OTTs need to follow same security framework as TSPs, says RJio
TSPs are under the obligation to provide Lawful Interception access to their networks. However, no such provisions are there for OTT providers Communication OTTs need to comply, just like TSPs.
To address security concerns, regulatory and licensing framework for the Telecom Service Providers (TSPs) have evolved over the time. Some of the important security compliances applicable to TSPs are as follows:
Setting up Lawful Interception and Monitoring (LIM) systems to enable Authorised security agencies to monitor/ intercept the messages transmitted over the telecom networks.
Verification and authentication of consumers of telecom services.
Restriction on switching of domestic calls/ messaging from outside the country.
Restriction on sending user information abroad.
Right to inspect the sites/ network used for extending the service, by the Licensor.
Providing necessary facilities for continuous monitoring of the system, not employing any bulk encryption equipment, taking prior evaluation and approval of Licensor for any encryption equipment for specific requirements.
Switching/ routing of voice/ messages in P2P scenario.
Maintaining CDR/ IPDR for Internet including Internet Telephony Service for a minimum period of one year.
Maintaining parameters of IPDR as per the directions/ instructions issued by the Licensor from time to time.
Responsibility for ensuring protection of privacy of communication and confidentiality of subscriber information.
Applicability of Indian Telegraph Act, Indian Telegraph Rules, The Code of Criminal Procedure, and the Information Technology Act and their different rules pertaining to intermediaries and interception.
Lawful Interception (LI) of every message is legally approved. It is an important tool with the security agencies for investigation of criminal, anti-national and anti- social activities. TSPs are under the obligation to provide LI access to their networks/ services. However, no such provisions are there for OTT providers, who use data access channel of the telecom service providers to reach the customer with similar voice and messaging services.
It is understood that the licensing regime, as applicable to the TSPs, may not be desirable for the OTT providers, however, to comply with the National Security requirements and to ensure consumers’ security, safety and privacy, an appropriate regulatory framework is required to be established for OTT service providers as well.
The nature of services offered by the OTTs, especially the communication OTTs, are very similar to that of the TSPs as far