Idea Cellular
Sdia:
ome of the critical National Security and other norms which OTT communication players are in violation of include:
As per clause no. 8.1.1 of UL (ISP), lawful interception and monitoring systems are to be set up by Licensee for internet traffic including internet telephony traffic at their cost. However, OTT players do not provide live lawful interception in unencrypted and readable format to Indian security agencies.
Lawful interception:
As per clause 7.1 of UL, TSPs have to offer all public utility service or emergency services like police, fire, as toll free services to its customers. However, OTT players do not offer emergency services to their Indian customers.
Emergency services:
Telecom companies are to be registered in India:
Telecom services/ licenses can be provided/obtained only by the companies registered in India so that they are subject to Indian laws. A majority of companies of OTT players are not registered in India and beyond the scope of any Indian law.
Domestic traffic to stay within In-
As per clause no. 39.23(iii) of UL; domestic traffic shall not be hauled/routed to any place outside India. However, OTT players route India traffic (message / voice from one person to another person in India) outside India as they have not placed their server in India.
Network to be set up within service area or country:
As per clause no. 4.5 of UL, the network related elements (Short message Service Centre/voice switching center/MSC/media gateway, etc.) should be located in a service area or anywhere in India, subject to the scope of applicable license. However, OTT players have set up their switching network outside India for provision of telecom services to customers located in India.
Usage of Higher Encryption Key:
As per clause no. 2.2(vii) of ISP license, TSPs can use encryption key up to 40 bit key length. If encryption equipment higher than this limit is deployed, it requires prior written permission from DoT and deposit the decryption key. Since OTT players have deployed encryption equipment much higher than this limit (Skype use 256 bit AES encryption) and do not share decryption key, Indian security agencies cannot intercept the communication of Indian citizens/person located in India for lawful purpose.
As per clause 39.19 of UASL, DoT will have an access to the subscriber database of the Licensee. Indian TSPs follow subscriber verification guidelines.
However, OTT players do not provide traceable identity/access of their Indian customers to Indian security agencies.
As per clause 7.1 and 7.2 of UL (ISP), TSPs are required to maintain CDR/IPDR for internet including internet telephony services for a minimum period of one year. For one year, these companies have to maintain log-in/log-out details
Access to subscriber database:
Maintenance of CDR/IPDR:
of all subscribers for services provided such as internet access, e-mail, internet telephony, etc. However, OTT players are not required to follow these rules.
ISP cannot connect with PSTN/ PLMN:
As per clause no. 22(v) of ISP license, the licensee is not permitted to have PSTN/PLMN connectivity. Voice communication to and from a telephone connected to PSTN/PLMN and following E.164 numbering is prohibited in India.
However, OTT players can terminate their traffic on PSTN/PLMN in India through their connectivity with PSTN at foreign location.
The biggest security threat is from the select off shore OTT communication service players which are highly capitalized, global monopolies and today control multiple million customers across continents.
The mandate of all OTTs providing communication services should be equivalent to a TSP. For eg maintaining transaction records with identity of subscribers, sharing of protocols with LEAs and LI system provider to decode the communication or all this communication should happen with known protocols without any encryption which can be reproduced in case of monitoring. All the transactions and logging should happen within India so that the designated agencies can have access to the data.