ADVERTISEMENTREMOVE AD

Telecom Bill Passed in Lok Sabha With Minimum Debate: Goodbye E2E Encryption?

The contentious Telecommunications Bill, 2023, saw a total of 63 minutes of debate in the Lower House.

Updated
story-hero-img
i
Aa
Aa
Small
Aa
Medium
Aa
Large

The Lok Sabha on Wednesday, 20 December, passed the Telecommunications Bill, 2023, in the absence of over two-thirds of the Opposition. A total of 144 Opposition MPs have been suspended from both Houses during the Winter Session of Parliament.

As a result, the contentious Bill saw a total of 63 minutes of debate in the Lower House. The discussion to overhaul the legislative framework governing telecommunication in India began at 4:57 pm and was finished by 6 pm.

The proposed legislation would allow authorities to intercept or block messages between any persons relating to "any particular subject" in the event of a public emergency or in the interest of public safety.

There is also a lack of clarity on whether the Bill is applicable to Over-the-Top (OTT) communication services such as WhatsApp. It was tabled by the Union Minister of Communication Ashwini Vaishnaw on Monday, 18 December.

The contentious Telecommunications Bill, 2023, saw a total of 63 minutes of debate in the Lower House.

Union Minister of Communication Ashwini Vaishnaw

(Photo: PTI)

The Telecom Bill comes after several rounds of consultations and deliberations. Yet, it has faced fierce criticism from various stakeholders who have pointed out that the proposed legislation could lead to mass surveillance and poses threats to online privacy,

However, according to the government, the Telecom Bill is meant to revamp the existing legislative framework that governs the telecom sector. It attempts to do this by repealing and replacing three "outdated" Acts, namely: the Indian Telegraph Act, 1885; the Indian Wireless Telegraphy Act, 1933; and The Telegraph Wire (Unlawful Possession) Act, 1950. It also proposes to make amendments to the Telecom Regulatory Authority of India Act, 1997.

So, what is in the proposed telecom legislation? How much has it changed from the draft released last year? And why has it led to concerns among Opposition MPs and activists?

Here's a complete breakdown of all the important clauses in the Telecommunications Bill, 2023.

Telecom Bill Passed in Lok Sabha With Minimum Debate: Goodbye E2E Encryption?

  1. 1. What Are the Key Definitions in the Bill?

    The proposed Telecommunications Bill, 2023, has defined several new terms that weren't included in the 2022 version of the draft Bill, such as:

    Critical telecommunication infrastructure: The central government is empowered to notify any telecom network as a 'critical telecommunication network' if the disruption of that network "shall have debilitating impact on national security, economy, public health or safety." The government is then further empowered to decide "the standards, security practices, upgradation requirements and procedures to be implemented for such Critical Telecommunication Infrastructure."

    Authorisation: It means permission granted by the government to provide telecommunication services and to establish, operate, maintain, or expand telecom networks, according to the Bill. This authorisation is granted to "authorised entities" who intend to provide telecom services and to establish, operate, maintain or expand telecom networks.

    • The earlier version of the Bill had proposed a licensing regime by defining a 'license' as license, approval, authorisation, or permission granted to an entity engaged in providing telecommunication services, telecommunication network or telecommunication infrastructure.

    Telecommunication identifier: This is a new term that has been defined in the 2023 version of the Bill. It means a series or combination of digits, characters, and symbols used to uniquely identify:

    • A user

    • A telecommunication service

    • A telecommunication network

    • Elements of a telecommunication network

    • Telecommunication equipment

    • An authorised entity

    The central government can allot these identifiers for use by authorised entities, as per the Bill. It is also incharge of setting standards for telecommunication identifiers.

    Telecommunication service has been defined as any service for telecommunication.

    • The 2022 version of the Bill had extended the definition of telecommunication service to specifically include Over-the-Top (OTT) communication services such as WhatsApp, Signal, Gmail, etc, thereby subjecting them to licensing requirements.

    • Introducing telecom-like regulation for OTT platforms has been a long-standing demand of Indian telcos while OTT players have pushed back against such legislation.

    Surprisingly, the latest version of the Telecommunications Bill doesn't mention the term OTT even once. However, the proposed legislation will still apply to apps like WhatsApp and Gmail because of how the term 'telecommunication' is defined in the Bill.

    Telecommunication: According to the Bill, telecommunication means transmission, emission or reception of any messages, by wire, radio, optical or other electro-magnetic systems, whether or not such messages have been subjected to rearrangement, computation or other processes by any means in the course of their transmission, emission or reception.

    Furthermore, a 'message' is defined as any sign, signal, writing, text, image, sound, video, data stream, intelligence or information sent through telecommunication.

    Digital Bharat Nidhi: Speaking of revised terminology, the Bill proposes to rename the Universal Service Obligation Fund (USOF) to the Digital Bharat Nidhi. Furthermore, it seeks to expand the usage of the fund to support research and development of telecom technology, telecom pilot projects, rollout of telecom products, and aid in providing access to rural, remote, and urban areas.

    • Under the existing legislative framework, the USOF could reportedly only be used for expenditures to enhance rural connectivity.

    Expand
  2. 2. Who All Is Required To Obtain Govt Authorisation?

    The expanded definition of telecommunication in the Bill indicates that online platforms such as WhatsApp, Gmail, Signal, Zoom, Google Meet, Facetime, and others will be subject to the same regulation as telecom service providers such as Bharti Airtel, Reliance Jio, and Vodafone, among others.

    This means that all of these entities would need to obtain authorisation from the central government if they want to make their services available to Indian users.

    Can unauthorised entities offer telecommunication services? No, unless the central government exempts those entities from obtaining authorisation after determining "that it is necessary in the public interest to do so."

    For those players who already hold a license under the existing laws, the proposed Bill states that the license will continue to be valid until its expiry date.

    Expand
  3. 3. How Does the Proposed Bill Affect Indian Users?

    Biometric-based identification: Notably, the latest version of the Bill would require authorised entities such as WhatsApp to carry out biometric-based identification of users (that is verification of a person's identity through their fingerprints, iris, etc). There was no such section in the 2022 draft of the Bill.

    "No user shall furnish any false particulars, suppress any material information, or impersonate another person, while establishing his identity for availing of telecommunication services; or fail to share information as required under this Act," the proposed Bill reads.

    Section 29 of the Bill also states that no user shall "fail to share information as required under this Act."

    Similar to the previous draft, the Telecommunications Bill, 2023, sets out provisions for ensuring user safety – particularly against spam or fraud calls.

    How does it look to protect Indian users from spam calls? The Bill proposes certain anti-spam measures such as:

    Prior consent: Senders should take the prior consent of users in order to send specified messages or messages that are "offering, advertising or promoting goods, services, interest in property, business opportunity, employment opportunity or investment opportunity."

    Do Not Disturb register: The Bill also proposes creating a Do Not Disturb register to achieve the same.

    Reporting mechanisms: It further requires authorised entities to set up a "mechanism to enable users to report any malware or specified messages received in contravention of this section." Additionally, authorised entities would also have to set up grievance redressal mechanisms for users (akin to the obligations for intermediaries in the IT Rules, 2021).

    Dispute resolution mechanisms: In case a dispute arises between a user and an authorised entity providing telecom services, the central government has proposed that it will set up "one or more" online dispute resolution mechanism to address the issue.

    • Besides the section on malware reporting mechanisms, other provisions had appeared in some form or the other in the 2022 version of the Bill as well.

    Expand
  4. 4. Will the Government Have More Surveillance Powers?

    Power to set standards: Under the Bill, the central government is empowered to notify standards on encryption and data processing in telecommunication. It is also empowered to assess conformity to the prescribed standards.

    • This is a new provision that has been inserted after the 2022 draft Bill was released. The earlier version only empowered the central government to prescribe standards for telecom equipment, networks, services, and infrastructure – not encryption.

    Besides setting encryption standards, the central government has also been tasked to come up with standards for:

    • Telecom equipment (including their manufacture, import, distribution and sale)

    • Telecom identifiers

    • Telecom networks

    • Telecom services

    • Telecom security (including identification, analysis and prevention of intrusion of telecom services and networks)

    • Cybersecurity for telecom services and networks

    Messages sent and received on apps like WhatsApp or Signal are end-to-end encrypted, ensuring that only the sender or recipient can read the plaintext messages. However, the proposed Telecom Bill could change that.

    Power to intercept messages: Under the Telecom Bill, messages on "any particular subject" between any persons can be intercepted or blocked by the central government, state governments, or authorised officers in the event of a "public emergency or in the interest of public safety."

    • These messages would have to be "disclosed in intelligible format to the officer mentioned in such order," meaning that decrypted messages would need to be shared with the authorities.

    • However, "press messages" of accredited journalists have been exempted from interception or blocking.

    Power to selectively ban platforms: The same section of the Bill also stipulates that authorities can direct the suspension of any telecommunication services "to or from any person or class of persons, to or from any telecommunication equipment or class of telecommunication equipment, or relating to any particular subject, transmitted or received by any telecommunication service or telecommunication network."

    The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, had required platforms to identify the 'originator' of a message as part of its 'traceability requirement' for significant social media intermediaries. In October 2023, the Tripura High Court had stayed the provision; WhatsApp had legally challenged it.

    Power to shut down internet: The central government is empowered to "take temporary possession" of any telecom service or network in the event of a public emergency or for the purposes of disaster management or public safety.

    • This section of the Bill not only resembles the 2022 draft but also mirrors the language used in the colonial-era Telegraph Act. For context, India witnesses the most number of internet shutdowns in the world.

    • This is the first time that a clear provision to order blanket internet shutdowns has been proposed by the central government. So far, shutdowns have been imposed under unclear legal provisions.

    Power to issue alerts: The Bill proposes to set up a message routing mechanism where the messages of an authorised officer are routed to users on priority.

    • Section 23 also states: "If it appears necessary or expedient so to do in the public interest, the Central Government may direct any authorised entity to transmit in its telecommunication services or telecommunication network, specific messages, in such manner as may be specified."

    Power to search: Any central government officer is allowed to search any building, vehicle, vessel, aircraft or place in which he has reason to believe that any unauthorised telecom network or telecom equipment or radio is kept or concealed and take possession thereof, according to the Bill.

    Power to collect traffic data: In order to ensure the cybersecurity of telecom networks and services, the central government would be allowed to collect, analyse, and disseminate traffic data that's generated, transmitted, received or stored in telecom networks.

    • What constitutes traffic data? Any data relating to the type, routing, duration, or time of a telecommunication, according to the Bill.

    Expand
  5. 5. What Are the Penalties for Non-Compliance?

    The contentious Telecommunications Bill, 2023, saw a total of 63 minutes of debate in the Lower House.

    Civil penalties for breach of terms and conditions of Section 32 (authorisation or assignment) and Section 34 (voluntary undertaking for contraventions). 

    (Photo Courtesy: Telecommunications Bill, 2023)

    Unauthorised entities: Whoever provides telecommunication services or establishes telecommunication network without authorisation shall be punishable with imprisonment for a term which may extend to three years, or with fine which may extend up to Rs two crore, or with both, according to the Bill.

    Use of unauthorises entities: According to the Bill, "Use by any person or entity of a telecommunication service or telecommunication network knowing or having reason to believe that such telecommunication service or telecommunication network does not have the required authorisation under this Act" could attract a fine of Rs 10 lakh.

    Unauthorised access: A jail term of three years or a fine of Rs 50 lakh rupees will be levied on anyone who "possesses or uses without an authorisation, any equipment that blocks telecommunication; uses telecommunication identifiers not allotted or permitted; tampers with telecommunication identifiers; possesses radio equipment without an authorisation or an exemption that can accommodate more than specified number of subscriber identity modules; obtains subscriber identity modules or other telecommunication identifiers through fraud, cheating or personation; wilfully possesses radio equipment knowing that it uses unauthorised or tampered telecommunication identifiers."

    • Anyone who unlawfully intercepts a message or gains unauthorised access to a telecom network faces three years of imprisonment or a fine of Rs two crore, as per the Bill.

    Damaging telecom infrastructure: Whoever damages critical telecom infrastructure faces three years of jail or a fine of Rs two crore. Meanwhile, whoever causes damage to non-critical telecom infrastructure will be fined Rs 50 lakh, according to the Bill.

    National security: "Whoever wilfully contravenes any measures specified in the notification on national security under section 21 shall be punishable with imprisonment for a term which may extend to three years, or with fine which may extend up to two crore rupees, or with both and the Central Government may, if it deems fit, also suspend or terminate the telecommunication service of such person," the Bill reads.

    Any other violation: In case of any other prohibition for which the penalty is not specified, the Bill proposes that a fine of Rs 25,000 would be imposed for the first offence and Rs 50,000 for every day of non-compliance thereafter.

    Expand

What Are the Key Definitions in the Bill?

The proposed Telecommunications Bill, 2023, has defined several new terms that weren't included in the 2022 version of the draft Bill, such as:

Critical telecommunication infrastructure: The central government is empowered to notify any telecom network as a 'critical telecommunication network' if the disruption of that network "shall have debilitating impact on national security, economy, public health or safety." The government is then further empowered to decide "the standards, security practices, upgradation requirements and procedures to be implemented for such Critical Telecommunication Infrastructure."

Authorisation: It means permission granted by the government to provide telecommunication services and to establish, operate, maintain, or expand telecom networks, according to the Bill. This authorisation is granted to "authorised entities" who intend to provide telecom services and to establish, operate, maintain or expand telecom networks.

  • The earlier version of the Bill had proposed a licensing regime by defining a 'license' as license, approval, authorisation, or permission granted to an entity engaged in providing telecommunication services, telecommunication network or telecommunication infrastructure.

Telecommunication identifier: This is a new term that has been defined in the 2023 version of the Bill. It means a series or combination of digits, characters, and symbols used to uniquely identify:

  • A user

  • A telecommunication service

  • A telecommunication network

  • Elements of a telecommunication network

  • Telecommunication equipment

  • An authorised entity

The central government can allot these identifiers for use by authorised entities, as per the Bill. It is also incharge of setting standards for telecommunication identifiers.

Telecommunication service has been defined as any service for telecommunication.

  • The 2022 version of the Bill had extended the definition of telecommunication service to specifically include Over-the-Top (OTT) communication services such as WhatsApp, Signal, Gmail, etc, thereby subjecting them to licensing requirements.

  • Introducing telecom-like regulation for OTT platforms has been a long-standing demand of Indian telcos while OTT players have pushed back against such legislation.

Surprisingly, the latest version of the Telecommunications Bill doesn't mention the term OTT even once. However, the proposed legislation will still apply to apps like WhatsApp and Gmail because of how the term 'telecommunication' is defined in the Bill.

Telecommunication: According to the Bill, telecommunication means transmission, emission or reception of any messages, by wire, radio, optical or other electro-magnetic systems, whether or not such messages have been subjected to rearrangement, computation or other processes by any means in the course of their transmission, emission or reception.

Furthermore, a 'message' is defined as any sign, signal, writing, text, image, sound, video, data stream, intelligence or information sent through telecommunication.

Digital Bharat Nidhi: Speaking of revised terminology, the Bill proposes to rename the Universal Service Obligation Fund (USOF) to the Digital Bharat Nidhi. Furthermore, it seeks to expand the usage of the fund to support research and development of telecom technology, telecom pilot projects, rollout of telecom products, and aid in providing access to rural, remote, and urban areas.

  • Under the existing legislative framework, the USOF could reportedly only be used for expenditures to enhance rural connectivity.

ADVERTISEMENTREMOVE AD

Who All Is Required To Obtain Govt Authorisation?

The expanded definition of telecommunication in the Bill indicates that online platforms such as WhatsApp, Gmail, Signal, Zoom, Google Meet, Facetime, and others will be subject to the same regulation as telecom service providers such as Bharti Airtel, Reliance Jio, and Vodafone, among others.

This means that all of these entities would need to obtain authorisation from the central government if they want to make their services available to Indian users.

Can unauthorised entities offer telecommunication services? No, unless the central government exempts those entities from obtaining authorisation after determining "that it is necessary in the public interest to do so."

For those players who already hold a license under the existing laws, the proposed Bill states that the license will continue to be valid until its expiry date.

How Does the Proposed Bill Affect Indian Users?

Biometric-based identification: Notably, the latest version of the Bill would require authorised entities such as WhatsApp to carry out biometric-based identification of users (that is verification of a person's identity through their fingerprints, iris, etc). There was no such section in the 2022 draft of the Bill.

"No user shall furnish any false particulars, suppress any material information, or impersonate another person, while establishing his identity for availing of telecommunication services; or fail to share information as required under this Act," the proposed Bill reads.

Section 29 of the Bill also states that no user shall "fail to share information as required under this Act."

Similar to the previous draft, the Telecommunications Bill, 2023, sets out provisions for ensuring user safety – particularly against spam or fraud calls.

How does it look to protect Indian users from spam calls? The Bill proposes certain anti-spam measures such as:

Prior consent: Senders should take the prior consent of users in order to send specified messages or messages that are "offering, advertising or promoting goods, services, interest in property, business opportunity, employment opportunity or investment opportunity."

Do Not Disturb register: The Bill also proposes creating a Do Not Disturb register to achieve the same.

Reporting mechanisms: It further requires authorised entities to set up a "mechanism to enable users to report any malware or specified messages received in contravention of this section." Additionally, authorised entities would also have to set up grievance redressal mechanisms for users (akin to the obligations for intermediaries in the IT Rules, 2021).

Dispute resolution mechanisms: In case a dispute arises between a user and an authorised entity providing telecom services, the central government has proposed that it will set up "one or more" online dispute resolution mechanism to address the issue.

  • Besides the section on malware reporting mechanisms, other provisions had appeared in some form or the other in the 2022 version of the Bill as well.

ADVERTISEMENTREMOVE AD

Will the Government Have More Surveillance Powers?

Power to set standards: Under the Bill, the central government is empowered to notify standards on encryption and data processing in telecommunication. It is also empowered to assess conformity to the prescribed standards.

  • This is a new provision that has been inserted after the 2022 draft Bill was released. The earlier version only empowered the central government to prescribe standards for telecom equipment, networks, services, and infrastructure – not encryption.

Besides setting encryption standards, the central government has also been tasked to come up with standards for:

  • Telecom equipment (including their manufacture, import, distribution and sale)

  • Telecom identifiers

  • Telecom networks

  • Telecom services

  • Telecom security (including identification, analysis and prevention of intrusion of telecom services and networks)

  • Cybersecurity for telecom services and networks

Messages sent and received on apps like WhatsApp or Signal are end-to-end encrypted, ensuring that only the sender or recipient can read the plaintext messages. However, the proposed Telecom Bill could change that.

Power to intercept messages: Under the Telecom Bill, messages on "any particular subject" between any persons can be intercepted or blocked by the central government, state governments, or authorised officers in the event of a "public emergency or in the interest of public safety."

  • These messages would have to be "disclosed in intelligible format to the officer mentioned in such order," meaning that decrypted messages would need to be shared with the authorities.

  • However, "press messages" of accredited journalists have been exempted from interception or blocking.

Power to selectively ban platforms: The same section of the Bill also stipulates that authorities can direct the suspension of any telecommunication services "to or from any person or class of persons, to or from any telecommunication equipment or class of telecommunication equipment, or relating to any particular subject, transmitted or received by any telecommunication service or telecommunication network."

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, had required platforms to identify the 'originator' of a message as part of its 'traceability requirement' for significant social media intermediaries. In October 2023, the Tripura High Court had stayed the provision; WhatsApp had legally challenged it.

Power to shut down internet: The central government is empowered to "take temporary possession" of any telecom service or network in the event of a public emergency or for the purposes of disaster management or public safety.

  • This section of the Bill not only resembles the 2022 draft but also mirrors the language used in the colonial-era Telegraph Act. For context, India witnesses the most number of internet shutdowns in the world.

  • This is the first time that a clear provision to order blanket internet shutdowns has been proposed by the central government. So far, shutdowns have been imposed under unclear legal provisions.

Power to issue alerts: The Bill proposes to set up a message routing mechanism where the messages of an authorised officer are routed to users on priority.

  • Section 23 also states: "If it appears necessary or expedient so to do in the public interest, the Central Government may direct any authorised entity to transmit in its telecommunication services or telecommunication network, specific messages, in such manner as may be specified."

Power to search: Any central government officer is allowed to search any building, vehicle, vessel, aircraft or place in which he has reason to believe that any unauthorised telecom network or telecom equipment or radio is kept or concealed and take possession thereof, according to the Bill.

Power to collect traffic data: In order to ensure the cybersecurity of telecom networks and services, the central government would be allowed to collect, analyse, and disseminate traffic data that's generated, transmitted, received or stored in telecom networks.

  • What constitutes traffic data? Any data relating to the type, routing, duration, or time of a telecommunication, according to the Bill.

ADVERTISEMENTREMOVE AD

What Are the Penalties for Non-Compliance?

The contentious Telecommunications Bill, 2023, saw a total of 63 minutes of debate in the Lower House.

Civil penalties for breach of terms and conditions of Section 32 (authorisation or assignment) and Section 34 (voluntary undertaking for contraventions). 

(Photo Courtesy: Telecommunications Bill, 2023)

Unauthorised entities: Whoever provides telecommunication services or establishes telecommunication network without authorisation shall be punishable with imprisonment for a term which may extend to three years, or with fine which may extend up to Rs two crore, or with both, according to the Bill.

Use of unauthorises entities: According to the Bill, "Use by any person or entity of a telecommunication service or telecommunication network knowing or having reason to believe that such telecommunication service or telecommunication network does not have the required authorisation under this Act" could attract a fine of Rs 10 lakh.

Unauthorised access: A jail term of three years or a fine of Rs 50 lakh rupees will be levied on anyone who "possesses or uses without an authorisation, any equipment that blocks telecommunication; uses telecommunication identifiers not allotted or permitted; tampers with telecommunication identifiers; possesses radio equipment without an authorisation or an exemption that can accommodate more than specified number of subscriber identity modules; obtains subscriber identity modules or other telecommunication identifiers through fraud, cheating or personation; wilfully possesses radio equipment knowing that it uses unauthorised or tampered telecommunication identifiers."

  • Anyone who unlawfully intercepts a message or gains unauthorised access to a telecom network faces three years of imprisonment or a fine of Rs two crore, as per the Bill.

Damaging telecom infrastructure: Whoever damages critical telecom infrastructure faces three years of jail or a fine of Rs two crore. Meanwhile, whoever causes damage to non-critical telecom infrastructure will be fined Rs 50 lakh, according to the Bill.

National security: "Whoever wilfully contravenes any measures specified in the notification on national security under section 21 shall be punishable with imprisonment for a term which may extend to three years, or with fine which may extend up to two crore rupees, or with both and the Central Government may, if it deems fit, also suspend or terminate the telecommunication service of such person," the Bill reads.

Any other violation: In case of any other prohibition for which the penalty is not specified, the Bill proposes that a fine of Rs 25,000 would be imposed for the first offence and Rs 50,000 for every day of non-compliance thereafter.

ADVERTISEMENTREMOVE AD

Appeals Process: Any breach of the terms and conditions of authorisation will be investigated by an 'Adjudicating Officer' who has been appointed by the central government and is not below the rank of Joint Secretary. The order of the Adjudicating Officer can be appealed before a Designated Appeals Committee (DAC) that comprises central government-appointed officers not below the rank of Additional Secretary.

Beyond the DAC, the order can be appealed before the Telecom Disputes Settlement and Appellate Tribunal established under the Telecom Regulatory Authority of India Act, 1997.

Spectrum allocation: The central government is responsible for assigning spectrum for telecommunication through an auction, except for purposes of national security and defence, law enforcement and crime prevention, disaster management, and public broadcasting services. It is also empowered to prescribe standards for assignment of spectrum such as:

  • Frequency range

  • Methodology for pricing

  • Price

  • Fees and charges

  • Payment mechanism

  • Duration and procedure

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 
Speaking truth to power requires allies like you.
Become a Member
Read More
×
×