Logo

Defender of your Digital Freedom

All Posts | Jun 13,2019

TRAI Consultation on OTT Regulation – Follow-up Submission on Surveillance Reform

On 20 May 2019, during TRAI’s 'Open House Discussion' in Delhi on OTT communication services, certain arguments were raised regarding national security concerns surrounding encrypted communication services, including those services that have end-to-end encryption. The prime factor in these arguments was that terrorists could use end-to-end encrypted communication services to securely communicate among themselves, and such communication cannot be intercepted in time to gather intelligence and act swiftly. It was stated that if all communication could be intercepted in real-time, then terrorist activities could be prevented.

If one places themselves in the shoes of a sovereign that has the responsibility to protect the country from external threats, the prospect of legally requiring an app or a service to hand over all data or information is alluring. After all, this has been done for more than a century with letters, telegram and telephone. Letters could be opened, and telephone and telegram networks could be tapped. Why then, one might wonder, should digital services be treated any differently?

By way of a follow-up submission to TRAI on its public consultation on a regulatory framework for OTT communication platforms, we have addressed the technical and legal concerns around mass monitoring of online communication and the need for reforming surveillance law in India.

Our submission to TRAI can be downloaded below. Our comments and counter comments to TRAI's public consultation on OTT communication services can be downloaded from - here and here, respectively.

All Posts | Jan 26,2019

Our Counter Comments to TRAI’s Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services

The Telecom Regulatory Authority of India (TRAI) had published a consultation paper on 12 November 2018 for the creation of a regulatory framework for over-the-top (OTT) communication services. OTT services are those services which are used or delivered over the Internet. Basically, if you need Internet for something, then it is an over-the-top service. On 07 January 2019, we submitted our comments to TRAI. On 21 January 2019, we submitted our counter comments. Our counter comments are available below.

Links:

------------

These counter-comments may be viewed as our submission against similar recommendations made by others that have not been named in this document. Our counter comments have been written according to separate issues raised in the comments received by TRAI:

  • Broadcasting services: Dish TV1, GTPL Hathway2, Multicast Communication and Distribution Limited3 and a few others have recommended that broadcasting services should be brought within the realm of same-service same-rules. The present paper deals with OTT communication services. OTT broadcasting services are required to comply with the same laws in India as any other service that operates over the Internet. They must, for example, comply with the Information Technology Act, 2000 and the Rules made thereunder. Any recommendation under the present paper must not relate to broadcasting services as such services do not provide any form of intentional bi-directional targeted communication between pre-selected parties.

  • Compliance with TRAI Act: Bharti Airtel4 has suggested that OTT services should comply with the TRAI Act and directions issued thereunder. As stated in our original comments, regulation of OTT services does not lie within TRAI’s domain and powers.

  • Data localization: Some comments submitted to TRAI have asked for data localization in one form or another. Data localization would only result in fragmentation of the Internet affecting innovation and business. Foreign start-ups would not be able to provide their services in India and Indian start-ups would face the same issue in other countries that follow India in implementing such a requirement.

  • Decryption of data: Reliance Jio5 has recommended that OTT services should give full data access including decryption keys to law enforcement agencies. PayTM6 has stated their belief that Indian authorities must have absolute and unrestricted access to Indian data. In certain situations, owing to technical realities, it is not possible for an OTT service to provide the keys to law enforcement agencies as they themselves might not have access to the keys. Additionally, India already has lawful access to data and decryption requirements under the Information Technology Act, 2000. Extending this to all data would be a violation of the Right to Privacy, as held by the nine-judge bench in Justice K.S. Puttaswamy (Retd) & Anr. v. Union of India & Ors.7

  • Lawful interception: Bharti Airtel has stated their belief that OTT service providers should be responsible for establishing technical infrastructure required in India for lawful interception. Any such requirement would gravely harm the economy of our country. Use of OTT services is based on trust. Without such a trust, OTT services cannot be relied upon for secure transmission of sensitive information such as the communication between a doctor and her patient, between a lawyer and her client, and financial transactions that occur over OTT services. Our economy is heading towards a digital future. Without the proper security measures in place, the entire infrastructure will be vulnerable to interception and attacks from bad actors and foreign states.

  • Registration in India: GTPL Hathway has recommended that all OTT apps desirous of providing their services in India and all operating systems (Android, iOS, Windows, etc.) should be mandatorily registered in India and should be easily accessible by the government. Operating systems and apps come in varied forms, and with various tweaks and updates for various devices. Keeping track of all operating systems and apps would be a futile exercise, especially as open source apps and operating systems can be modified and re-deployed by anyone. Their mandatory registration in India would slow down innovation and thereby harm the economy of our country. Security updates would be provided faster to other parts of the world, while every device in India would be known to be vulnerable to security threats. Mandatory requirements for backdoors, as advocated in this recommendation by GTPL Hathway, would break trust of the international community in any service that is available in India. The central database of vulnerabilities would be a honeypot that every known and unknown, state and non-state actor in the InfoSec field would want to get their hands on.

  • Revenue for TSPs from OTT services: J. Sagar Associates8 has recommended that TSPs should derive some sort of benefit from OTT services that use their networks, by charging money for different elements of OTT services (voice, text) that use their networks. Confederation of Indian Industry9 recommended allowing TSPs to offer OTT packs. Such revenue models have already been dealt with by TRAI under earlier Net Neutrality consultations. Any such revenue model would run afoul of Net Neutrality principles that have been established in India.

  • Subscriber verification: Bharti Airtel asks for subscriber verification in the form of a KYC by OTT communication services and asks for them to be responsible for collecting and storing authentic identification of all users. This ignores the fact that not all communication services fill the same gap. Different services cater to different needs in the market. Some services provide anonymous communication between their users. Other services allow any user to change their name to any arbitrary text at any time. Such platforms do not rely on a real identity of a user. In fact, the purpose of such apps is often to allow users to communicate without revealing their real identity to others. Any form of subscriber verification / de-duplication would be against the entire purpose of such services. There is no need for each communication service to have the real identification information of each user. An IP address can sufficiently be used to trace the origin of a message or transmission. Requiring each OTT service to maintain identifying information would pose as a huge security and privacy nightmare in a world where we are constantly facing endless data privacy violations and breaches, and where users consistently find themselves under-equipped to protect themselves.

  • Substitutability: Bharti Airtel has written in its comments that substitutability of services should be treated as the primary criterion for comparison of regulatory and licensing framework between TSPs and OTT service providers. The justification provided by Bharti Airtel is that historically only TSPs provided voice/video calling and messaging services, and that for end consumers, any voice/video call or message exchange done via the TSP’s network or through an OTT application serves the same purpose. However, as we explained in our comments, TSPs get their ability to provide these services through the use of a limited natural resource, i.e. through their use of the telecom spectrum. Since this is a natural resource, there is limited competition for TSPs as the use of the spectrum is limited by laws of physics. OTT services are limited by the availability of Internet, bandwidth and latency. Modern technologies such as 4G and 5G provide for the transmission of calls and text over TSP networks to take place over the Internet. While bandwidth and latency affect calls and messages over TSP networks, calls and text messages sent through the networks of TSPs are prioritized over other data packets. This, along with limited competition, are advantages that TSPs have over OTT services. Calls and messaging over a TSP network are always available to a user, while calls and messaging over OTT services are only available when a user has an Internet connection. Additionally, OTT services provide a richer experience that is absent in TSP services, such as sending documents. Most TSPs now have tariff plans that offer unlimited voice calls and text messages. Therefore, this is a moot point. TSPs do not suffer from any competition from OTT services. The primary service provided by a TSP now is access to the Internet. This is a sphere that OTT services cannot compete in. TSPs are the gatekeeper to the Internet. The secondary service provided by a TSP is communication. Here, too, TSPs have a distinct advantage as: (a) their service is always available even in the absence of Internet (by falling back to older technologies); and (b) their services are prioritized over other data packets.

 

1 Dish TV’s comments on the Consultation Paper, available at https://main.trai.gov.in/sites/default/files/DishTVIndiaLtd09012019.pdf.

2 GPTL Hathway’s comments on the Consultation Paper, available at https://main.trai.gov.in/sites/default/files/GTPLHathway08012019.pdf.

3 Multicast Communication and Distribution Limited’s comments on the Consultation Paper, available at https://main.trai.gov.in/sites/default/files/MulticastLimited08012019.pdf.

4 Bharti Airtel’s comments on the Consultation Paper, available at https://main.trai.gov.in/sites/default/files/BhartiAirtel10012019.pdf.

5 Reliance Jio’s comments on the Consultation Paper, available at https://main.trai.gov.in/sites/default/files/RJIL09012019.pdf.

6 PayTM’s comments on the Consultation Paper, available at https://main.trai.gov.in/sites/default/files/Paytm08012019.pdf.

7 W.P.(C). No. 494/2012.

8 J Sagar Associates’ comments on the Consultation Paper, available at https://main.trai.gov.in/sites/default/files/JSagarAssociatesadvocatessolicitors08012019.pdf.

9 Confederation of Indian Industry’s comments on the Consultation Paper, available at https://main.trai.gov.in/sites/default/files/ConfederationofIndianIndustry08012019.pdf.

All Posts | Jan 08,2019

Our Comments to TRAI’s Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services

The Telecom Regulatory Authority of India (TRAI) had published a consultation paper on 12 November 2018 for the creation of a regulatory framework for over-the-top (OTT) communication services. OTT services are those services which are used or delivered over the Internet. Basically, if you need Internet for something, then it is an over-the-top service. Yesterday, on 07 January 2019, we submitted our comments to TRAI. Our comments are available below. Counter comments will be accepted by TRAI until 21 January 2019.

Links:

Executive Summary

Telecom Service Providers provide multiple services, however, all of those services are based on a limited natural resource that the TSPs have acquired from the Government by paying a licensing fee and signing a contract. We hope that the responses submitted to the earlier consultation paper on Regulatory Framework for Over-the-top (OTT) services will also be considered while analysing the responses to the current consultation paper, as the issues dealt with are largely similar.

TSPs are given a license to use a limited natural resource. Natural resources belong to the State and the public at large. Any use of a natural resource has to be done for the benefit of the public. When it comes to the allocation of spectrum to TSPs, this is done for two reasons: (a) procurement of money by the Government for the allocation of the natural resource; and (b) benefits to the public in terms of the availability of that natural resource to the public at large.

The use of any portion of that natural resource by one TSP cannot overlap with the use of the same portion of that natural resource by another TSP. Therefore, bandwidth has to be allocated to different TSPs based on certain criteria such as their competence and capability to make the best use of the wavelengths that have been allocated to them. Their primary task is to make that natural resource useable to the rest of the society. In effect, they perform the task of a pipeline. TSPs are public utility providers. Ineffective use of a license by a TSP is contrary to the public interest as the wavelengths to be allocated for use by a TSP are limited, the barriers to entry are higher and there cannot be an unlimited number of TSPs competing in the market since the resource to be divided amongst them is limited. If a TSP does not use a license effectively, the public at large would suffer, development would slow down due to a lack of the availability of the natural resource and people’s ability to exercise their rights and freedoms would be curtailed.

Telecom Service Providers operate in the form of an oligopoly – there are few players in the market that provide the same services as a result of the limited natural resource that they are dealing with. With changing times, the services being provided by TSPs had to evolve. If they did not, they would die out. In earlier days, the primary task of a TSP was to provide a telegraph service. This then evolved into providing a telephone and telefax connection to businesses and homes. With 2G mobile phones and mobile networks came the SMS and mobile data. With evolving networks, mobile data became faster and more readily available. In the meantime, broadband access to home had also become cheaper and faster. Now, there are two modes of accessing the same, open and fast internet – broadband and mobile data. The services being offered by TSPs and the tariff plans that they offer have shifted in tandem with the changing technologies, but the primary task that a TSP has to perform remains the same – make the best and the most efficient use of the limited natural resource over which they have an oligopoly. Today, the primary task of a TSP is to provide access to the internet. They are the gatekeepers of the internet, holding the keys to the digital world in their hands, with the ability to charge money for a service that no OTT will ever be able to. The onus of generating profits for TSPs is on the TSPs; it is not on the Regulator, the public and OTT services to create an environment in which TSPs can flourish with their control over the limited resources. The criteria to be used by them for bidding on spectrum, allocating resources for development of their networks, staffs and other costs need to be kept in mind while creating their tariff structures. If TSPs are unable to create a tariff structure in which they can generate profits from their ability to provide access to a limited natural resource, then there is an inability or unwillingness among the TSPs to foresee their costs and create appropriate tariffs and bids.

This situation cannot be resolved by imposing similar costs onto OTT services. OTT services exist as a polypoly. The reason that the OTT ecosystem has flourished is that it is not bound by the same restrictions and limitations as the TSPs. On the other hand, OTT service providers cannot sell access. They can only make their services available to those that already have access to the Internet. Innovations from the OTT ecosystem have led to increased efficiency in use of resources by the TSPs. The TSPs now have VoIP thanks to technologies developed for use over the internet. This has led to a decrease in costs and increase in efficiency of voice calls. OTT services operate with lower barriers to entry than TSPs. OTTs can operate in a free market without any limitations on the competition, so if a particular app does not provide sufficient QoS, then users are free to switch to any competitor. However, QoS of TSPs needs to be regulated because of the existence of an oligopoly over a limited natural resource. If the QoS of a TSP is below par, there are only a few options available to the users.

Unlike what TSPs would have us believe, the primary task of a TSP is not to make the largest profits; the primary task of a TSP is to make the best possible use of the wavelengths that they have exclusive access to. TSPs and OTT services cannot be seen to be competing with each other and do not require to be brought to the same playing field under the same restrictions and regulations, as the domains in which they are operating are not the same. We must not forget that TSPs are the sole gatekeepers of the Internet, with an ability to charge appropriately for that privilege.

OTT service providers are already regulated under the Information Technology Act, 2000 along with the Rules laid down under the said Act. TRAI has no power to regulate OTT services. The current laws permit for their regulation under the Information Technology Act, 2000 and the Rules made thereunder. Our country is already in the process of formulating a data protection law as well as undergoing a consultation process for the amendment of the Information Technology (Intermediaries Guidelines) Rules, 2011 under Section 87(2)(zg) read with Section 79(2) of the Information Technology Act, 2000. If further regulation is considered necessary, it would have to be done under a new law.
 

Q.1 Which service(s) when provided by the OTT service provider(s) should be regarded as the same or similar to service(s) being provided by the TSPs. Please list all such OTT services with descriptions comparing it with services being provided by TSPs.

TSPs have the exclusive rights to commercialize a limited natural resource – spectrum. This cannot be done by anyone else without paying the appropriate charges and acquiring the appropriate rights from the Government. The task in front of TSPs is to make the best, most efficient and competitive use of the spectrum allocated to them in order to generate revenues necessary for sustenance and development of their networks. Under the latest technologies, TSPs are dedicating the entire spectrum towards a data pipeline with individual services such as voice calls travelling over the said data pipeline.

Due to their exclusive rights over the spectrum, TSPs are the gatekeepers to the Internet. They perform the task of a utility provider that provides the infrastructure over which transfer of information takes place. Earlier, that information took the form of transmission of text over the telegraph network using morse code. With an evolution of technologies, this changed into transmission of voice over landline phones. The next evolution in the telecommunications networks was the introduction of data over wired and wireless networks. Throughout the evolution of technologies, the core task of TSPs has remained the same, i.e. transmission of information, while the evolution of technologies has resulted in newer forms of information being transmitted by TSPs, going from morse code to voice to the Internet.

The only similar services between TSPs and OTT service providers are written and oral communications. Here, too, we need to be careful as this description in itself is too broad as it covers communication that is ancillary to the purpose of a service, such as comments within collaborative document editing, comments on a webpage or communication within a video game. EU’s draft Electronic Communications Code has taken a positive step in disregarding services where communication is an ancillary function. Our view of OTT services as covered under the present discussion paper, therefore, is limited to only those OTT services where written and/or oral communication is the primary objective of the service.

TSP networks and OTT service providers have diverged in the services that they provide. On one hand, OTT services have evolved from basic written and oral communication to include stickers, video calls and other forms of communication. On the other hand, the technologies in use by TSPs have now evolved beyond such services and gone into the realm of providing a pipeline for the Internet. Instead of OTT service providers offering services that are the same or similar to services being offered by TSPs, it is now the TSPs that are offering services that are the same or similar to services being offered by OTT service providers such as voice calls, written communication and video content over the Internet. These OTT services provided by TSPs are regulated under the Information Technology Act, 2000. They must adhere to the Information Technology (Intermediaries Guidelines) Rules, 2011 under Section 87(2)(zg) read with Section 79(2) of the Information Technology Act, 2000 in the same manner that any other OTT service must abide by the Act and these Rules.

While voice calls over the internet were possible on 3G networks, the latency and bandwidth available were insufficient for a reliable voice call. 4G (LTE) brought a large enough jump in both bandwidth and latency to make it possible for voice calls to take place over the mobile data network with latency below 0.1 second almost 99 percent of the time.1 Research by Ofcom in UK showed an average latency of 53.1 milliseconds in 4G networks.2 5G networks aim to lower this latency even further, with URLLC (Ultra-Reliable Low-Latency Communications) networks targeting a latency as low as 1 millisecond.3

Spectrum allocated to TSPs is now no longer being used to transmit voice or written communication. It is being used to maintain an Internet connection with each device connected to the network, and to transmit data to and from such devices over the Internet. Since the basic service being offered by TSPs is now an active Internet connection with voice and text riding over the Internet, most TSPs now offer tariffs with unlimited voice communication since the primary service now is the Internet, and not voice calls or text messages. In this regard, OTT service providers are incapable of competing with TSPs.
 

Q.2 Should substitutability be treated as the primary criterion for comparison of regulatory or licensing norms applicable to TSPs and OTT service providers? Please suggest factors or aspects, with justification, which should be considered to identify and discover the extent of substitutability.

No, substitutability should not be treated as the primary criterion for comparison of regulatory and licensing norms applicable to TSPs and OTT service providers. The realm in which they operate is not the same. TSPs are allocated a limited spectrum, with a requirement to maintain sufficient quality of service for the services being provided using that spectrum. The intention here being that the spectrum must be utilized optimally. Sub-par utilization of the spectrum would be detrimental to the growth of the economy and the exercise of the rights of the people of our country as the spectrum is a limited natural resource. Two different TSPs cannot make use of the same spectrum at the same time. Therefore, it is essential to regulate and maintain quality of service in terms of making the spectrum useful to the public by the TSPs.

OTT service providers, on the other hand, provide services that require transmission of data over the Internet. OTT service providers do not have any control over how the infrastructure is developed or controlled. TSPs own, control and provide such infrastructure in the form of a pipeline to the Internet using the spectrum that has been allocated to them. This gives TSPs a distinct edge over OTT service providers. All information transmitted by TSPs over the latest technologies takes place in the form of transmission of packets of data, however, voice traffic packets in VoLTE have priority over data packets. Hence, even in situations of instability or high latency in voice calls through OTT services, voice calls are stable with low latency when placing a call through the TSP.

Therefore, even though the act of transmitting voice or text might have similar outcomes whether it is done through a TSP or an OTT service provider, the outcomes vary significantly. In addition, the task of a TSP is to make optimum use of the spectrum allocated to them in order to make that spectrum useable by the public. Today, this means making that spectrum available in the form of an open Internet. This ability rests solely in the hands of TSPs without any possibility of any competition from OTT service providers when it comes to making the spectrum available for use.

The need of the hour is for TSPs to further refine tariffs and for regulation of TSPs to be reduced; it is not to increase regulation of OTT service providers.
 

Q.3 Whether regulatory or licensing imbalance is impacting infusion of investments in the telecom networks especially required from time to time for network capacity expansions and technology upgradations? If yes, how OTT service providers may participate in infusing investment in the telecom networks? Please justify your answer with reasons.

Telecom networks are based on the use of a limited natural resource (spectrum) that is allocated to service providers. No two entities can use the same spectrum at the same time. This spectrum is now used for the provision of voice, text and Internet connections to the people. Due to the limited number of entities that have the rights to use the spectrum, TSPs have an oligopoly on the use of the spectrum. Without their use of the spectrum, mobile Internet would not exist.

As observed by Professor Tim Wu, Professor of Law at Columbia University in his seminal paper on net neutrality, the argument for a neutral Internet must be understood as the concrete expression of a system of belief about innovation, whose adherents view the innovation process as a survival-of-the-fittest competition among developers of new technologies. Models of development must not vest control in any initial prospect-holder, private or public, who is expected to direct the optimal path of innovation, minimizing the excess of innovative competition.4 OTT service providers cannot be blamed for any perceived or actual lack of investments in telecom networks. The core services being provided by TSPs and OTT service providers are not the same as the former exploits a limited natural resource, while the very existence of the latter makes the former’s services more useful and necessary for the public.

If TSPs are unable to generate sufficient investments and profits, then they need to revise their tariff plans in order to generate increased profits from their data traffic.
 

Q.4 Would inter-operability among OTT services and also inter-operability of their services with TSPs services promote competition and benefit the users? What measures may be taken, if any, to promote such competition? Please justify your answer with reasons.

Yes, inter-operability among OTT services would promote competition and benefit the users as it would lower the barriers for entry. Before the Internet was walled off into closed ecosystems, communication over the Internet was based on open standards such as Newsgroups,5 Internet Relay Chat (IRC),6 Extensible Messaging and Presence Protocol (XMPP)7 and email. Being based on open standards, they promote competition among different service providers as the barriers to entry into these ecosystems are low. Users of these standards are not locked into a single client as they can easily switch to another service provider that can connect them to the same userbase over the same technological standard. Some of the most popular modern closed chatting software originated as XMPP clients with their dedicated servers, and then evolved into a closed environment with user lock-in once they had a large base. Advancements made in these closed software were not propagated back to the open standard, thus raising the barriers for entry for new developers as they now had to compete with established software with their locked-in large userbase.

Conversion back to open standards cannot be forced, as that would mean depriving society of the advances that have been made in technologies. Instead, we need to focus on developing and promoting the adoption of open standards to avoid vendor lock-in, innovation and collective advancement. Government sponsored development of open standards and educational campaigns regarding their benefits are required to drive mass adoption of open standards before any action can be taken to prevent further vendor lock-in in the sphere of online communication.
 

Q.5 Are there issues related to lawful interception of OTT communication that are required to be resolved in the interest of national security or any other safeguards that need to be instituted? Should the responsibilities of OTT service providers and TSPs be separated? Please provide suggestions with justifications.

Although it cannot be denied that there are differences between the surveillance and law enforcement requirements imposed on TSPs and OTT service providers, most of these differences fall away when one takes a closer look at the current as well as the developing legal scenario in India and the world at large.

India currently has correctly placed obligations upon TSPs and OTT service providers under different laws. While the former has a duty to make spectrum useable by the public in the form of communications services, the latter is a part of a free market ecosystem that exists on top of the Internet. Without the former, the latter cannot exist, however, the reverse is not true.

While TRAI can regulate the use of the spectrum by TSPs, TRAI has no power to regulate or even make recommendations to the Department of Telecommunications regarding OTT service providers. Their regulation can and does happen through a separate law – the Information Technology Act, 2000 along with certain sections in the Indian Penal Code, Criminal Procedure Code, and sectoral laws, amongst others. Intermediaries such as OTT service providers, including TSPs in their provision of OTT services, are required to abide by the Information Technology (Intermediaries Guidelines) Rules, 2011 under Section 87(2)(zg) read with Section 79(2) of the Information Technology Act, 2000. The Ministry of Electronics and Information Technology (MeitY) is currently undertaking a public consultation in order to amend these Rules. The amendment aims to further regulate intermediaries such as OTT service providers. TRAI has no power to regulate OTT services. Instead, the power under the current laws rests with MeitY. If action is required beyond the scope of what is permissible under the Information Technology Act, 2000, then a new law would be needed for this purpose.

Surveillance of Internet networks is provisioned by Sections 69 and 69B of the Information Technology Act, 2000 read with the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 as well as the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009. These, along with Section 5 of the Indian Telegraph Act, 1885 read with Rule 419A of the Indian Telegraph Rules, 1951, lay down the substantive and procedural frameworks under which Law Enforcement Agencies may collect communications data and meta-data from communications service providers. In the case of TSPs, their respective service licenses contain clauses that further outline certain security conditions in support of the broader legislative framework.

The telecommunication interception law in our country (Sections 5 and 26 of the Telegraph Act) is outdated as it was framed during the British era for foreigners to rule over an indigenous population. It was made before the Constitution of India was framed, in a time before fundamental rights had been granted to the population of India. The lawful interception requirements under the License Agreements were made with the same assumptions regarding privacy and security as were prevalent in during the British rule. In 2017, a nine-judge bench of the Supreme Court of India has recognized that the Right to Privacy is protected as an intrinsic part of Right to Life and Personal Liberty under Article 21 of the Constitution and other freedoms guaranteed under Part III of the Constitution.8 Instead of requiring backdoors, weakening of encryption or increased surveillance on OTT platforms, we need to revisit and review the surveillance and interception provisions under the Telegraph Act, the Rules framed thereunder and the lawful interception requirements under the License Agreements for compliance with the Right to Privacy as per the Supreme Court’s judgment.

Today, doctors and lawyers are conducting confidential communications with their clients over end-to-end encrypted communication platforms such as WhatsApp. Journalists are using these platforms to communicate with their sources. Members of police and armed forces are sharing information internally through these platforms. Financial information is also shared by people over these platforms. If these platforms are required to impose any form of surveillance or interception, then the right to privacy and freedom of speech and expression along with the entire digital economy of the country would be at high risk. Encryption now forms the backbone of the digital economy. A large part of a sustainable digital economy is based on trust. If a country requires weakening of encryption or any form of backdoors, then the encryption and security products originating from or taking place in that country cannot be trusted for undertaking any task that involves personal data. Platforms that are required to implement such requirements would be faced with a choice to stop conducting business in India, weaken the security for their users across the globe, or to split their user base into (a) a global community except India with high security and (b) an isolated group of users in India that face high risk with weakened security. In such a situation, no OTT communication service originating in India would be trusted by the rest of the world. We recommend against any surveillance or interception measures on any OTT platform.

While Section 43 of the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 protect only sensitive personal data or information, India is currently in the process of formulating a new data protection law. This law would impose restrictions and requirements upon OTT platforms for the collection, use, storage, transmission, sale and other activities related to personal data. It would be prudent for TRAI to take a wait-and-watch approach towards further developments in this area instead of attempting or recommending any regulation of OTT platforms at this juncture. Instead, it would be prudent to revisit the existing surveillance and interception requirements in light of the Supreme Court’s judgment of the Right to Privacy.

On the question of compliance where the TSP or a content provider is based outside India, the Information Technology Act has broad territorial jurisdiction that extends to computer networks outside the country as well. Under Section 75 of the Act, this jurisdiction can apply to an offence or contravention (say that of sensitive data protection rules) as long as it involves a computer, computer system or computer network located in India. While MLATs have proven to be a slow method for getting access to data, the proper way of approaching the situation would be to participate in multi-national agreements for faster access to data across borders for law enforcement purposes. Any approach that is based on requirements to store data or a copy of the data within India would hamper innovation and the use of the latest technologies in the country by increasing the cost for compliance and raising barriers for entry. This would impact all industries and all sectors as every sector is now dependant upon digital communication, storage, transfer and processing of data.
 

Q.6 Should there be provisions for emergency services to be made accessible via OTT platforms at par with the requirements prescribed for telecom service providers? Please provide suggestions with justification.

Emergency services, if made accessible via OTT platforms, will have to take one of three forms:

  1. Require every emergency service control room to be present and active on every popular OTT platform. This option is infeasible as it would require additional equipment and personnel in emergency service control rooms.

  2. Connect from OTT platform to emergency service control rooms – this would require inter-operability with TSPs as asked under question 4 above. There are multiple reasons for not recommending this approach. It would increase the barriers for entry for new players in the OTT communications market without any significant direct advantage to end users. The communication would pass through the OTT platform. The reliability of the communication would depend upon the presence or absence of a reliable data connection with low latency and low load on the network. Selective data streams cannot easily be prioritized over other data streams without violating fundamental principles of Network Neutrality. Even in the best of situations, contacting emergency service control rooms via OTT applications would be less reliable than contacting emergency services without going through the OTT platform.

  3. Alternatively, a much simpler route could be taken – whenever a user attempts to contact emergency services, the default dialler app on the user’s device could be automatically opened to place an emergency call through the TSP’s network. This does not require any new infrastructure to be developed, maintained or monitored. It would also not require any additional Quality of Service checks. OTT platforms would need to develop the capability to route calls to emergency numbers through the device’s default dialler app. In case a user is accessing an OTT platform through a device that does not have the capability of making a phone call, the user can be provided directions for calling emergency services.

Because of the above, especially due to higher reliability and priority of calls placed through a TSP’s network, we recommend that any provision for OTT platforms to mandatorily make emergency services accessible through their platforms should take the form of transmitting such communication through a TSP’s network instead of the OTT platform.
 

Q.7 Is there an issue of non-level playing field between OTT providers and TSPs providing same or similar services? In case the answer is yes, should any regulatory or licensing norms be made applicable to OTT service providers to make it a level playing field? List all such regulation(s) and license(s), with justifications.

OTT providers and TSPs that provide same or similar services (written and oral communication) exist and operate in entirely different realms. While the objective achieved through the use of these two might be the same – communication in written or oral form – TSPs and OTT providers are not in direct competition with each other. One of them has an oligopoly over the use of a limited natural resource in the form of spectrum, while the other faces unlimited competition.

TSPs have multiple distinct advantages over OTT services:

  • TSPs have an oligopoly over the use of radio wave spectrum. They have exclusive rights to make this spectrum useful by providing access to this spectrum to the public at large. OTT providers cannot enter this space.

  • Communication through TSP’s network can reach any other user of any TSP, so a user can call or write messages to any user of any TSP’s network. However, communication through most OTT services is limited to users of that particular OTT service. Users of any popular instant messaging service, for example, can only reach other users of that instant messages services. In order to overcome this limitation, some OTT messaging services have incorporated an ability to send SMS through that OTT app in case the intended recipient of the message is not a user of that app.

  • Voice calls made through TSP networks are prioritized over voice calls made through OTT platforms. Packets of data containing TSP’s VoIP are prioritized over other data packets, while packets of data containing OTT VoIP compete with all other data packets. OTT services rely on the quality, stability and load of a data connection at any moment. If a data connection is under high load, then a voice communication over that connection is likely to suffer from dropped packets or high latency, while voice communication through the TSPs network would not suffer the same fate due to prioritization of these packets.

Additionally, OTT service providers are required to comply with the Information Technology Act, 2000, including the requirements mentioned under our comments to Question 5 above.

There is no non-level playing field between TSPs and OTT service providers as the two are not playing in the same field. OTT service providers can never run a TSP out of business, as an OTT service cannot exist without a TSP. Unfair regulation of a TSP is a concern that needs to be examined separately.

 

Q.8 In case, any regulation or licensing condition is suggested to be made applicable to OTT service providers in response to Q.7 then whether such regulations or licensing conditions are required to be reviewed or redefined in context of OTT services or these may be applicable in the present form itself? If review or redefinition is suggested then propose or suggest the changes needed with justifications.

N/A.
 

Q.9 Are there any other issues that you would like to bring to the attention of the Authority?

As mentioned in our comments to Questions 5 and 7 above, OTT service providers are already regulated under the Information Technology Act, 2000 along with the Rules laid down under the said Act. TRAI has no power to regulate OTT services. The current laws permit for their regulation under the Information Technology Act, 2000 and the Rules made thereunder. Our country is already in the process of formulating a data protection law as well as undergoing a consultation process for the amendment of the Information Technology (Intermediaries Guidelines) Rules, 2011 under Section 87(2)(zg) read with Section 79(2) of the Information Technology Act, 2000. The correct body for undertaking such an exercise is the Ministry of Electronics and Information Technology. If regulation is considered necessary beyond what is permissible under the Information Technology Act, 2000, it would have to be done under a new law.

1 The Difference Between 3G and 4G VOIP Calls, Idtexpress. Available at https://www.idtexpress.com/blog/2018/02/05/difference-3g-4g-voip-calls/, last seen on 30 November 2018.

2 Ofcom research shows 4G significantly outperforms 3G networks, Ofcom. Available at https://www.ofcom.org.uk/about-ofcom/latest/media/media-releases/2015/4g-outperforms-3g, last seen on 06 January 2018.

3 Ultra-Reliable and Low-Latency Wireless Communications: Tail, Risk and Scale, Mehdi Bennis, Merouane Debbah and H. Vincent Poor. Available at https://arxiv.org/pdf/1801.01270.pdf, last accessed on 07 January 2018.

4 Network Neutrality, Broadband Discrimination, Tim Wu, Journal on Telecom and High Tech Law. Available at http://adam.curry.com/enc/20140501152806_timwu2003netndoc.pdf, last accessed on 30 November 2018.

5 RFC 1036 – standard for interchange of USENET messages

6 RFC 1459 - Internet Relay Chat Protocol

7 https://xmpp.org/

8 K.S. Puttaswamy and Ors. v. Union of India and Ors [W.P.(C). No. 494/2012]

All Posts | Jul 17,2015

Core recommendations of the DOT Committee on net-neutrality

In light of the emergence of net-neutrality and regulation of Over-the-Top (OTT) services as popular topics in national policy debates, in January 2015, the Department of Telecommunications under the Ministry of Communications and Information Technology (MCIT) constituted a Committee chaired by Shri A K Bhargava [Member (T), DOT] with the following terms of reference:

  1. To examine the pursuit of net-neutrality from a public policy perspective, its advantages and limitations.

  2. To examine the economic impact on the telecom sector that arises from the existence of a regulated telecom services sector and unregulated content and applications sector including OTT services.

  3. To examine, assess and specify qualifications on the applicability of the principle of net-neutrality from the security, traffic management, economic, privacy and other stand-points.

  4. To recommend overall policy, regulatory and technical responses in light of examination and assessment of the issues in the first three terms of reference.

The 110-page outcome report of said Committee's inquiry, presented before the MCIT in May 2015, was made public on July 16, 2015. Below are excerpts from the report highlighting the core recommendations made by the Committee.

Conceptually on net-neutrality

  • The Committee is of the view that there is no need to hard code the definition of Net Neutrality but assimilate the core principles of Net Neutrality and shape the actions around them. The core principles of net-neutrality must be adhered to. However, this would need to be circumscribed by certain unequivocal conditions that do not breach the core requirements of net-neutrality as they are commonly understood. Said conditions would include but aren't limited to the intrinsic need to protect networks from disruptive attacks, management of Internet traffic, need to comply with legal obligations, and maintenance of acceptable Quality-of-Service (QoS) levels for some real time services.

Generally on the policy approach to net-neutrality

  • Considering the large Internet user-base and the critical role of the Internet in our economic, social, and political spaces, India should initiate action in formulating an objective net-neutrality policy tailored to the needs of the nation.

  • The endeavor in the policy approach should be to identify and eliminate actions that inhibit innovation in an open Internet or severely inhibit investment in infrastructure.

  • The primary goals of public policy should be directed towards achieving developmental aims of the country by facilitating "affordable broadband", "quality broadband", and "universal broadband" for its citizens. Accordingly, public policy should:

    • expand access to broadband;

    • endeavor (through Digital India) to bridge the digital divide and promote social inclusion;

    • enable investment, directly or indirectly, to facilitate broadband expansion;

    • ensure the functioning of competitive markets in network, content and applications by prohibiting and preventing practises that distort competition;

    • recognize unbridled right of users to access lawful content of their choice without discrimination;

    • support the investment-innovation virtuous cycle, and the development of applications relevant to and customized for users.

  • User rights on the Internet need to be ensured so that Telecom/Internet Service Providers (TSPs/ISPs) do not restrict the ability of the user to send, receive, display, use, or post any legal content, applications, or services on the Internet, or restrict any kind of lawful Internet activity or use.

On regulation of Over-the-Top (OTT) services

For the purposes of the report, OTT services are broadly classified into (i) OTT communications services [real time person-to-person telecommunication services], and (ii) OTT application services [media, trade & commerce, cloud, social media etc.]. The Committee notes that while both OTT messaging and international voice calling services have affected TSP revenues, neither have completely disrupted TSP revenue models. The Committee is also of the view that the statement of the TSPs that they are under financial stress due to rapidly falling voice revenues and insufficient growth in data revenues is not borne out by evaluation of financial data. However, OTT domestic voice calling services have the potential to significantly disrupt existing TSP revenue models. The existence of regulatory and pricing arbitrages further exacerbates the problem, and calls for a calibrated response to ensure a level playing field. The immediate imperative for the Government is to facilitate investment in broadband infrastructure and bring out policy certainty in the investment climate. Consequently, the Committee finds that ensuring a policy and regulatory level playing field in OTT domestic voice calling services is extremely important. With this in mind, the Committee recommends the following:

  • OTT application services have been available in the market for some time, and enhance consumer welfare and productivity. Therefore, such services should be actively encouraged and any impediments in expansion and growth of OTT application services should be removed.

  • OTT messaging services should not be interfered with through regulatory instruments.

  • As public policy requires that regulatory arbitrage does not dictate winners and losers in competitive markets, the Committee favors regulation of OTT voice calling service providers. In case of OTT international voice calling services, a liberal approach may be adopted. However, in case of domestic calls, communication services offered by TSPs and OTTs must be treated similarly. The nature of regulatory similarity, calibration of regulatory response, and its phasing may be appropriately determined after public consultations and the Telecom Regulatory Authority of India's (TRAI) recommendations to this effect.

Specific policy recommendations on net-neutrality

  • A clause should be incorporated in the license agreements of TSPs/ISPs that require licensees to adhere to the principles and conditions of net-neutrality as specified by guidelines issued by the licensor (DOT) from time to time. The guidelines can describe the principles and conditions of net-neutrality in detail and provide applicable criteria to test any violation of the principles of net-neutrality. (Annexure IV of the report contains a set of suggested guidelines, which includes several indicative criteria against which adherence to the core principles of net-neutrality may be tested. Said criteria include non-curtailment of freedom of expression, non-discriminatory access, freedom to connect devices of one's choice to networks and services, non-hindrance of competition, observance of privacy and security standards etc.)

  • Since net-neutrality related cases would require specialized expertise, a cell in the DOT headquarters may be set up to deal with such cases. In case of violations, the existing two-stage procedure involving the review and appeal processes may be followed.

  • There should be a separation of the "application layer" and the "network layer", as application services are delivered over a licensed network. OTT application services are not similar to licensed communication services, thereby precluding the possibility of regulatory arbitrage arising from competition between licensed service providers and OTT application service providers. Where regulatory intervention is not required (i.e. in the cases of OTT international voice calling services and OTT chat/messaging services), licensing requirements can be dispensed with. On the limited aspect of OTT domestic calling services, the Committee reiterates its view that such services should be regulated through the exercise of licensing powers available under Section 4 of the Indian Telegraph Act.

  • A new legislation, when replacing the existing legal framework, must incorporate the principles of net-neutrality. Till such time as an appropriate legal framework is enacted, interim provisions enforceable through license agreements may be the way forward.

  • Tariff shall be regulated by TRAI as at present. Whenever a new tariff is introduced, it should be tested against the principles of net-neutrality. Post implementation, complaints regarding tariffs violating net-neutrality may be dealt with by the DOT.

  • Net-neutrality issues arising out of traffic management would have reporting and auditing requirements, which may be performed and enforced by the DOT.

  • QoS issues fall within TRAI's jurisdiction. Similarly, reporting related to transparency requirements will need to be dealt with by TRAI.

On traffic management

The Committee recommends that legitimate traffic management practises may be allowed, but should be tested against the core principles of net-neutrality. The following are identified as general criteria against which traffic management practises can be tested:

  • TSPs/ISPs should make adequate disclosures to users about their traffic management policies, tools, and intervention practises to maintain transparency and allow users to make informed choices.

  • Unreasonable traffic management, which is exploitative or anti-competitive in nature, may not be permitted.

  • In general, for legitimate network management, application-agnostic control may be used. However, application-specific control within the "Internet traffic" class may not be permitted.

  • Traffic management practises like DPI should not be used for unlawful access to the type and contents of an application in an IP packet.

  • Improper (paid or otherwise) prioritization may not be permitted.

  • Traffic management being complex and specialized, adequate capacity building needs to be done before undertaking such an exercise. Mechanisms to minimize frivolous complaints are desirable.

On tariffs and zero-rated services

The Committee feels that there are multitudes of possibilities in designing tariff plans, and it would not be possible to pre-determine all possibilities and their standing with respect to net-neutrality principles. Conclusions on whether specific tariff plans breach net-neutrality would have to be made in the context of their designs and the outcomes they generate, including their ability to distort consumer markets. Therefore, the Committee proposes that tariff plans (including zero-rated plans) be dealt with in the following ways:

  • Ex-ante determination - Before a licensee launches any tariff plan, the same would need to be filed before TRAI within a reasonable period prior to the launch of the plan. TRAI would examine each such tariff filing carefully to see if conforms to the principles of Net Neutrality principles and that it is not anti competitive by distorting consumer markets. Such a filing requirement would include a deemed approval clause, if the regulator does not decide within a reasonable period. This would ensure balance of interests protecting the liberty of TSPs/ISPs to design specific tariff plans attuned to specific customer demands and at the same time ensure that the principles of Net Neutrality are not breached.

  • Ex-post regulation - Complaints on tariff plans may be dealt with on a case by case basis through an adjudicatory process to be specified by the regulator and after giving a reasonable opportunity of being heard. Imposition of penalties or financial disincentives could be considered if the principles of Net Neutrality are violated. However, the measurement principles are to be defined to gauge whether the tariff plans impinge on Net Neutrality principles.

Specifically on zero-rated services, the Committee finds that content and application providers cannot be permitted to act as gatekeepers and use network operations to extract value, even if it is for an ostensible public purpose. Collaborations between TSPs and content providers that enable such gatekeeping should be actively discouraged. The Committee notes that in the market for content provision, clear market leaders emerge in a short while. If such market leaders are able to dictate the path to specific content, the principles of non-discriminatory access from a user view-point can be compromised, leading to distortions in the content provision market and consequent implications for the larger Internet economy and innovation.

On security and privacy

The Committee finds that Internet-based communication and application services transfer the ability to lawfully intercept traffic moving over networks away from Governments to private companies, who are not amenable to national legal jurisdictions. Loss of this ability has the possibility of compromising national security and law enforcement capabilities. Therefore, there is a need for a balance to be drawn to retain the country's ability to protect the privacy of its citizens and data protection without rendering it difficult for business operations. One possibility is to identify critical and important areas through public consultations where there may be a requirement to mandate local hosting or retaining enforcement capabilities in cases of breach.

Further, the Committee believes that national security is paramount, regardless of the treatment of net-neutrality. It therefore recommends inter-ministerial consultations to work out measures to ensure compliance of security related requirements from OTT service providers.

On content delivery, interconnection, and managed services

  • Content Delivery Networks (CDN) are arrangements for managing content as a business strategy. Making available one provider's CDN to others on commercial terms is a normal business activity. Discrimination in access or adoption of anti-competitive practices by them is best left to be covered under the law relating to unfair trade practices.

  • Managed services are necessary requirements for businesses and enterprises, and suitable exceptions may be made for treatment of such services in the net-neutrality context.

  • No specific recommendations are made on search neutrality, but the issue is flagged as a concern for public discussion.