This is an archive article published on March 19, 2020

Opinion Breach of trust

In bypassing established protocol to seek call details of citizens en masse, government violates SC guidelines

Prashant Bhushan, Prashant Bhushan Supreme Court, Contempt of Court Prashant Bhushan
indianexpress

By: Editorial

March 19, 2020 11:09 AM IST First published on: Mar 19, 2020 at 04:05 AM IST
Call records surveillance, surveillance bjp CDR telecom, CDR request telecom, indian express editorial While a CDR request is supposed to be sanctioned by the home secretary and handled by a police officer of the rank of SP or above, DoT offices were used.

The Cellular Operators Association of India has reported mass requests from the government for mobile call detail records (CDRs), a serious departure from the stringent protocol established by the UPA government following an uproar in 2013 after prominent politicians were found to be under unauthorised surveillance. Records have been sought for all consumers on certain dates in parts of Delhi, Andhra Pradesh, Haryana, Himachal Pradesh, Jammu & Kashmir, Kerala, Odisha, Madhya Pradesh and Punjab. In the case of Delhi, records were sought for the last three days of campaigning before assembly elections, while the anti-CAA protests were at their peak. Requests were delivered by local offices of the Department of Telecommunications, taking advantage of a condition in licences granted to operators, which permits the DoT to inspect their CDRs, which go back one year.

These requests depart from established protocol and international expectations on multiple counts, and amount to a serious breach of privacy. While a CDR request is supposed to be sanctioned by the home secretary and handled by a police officer of the rank of SP or above, DoT offices were used. The requirement to report CDR requests on a monthly basis to the district magistrate was not complied with. Most importantly, no reason was offered for snooping on the traffic of citizens. It is generally understood that communications surveillance must be specific and purposive, and must not trespass on the privacy of the innocent. Indiscriminate mass surveillance of communications invades the privacy of all citizens to the detriment of public trust. In this case, it was for purposes which are not verifiably honourable, since the government has chosen not to reveal them.

Advertisement

CDRs are all metadata and no content. They do not reveal any words uttered or messaged, but combining the metadata with phone location data reveals a lot about connections between specific people and the actions that they take. If data is available at scale, as was the case here, it is possible to build a multi-dimensional map of human activity, and correlate it with real events. This would disturb the balance of information power between the citizen and the state, and amount to a breach of privacy. If the government needs CDR data for a legitimate purpose, it should have no objection to following the rule-book scrupulously. And if there is a reason for sidestepping protocol in a sensitive matter, it should explain why.