While phone-tapping and surveillance requests from law enforcement agencies were handled until last year by a small division that operated under Internal Security-I (IS-I) division of the Union Ministry of Home Affairs (MHA), in November 2017 the Centre created two new divisions to deal with radicalisation and cybersecurity.
The mandate for counterterrorism went to the Counter Terrorism and Counter Radicalisation (CTCR) division, the powers for surveillance and phone-tapping were taken out from IS-I’s ambit and vested in the newly created Cyber and Information Security (C&IS) unit.
On December 20, 2018, the C&IS division issued the order that received much flak online, as well as from opposition parties, including the Congress. Signed by Union Home Secretary Rajiv Gauba, the order authorises 10 central agencies to monitor, intercept and decrypt all data contained in any computer system, under rules formulated in 2009.
Expanding roles of cyber security unit
With the advent of technology, the role of C&IS division will have to be expanded to provide for schemes on cybercrime prevention and control. While the division at present advises state governments on capacity building and setting up of cybercrime investigation labs, and several states have already started schemes on prevention of cybercrime against women and children, a project on research and development for prevention and control of cybercrime will be taken up in coming days, according to an official. The unit is also developing a national cybersecurity policy and strengthening cybersecurity breach of government organisations.
Having begun with the limited mandate to formulate policies for cybersecurity and crime, the C&IS division has now been tasked to handle propaganda, hate crime on social media after rumors spread through WhatsApp and Facebook posts reportedly led to incidents of violence and even lynching in several parts of the country.
Replying to a Right to Information (RTI) query, the MHA had, in 2013, stated that nearly 9,000 orders for interception of telephone and mobile phones and 500 emails are issued every month. Officials said the numbers has gone up in recent years, and that the MHA now handles close to 12,000 to 15,000 such requests from law enforcement agencies each month.
The C&IS is among the 21 divisions under the MHA and was earlier headed by a Joint Secretary-level IAS officer. Anuj Sharma, a joint secretary at MHA from the 1991-batch Indian Defence Estates Services (IDES), now heads it. He was made a joint secretary-level officer last year, and received another year’s extension this year. Sharma has worked as Officer on Special Duty (OSD) with several Home Secretaries, both in UPA and NDA governments, and handled sensitive files related to surveillance and phone-tapping, officials familiar with the working in MHA confirmed to The Indian Express.
Explaining the structure of C&IS, a senior official said the joint secretary reports directly to the Union Home Secretary and the Home Minister. It has two senior bureaucrats as directors of CIS-I and CIS-II.
Officials estimate that this critical unit has nearly two dozen officials and also hires experts and professionals from outside for technical know-how and assistance. A director-level officer from the Indian Telecom Services (ITS) heads the division that processes the request for phone-tapping and surveillance and submits it before the Union Home Secretary.
The C&IS division also handles security clearances to projects with foreign investment and foreign nationals as directors of Indian companies, according to officials.
Besides, it looks after audit of monitoring facilities and advising for Department of Telecom and MeitY, coordination for centralised monitoring system (CMS), and working on secured communication system for government departments and VVIPs – systems such as RAX and SDCN. The secure lines for communication were scaled up in 2014-15 to reduce interception by foreign intelligence agencies.
In 2013, an inquiry was initiated on suspicion that an ISI agent, posing as an Indian government official, had called up officers at the NSG headquarters to get details of probe into the twin blasts in Hyderabad.
As per its mandate, the C&IS division is also developing a national cybersecurity policy and strengthening cybersecurity breach of government organisation. According to the Indian Computer Response Team (CERT-In), over 53,000 cases of cybersecurity incidents were reported in 2017 in India while 1,785 credit/debit cards frauds were recorded, causing a loss of Rs 71.48 crore last year.
The C&IS is also responsible for international conventions on cybersecurity and cybercrime, National Information Security Policy and Guidelines (NISPG) and its implementation and coordination with NIC for monitoring of traffic and logs.
Besides handling social media giants such as Google, Facebook, Twitter, Instagram, Snapchat and YouTube, among others, the C&IS division was recently responsible for forcing them to appoint a liaison officer and reduce response time from 72 hours to 36 hours to take down objectionable content and lewd messages online. The C&IS also runs a cyber portal where people can report on child pornography, revenge porn, gangrape and rape videos.
A Twitter handle – cyberdost – was operationalised early this year to create awareness on cyber safety and security.