Bahujan Samaj Party’s Ritesh Pandey opposed the introduction of the bill saying it violates the 2017 Supreme Court ruling in the Puttaswamy case that declared privacy a fundamental right
Agencies/JK News Today
New Delhi, Dec, 18: The Telecommunications Bill, 2023, which was introduced in the Lok Sabha on Monday, seeks to regulate all telecommunication and online services such as WhatsApp, Zoom, Reddit, and Gmail. It seeks to make significant changes to the Telecom Regulatory Authority of India (TRAI) Act, 1997, and bring broadcasters, as defined by the Cable Television Networks (Regulation) Act, 1995, under the purview of regulator of the telecommunications.
Bahujan Samaj Party’s Ritesh Pandey opposed the introduction of the proposed legislation as a money bill, which restricts the role of the Rajya Sabha. The Rajya Sabha can neither reject nor amend a money bill. Pandey argued the bill violates the 2017 Supreme Court ruling in the Puttaswamy case in which a nine-judge bench declared privacy a fundamental right.
Stay tuned with breaking news on HT Channel on Facebook. Join Now
The bill was introduced through a voice vote despite opposition before the House was adjourned for two hours.
Revamping Legislative Architecture
The bill seeks to replace the Indian Telegraph Act (1885), the Wireless Telegraphy Act (1933), and the Telegraph Wires (Unlawful Possession) Act (1950). Licenses granted under the first two laws will remain valid until their expiry. Technology and communication services have evolved much beyond telegraphs since the oldest of these laws were passed. This is why the government has been keen on revamping the legislative architecture.
The proposed law, which relies on 36 sets of subordinate legislation for operationalisation, has been introduced when there are existing laws or the ministries of communications, electronics and information technology, and information and broadcasting are in the process of legislating for the same set of online services including WhatsApp, Gmail, etc.
Changes proposed in the bill, such as the imposition of duties on users, and the creation of telecom identifiers, may also have implications for the use of VPNs. The bill seeks to allow only “authorised entities” to provide telecommunication services. All telecommunication service providers, including Gmail, and WhatsApp, would be required to obtain authorisation from the government
The terms and conditions of authorisation for different types of telecommunication services may differ if the government so decides through rules. The government can also choose to grant an exemption from authorisation in the “public interest”.
The bill seeks all notified telecommunication service providers to verify users through “verifiable biometric-based identification”. Online services such as Gmail and WhatsApp are included in the definition of telecommunication services. They would need biometric-based KYC, or Know Your Customer, a process of identifying and verifying the user’s identity using their fingerprints, irises, or faces.
The bill empowers the government to notify standards and conformity assessment measures related to encryption and data processing, including identification, analysis, and prevention of intrusion in telecommunication services and telecommunication networks. This means the government can then formulate encryption standards for services such as WhatsApp, potentially dealing a fatal blow to end-to-end encryption and private interpersonal communication.
The draft bill, which was first released for public consultation in September 2022, now proposes designating telecommunication networks as “critical telecommunication networks”. The 2023 version also seeks to rename the Universal Service Obligation Fund as Digital Bharat Nidhi.
Changes, Deletions, Additions
The previous version of the bill and the one to be introduced in Lok Sabha have significant differences. The definition of “telecommunication” remains the same. A new term, “telecommunication identifier” has been introduced. It means “a series of digits, characters, and symbols, or a combination thereof, used to identify a user, a telecommunication service, a telecommunication network, telecommunication equipment, or an authorised entity”.
This could include phone numbers, serial numbers of mobile phones, and other unique codes allotted to equipment to enable telephonic and internet access.
The government can allot such identifiers for use, which means it will maintain a central database of all such identifiers. The definition of “telecommunication network” has been altered to “a system or series of systems of telecommunication equipment or infrastructure, including terrestrial or satellite networks or submarine networks, or a combination of such networks, used or intended to be used for providing telecommunication services”.
“Telecommunication service” now means “any service for telecommunication”, effectively the same as earlier. In terms of impact, the definition remains expansive because the definition of telecommunication has remained the same.
“Authorisation” is defined as permission granted to provide telecommunication services such as establishing, operating, maintaining, or expanding telecommunication networks or possessing radio equipment.
Interception, Blocking, Suspension, Access to Information
The bill empowers the central and state governments or a specially authorised officer to seek interception, disclosure, and suspension powers, in case of a public emergency or interest of public safety. The orders under this provision can relate to “any message or class of messages, to or from any person or class of persons, to or from any telecommunication equipment or class of telecommunication equipment”, etc.
A message is defined as “any sign, signal, writing, text, image, sound, video, data stream, intelligence or information” sent through telecommunication. This means that any message or class of messages can be intercepted or forcefully disclosed.
Since the “class of messages” is not defined, it could be defined by the nature of the message (texts, images, videos), or nature of the service (email, messages on WhatsApp), or any other classification category. Since it allows such interception and disclosure to be done for “any particular subject”, this can be used to monitor all communications as well.
For instance, if the officer wants all messages related to “Parliament” or “ice cream” to be intercepted, that is possible only if all messages are being monitored. This provision also threatens end-to-end encryption because it requires the disclosure of the message “in intelligible format”. This also empowers the officer or the central/state governments to suspend any telecommunication service for national security and public order reasons, thereby normalising internet shutdowns.
Sub-clauses allow for messages to be targeted based on “class of persons” which is not defined. The manner and duration of such interception, disclosure, and suspension of services will be prescribed.
Press messages, meant for publication in India and of correspondents accredited to state or central governments, are framed as an exemption from such interception. But they are also subject to suspension and interception for national security and public order reasons.
The bill is silent on press messages meant for publication outside India, and of journalists not accredited with the government.
It empowers an officer to direct any authorised entity to furnish any information, document, or record any pending or apprehended civil or criminal proceedings. The bill, like the 2022 version, empowers the government, in the interest of national security, friendly relations with foreign States, or in the event of war, to issue directions about the use of telecommunication equipment, services, networks, and identifiers standards.
The directions have to be followed for manufacturing, import, distribution, etc. Any wilful violation of this provision can lead to a jail term of up to three years and/or a fine of up to ₹2 crore, along with potential termination of the telecom services.
Critical Telecommunication Infrastructure
In a major addition to the 2022 bill, the government can declare any telecommunication network as a “Critical Telecommunication Infrastructure “ (CTI), the “disruption of which shall have a debilitating impact on national security, economy, public health or safety”.
The government can notify rules for standards, security practices, upgradation requirements, and procedures for such CTI. Currently, the National Critical Information Infrastructure Protection Centre (NCIIPC), a unit of the National Technical Research Organisation under the Prime Minister’s Office, designates telecom as a “critical information infrastructure” under the Information Technology Act. It is unclear if CTI would remain under NCIIPC.
The 2023 version of the bill empowers the government to issue rules to ensure the cybersecurity of telecom networks and services, including collection, analysis, and dissemination of traffic data generated, transmitted, received, or stored in telecommunication networks.
Broadcasters Under TRAI Purview
The bill has proposed amendments to the TRAI Act including bringing cable television network providers under the purview of TRAI as licensees. The proposed amendments will empower TRAI to make recommendations related to the technical standards and compliance for cable television network providers.
It remains to be seen how this would work if the Broadcasting Services (Regulation) Bill is tabled in its current form and whether it has any implications for OTT broadcasters.
Duties Imposed on Users
The Telecommunications Bill imposes duties on users like the Digital Personal Data Protection Act, 2023. It prohibits users from “furnishing any false particulars, suppressing any material information, or impersonating another person, while establishing his identity for availing of telecommunication services” or “failing to share information as required under this Act”.
Since the definition of telecommunication services is so wide, it is unclear if this means that users cannot create anonymous or dummy accounts on online services such as Gmail, Instagram, WhatsApp, etc., or what happens to anonymity at large on the internet.
Since biometric KYC is required of telecom service providers, it is not clear if a social media platform such as Reddit would also have to ascertain the identity of its users.
A “user” now means any natural or legal person (both individuals and companies or other such legal entities) using or requesting a telecommunication service. It does not include a person who provides a telecommunication service or telecommunication network.
It is unclear how an online communication app such as WhatsApp, or online streaming platforms would be regulated. They both deal with the transmission, emission, or reception of messages over optical electromagnetic systems and thus provide telecommunication services. It is unclear if they will be included within the definition of a “user”.
Offences
If a telecommunication service provider violates the terms and conditions of its authorisation, an adjudicating officer, not below the rank of a joint secretary, can pursue an inquiry and impose civil penalties. The suspension and revocation of the authorisation can also be recommended.
Penalties of up to ₹5 crore can be imposed for “severe” contraventions. For “minor” contraventions, penalties of up to ₹1 lakh can be slapped. For “non-severe” contraventions, a written warning can be issued.
Any person getting “unauthorised access to a telecommunication network or data of an authorised entity or transfers data of an authorised entity” or unlawfully intercepts a message can be punished with a jail term of up to three years and/or a fine of up to ₹2 crore. This data only includes “data records, internet protocol data records, traffic data, subscriber data records, and the like”. It is unclear if this “unauthorised access” essentially means all kinds of hacking.
Procurement of SIM cards or other telecommunication identifiers through “fraud, cheating or personation” is also proposed to be punishable with a jail term of up to three years and/or fine of up to ₹50 lakh. Tampering with telecom identifiers, and using telecom identifiers that are not allotted or permitted are similarly punishable. It is unclear if using VPNs could be considered a case of tampering with telecom identifiers since it masks the user’s IP address.
A person knowingly using unauthorised telecommunication services can be penalised with a fine of up to ₹10 lakh. It is unclear if this applies to accessing a website or using an app that has either not been authorised or been blocked in India through a VPN.
Dispute Resolution
The orders of an adjudicating officer (AO) can be appealed before the Designated Appeals Committee (DAC), which will have officers not below the rank of additional secretary. Both the AO and the DAC will have the same powers as a civil court and their orders will be executable like the decrees of a civil court. Like the Data Protection Board under the Digital Personal Data Protection Act, 2023, the AO and the DAC will, as far as possible, “be digital by design” and “function as digital offices” and deploy to be prescribed “techno-legal measures”.
Depending on the nature of the contravention and order issued, the DAC’s order can be appealed either before the Telecom Disputes Settlement and Appellate Tribunal or a relevant civil court.
Spectrum Allocation
The bill seeks to allow the government to assign spectrum through auction except for entries in the First Schedule, which include national security and defence, law enforcement and crime prevention, disaster management, and public broadcasting services. This means that the government will allocate the spectrum directly without an auction. The government can notify amendments to the First Schedule for the assignment of spectrum in the public interest, to perform a government function, or when auction is not the preferred mode of assignment due to technical or economic reasons. The last reason means the government will determine the mode of spectrum allocation.
