Breach of trust In bypassing established protocol to seek call details of citizens en masse, government violates SC guidelines–Indian Express

The Cellular Operators Association of India has reported mass requests from the government for mobile call detail records (CDRs), a serious departure from the stringent protocol established by the UPA government following an uproar in 2013 after prominent politicians were found to be under unauthorised surveillance. Records have been sought for all consumers on certain dates in parts of Delhi, Andhra Pradesh, Haryana, Himachal Pradesh, Jammu & Kashmir, Kerala, Odisha, Madhya Pradesh and Punjab. In the case of Delhi, records were sought for the last three days of campaigning before assembly elections, while the anti-CAA protests were at their peak. Requests were delivered by local offices of the Department of Telecommunications, taking advantage of a condition in licences granted to operators, which permits the DoT to inspect their CDRs, which go back one year.

These requests depart from established protocol and international expectations on multiple counts, and amount to a serious breach of privacy. While a CDR request is supposed to be sanctioned by the home secretary and handled by a police officer of the rank of SP or above, DoT offices were used. The requirement to report CDR requests on a monthly basis to the district magistrate was not complied with. Most importantly, no reason was offered for snooping on the traffic of citizens. It is generally understood that communications surveillance must be specific and purposive, and must not trespass on the privacy of the innocent. Indiscriminate mass surveillance of communications invades the privacy of all citizens to the detriment of public trust. In this case, it was for purposes which are not verifiably honourable, since the government has chosen not to reveal them.

CDRs are all metadata and no content. They do not reveal any words uttered or messaged, but combining the metadata with phone location data reveals a lot about connections between specific people and the actions that they take. If data is available at scale, as was the case here, it is possible to build a multi-dimensional map of human activity, and correlate it with real events. This would disturb the balance of information power between the citizen and the state, and amount to a breach of privacy. If the government needs CDR data for a legitimate purpose, it should have no objection to following the rule-book scrupulously. And if there is a reason for sidestepping protocol in a sensitive matter, it should explain why.

via CDRs are all metadata and no content

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s