NEW DELHI: Intelligence agencies want the telecom department to issue new rules making it mandatory for all mobile phone companies and internet service providers to retain their customers’ online data for a minimum period of 12 months, raising privacy concerns.
Currently, all telephone records including call and text message details are stored by mobile phone companies for six months. Regarding internet, the home ministry has asked the Department of Telecom (DoT) to ensure that both mobile operators as well as Internet Service Providers (ISPs) store all details of email communications.
These include the email addresses from where the online communication is sent, the receiving ID, the subject of the mail, attachment name and type, the other recipients who are marked on the same mail and similar details of the replies to the online communication.
It has also requested that login and logout details, including the amount of time spent online be recorded under the new guidelines. Intelligence agencies have specified similar norms for all other forms of online communications including searches, chats, social networking, file sharing, peer-to-peer amongst others.
Justifying the move, the intelligence bureau’s communication to the DoT states that such steps are required to address ‘security challenges and to keep pace with the rapidly changing internet technologies, protocols and different types of services being used by adversaries’.
The communication further adds that new rules should also be applicable to 3G services provided by telcos as the usage of internet was increasingly moving to smartphones and other cellular handsets. Telcos and ISPs said they were yet to be informed about these proposed new rules.
Earlier this year, the Centre had allowed mobile phone companies, to continue providing a range of third generation services, including video calls, on the condition that encryption facilities to monitor these services in realtime were installed within the next six months.
“Non-complying service providers may be made liable as per the liability and penalty described in the license agreement. The TERM cell of the department of telecom may be responsible for compliance of the data retention, access control, by the service provider and acts as intermediary between law enforcement agencies and service providers,” Intelligence Bureau Additional Director RN Behura said in his communication to the DoT secretary R Chandrasekhar.
Regarding social networking, the home ministry wants telcos and ISPs to retain the user ID, followers and contacts, chat IDs and group community name. Similarly in the case of video services, operators must store the user ID, name of video posted along with the file type and file size. Even the queries sent to the search engines must be recorded, the communication adds.
The customer retention rules also cover all forms of online communication. In the case of internet telephony, telcos and ISPs must store the caller and called ID, the duration of the call, start and end time and date and also the end device used. The Home Ministry has also specified similar details for online facilities such as chat, web services, internet telephony and Skype.
Security issues have increasingly plagued the country’s communications space over the last two years. Canada’s Research in Motion has been involved in a three-year battle with Indian security agencies, which are demanding access to all BlackBerry communications, citing national security threats. It had recently provided encryption keys for its Messenger and Internet services to Indian security agencies after the government had threatened to shut down these facilities.
The Indian government had earlier said it would act against companies such as Google and Skype on encryption, but has so far not acted on it.