Central Monitoring System

The Central Monitoring System, abbreviated to CMS, is a centralized telephone interception provisioning system installed by the Centre for Development of Telematics (C-DOT), an Indian Government owned telecommunications technology development centre, and operated by Telecom Enforcement Resource and Monitoring (TERM) Cells. The CMC system is set up in each major state collocated with the TERM Cells. Telecom operators in India are required by law to give access to their networks to law enforcement agencies. The Indian Government set up the Centralized Monitoring System (CMS) to automate the process of government-approved Lawful Interception & Monitoring of telecommunications. The Cabinet Committee on Security approved the project of CMS with government funding of INR 400 Crores. Pilot trials have been completed and the system is anticipated to be progressively implemented from the end of the financial year.

History
The 2007-08 annual report of the Department of Telecommunications (DoT) stated that the requirements for the CMS project had been finalized by the Telecommunication Engineering Center (TEC), after deliberations with security agencies, and that the first phase of the project, covering the "national capital", was scheduled to be implemented by 31 March 2008. It also stated that C-DOT had finalized the "scope, architecture and dimensioning of the network". The 2008-09 annual report stated that proof of concept had been demonstrated and that R&D activities for the project were "ongoing". The Government of India budgeted $150 million for the system as part of its 12th Five Year Plan, with Cabinet ultimately approving a higher amount. The CMS was fast-tracked following the 2008 Mumbai attacks. However, it faced repeated delays and missed the original deployment deadline of the end of 2012, and the next deadline of March 2013.

CMS was first announced publicly in a press release by the Press Information Bureau (PIB), dated 26 November 2009. The release lacked details on the system but stated that CMS was a "centralized system to monitor communications on mobile phones, landlines and the internet in the country" and claimed that the project would "strengthen the security environment in the country". CMS was mentioned by Minister of Communications and Information Technology Kapil Sibal on 1 January 2011, while addressing the media to announce his 100-day agenda for the Indian telecom sector. Sibal mentioned it in passing, telling the media that "Steps will be taken to establish the Central Monitoring System which will facilitate and prevent misuse of lawful interception facility." The announcement was described as "muted" by Time magazine.

On 9 March 2011, Minister of State for Communications & Information Technology, Sachin Pilot stated that the CMS was to be set up for the "Lawful Interception and Monitoring of communications to address the national security concerns. It will automize the present manual system of interception and monitoring, which will enhance the secrecy of intercepted numbers and will cut down the delay in provisioning."

On 15 October 2012, The New Indian Express reported that the National Investigation Agency (NIA) had requested for authorization to access CMS once it became functional. The paper also stated that a pilot trial was underway. Mint cited an internal note from the DoT dated 10 June 2013, which reportedly said that CMS had "undergone successful pilots" and was "likely to be commissioned" by the end of 2013. The government began rolling out the CMS, state by state, in April 2013.

In July 2013, BlackBerry granted the Indian Government access to its messaging services. It is presumed that CMS will be used to monitor these services, although it may be done through C-DOT's Lawful Intercept and Monitoring (LIM) system. It will make two amendments to the Indian Telegraph Act to allow for intercepting and monitoring through the CMS and to allow "collecting, storing and analyzing message pertaining to information of any nature by the Telegraph Authority".

Interception Authorization
In exercise of the powers conferred by Section 7 of the Indian Telegraph Act, 1885 (13 of 1885), the Government of India made Rule 419A of the Indian Telegraph Rules, 1951. Directions for interception of any message or class of messages under sub-section (2) of Section 5 of the Indian Telegraph Act, 1885 shall not be issued except by an order made by the Secretary to the Government of India in the Ministry of Home Affairs in the case of Government of India and by the Secretary to the State Government in-charge of the Home Department in the case of a State Government. In unavoidable circumstances, such order may be made by an officer, not below the rank of a Joint Secretary to the Government of India, who has been duly authorized by the Union Home Secretary or the State Home Secretary, as the case may be:

Provided that in emergent cases:

(i) in remote areas, where obtaining of prior directions for interception of messages or class of messages is not feasible; or

(ii) for operational reasons, where obtaining of prior directions for interception of message or class of messages is not feasible;

the required interception of any message or class of messages shall be carried out with the prior approval of the Head or the second senior most officer of the authorized security i.e. Law Enforcement Agency at the Central Level and the officers authorised in this behalf, not below the rank of Inspector General of Police at the state level but the concerned competent authority shall be informed of such interceptions by the approving authority within three working days and that such interceptions shall be got confirmed by the concerned competent authority within a period of seven working days. If the confirmation from the competent authority is not received within the stipulated seven days, such interception shall cease and the same message or class of messages shall not be intercepted thereafter without the prior approval of the Union Home Secretary or the State Home Secretary, as the case may be.

The Hon’ble Supreme Court has upheld the constitutional validity of interceptions and monitoring under Section 5(2) of the Act through its order dated 18.12.1996 in Writ Petition (C) No.256/1991 by People's Union for Civil Liberties (PUCL) Vs. Union of India. It has also observed that the right to hold a telephone conversation in the privacy of one's home or office without interference can certainly be claimed as "Right to Privacy", and accordingly, held that telephone tapping would infringe the Right to Life and Right to Freedom of Speech & Expression enshrined in Articles 21 and 19(1)(a) respectively of the Constitution of India, unless it is permitted under the procedure established by law. The Hon’ble Court further observed that Section 5(2) of the Act clearly provides that ‘occurrence of any public emergency’ or ‘interest of public safety’ is a sine qua non for the application of these provisions. Neither of these are secretive conditions or situations. Either of the situations would be apparent to a reasonable person.

Interception of communication by authorized Law Enforcement Agencies (LEAs) is carried out in accordance with Section 5(2) of the Indian Telegraph Act, 1885 read with Rule 419A of Indian Telegraph (Amendment) Rules, 2007. Following is the list of authorised Law Enforcement Agencies for Lawful Interception:

Central Agencies
 * 1) Research & Analysis Wing (R&AW)
 * 2) Intelligence Bureau
 * 3) National Investigation Agency
 * 4) Central Bureau of Investigation
 * 5) Narcotics Control Bureau
 * 6) Directorate of Enforcement
 * 7) Central Board of Direct Taxes
 * 8) Directorate of Revenue Intelligence
 * 9) Directorate of Signal Intelligence, Ministry of Defence - for Jammu & Kashmir, North East & Assam Service Areas only


 * State Agencies

Director General of Police, of concerned state/Commissioner of Police, Delhi for Delhi Metro City Service Area only.

Call data records (CDRs) can be sought by following the statutory provisions contained in Section 92 of the Code of Criminal Procedure, 1973 or Section 5(2) of the Indian Telegraph Act, 1885 read with Rule 419 A of Indian Telegraph (Amendment) Rules, 2007.

System details
Earlier the provisioning of Interception of the Telephone was being done by the Telecom operators on the basis of duly authorized order by the competent authority in accordance with 419A telephone rule. Traditionally, the Law Enforcement Agency was approaching the various telecom companies based on the numbering scheme of the target telephone number. In CMS setup there is no change in the Interception authorization order envisaged in 419A telephone rule except that now the Law Enforcement Agency will go to only TERM Cell for any interception order provisioning irrespective of telephone numbering scheme. There is no change in the existing LIS / LIM system in the telecom network. The TERM Cell who are the field unit of DOT and carries the enforcement and regulation of licensing conditions in the field will be sole authority to provision the interception orders but interception orders will be obtained by Law Enforcement Agencies in according to the 419A telephone rule.

Government objective
Government has set up the Centralized Monitoring System (CMS) to automate the process of Lawful Interception & Monitoring of telecommunications technology. Government of India on 2015-12-02 in a reply to parliament question no. 595 on scope, objectives and framework of the CMS has struck a balance between national security, online privacy and free speech informed that to take care of the privacy of citizens, lawful interception and monitoring is governed by the Section 5(2) of Indian Telegraph Act, 1885 read with Rule 419A of Indian Telegraph (Amendment) Rules, 2007 wherein oversight mechanism exists in form of review committee under chairmanship of the Cabinet Secretary at Central Government level and Chief Secretary of the State at the State Government level. The same mechanism is applicable for the interception under the CMS Project also. Additionally, there is an inbuilt mechanism of check and balance as Security Agencies/Law Enforcement Agencies cannot provision the target and the provisioning agency cannot see the content.

Media reaction
Business Standard criticised the fact that a warrant need not be obtained. Firstpost criticised the lack of information from the government about the project and the lack of a legal recourse for a citizen whose personal details were misused or leaked. The Hindu also criticised the lack of information available about the system.

The Indian Express criticised the introduction of the system in the absence of accountability and "any reasonably effective safeguards" to protect privacy. The Times of India criticised the introduction of CMS without public debate or Parliamentary accountability. The paper also felt that Indian privacy laws were "lax", and "far worse than American law on these matters".

Forbes India pointed out that a consequence of CMS would be that innocent citizens could be wrongly accused of criminal activity. The New York Times argued that India did not need centralised interception facilities to have centralised tracking of interception requests. The paper also expressed support for a strong privacy law, and advised Indian citizens to "take greater care of their own privacy and safeguard the security of their communications".

Human rights and civil-liberties groups reactions
Human rights and civil-liberties groups expressed concerns that the CMS is prone to abuse, and is an infringement of privacy and civil liberties. Critics described it as "abuse of privacy rights and security-agency overreach".

Meenakshi Ganguly, the South Asia director of Human Rights Watch, felt that the move toward extensive "surveillance capabilities enabled by digital communications" suggests that governments are now "casting the net wide, enabling intrusions into private lives". Ganguly also felt that increasing surveillance around the world was an attempt by governments to "grapple with the power of social media that can enable spontaneous street protests".

Praveen Swami, strategic affairs editor of Network18, felt that "There is also the argument that the threat of a cyber attack is deliberately overplayed ... it is far-fetched. So there is a need for balance". Pawan Sinha, a human rights teacher at Delhi University, believes that bypassing courts was "really very dangerous" and could be "easily misused".

Anja Kovacs of the Internet Democracy Project, and a fellow at the New Delhi-based Centre for Internet and Society, felt that there was "a growing discrepancy and power imbalance between citizens and the state" and that in the Indian scenario, there were "no checks and balances in place".

Sunil Abraham, executive director of Bangalore-based non-profit Centre for Internet and Society, advised Indians to "stop using proprietary software, shift to free/open source software" and "encrypt all sensitive Internet traffic and email using software like TOR and GNU Privacy Guard".

Pranesh Prakash, director of policy at the Centre for Internet and Society, warned that the lack of privacy laws and government accountability makes the programme "very worrisome." Cyberlaw specialist Pavan Duggal stated that the "system is capable of tremendous abuse" and "even legitimate conversations could end up being tracked". Mishi Choudhary, executive director, Software Freedom and Law Center stated that, "There has been no public consultation on this issue. No one knows what they have proposed or whether it has parliamentary mandate. We don't even have empirical data on phone tapping from the government. It's like a black hole."

Human rights activist Neingulo Krome described CMS as "a threat to democracy" and also felt that the agencies involved could "soon challenge the authority of the government itself".