Requests for bulk call data records (CDRs) by the Central government, which it said were being made with an aim to address issues pertaining to poor quality of services, have also been made for reasons beyond fixing the call drop issue. In response to Right to Information (RTI) queries filed by the Internet Freedom Foundation (IFF), several local units of the Department of Telecommunications (DoT) have conceded that the official purposes for seeking CDR details from telecom operators included checking for any “illegal telecom setups”, “detecting numbers involved in grey market telecom activities”, and “analysing data of incoming international long distance (ILD) calls having improper caller line identification (CLI)”. None of the responses mention the call drop issue as a reason for requisitioning the call records.
Furthermore, these requests have not been made under the legal provision that the Ministry of Communications cited in its clarification to The Indian Express’ March 18 report that telecom operators had raised questions of surveillance and alleged violation of user privacy guidelines with the government seeking CDRs of all mobile subscribers across several pockets of the country for specific days.
In its subsequent statement then, the communications ministry had said: “There is no infringement of privacy of any person. No personal details are collected. There is no tracking of any phone number.” It said data of calls had been sought to address “numerous complaints” regarding “quality of service of Telecommunications Network, call drops, echo, cross connections, incomplete or poor caller experience”.
However, in response to IFF’s RTI request, the Haryana Licensed Service Area (LSA) said that the CDRs were sought from operators to check for any possibility of any illegal telecom setups in the LSA and to find any invalid IMEI, or International Mobile Equipment Identity, numbers and non-genuine IMEI numbers accessing the network. To seek these records, the Haryana LSA said that the enabling legal provisions were Condition 9 of Chapter 1 of the Unified Licence Agreement and the Condition 39.20 of Chapter VI of the Unified Licence Agreement.
Similarly, the data sought by Kolkata LSA was based on a letter by the DoT’s security wing to the local unit, which said that “MHA (Ministry of Home Affairs) desired further analysis of incoming ILD calls having CLI as Indian numbers to ensure if that number was on roaming out or not”.
E-mail queries sent to Minister of Communications Ravi Shankar Prasad and Telecom Secretary Anshu Prakash did not elicit a response.
In its RTI queries, IFF asked more than 12 local units of the DoT as well as the DoT headquarters for details pertaining to CDR requests made between December 2019 and February 2020 including the the official purpose for seeking the CDR, the enabling legal provisions, the dates for which CDRs were sought and the duration on those dates for which the details were sought. Among the requests, only Haryana, Kolkata and Kerala LSAs responded with details of CDRs sought, while Shillong and Pune units said that no CDRs were sought.
According to sectoral and legal experts, even as the Centre has sought CDR details beyond its stated objective, its move to collect “anonymised” CDR details from telecom operators to address call drop issues is also in contravention with its own guidelines. On April 2 last year, the DoT issued a standard operating procedure for obtaining CDR details from the telecom service providers, a copy of which has been reviewed by The Indian Express.
“The Licensor including its field representative units (hereinafter referred as “Licensor”) seeking the CDR…, should first ascertain the identity of the subscriber, examine the justification carefully and maintain utmost confidentiality while obtaining CDR,” the guidelines stipulate. In their letter to the DoT Secretary on February 12, the operators had pointed out that in all the monthly as well as ad hoc bulk CDR details sought by various local units of DoT, “neither the intended purpose for requirement of CDRs is mentioned nor the identity of the subscriber(s), i.e., MSISDNs (mobile station international subscriber directory number — used to identify a mobile phone number internationally) have been provided”.
The standard operating procedure also stipulates that DoT may ask the operators for CDR details “for proper conduct of telegraph or to detect grey market/illegal telecom operations or in a public grievance case or any other purpose(s) as mentioned in the instructions issued from time to time under relevant provisions of licensing terms & conditions”.
“CDR received shall not be used for any other purpose other than the intended purpose mentioned while seeking”, it adds.
Speaking to The Indian Express, IFF’s executive director Apar Gupta said that call drops wasn’t the justification in the correspondence with any of the telecom providers. “They are not seeking pure CDR records, they are seeking data rich information and the two elements which are omitted are merely the name of the subscriber and the residential address, which is usually there on telecom bills. By omitting that information, it does not mean that the data is anonymised,” he said.
The telecom department is mainly empowered by three legal provisions to seek the CDR details. First is the Condition 9 of Chapter 1 of the Licence Agreement, which binds telecom operators to “furnish to the Licensor/TRAI, on demand in the manner and as per specified timelines such documents, accounts, estimates, returns, reports or other information in accordance with the rules/ orders as may be prescribed or as directed from time to time”.
Second is the Condition 39.20 of Chapter VI of the Licence Agreement, which binds the operators to preserve and provide CDR records of at least one year to the licensor for “security reasons”.
Third, is the Rule 419 of the Indian Telegraph Rules, 1951, which states that “it shall be lawful for the Telegraph Authority to monitor or intercept a message transmitted through telephone, for the purpose of verification of any violation of these rules or for the maintenance of the equipment”.
“Because of the lack of a data protection law, it is very likely that this information can be transmitted. These are bulk CDR details…information, which is queried on a rolling basis again and again on a monthly basis for 3-4 months at least in Kolkata, especially international incoming, raises a very high degree of chance and suspicion that this in fact is an act of mass surveillance,” Gupta pointed out.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines