Encryption of messages on OTT (over-the-top) communication apps is set to come up as yet another issue between telcos and OTT backers within the requirement of lawful interception for communications in the draft telecom bill.
Telcos have sought that OTTs should be brought under regulation, that the government should levy a license fee on OTT communication apps which is at par with telcos and that carriers should be compensated for all OTT data being consumed on their networks.
Even though it may be light-touch regulation as is being considered by the government, telcos have said that conditions of national security including enabling of lawful interception on OTT communication app systems should be imposed, in order to bring parity for providing the same service as telcos.
“Given the country’s security situation, if the same requirements (of interception) for similar services for the same subscriber base should be given. If the government feels that the security situation has improved, and the requirements are not needed anymore, remove them for us (telcos) as well. But if they’re needed for us, then they should be for them as well, irrespective of how the services are being given, free or charged,” said SP Kochhar, director general of Cellular Operators Association of India (COAI), which represents carriers operating in India.
The association has also batted for introducing KYC or know-your-customer norms for OTT players offering messaging, emails, voice and video calling, on the grounds of keeping national security intact. Presently, telcos are mandated to adhere to KYC norms set by the government.
However, free internet backers have argued that interception would lead to creating backdoors or exceptional access for government agencies into messaging services and thus have opposed regulation of such OTT platforms.
Compliance with lawful interception requirements for end-to-end encrypted platforms such as WhatsApp and Signal would mean weakening security, bypassing end-to-end encryption entirely by getting access to content before or after the encryption process, through methods such as client-side scanning or storing a copy of every message sent, or simply not offering fully encrypted services at all, said Internet Society in its submissions to the telecom department.
“The negative consequences of forcing platforms to weaken security afforded to users by strong encryption would be detrimental to the safety, security, privacy and livelihood of users, businesses, and governments worldwide. It would also result in severe financial losses due to erosion of trust in secure, private communications,” said Neeti Biyani, policy and advocacy manager at Internet Society.
Asking every Internet-based service and platform to obtain a license will impact user accessibility and could potentially cause disruption of services, which will result in significant economic losses and a fractured business environment in India, the organisation added.
Debate between the two sides, post submissions on the draft telecom bill, is expected to heat up further, as the second draft of the bill will be put up for final consultations before being taken to the Parliament.
Contesting the same service, same rules proposition of the telcos, the Broadband India Forum has said that bringing the OTTs under the ambit of the telecommunication service license also implies that the government only holds the exclusive privileges to decide, build, develop and operate the OTT apps. “Such a situation is grossly anomalous, highly impractical and will lead to a collapse of the entire app ecosystem and thereby impacting innovation and growth of the economy,” the forum said in its representation to the department.
It suggested that OTT communication service, broadcasting service, internet-based communication, should be excluded from telecom services as they were not ‘produced from a telecom network’.
BIF further stated that security concerns like KYC, if applicable, to OTT services in the interest of consumers may be addressed within the purview of the IT Act. “The KYC is done by respective sectors independently even if they ride on telecommunication services,” it said, while giving comparison with the banking sector, which relies on telecom networks for transactions, but follows laws governing banking when it comes to KYC.