The Pulse

India Sets Up Domestic PRISM-Like Cyber Surveillance?

A proposed federal body in India appears to be similiar to the controversial U.S. program—except aimed inwards.

Even as the United States’ PRISM cyber-snooping program is raising alarm across the world, India is in the midst of setting up a similar program designed to collect intelligence via the internet domestically.

The Hindu reports that the India government is creating a centralized mechanism to coordinate and analyze information gathered from internet accounts throughout the country. The mechanism will be called the National Cyber Coordination Centre [NCCC].

“The federal Internet scanning agency will give law enforcement agencies direct access to all Internet accounts, be it your e-mails, blogs or social networking data,” the Hindu reported, referring to the NCCC.

A classified government “note” that The Hindu obtained explains the NCCC in this way:

“The NCCC will collect, integrate and scan [Internet] traffic data from different gateway routers of major ISPs at a centralised location for analysis, international gateway traffic and domestic traffic will be aggregated separately … The NCCC will facilitate real-time assessment of cyber security threats in the country and generate actionable reports/alerts for proactive actions by the concerned agencies”

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

NDTV, however, reports that the NCCC will not target individuals but rather will seek to access threats to India’s cyber infrastructure as a whole.

“The new system will look for unusual data flow to identify and access cyber threats and not individual data,” NDTV reported, citing unnamed government officials.

But the Hindustan Times reports that Indian authorities have long used meta-data to track potential cyber threats inside the country. According to that paper, the program does not allow Indian authorities to access actual content, but rather look for “patterns in the manner emails, phone calls and SMSes are sent and delivered.”

It’s unclear how much the NCCC would expand this authority and in which ways, if at all.

One purpose of the NCCC seems to be simply trying to coordinate the different activities of government agencies tasked with elements of cybersecurity.

During a speech last month, Prime Minister Singh briefly alluded to the then-forthcoming NCCC, “We are implementing a national architecture for cyber security and have taken steps to create an office of a national cyber security coordinator.”

Among the agencies that are rumored to comprise the NCCC are the National Security Council Secretariat (NSCS), Intelligence Bureau (IB), Research and Analysis Wing (RAW), Indian Computer Emergency Response Team (CERT-In), National Technical Research Organization (NTRO), Defense Research and Development Organization (DRDO), DIARA, Department of Telecommunications, and the different Indian military services.

Beyond government agencies, the NCCC will reportedly rely heavily on private sector cooperation. The Hindu report claimed that the NCCC “would be in virtual contact with the control room of all ISPs [Internet Service Providers] to scan traffic within the country, flowing at the point of entry and exit, including international gateway.”

India’s military is also in the process of creating a separate command dedicated to cyber issues. Late last month Defense Minister A.K. Antony told reporters that the process of setting up the cyber command was in its final stages. He added that while the government has other agencies to handle cybersecurity issues, the military’s cyber command would be concerned more with cyberwarfare.

Delhi has also been growing increasingly concerned with foreign cybersecurity threats. A report released by a Russian computer security company earlier this month said that India was a primary target of China’s cyber espionage.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

Nonetheless, India’s new apparently expansive cybersecurity apparatus is likely to be treated with concern by proponents of internet freedom. Despite its status as the world’s largest democracy, India has often been the target of criticism for its censorship and monitoring of the internet, especially since it passed the Information Technology Act (ITA) in 2008, which expanded the Indian government’s authority to monitor and censor the internet.

Delhi has also come under fire for trying to force websites like Google and Facebook to pre-censor content posted by people in India.

Zachary Keck is assistant editor of The Diplomat.