The Telecommunications Bill, 2023, has been passed by the Indian parliament, sparking concerns over its potential impact on user privacy and online services.
The legislation, which aims to regulate all telecommunication services, including popular platforms such as WhatsApp, Zoom, Reddit, and Gmail, brings about substantial changes to the Telecom Regulatory Authority of India (TRAI) Act, 1997, and expands the regulatory purview to include broadcasters under the telecommunication umbrella.
The recently passed bill, relying on 36 sets of subordinate legislation for operationalization, has raised eyebrows due to its potential implications for user privacy and the use of Virtual Private Networks (VPNs).
Notably, the legislation permits only “authorized entities” to provide telecommunication services, requiring all service providers, including Gmail and WhatsApp, to obtain government authorization.
One of the most contentious aspects of the bill is the proposed imposition of duties on users and the introduction of telecom identifiers, potentially affecting the use of VPNs.
Furthermore, the legislation mandates verifiable biometric-based identification for all notified telecommunication service providers, including online services like Gmail and WhatsApp, through a Know Your Customer (KYC) process involving fingerprints, irises, or faces.
Of particular concern is the government’s empowerment to dictate encryption standards, potentially jeopardizing end-to-end encryption on services such as WhatsApp, raising fears about the privacy of personal communication.
The bill designates telecommunication networks as “critical telecommunication networks” and renames the Universal Service Obligation Fund as Digital Bharat Nidhi.
The bill also grants central and state governments the authority, or a specially authorized officer, to seek interception, disclosure, and suspension powers during public emergencies or for reasons of public safety.
This provision extends to any message sent through telecommunication, raising questions about its impact on end-to-end encryption and individual privacy.
Critics argue that the bill extends the government’s powers to regulate Over-The-Top (OTT) services like WhatsApp, Signal, and Gmail, potentially compromising user privacy. The legislation, while not explicitly mentioning “OTT” or “Messaging Services,” includes internet-based messaging and email services within the definition of “telecommunication services.”
Another contentious point is the absence of safeguards regarding interception powers, encryption standards, and internet shutdowns, leading to concerns about abuse and lack of accountability.
The recently passed bill maintains a colonial-era approach to interception without providing adequate safeguards, raising fears of potential misuse.
Amidst growing concerns over the bill’s impact on privacy and individual freedoms, experts call for a thorough reevaluation of its provisions.
The larger legislative environment, marked by a trend of vague drafting and increased state power, raises questions about the government’s commitment to transparency, accountability, and citizens’ rights.
As the bill moves forward, it remains to be seen how lawmakers address these concerns and strike a balance between national security and individual privacy.