Search interesting materials

Tuesday, May 29, 2018

The economics of releasing the V-band and E-band spectrum in India

by Sudipto Banerjee, Mayank Mishra and Suyash Rai.

Internet usage in India has witnessed an enormous growth in last few years. The wireless data usage in 2017 has increased from 20,092 million GB per year from 828 million GB per year in 2014, showing a growth of more than 24 times. This increasing use of data is causing congestion in the existing bands which finally affects the quality of services provided to consumers. In order to cater to this surge in data consumption, it is essential that there should be a commensurate increase in supply of broadband internet. Perhaps the approach to the supply also needs to change. Availability of additional spectrum is an important piece of this puzzle. V-band (57 GHz - 64 GHz) and E-band (71-76 GHz and 81-86 GHz) are two microwave bands which can be useful for bridging this need for additional spectrum. Spectrum in these bands can be used for high capacity data transmissions for last mile connectivity over short distances ranging from 200 metres to 3 km. These bands can be put to a variety of backhaul (i.e. for connecting towers). V-band can also be used for access under the Wi-Gig standards.

It has recently been reported that the Department of Telecommunications is weighing administrative allocation as the method for releasing the spectrum in the E-band and V-band, and it will take the Attorney General's opinion in this regard. This legal opinion is considered necessary because of the Supreme Court's judgment in the 2G case. The allegations of irregularity in 2G spectrum allocation led to judicial scrutiny of the method of allocation and also much public discussion. The Supreme Court quashed several spectrum licenses granted due to irregularities in the manner of allocation of spectrum to licensees on first-come-first-served basis.

After a Presidential reference, the Supreme Court had clarified that it is the prerogative of the Government to decide the methodology of alienation of other public resources, provided the method is transparent, fair and backed by social or welfare purpose. The Court also stated that revenue maximisation need not be the sole objective while alienating public resources and in fact this is subservient to the goal of serving common good of the society. Therefore, as the Government decides to release this presently unreleased spectrum, it should consider the overall economic impacts of the alternative strategies for releasing the spectrum. On this issue, we recently published a Working Paper that provides an overview of the uses of V-band and E-band spectrum, and how we may think about choosing a suitable method for releasing this spectrum. This blogpost gives an overview of the paper.

Licensing approaches

There can be four main approaches to releasing the spectrum. First, Individual authorisation with individual licensing is the conventional link-by-link allocation involving individual frequency planning/coordination. In this method, the allocation of spectrum is usually done using traditional procedures for issuing licenses, which involves a selection process by the administration. Sometimes, the administration delegates this task to the operators, but it keeps control of the national and cross-border interference situation. Second, individual authorisation with light licensing is also a method of giving exclusive usage authorisation to certain service providers for a period of time, but the method of licensing is simpler, and may involve 'first come first served' procedures. In this method, allocating authority typically places a limitation on the number of users in a given area.

Third, general authorisation with light licensing is a combination of license-exempt use and some degree of protection of users of spectrum. There is no individual frequency coordination, but the user is required to notify the authorities with the position and characteristics of the links. The database of installed stations containing appropriate technical parameters is publicly available. Importantly, in this method, there is no limitation on the number of users. Fourth, the license exempt method offers the most flexible and low cost usage of spectrum. It does not require even notification or registration, and does not mandate any individual frequency coordination. This method has worked well in specific bands (e.g. 2.4 and 5.8 GHz used for Wi-Fi access) where short range devices are allocated, but fixed service applications may also be accommodated. Although this does not guarantee any interference protection by the regulator, alternate interference management techniques are available to deal with the issue. In addition to these approaches, there are block assignment regimes, where assignment is made through renewable licensing or through permanent public auctions, or through other allocation mechanisms.

Although auction is often assumed to be the most suitable method for allocating spectrum, studies on unlicensed spectrum suggest that such availability of spectrum can also lead to significant benefits for the economy, many of which seem to be arising out of unpredictable uses, which may not have occurred if the spectrum had been auctioned. One interesting example is the use of RFID in clothing sector. According to a study done in 2014, this use generated about USD 100 billion of annual benefits for the US economy. Arguably, if the usage of this spectrum had been restricted, this usage would not have scaled up in such manner. It is important to understand that absence of auction is not the same as giving arbitrary benefits to hand-picked service providers. If the regime is open and transparent, the spectrum can be made available for use by a variety of potential service providers and users without giving unfair advantage to anyone in particular.

Most countries acknowledge that certain spectrum bands are best left unlicensed, or may be subjected to a "light touch" licensing regime, with minimal regulation. In India also, a number of spectrum bands are unlicensed, like 2.4 GHz and 5.8 GHz spectrum bands used for Wi-Fi access; 865 MHz - 867 MHz band used by RFID devices; 402 MHz - 405 MHz spectrum band used for medical wireless devices; and so on. A number of countries have adopted license free frameworks for adopting the V-band, including USA, UK, Switzerland, Japan, Korea, China, Canada, Malaysia and Philippines. Although international experience is useful, we also need to consider Indian context, and how this spectrum may be put to use in this context. In the paper, we consider the various potential uses of this spectrum, and attempt to quantify the scale of this usage in an optimal scenario.

The potential uses of V-band and E-band in India

The context of broadband Internet in India will determine the kinds of benefits that India can get from V-band and E-band. There are certain key aspects of this context. First, in India, most users access broadband internet through wireless networks. However, wireless broadband networks has certain limitations. In densely populated areas, as more people get on to wireless broadband, the mobile spectrum bands may get congested. This necessitates more cell sites and higher backhaul speeds. Compared to wired connections, especially fiber optic connections, mobile broadband provides lower speeds and less consistent connectivity. Further, a low density of wired connections constrains the potential of developing community hotspots, where residential or business short-range networks are made available for use by other users of the network. Globally, the proliferation of such hotspots is one of the most remarkable stories in the growth of Internet in recent years. Such hotspots provide high speed, consistent connectivity, while offloading from mobile networks - a benefit that India will not be able to realise without proliferation of fixed broadband connections.

Second, a negligible percentage of the fixed broadband connections are fibre optic-based. Most of the wired connections use DSL, Dial-up, or Ethernet, all of which offer potentially lower speeds than fibre optic. This situation is very different from what is seen in developed countries, and also in comparable developing countries. Third, India has a low density of commercial Wi-Fi hotspots. Such hotspots can help augment the mobile broadband and private residential and commercial hotspots as well as mobile broadband. Use of public Wi-Fi can help offer consistent, reliable and high speed Internet to users, while decongesting mobile broadband. India has only about 36,270 public Wi-Fi hotspots. The total number of public Wi-Fi hotspots in the world is over 12 million.

In the coming years, the main challenges for internet access in India are likely to be round consistency and quality of access. To address these challenges, the intermediate policy goals for broadband Internet India should be: expanding access to fixed broadband; decongestion of mobile broadband in dense urban environments; and proliferating Wi-Fi hotspots. Achieving these intermediate goals would help improve quality and consistency of internet access in India. This will not happen automatically, and requires policy focus, which may begin with rethinking spectrum allocation methods for these spectrum bands.

In the paper, we have identified the following key uses of the V-band and E-band spectrum, and tried to quantify the scale of these uses:

  • Support proliferation of commercial Wi-Fi and Wi-Gig hotspots: these bands can help backhaul the commercial Wi-Fi infrastructure in a cheaper and quicker manner, especially in dense urban locations. These bands can also promote the proliferation of Wi-Gig hotspots. Wi-Gig networks use V-band which provides wider channels than standard Wi-Fi, resulting in significantly faster data speeds.
  • Support expansion of fixed broadband Internet in urban areas: these bands can help solve the last mile problems of getting high speed wired broadband Internet into dense urban locations.
  • Backhaul for mobile broadband: these bands can provide higher capacity backhaul for mobile broadband, thereby easing congestion.
  • Other uses: these bands can be put to a variety of other uses. These, inter alia, include: extension of local area networks between buildings within a building complex; Internet of Things (IoT); Vehicle to vehicle communication and Augmented Reality (AR)/Virtual Reality (VR) Systems among others.

Given India context of high urban population density, and many urban areas with old and dense construction, the scale of usage of these spectrum bands is likely to be quite high. We tentatively find that if these spectrum bands are allowed to be used optimally, they could lead to improved speed of internet, increased consistency in internet access, and greater volume of internet usage. However, there are many potential uses of this spectrum that are difficult to predict at present. For instance, the potential for IoT is very difficult to predict at the moment, albeit a lot is being said about how far IoT can go. These are early days for the adoption of this spectrum and the allocation method should take into account this uncertainty about the potential uses.

Mapping the economic benefits arising from the uses

In choosing a method for releasing this spectrum, the focus should be on maximising the net benefit for the society as a whole. Given the paucity of relevant data and earlier studies, we are unable to reasonably monetise the economic value of these benefits. However, we attempt to map the types of uses with various types of economic benefits that may accrue from them.

If the V-band and E-band spectrum is delicensed or lightly licensed, the pass-through cost of this spectrum will be zero or very small, and only substantial cost will be installation costs. In a competitive market, ceteris paribus, reduction in costs will lead to lower prices for consumers. Given the price elasticity of demand for internet, and the rapid evolution of technology, this availability will lead to higher usage of broadband internet by consumers, allow new consumers to use broadband internet and enable innovative business models and technologies.

The use of these spectrum bands will lead to a reduction in costs and create opportunity to reach hitherto unreachable locations in dense urban environments with high speed Internet. This will lead to a shift in the supply curve, so that more quantity is made available at a given price. If the quality of Internet access improves, as is expected from the use of V-band and E-band, there may also be a shift in the demand curve, as users may be willing to pay more for the connection. Quality improvement also has larger economic benefits. For instance, if the speed of Internet usage increases, users will be able to put their connections to a wider variety of uses, especially in commercial contexts.

Following are the key economic benefits expected to arise from the uses of V-band and E-band spectrum. It should be noted that all these benefits cannot be fully attributed to these spectrum bands. Some of them, such as benefits from Wi-Gig devices, may be fully attributed to these spectrum bands, because they rely completely on the availability of this spectrum. Other benefits can be partially attributed to these bands.

  • Producer surplus due to offloading from mobile broadband: Producer surplus usually increases if the cost somehow falls without change in price charged. It can also increase if the price increases without corresponding increase in costs. The use of these spectrum bands would enable offloading from mobile broadband which will generate producer surplus.
  • Producer surplus from lower backhaul costs for mobile broadband: Lower backhaul costs could lead to producer surplus for mobile broadband service providers. This can be calculated by comparing the costs of backhaul using V-band and E-band with the cost of establishing infrastructure for a similar quality of service using other backhaul solutions, such as fibre optic cables. Most of this surplus would arise in congested areas.
  • Consumer surplus from use of commercial Wi-Fi hotspots and fixed broadband: Consumer surplus is the benefit that consumer derive from use of a service or good. A variety of sources for consumer surplus can be identified on the basis of the uses of V-band and E-band presented in the previous section: consumer surplus from commercial Wi-Fi in dense locations; consumer surplus from free Internet given by Wi-Fi hotspot providers; consumer surplus from greater use of Wi-Fi and Wi-Gig devices; consumer surplus from indoor use of fixed broadband.
  • GDP contributions: In addition to consumer surplus and producer surplus, there are also GDP contributions that may arise from the use of this spectrum. These are mostly in terms of new or improved businesses and technologies that are enabled by this spectrum band, such as usage of commercial Wi-Fi and Wi-Gig hotspots, higher speed of internet, Wi-Fi and Wi-Gig device sales, new or modified businesses and technologies (eg. IoT).

Since most of these benefits will accrue to consumers and producers, this will also create potential for the Government to extract part of this benefit as additional tax collection. For instance, sale of devices and provision of services will create opportunities for the Government to collect taxes from these activities. Further, to the extent that these activities will lead to additional profits for service providers, part of that profit will be taxed by the Government. The concern that the Government may lose out on some non-tax revenue if it chooses to delicense this spectrum may be overcome by these revenue opportunities. Further, in light licensing regimes, some fees may also be levied on the usage of the band. However, as discussed earlier, keeping the fees high may impede usage of these bands, and may discourage some types of usage that may generate significant economic benefits. The experience of Wi-Fi and RFID spectrum supports this contention.

Conclusion

In conclusion, four key takeaways emerge from this analysis. First, while choosing a method for releasing this spectrum, the focus should be on ensuring maximum aggregate benefits for the society, and not short-term revenue maximisation for the Government. Among other things, this means that the potential of these bands to help improve India's overall system of broadband Internet access should be realised. Some of the major limitations in the present system could be partially overcome by use of these spectrum bands, along with other suitable policy measures.

Second, although the economic benefits of these spectrum bands are likely to be substantial, studies on economic benefits of previously unlicensed spectrum bands suggest that the variety and scale of economic benefits may increase over a period of time if easy access to spectrum is enabled. As has happened with other unlicensed spectrum bands, innovation and competition may lead to many types of uses that are difficult to anticipate at present. Hence, it would make sense to liberalise the spectrum without any cumbersome procedures or high fees.

Third, many of the benefits are not realised by the service providers, and accrue in terms of consumer surplus and GDP contributions of businesses and technological innovations spurred by the availability of this spectrum. If the Government decides to target revenue maximisation while allocating the spectrum, it will mainly be able to extract part of the producer surplus. However, this will have effect on proliferation and therefore, on consumer surplus and GDP contributions. This may lead to significantly lower economic benefits of the spectrum for the economy as a whole. So, it may be better to not allocate this spectrum based on methods of individual authorisation. Instead, general authorisation with light licensing or license-exempt approaches may be explored. These approaches also allow the government to extract part of the economic benefits later, especially in the form of taxes.

Fourth, in thinking about the strategy to release the spectrum, it is important to align with global device ecosystems and standards, so that India can benefit from economies of scale in production of devices, and potentially become a manufacturing hub for the devices.

 

The authors are researchers at the National Institute of Public Finance and Policy.

Monday, May 28, 2018

Interesting readings

Consequences of GDP over-estimation by Ajay Shah in Business Standard, May 28, 2018.

How inordinate delays can ruin the purpose of bankruptcy code by Amitabh Kant in The Economic Times, May 28, 2018.

Mint Road Vs North Block by A K Bhattacharya in Business Standard, May 28, 2018.

A public service announcement by the US FBI to you: F.B.I.'s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware by Louis Lucero II in The New York Times, May 27, 2018.

Why India has become deadliest country in the world for forest rangers by Prerna Singh Bindrai in Business Standard, May 27, 2018.

How a 4-Hour Battle Between Russian Mercenaries and U.S. Commandos Unfolded in Syria by Thomas Gibbons-Neff in The New York Times, May 24, 2018.

The fight for order in the market by Monika Halan in Mint, May 23, 2018.

A remarkable story about tax administration and the rule of law: Donald Trump Toys With Abuse Of Office In Beef Against Washington Post by Rachel Maddow in MSNBC, May 18, 2018.

Wanted: A professional statistical set-up by Laveesh Bhandari in Business Standard, May 16, 2018.

Think American Elections Are Bad? Indian Voters Get 1,000 Texts a Day by Newley Purnell, Samarth Bansal, Krishna Pokharel, and Bill Spindle in The Wall Street Journal, May 15, 2018. This reminds me of jamming in electronic warfare. If enough junk clogs up a few main social media systems, then manipulating politics through the social media will be harder. And, the 2019 landscape will be different from 2014, when people were more trusting.

NCLT has a crucial role to play, but does it have enough capacity for it? by A K Bhattacharya in Business Standard, May 14, 2018.

Walmart-Flipkart: Young Entrepreneurs' Pride, Government's Shame by Raghav Bahl in Bloomberg, May 13, 2018.

Simplify the NPS in Business Line, May 13, 2018.

The Ugly Side of the Relentless Demands Made Upon India's Public Sector Banks by Anjan Basu in The Wire, May 12, 2018.

Attacks upon freedom of speech in Pakistan: Pakistan's military is waging a quiet war on journalists by Kiran Nazish in Vox, May 3, 2018.

A group of articles by Ashok Gulati in the Indian Express: From Plate to Plough: Four years of neglecting farmers, From Plate to Plough: Premium delayed, farmer denied and From Plate to Plough: Pieces of a market.

Thursday, May 24, 2018

Free press and criminal defamation: Inspiration from Africa

by Pratik Datta.

One of the biggest threats to the freedom of speech in India is criminal defamation law. There is a shortfall of criticism in society, and we must always support and protect the critic.

Like the law which criminalised unnatural sex, we inherited the concepts of criminal defamation from the British. Criminal defamation was abolished in the UK in 2009, but it continues to survive in the statute books of many former British colonies. However, as Gautam Bhatia points out, judges in some African countries are increasingly taking a progressive stand against criminal defamation to achieve freedom of speech.

Lesotho

Last week, the Constitutional Court of Lesotho struck down the criminal defamation law as unconstitutional. The petition was filed by the owner and publisher of the Lesotho Times. In 2016, the newspaper had published an article in the satirical section ridiculing the then Commander of the Lesotho Defence Force. A week later, criminal defamation charges were brought against the petitioner. The petitioner in turn challenged the constitutionality of section 104 of the Penal Code that proscribed defamation.

In a concise and succinct judgment, the Court struck down the section broadly on three grounds. First, the court found that the section was broader than necessary to achieve the statutory objective of protecting individual reputation. Second, the court observed that the vagueness of the statutory language could potentially be abused by political powers to silence legitimate criticism. Third, the court reasoned that merely because satire distorts reality, it does not necessarily imply that satire does not serve any useful purpose in a democracy. Accordingly, the court concluded that criminalising satire is an excessive infringement of freedom of expression in a democratic society.

Kenya

Last year, the High Court of Kenya at Nairobi also struck down criminal defamation as unconstitutional. In this case, the petitioners were charged with criminal defamation for their Facebook posts. The petitioners in turn challenged section 194 of the Penal Code that criminalised defamation.

The Court gave two broad reasons while striking down the section as unconstitutional. First, the court argued that criminal defamation law aims to protect individual interest and therefore, cannot be protected as a 'reasonable restriction' exception to freedom of expression which is meant to protect only public interest. Second, the court found that criminalising defamation is not absolutely necessary to achieve the statutory objective of protecting individual reputation. Instead, there are alternative civil remedies available to achieve the same objective. On the other hand, criminalising defamation has serious chilling effects on free speech, making it a disproportionate policy response. Based on these reasoning, the Kenyan High Court struck down criminal defamation law as unconstitutional.

African Court of Human and Peoples' Rights (ACHR)

In 2014, the ACHR overruled the conviction of a journalist by Burkina Faso following charges of defamation for publishing newspaper articles that alleged corruption by a state prosecutor. The primary legal issue was whether the criminal defamation law violated international treaties that Burkina Faso has entered into. The Court reasoned that monetary penalties imposed on the journalist and suspension of his newspaper under defamation laws were disproportionate measures to achieve the statutory objective - to protect the honour of a prosecutor. Instead, civil remedies would have been a more proportionate response. Further, the court held that the threshold for defamation of public figures should be higher. Accordingly, the court found the criminal defamation law violated Burkina Faso's international obligations to protect freedom of expression.

Zimbabwe

In 2014, the Constitutional Court of Zimbabwe declared criminal defamation to be unconstitutional. This case arose out of an article published in the The Standard newspaper which claimed that the Green Card Medical Aid Society was unable to pay its employees and was on the verge of collapse. The Society claimed that these were false allegations and subsequently the journalist as well as the editor of the newspaper were arrested and charged for defamation under section 96 of the Criminal Law Code.

The Court struck down this criminal defamation provision as unconstitutional on the ground that it was disproportionate and was unnecessary to accomplish the statutory objective of protecting individual reputation. Instead, monetary damages in civil law could have achieved the same objective. Further, the judge also observed that such a law could adversely silence free flow of information on public matters. Accordingly, the criminal defamation law was struck down.

Conclusion

It is quite remarkable to see that while judges in African countries have taken progressive steps to weed out a vicious colonial legacy to institutionalise free press, the Indian Supreme Court has dismissed challenges to the constitutionality of criminal defamation in the Indian Penal Code. Indian journalists should take inspiration from the jurisprudential developments in Africa and advocate the removal of this barbaric colonial legacy.

 

Pratik Datta is a Chevening Weidenfeld Hoffmann scholar at University of Oxford.

Friday, May 18, 2018

India's communication surveillance through the Puttaswamy lens

by Vrinda Bhandari, Smriti Parsheera and Faiza Rahman.

"In an uncivilized society where there are no inhibitions, only physical restraints may detract from personal liberty, but as civilization advances the psychological restraints are more effective than physical ones. The scientific methods used to condition a man's mind are in a real sense physical restraints, for they engender physical fear channelling one's actions through anticipated and expected grove" --- Justice Subba Rao's minority view in Kharak Singh vs Union of India (1964).

Introduction

Post the Snowden leaks in 2013, the international political community has been faced with complex debates around the state's need to conduct surveillance activities and its impact on the privacy of individuals. In India, this debate has gathered steam with concerns around the surveillance capabilities of the Aadhaar framework and the Supreme Court affirming privacy as a fundamental right in KS Puttaswamy v. Union of India. However, the Court in the Puttaswamy case also clarified that the right to privacy, like any other fundamental right, is not absolute and the state may have an interest in placing reasonable restrictions on this right in pursuance of legitimate aims such as protecting national security, preventing and investigating crime, encouraging innovation, and preventing the dissipation of social welfare benefits. Apart from indicating the broad parameters for restrictions to the right to privacy, a majority of the judges (Chandrachud J. speaking for 4 judges and Kaul J.) endorsed a European law-style proportionality framework to balance the right to privacy against competing interests.

In his dissent in the Kharak Singh case, Justice Subba Rao un-tethered the concept of privacy from the home and extended it to the idea of "psychological restraint", a precursor to the chilling effect argument. The majority in Puttaswamy too, acknowledged the chilling effect of surveillance on speech, movement, and activities of individuals. This becomes particularly important in the context of surveillance in the digital age -- ready availability and ease of access to information should not become a source for indiscriminate or mass surveillance.

While the need for lawful access by law enforcement agencies (LEAs) cannot be denied, what we need is a legal framework that lays down clearly defined parameters around who can gain access to personal information, under what circumstances and the legal process for the same. In this post we discuss the extent to which India's current communication surveillance practices are likely to withstand scrutiny under the tests identified by the judges in the Puttaswamy case.

How the proportionality standard works

Among other things, the Puttaswamy verdict is significant for its extensive reliance on the rich privacy and surveillance jurisprudence from the United States, Canada, Europe and United Kingdom and its endorsement of the International Principles on the Application of Human Rights to Communication Surveillance (Necessary & Proportionate Principles, 2013). These principle require the government to demonstrate that surveillance was absolutely necessary and there was no other less-restrictive means of achieving the legitimate aim. The principles include requirements of judicial oversight, due process, user notification (under certain circumstances) and transparency. Drawing from this body of work, the judges in the Puttaswamy case identify the following four steps to assess the constitutional validity of a law that infringes upon the privacy and personal liberty of an individual:

  1. Legality: The existence of a law.
  2. Legitimate goal: The law should seek to achieve a legitimate state aim (Chandrachud J.).
  3. Proportionality: There should be a rational nexus between the objects and the means adopted to achieve them (Chandrachud J.). The extent of such interference must be proportionate and "necessary" to achieve its stated aim (Kaul J.). Justice Kaul's opinion can be read to espouse the European standard of least restrictive means.
  4. Procedural guarantees: To check against the abuse of state interference (Kaul J.)

We take the example of three kinds of communication surveillance tools being deployed in India -- interception of phone calls under the Telegraph Act; direct access to communication flows by government agencies under the Centralised Monitoring System (CMS); and restrictions on encryption of data -- to assess how they would fare under the Puttaswamy tests.

Applying the Puttaswamy tests to communication surveillance in India

In India, basic powers to carry out surveillance-related activities flow from the provisions of the Indian Telegraph Act, 1885 (Telegraph Act), the Information Technology Act, 2000 (IT Act), the Code of Criminal Procedure, 1973 (CrPC) and the rules framed under those laws. These provisions empower the police as well as central agencies like the Intelligence Bureau, Narcotics Control Bureau, Directorate of Enforcement, National Investigation Agency, Research and Analysis Wing and others to gain access to a person's messages, calls and data transmissions for certain identified purposes. The processes laid down under the law are supplemented by "standard operating procedures" issued by the Ministry of Home Affairs and the Department of Telecommunications to LEAs and telecom service providers (TSPs), respectively.

As per a right to information (RTI) response sought by SFLC an average of 7500 - 9000 telephone-interception orders are issued by the central government each month. Add to this, the orders for data interception issued under the IT Act and orders issued by the state governments and the total figure is likely to be staggeringly high. Information revealed under Google's transparency report offers another indication of the volume of requests made by Indian authorities -- in 2017 Google received 8,351 user data disclosure requests from India, affecting about 14,932 user accounts.

The lack of a transparent mechanism to report the total volume of surveillance activities being undertaken by government agencies presents a major challenge. While some pieces of information can be sewn together from RTI requests, Parliament questions and initiatives like Google's transparency reports, this cannot substitute the need for direct information disclosures by the intelligence bodies themselves. The fact that many of these agencies and programmes have their basis in executive action, and do not have statutory legitimacy, only magnifies these concerns.

While the Government has recognised nine central LEAs and the state police authorities to conduct lawful interception activities, there is an absence of legal or institutional oversight over the exercise of these powers by the various agencies. An attempt to address this issue was made through a private members Bill, The Intelligence Services (Powers and Regulation) Bill, 2011, that sought to regulate the functioning and exercise of powers by Indian intelligence agencies, specifically the IB, RAW, and the NTRO. The Bill also provided for a Designated Authority for authorisation procedures and systems of warrants (for surveillance), a National Intelligence and Security Oversight Committee for oversight, and a National Intelligence Tribunal for investigating complaints against these three agencies. However, the Bill lapsed in October 2012, and these intelligence agencies continue to lack legislative backing, further raising questions about the proportionality of surveillance operations in India.

Lawful interception under the Telegraph Act

Section 5(2) of the Telegraph Act empowers the state to conduct lawful interception of phone calls and messages under certain specified circumstances. The constitutionality of this framework was upheld by a two-judge bench of the Supreme Court in PUCL v. Union of India (1997), subject to the adoption of appropriate procedural safeguards. This resulted in the subsequent amendment of the Telegraph Rules, 1951 to incorporate Rule 419A containing the procedure suggested by the Supreme Court. We examine below how the surveillance processes under this law are likely to be treated in case of a fresh challenge post the Puttaswamy verdict, specifically in light of the four tests identified by the judges.

Legality: The central and state governments clearly have the statutory authority to order lawful interception activities under the Telegraph Act and the rules under it. However, we argue that the principle of legality needs to be seen from a broader perspective -- it is not just about the existence of a law but also the context in which that legality was conferred. The Telegraph Act and rules were drafted in a context when bulk surveillance was not as easily possible and the discourse around privacy and surveillance was not as well defined. Since then, the capability of interception technologies at the disposal of government agencies and the volume of interceptions being carried out by them have increased exponentially. This merits a re-examination of the existing legal framework. The Necessary & Proportionate principles also state that given the pace of technological changes, legality vis-a-vis communication surveillance would entail laws that restrict the right to privacy to be subject to periodic review through a consultative legislative or regulatory process.

Legitimate aim: Section 5(2) of the Telegraph Act states that the central and state governments may, on the occurrence of any public emergency, or in the interest of the public safety, direct the interception of communications, in the interest of the sovereignty and integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence. Therefore, an order of interception will satisfy the requirement of legitimate aim so long as it is issued upon the occurrence of public emergency or in the interest of public safety and in pursuance of any of the six legitimate objectives listed above.

Proportionality: The third test requires that the means adopted should be proportionate for achieving the identified legitimate aim. In the context of communication surveillance, this would require the authority ordering interception to weigh the degree of the proposed intrusion against its anticipated gain. In the next section, we discuss some of the limitations of the present legal process, which hinder the due application of mind required for such a scrutiny.

The proportionality test also encapsulates within itself the principle of "necessity", which means that interception of communication should take place only when it is the least intrusive way of achieving the legitimate purpose. Rule 419A(3) of the Telegraph Rules adopts this principle by stating that relevant officer should issue an interception order only when it is not possible to acquire the information by any other reasonable means. While targeted surveillance based on evidence of suspicion may be the least restrictive way of achieving a legitimate aim, the current wording of the rules allows each interception order to cover "messages or class of messages" involving a "person or class of persons" or "relating to a particular subject". In doing so, it creates possibilities of bulk access to communications, which will inevitably intrude upon the privacy rights of several unsuspecting individuals.

Procedural safeguards: Rule 419A of the Telegraph Rules sets out certain procedural safeguards to govern the interception of communications, which emanated from the Supreme Court's decision in the PUCL case. Significant time has lapsed since that verdict and both the scope and the volume of surveillance activities has increased. For instance, the government has launched surveillance programmes such as the CMS, NETRA, NATGRID and made corresponding changes to telecom licenses to provide real-time access to the traffic flowing through TSP networks. Even without taking into account these developments, we find that the current procedure in the law would fail to constitute a "fair, just and reasonable" process on the following counts:

  1. Rule 419A authorises members of the executive -- the Secretary to the Ministry of Home Affairs in the case of central government and the Secretary of the Home Department in the case of a state government (or in unavoidable circumstances, a Joint Secretary) -- to sanction orders of interception. Taking into account the volume of orders being issued by the government on a regular basis it is hard to make a case that the officers in charge of this function can ensure due application of mind to each and every request placed before them given their many other responsibilities.
  2. The Telegraph Rules set up a Review Committee to check if interception orders were issued in accordance with the law. This committee comprises only of members from the executive such as the Cabinet/Chief Secretary along with Secretaries in charge of legal affairs and telecommunications. There is a conflict of interest in this review mechanism, as both the interception order issuing authority and the oversight authority comprise of members only from the executive.
  3. There is no pre- or post-judicial oversight over the decision to place an individual under surveillance.

In contrast, surveillance legislations across democratic jurisdictions require that interception orders should be issued by a judicial authority. Other oversight mechanisms include bodies such as the Privacy and Civil Liberties Oversight Board in the U.S -- an independent statutory agency within the executive branch, which, among other things, reviews executive actions relating to counter-terrorism. Given the volume of interception requests and the technical nature of proportionality enquiry, the legal framework in India also needs to evolve accordingly. Elements of this framework should include (i) prior judicial scrutiny or post facto scrutiny, in emergency cases, for authorisation of interception requests; (ii) transparency requirements, such as the obligation to submit periodic reports to the Parliament detailing the volume and nature of the interceptions being carried out.

Centralised Monitoring System

Through a press release issued in 2009 the government announced its intention to set up "a centralized system to monitor communications on mobile phones, landlines and the internet in the country". This system would allow authorised LEAs to gain direct access to the traffic flows on the networks of TSPs. These plans were rolled out in 2013 when the telecom license agreement was amended to require TSPs to set up the prescribed infrastructure for their systems to be directly connected with regional monitoring centers (RMCs) of CMS through interception, store and forward servers. As per information placed before the Parliament in March, 2017, technology development and pilot trials of CMS had been completed and 18 of the 21 planned RMCs had been technically commissioned.

The CMS has been widely criticised for its all-encompassing nature, privacy threats and likely chilling effects (Litton, 2015). We question below how this system would fare under the specific tests under the Puttaswamy case.

Legality: The CMS project is not grounded in law (Datta, 2015). The only requirements relating to it emanate from the terms of the telecom license, which is in the nature of a contract between the government and TSPs. While a statutory requirement to ensure compliance with the licensing terms and conditions is contained under the Telecom Regulatory Authority of India Act, 1997, this is not a sufficient basis to attribute legality to CMS. Attempts to attribute legality to CMS may also be based on claims that it derives its powers from the existing provisions in the IT Act and the Telegraph Act. However, as we discuss below, the abilities of CMS extend far beyond the legislative intent of those laws which was to authorise interception of information only for certain specific purposes and after following a specified procedure.

Legitimate aim: Lawful interception by LEAs to meet the specific objectives identified under the IT Act and the Telegraph Act would constitute a legitimate aim. However, the manner in which CMS is designed does not provide for sufficient checks and balances to ensure that its use will in fact be confined to the satisfaction of those aims.

Proportionality: By its very design, a system that provides LEAs with direct access to all communications can not meet the requirement of proportionality. While the government may argue that the system is intended to be used only for lawful interceptions, the existence of a system where all information flows through the CMS and can be collected on tap by enforcement agencies vitiates the concept of targeted surveillance. Therefore, irrespective of whether such excesses are actually committed, the logical possibility of such an outcome reflects a lack of proportionality. As noted by the UN Special Rapporteur on human rights and countering terrorism, bulk access to communications is incompatible with the normative understanding of privacy as the "very essence of the right to the privacy of communication is that infringements must be exceptional, and justified on a case-by-case basis".

Procedural safeguards: The benefits of CMS, as articulated by the government, include having secure and instantaneous access to data by avoiding any manual intervention particularly from TSPs. However, by eliminating TSPs from the process, the system is also removing a layer of third party verification of interception requests. For instance, the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 (2009 Rules) provide that an intermediary that receives a request for interception is required to provide a written acknowledgment of the request; maintain proper records relating to the same; and submit a list of all requests received by it to the nodal officer of the authorised agency every fifteen days. By removing TSPs and other intermediaries from the interception process CMS will ensure that the complete control over the decision making and implementation of interception is vested wholly within different wings of the executive.

The lack of independent judicial oversight has already been pointed out to be an issue in the context of wiretapping under the Telegraph Act. This issue is further compounded in case of CMS due to the sheer scale of data that it allows LEAs to access without any accompanying safeguards. However, as noted above, the design of CMS does not even satisfy the minimum safeguards that are currently provided under the IT Act and the Telegraph Act. Any interception activities being conducted under it, even if for pilot tests, would therefore fall foul of present laws.

Encryption restrictions and decryption on demand

The adoption of sophisticated encryption technologies is a clear path towards ensuring better privacy protections. However, encryption also makes it harder for LEAs to access this information, often leading government agencies to demand lower encryption standards or backdoor entries to encrypted software and devices. Section 69 of the IT Act, read with the 2009 rules, permits the central and the state governments to order the decryption of a computer resource upon satisfaction of certain specified conditions. Further, Section 84A of the IT Act states that central government can frame rules to prescribe encryption standards and methods to secure electronic communications. While the government has not yet prescribed any modes and methods of encryption under Section 84A, a draft national encryption policy was released by them in September 2015, which was retracted shortly afterwards. This draft policy had, among other things, proposed requirements that:

  1. Users should be able to reproduce on demand plain text and encrypted text pairs using the software/hardware used to produce the encrypted text from the given plain text.
  2. The information should be stored for 90 days from the date of transaction and made available to LEAs on request.

Restrictions on encryption also flow from telecom license agreements. For instance, the Internet Service Provider (ISP) License Agreement requires ISPs to obtain prior governmental approval to deploy encryption which is higher than 40 bits (Part 1, Clause 2.2(vii)). The Unified License agreement (Clause 37.1), the Unified Access Services License agreement (Clause 39.1), and the ISP license agreement (Part 1, Clause 2.2(vii)) all prohibit bulk encryption by TSPs. Therefore, in the context of encryption, state surveillance capacity is bolstered through both the banning of encryption or laying down low encryption standards, and by providing for decryption on demand. We examine below how both these stipulations fare under the four-pronged proportionality analysis:

Legality: While the authority to order decryption of computer resources flows from Section 69 of the IT Act and the 2009 rules, no comprehensive encryption policy or rules have been framed under Section 84A of the IT Act prescribing encryption restrictions. The encryption restrictions that flow from telecom license conditions do not have a statutory backing.

Legitimate aim: Section 69 of the IT Act empowers the state to order decryption of a computer resource if it is necessary or expedient to do so in the interest of the sovereignty or integrity of India, defence of India, security of the state, friendly relations with foreign states, public order, for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence. Therefore, any order of decryption will satisfy the legitimate aim test if it is in pursuance of the objectives listed under this provision. Given that there is no rule or statute laying down when and how the government can set out restrictions on encryption standards, it is unclear if banning encryption or prescribing unreasonably low standards of encryption, which can potentially jeopardise network security entirely, is likely to achieve even the general legitimate aim of national security.

Proportionality: A complete restriction on encryption or setting out unreasonably low encryption standards will not pass the necessity test because while it ensures access to communication by LEAs during emergency situations, it also makes the entire communication network vulnerable to attacks at all times and will not qualify as the least restrictive measure. Further, measures such as asking users to maintain a plain text copy of all encrypted material for 90 days would also vitiate the very purpose of encryption leading to the same issues as banning encryption and therefore not satisfy the necessity test under proportionality analysis.

In relation to the framework for decryption on demand, ordering decryption of a particular computer resource or resources based on evidence of suspicion, as was done in the Apple-FBI matter, qualifies as targeted interception and may be the least retrictive way of achieving a legitimate aim. However, requiring private companies to create backdoors within all systems to enable decryption when necessary, renders computer resources of several unsuspecting individuals vulnerable to interception by governments and hackers alike. Therefore, ordering private companies to create backdoors within all systems is not the least restrictive way of achieving a legitimate aim and does not satisfy the proportionality standard. Further, it is advisable for governments to build in-house capacity for decryption in order to provide LEAs with targeted access to encrypted systems during an emergent situation, rather than waiting for technological assistance from companies during such times or requiring them to weaken all systems by creating backdoors.

Procedural safeguards: The 2009 rules set out certain procedural safeguards and review mechanisms that are similar to the procedural framework under Rule 419A of the Telegraph Act. Therefore, the procedural inadequacies identified in the context of lawful interception framework under the Telegraph Act are applicable to the framework for decryption on demand as well. Further, given the absence of any legislative or regulatory framework prescribing encryption standards or methods of deploying encryption under Section 84A of the IT Act, no procedural safeguards are currently in place to check against arbitrary encryption restrictions issued by the executive.

Surveillance by non-state actors

Although we have largely focused on the application of the Puttaswamy standard to the state's varied surveillance frameworks, this post would be incomplete without a mention of the rise in private actors such as Facebook and Google, and the prevalence of surveillance capitalism (Zuboff, 2015). In this model, tech companies serve as data harvesting giants that constantly collect, analyse, and share user data, without informed consent, with the aim to alter/shape behaviour and preferences.

As has been discussed previously on this blog (here and here), India lacks a data protection law. Currently, the actions of private actors are only regulated by the IT Act and the Information Technology (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011, which have also been acknowledged by the Srikrishna Committee White Paper as lacking "an effective enforcement machinery". In fact, it is these loopholes in the law that were exploited by Facebook and Cambridge Analytica to mine user data without their consent.

Acknowledging the challenges posed by big data to privacy, Chandrachud J. in Puttaswamy emphasised the importance of a data protection regime, that would also regulate the actions of private actors. Similarly, Kaul J. recognised the right of individuals to control the commercial use of their identity and to exclusively commercially exploit their identity and data. However, although the judges referred to the increased data collection and analysis capacity of non-state actors, the judgment in Puttaswamy did not grapple with the problems posed by commercial surveillance and private actors. This issue will have to be resolved in the new data protection law that is expected to be enacted after the Srikrishna Committee Report prepares a draft Bill.

Conclusion

The proportionality test, as laid out in Puttaswamy, and the extensive reliance on global privacy and search/surveillance jurisprudence has laid the groundwork for a re-examination of India's surveillance architecture. However, this was just the first step. The Court in Puttaswamy was not directly concerned with a surveillance claim, and thus, did not have to grapple with the application of its proportionality standard to the facts on ground. The Supreme Court has now reserved judgment in the Aadhaar case (Puttaswamy II), where extensive arguments on surveillance and chilling effect were made in the context of the centralised collection and storage of data, and the linking/seeding of various databases with the Aadhaar number. It is thus expected that the Court's judgment will further clarify the standard of proportionality, and its application in surveillance cases. We have to wait and see how the Court will balance these competing concerns of privacy and liberty with national security.

At the same time, we are looking towards the Justice Srikrishna Committee for specific recommendations to the government on how to introduce due process while providing exceptions for national security or other legitimate aims under the proposed data protection law. This will also entail a relook at the lawful interception provisions under existing laws.

References

Addison Litton, The State of Surveillance in India: The Central Monitoring System's Chilling Effect on Self Expression, 14 Wash. U. Global Stud. L. Rev. 799, 2015.

The International Principles on the Application of Human Rights to Communications Surveillance ("Necessary & Proportionate Principles), July 2013.

Software Freedom Law Centre, "India's Surveillance State: Communication Surveillance in India", 2014.

Saikat Datta, Surveillance and Democracy: Chilling tales from around the world, International Network of Civil Liberties Organizations, 2015.

Shoshana Zuboff, Big Other: Surveillance Capitalism and the Prospects of an Information Civilisation, 30 J. of Info. Tech. 75, 2015.

 

Vrinda Bhandari is a practicing advocate in Delhi. Smriti Parsheera and Faiza Rahman are researchers at the National Institute of Public Finance & Policy. We thank Saikat Datta for valuable discussions.

Monday, May 14, 2018

Interesting readings

Concerns about high tech companies by Ajay Shah in Business Standard, May 14, 2018. Also see: Google's Plan To Make Tech Less Addictive by Mark Wilson in Fast Co Design, May 9, 2018, Tim Berners-Lee on the future of the web: 'The system is failing' by Olivia Solon in The Guardian, November 16, 2017 and How the father of the World Wide Web plans to reclaim it from Facebook and Google by David Weinberger in Digital Trends, August 10, 2016.

When Spies Hack Journalism by Scott Shane in The New York Times, May 12, 2018.

Crypto exchanges join hands against RBI by Priyanka Pani in Business Line, May 11, 2018.

FRG insolvency cases dataset by Finance Research Group in Ifrogs.
and How Does One Measure the Effectiveness of The IBC? on Bloomberg, May 10, 2018.

Fugitive law can victimise the victim by Somasekhar Sundaresan on Wordpress, May 10, 2018.

Media by Julia Evans on Twitter, May 9, 2018.

What is an Indian company? Does it really matter! by A K Bhattacharya in Business Standard, May 9, 2018.

How to stop rapes: Death penalty is not the answer, but police and prosecutorial reform are by Baijayant 'Jay' Panda in The Times of India, May 9, 2018.

Understanding the 'chief of staff' position: Does Trump Want Even More Chaos in the White House? by Chris Whipple in The New York Times, May 9, 2018. "There is a difference between campaigning -- which is dividing, demonizing and disrupting -- and governing, which is building coalitions and making compromises."

What a triumph: Google Duplex: An AI System for Accomplishing Real-World Tasks Over the Phone by Yaniv Leviathan and Yossi Matias in Google AI Blog, May 8, 2018.

Google Bans Bail Bond Ads, Invites Regulation by Alex Tabarrok in Marginal Revolution, May 8, 2018. Also see: Google banning advertisements of payday loans: Is this vigilante justice? by Ajay Shah in Ajay Shah's Blog, June 29, 2016.

Varieties Of Argumentative Experience by Scott Alexander in Slate Star Codex, May 8, 2018.

The Engagement-Maximization Presidency by Cory Doctorow in Locusmag, May 7, 2018.

Reform, do not rationalise by Bhargavi Zaveri & Radhika Pandey in Business Standard, May 7, 2018 and Three Casualties of A Recent SEBI Diktat: FPIs, NRIs And Indian Investment Managers by Payaswini Upadhyay in Bloomberg, May 13, 2018. Capital controls reform needs to go deeper.

Education is broken: Ian McEwan helped his son write an essay about his own novel. His son got a C+ by Michael Schaub in Los Angeles Times, May 7, 2018.

Is It Time To Bring The Public Debt Management Office Debate Back From The Dead? by Ira Dugal in Bloomberg, May 7, 2018. The implementation path is worked out in detail in: Legislative strategy for setting up an independent debt management agency by Radhika Pandey and Ila Patnaik in NUJS Law Review, 2017.

How Much Should We Trust the Dictator's GDP Estimates? by Luis R. Martinez in SSRN, May 6, 2018.

The Binani Saga - Value Maximization Above All? by Jolly Abraham in Bar & Bench, May 6, 2018.

Economic Surveys Are a Danger to Markets by Jim Bianco and Ben Breitholtz in Bloomberg, May 4, 2018.

IT moves slower than we think. It's COBOL all the way down by Glenn Fleishman in Increment, April, 2018.

Tuesday, May 01, 2018

Interesting readings

The way forward for PSU banks by Ajay Shah in Business Standard, May 1, 2018.

Changing the culture of corporate credit by Bahram Vakil and Kaushik Krishnan in Mint, April 30, 2018.

The Sense of Justice That We're Losing by David Leonhardt in The New York Times, April 29, 2018. This is the sense of justice that we in India are not yet dreaming of.

The End of Intelligence by Michael V. Hayden in The New York Times, April 28, 2018. "To adopt post-truth thinking is to depart from Enlightenment ideas, dominant in the West since the 17th century, that value experience and expertise, the centrality of fact, humility in the face of complexity, the need for study and a respect for ideas."

The IBC requires some cleaning up by Somasekhar Sundaresan in Business Standard, April 25, 2018.

Newspaper op-eds change minds in ScienceDaily, April 24, 2018.

What will be the impact of physical delivery of stock derivatives? by Devangshu Datta in Business Standard, April 23, 2018. There was zero evidence in favour of the policy change.

Scrutiny gap in state Budget proceedings by Abhijit Banare in Business Standard, April 23, 2018.

Insolvency and Bankruptcy Code: a legislation mired in controversy by Bomi Daruwala in Mint, April 23, 2018.

Striking a fine regulatory balance in banking by Tarun Ramadorai in Mint, April 23, 2018.

An Alternative to Privatisation of Public Sector Banks by Deepti George in Dvara, April 23, 2018.

Data localisation blues in Business Standard, April 20, 2018.

Broad and standard by Bibek Debroy in Business Standard, April 20, 2018.

Great institutions are where you go after a head of state like this: A veteran defense lawyer explains how the feds could flip Michael Cohen by Adam Pasick in Quartz, April 19, 2018.

15th Finance Commission: Moving on by Rathin Roy in Business Standard, April 18, 2018.

India's Banks Need a Stronger Watchdog by Ila Patnaik in Bloomberg, April 18, 2018.

In Trying To Ban Telegram, Russia Breaks The Internet by Karl Bode in Techdirt, April 18, 2018.

Machine Learning's 'Amazing' Ability to Predict Chaos by Natalie Wolchover in Quanta, April 18, 2018.

Style Is an Algorithm by Kyle Chayka in Racked, April 17, 2018. "If everyone's editing Vogue, it wouldn't be Vogue." "We find ourselves in a cultural uncanny valley, unable to differentiate between things created by humans and those generated by a human-trained equation run amok."

Jai Bhim, not Ram by Manini Chatterjee in The Telegraph, April 16, 2018.

The Internet Apologizes by Noah Kulwin in New York Magzine, April 13, 2018.
"Stallman: I never tell stores who I am. I never let them know. I pay cash and only cash for that reason."

Too Much Music: A Failed Experiment In Dedicated Listening by James Jackson Toth in National Public Radio, January 16, 2018.