Lawful Intercept and Monitoring

Lawful Intercept and Monitoring, abbreviated to LIM, is a clandestine mass electronic surveillance program deployed by the Centre for Development of Telematics (C-DOT), an Indian Government owned telecommunications technology development centre. LIM systems are used by The INDIAN Government to intercept records of voice, SMSs, GPRS data, details of a subscriber's application and recharge history and call detail record (CDR); and monitor Internet traffic, emails, web-browsing, Skype and any other Internet activity of Indian users. Mobile operators deploy their own LIM system which allows the government to intercept calls, after taking "due authorisation" in compliance with Section 5(2) of the Indian Telegraph Act read with Rule 419(A) of the IT Rules. The LIM system to monitor Internet traffic is deployed by the government at the international gateways of some large ISPs (between the ISPs Internet Edge Router (PE) and the core network). These surveillance systems are under complete control of the government, and their functioning is secretive and unknown to the ISPs. Nine Indian government agencies are known to have been authorized to make intercept requests through LIM including the Central Board of Direct Taxes (CBDT), the Central Bureau of Investigation (CBI), the Directorate of Revenue Intelligence (DRI), the Intelligence Bureau (IB), Ministry of Home Affairs, Narcotics Control Bureau (NCB), National Investigation Agency (NIA) and the Research & Analysis Wing (R&AW).

LIM systems can indiscriminately monitor all traffic of any Internet user for any length of time, without any oversight of courts and without the knowledge of ISPs. The government's system to monitor Internet traffic has an "always live" link to the entire traffic, effectively giving it access to 100% of all Internet activity. It has broad surveillance capability, based on IP or email addresses, URLs, fttps, https, telenet, or webmail. The system can also monitor through broad and blind search across all traffic in the Internet using key words and key phrases, using software commands such as "text search", "check some search", "serial scanning" and "wildcard search". Although the provisions of Rule 419(A) of the IT Rules are to be followed, The Hindu reported that "no one within the government or the ISPs was willing to reveal as to who sends the "intimation for interception", or who checks its authentication and who implements it, especially since the search is made on the basis of keyword across all traffic rather than a specified targeted surveillance." The paper also stated that the much of surveillance and monitoring "is in violation of the government’s own rules and notifications for ensuring privacy of communications".

Safeguards

The government notified safeguards, titled "Instructions for ensuring privacy of communications", for monitoring Internet traffic on 7 February 2006, following the leak of the Amar Singh tapes. It mandated all ISPs to have "designated nodal officers" for communicating and receiving the "intimations for interceptions". Nodal officers must be available round the clock, and are required to hold meetings with the government to "seek confirmation regarding their (interception orders) authenticity every 15 days”. The safeguards also include a procedure for monitoring traffic during "exceptions in emergent cases" and that only a pre-specified, authorized mobile numbers can be put under "targeted surveillance". A September 2013 report by the The Hindu stated that "in reality, these safeguards stand violated for the most part", because a majority of Indian ISPs neither had the government's LIM system installed nor any functional nodal officers. As a result, there is no ISP-level mandatory check for authenticating government's monitoring orders to protect user privacy, effectively leaving all Internet traffic of any user open to interception at the international gateway of the larger ISPs from whom the smaller ISPs buy bandwidth. According to the The Hindu, "Even where the LIM exists, the process of seeking authentication by nodal officers exists mostly on paper". The government intercepts any data it requires without or information to anyone, except to those within the government who send the Internet traffic monitoring commands, as it controls the LIM systems. The paper stated that no ISP had confirmed whether it had received an authorization letter for interception or monitoring.

Following the leak of the Niira Radia tapes in 2010, a committee, headed by former Cabinet Secretary KM Chandrasekhar, recommended that the Central Board of Direct Taxes (CBDT), which had tapped Radia's phone lines, be taken off the interception list. The government put in place a strict regime for what was described as Lawful Interception and Monitoring (LIM), and the Home Ministry cleared a detailed Standing Operating Procedure (SOP) in February 2012. The CBDT, which had not been listed in the draft SOP, was on the final list cleared by the Ministry. The Central Economic Intelligence Bureau (CEIB) was removed from the list. Agencies authorized to make interceptions under LIM include the CBDT, Research and Analysis Wing, the Intelligence Bureau, the CBI, Directorate of Revenue Intelligence and the Narcotics Control Bureau. The SOP laid out steps for rejecting a request from a security agency because of lack of proper authentication, requesting an extension of interception (maximum 180 days) and ordering interception in an emergency situation. Data that was permitted to be intercepted include records of voice, SMSs, GPRS data, details of subscriber's application and recharge history and call detail record (CDR). The SOP also required all service provider to ensure secrecy stating, "Service providers are responsible for the actions of their employees also. In case of established violation of licence conditions pertaining to maintenance of secrecy and confidentiality of information and unauthorized interception of communication, action shall be taken against the service provider and this shall include not only fine but also suspension or revocation of their licences." The SOP also stipulated that service providers must destroy all records exactly two months after interception is discontinued. It also requires records to be shredded in an enclosed room, and that "other employees should not be made aware and exposed to this activity in whatsoever manner."

It is unknown whether future safeguards that the government promised to implement in the Central Monitoring System (CMS) exist in LIM systems.

BlackBerry interception

In July 2013, BlackBerry granted the Indian Government access to its consumer messaging services, which include BlackBerry Messenger (BBM) and BlackBerry Internet Service (BIS) email. It is presumed that CMS will be used to monitor these services, although it may be done through the LIM system. However, the government will not have access to the BlackBerry Enterprise Server.

See also

  • Central Monitoring System
  • PRISM (surveillance program)
  • Lawful interception
  • Mass surveillance
  • Signals intelligence

See Also

Congressional response to the NSA warrantless surveillance program

Congressional inquiries and investigations Three days after news broke about the [...] Surveillance...

Telecommunications statistics in India

India has the fastest growing telecom network in the world with its high population and development...

Spytronic

Spytronic Security Inc is a surveillance and security company specialising in the sale, and rental...

Mobile Spy

Mobile_Spy_Logo.png Mobile Spy is a mobile phone monitoring software developed by Retina-X Studios...

Raleigh Spy Conference

The Raleigh Spy Conference was founded in 2003 by magazine editor and publisher Bernie Reeves. His...