Licensed service areas of the Department of Telecommunications have been demanding call data records of citizens, sometimes monthly, leading to allegations of possible surveillance, the Cellular Operators Authority of India (COAI) said in a letter to Anshu Prakash, the Secretary of the Department of Telecommunications.
The letter states that call data records (CDR) contain sensitive information, including location, International Mobile Equipment Identity (IMEI) number, international mobile subscriber identity (IMSI) number and more, and therefore, precaution needs to be exercised before data is handed over. Call data record is information about a subscriber including their name, the calls they made, how long those calls lasted, their possible location and more.
Procedures have been laid for the handing over call data records to law enforcement agencies by the DoT, including “ascertaining the identity of the subscriber, examining the justification carefully, detailing purpose for seeking CDRs and not using such CDRs received for any other purpose, defining the officers authorized to seek and approve such requests etc.”
“Despite DoT Headquarters delineating such detailed and clear process, we are constrained to bring to your kind attention that the various LSA units of DoT are not adhering to this process and continue to seek voluminous CDR details from the Licensees on regular basis in contravention to the above referred instructions,” COAI said in the letter.
As an example, it stated that almost all licensed service area units of the DoT seek one-day CDRs on a monthly basis. Records of consumers in Andhra Pradesh, Delhi, Haryana, Himachal Pradesh, Jammu and Kashmir, Kerala, Odisha, Madhya Pradesh and Punjab, the letter stated.
In addition to this, data is also reportedly sought whenever needed.
COAI said that when they received these requests, they were not informed about the need for the data, their purpose, or the identity of subscribers.
“Further CDRs sought for specific routes/areas may lead to allegations of surveillance, especially in the state like Delhi having numerous VVIP zones having offices and residences of Ministers, MPs, Judges etc,” the letter states. This letter was dated February 12, and states that on February 2, 3 and 4, CDR details were asked. It was around this time that anti-CAA protests were on the boil at Jamia Millia Islamia, and even saw an instance of shooting.
According to the Indian Express, guidelines stated that the clearance of the home secretary is required, and only those above the rank of Superintendent of Police were authorised to get permission. In addition, these officers also have to declare the CDRs to the district magistrate.
“This is most unusual. Once they have a database, they can query specific numbers to ascertain who spoke to whom. There must be a reason (given for asking CDR details), without which it is an arbitrary action and a violation of the right to privacy,” a former chairperson of the TRAI told Indian Express.
However, the reason of violation of privacy was dismissed by the DoT to the Economic Times, who said that they were building a platform backed by big data analytics due to many complaints about quality.
“There is no privacy concern and the government just wants to check the call quality. There is a plan to build an in-house platform using big data analytics, which will find out if the poor call quality is due to network congestion, lack of adequate towers, etc,” an official told the business daily.
But if the reasons for seeking CDRs are not being disclosed, it could lead to a violation of privacy, which is important to note as India does not yet have a data protection law.