targets, in terms of internet data and call records accessed.
What happened to Snowden?
The US charged him with espionage, and began to hunt him down. Snowden hid in Hong Kong, then flew to Russia (both countries refused to hand him over to the US). He is in Moscow's airport for over 12 days now, somewhere in a mile-long transit corridor, and has asked an estimated 27 countries for asylum. Venezuela and Nicaragua have offered asylum.
Who intercepts phone calls and mails in India?
There's no NSA here. Nine agencies are permitted by the Telegraph Act, Rule 419A (Indian Telegraph Rules, 1951), Supreme Court guidelines, and the IT Act of 2008 to do electronic surveillance, including telephone tapping in India. These are the Intelligence Bureau, the CBI, Economic Intelligence Bureau, Directorate of Revenue Intelligence, CBDT (tax department), Military Intelligence, Narcotics Control Bureau, National Investigation Agency and the Research and Analysis Wing. The newer National Technical Research Organization has also tried to access servers of service providers, succeeding with Indian ones such as Rediffmail and Sify, but failing with US-based providers such as Google and Yahoo.
Does India have a programme like PRISM?
It does, now. The C-DoT's (Centre for Development of Telematics) new Central Monitoring System (CMS) - with Rs.600-Rs.800 crore, or USD 100-130 million, for equipment - is under way. The CMS will pull metadata (phone records) in real time from the states to its own central facility in New Delhi. The ICT Ministry says it's for phone-record analysis. The Hindu reported having documents showing that the CMS aims to monitor in real time all mobiles and fixed lines, plus all 160 million Internet users.
Do Indian agencies need a warrant to snoop?
A central agency wanting to snoop on a call or SMS records once needed to present a warrant to service providers, seeking calls details. In 2007 a change in their licensing conditions required service providers to deliver call records and other data on demand. After the CMS is fully implemented, call records would be delivered in real-time to the CMS station in South Delhi: no warrant would be required. For intercepting entire phone calls, as of now, a warrant is still required.
If so many agencies could anyway snoop, what's different about CMS?
CMS will now be able to access metadata (and possible data) in real time - sweeping surveillance on everyone. Those nine agencies (and perhaps others) will become "customers" of CMS, and will probably be required to present specific interception requests, targeted at individuals. The worry is that so much of real-time data can lead to misuse by individuals, or agencies.
What kind of misuse is possible with CMS?
The use of surveillance to settle political scores. Snooping by the government on other parties, or even other departments. Even corporate espionage, through corrupt individuals in the nine agencies, or in CMS. Individual misuse. An example: a tax officer on a tax evasion case finds from call records that the (married) man under investigation is making 20 calls a day to a specific lady. This is unconnected to the tax case - but he uses the information for a spot of blackmail and extortion on the side.
Can anyone snoop without a warrant?
On a landline, technically, a linesman could add a recording device on your line: calls are not encrypted. A digital mobile network is more difficult to "tap". However, intelligence agencies, army and now the NTRO all love to use off-the-air mobile interceptors. No Home Ministry permission is taken: these are difficult to detect anyway. Such interceptors can allow direct access to voice traffic.
(07-07-2013- Prasanto K. Roy (@prasanto) is a technology analyst and writer)
(Posted on 07-07-2013)