Do you want the government to be able to read the WhatsApp messages you send to your friends and family? What do you think about having to pay extra for data when it’s used to stream video on Netflix, compared with the phone company’s own streaming service? Although India’s leading phone companies—Airtel, Vodafone-Idea, BSNL, and Reliance Jio—frequently say they put customers first, recent submissions to the Telecom Regulatory Authority of India (TRAI) show where they really stand on these issues.
TRAI has released a consultation paper on the regulatory framework for over-the-top (OTT) communication services, which would allow it to regulate the functioning of third-party applications and services running on top of phone and Internet services.
TRAI asked for submissions from stakeholders and will then follow this up with new regulations.
HuffPost India has been analysing what different companies said in their entries. There were close to 100 submissions in total, some short, and others a few dozen pages long. As we reported earlier, some companies are disturbingly open to greater oversight by the government, all in the name of national security.
Reliance Jio said that law enforcement agencies should have full access to user data, including decryption keys to sensitive and personal data of citizens. This would essentially enable the government to read our WhatsApp messages, which are currently encrypted.You can read the full details of all the submissions on the TRAI website, but if you need a quick guide to what the phone companies in India really want, here are the highlights from what they’ve said. For readability, we’ve heavily simplified the language of the submissions in the points below, and replaced the word OTT with app, and TSP (telecom service provider) with phone companies, since these are recognisable usages for laypersons. If you want to understand the details of these statements, we would urge reading the full submissions.
- Wants to regulate voice, video and texting but not gaming and social media.
- Apps have led to higher consumption and capacity utilisation, forcing networks to spend money on improving their capacity.
- Therefore, while revenues have gone up, spending has also had to increase.
- Apps should be given the same requirements for interception as phone companies. Apps use strong encryption that phone companies cannot read, which is required for national security.
- Since their infrastructure is outside the country, messages can only be intercepted outside India. [In the case of end-to-end encryption, which is now becoming the norm, this would not be the case.]
- Apps must include lawful interception mechanisms for the government, if using telecom networks.
- They must be regulated for lawful interception and localisation of consumer data, as well as KYC to prevent fake customers. They should also maintain call records and IP records of users.
- Apps for communications are hurting phone companies by offering low-cost alternatives.
- Greater demand for data because of these apps has forced phone companies to improve their networks—but the phone companies haven’t made as much money from this.
- Phone companies bear the cost of increasing network, and have to meet a lot of regulatory compliance, while apps have no such constraints. Therefore, it is not a level playing field.
- Apps therefore need to be regulated, and they need to pay phone companies for the data being used. [This means that the network would be paid once by us, for using their connection to stream Hotstar or send messages on WhatsApp; and a second time by the app. This would obviously benefit the established players like Netflix, which can afford to make such payments, and hurt up-and-coming innovative new companies that don’t have as much money.]
- Safeguards must be instituted in the interest of national security, as well as to mitigate economic and criminal offences.
- They must be mandated to install their servers in India, and may be required provide data/ logs/ records to law enforcement agencies.
- Without licensing, and regulatory compliances, apps have an unfair advantage, which is unfair to phone companies and needs to be addressed.
- All apps similar to services offered by phone companies, including potential future services, should be considered under any new regulations. [This would potentially include streaming sites like Netflix, Hotstar and Amazon Prime Video, as well as new ideas like VR meeting rooms]
- Apps also make money from new areas like digital content and advertising, and this should be taken into consideration for any regulations.
- Phone companies can’t enter advertising because of data privacy guidelines, but apps can advertise with no such constraint.
- Unless phone companies spend money on networks, apps won’t flourish and grow, yet only phone companies bear the cost of growth.
- Unless there is a level playing field, phone companies can’t continue to invest in broadband infrastructure.
- Interception requirements should be applied to apps to allow enforcement agencies to get the required information.
- Phone companies have to keep user information within India while apps have no such requirement. This creates an imbalance and phone companies should have free flow of data, while apps should have to meet interception requirements.
- Since apps don’t have to pay a license fee for messaging, voice, and video, it places an unfair burden on phone companies. Either apps like WhatsApp should have to pay these fees, or phone companies should not have to.
- Restrictions on data localisation should be removed, so that phone companies can make use of their global infrastructure.
- App platforms should meet KYC requirements and keep details of their users.
- Phone companies should also be allowed to differentiate and monetise services. [This runs counter to TRAI’s decision on net neutrality—essentially, Vodafone wants to offer a fast lane for apps, and charge them for it. This would allow a rich company like Netflix to crush the competition by offering faster, smoother, higher quality streams simply by paying Vodafone.]
- Reduce the regulatory requirements on phone companies. Regulations on quality of service, subscriber verification, and so on, reduce the competitiveness of phone companies, pushing customers to use apps instead, and there should be incentives to invest in networks by lowering spectrum costs.
- Apps should be required to constantly re-engineer to reduce capacity demands. [This is already happening by default. As users demand higher quality video and newer formats like 4K and now VR are developed, network capacity cannot deliver a good experience, and so app makers are anyway reducing the overheads of their services.]
- WhatsApp has over 200 million users in India and is thus comparable in scale to a phone company. Clearly these apps are a major player in India’s communication services, and need to be regulated.
- They must comply with national security and data privacy objectives.
- The regulations should apply to communications services; it should exclude broadcasting, general websites, gaming, and unidirectional information services.
- VoIP, video calls, text messaging, and email should be regulated, or any platform that allows one-to-one direct communication in any form or manner. [Despite saying that gaming etc., should be excluded, saying direct communication in any form brings a broad number of services back into the regulation. For example, if you’re playing a multiplayer video game that allows you to send private messages (as many do) then it could be regulated under this definition.]
- Lawful interception of every message is a legal and critical means provided to security agencies for the investigation of criminal, anti-national, and anti-social activities. This is a requirement for phone companies, and should also be so for apps.
- There should also be mandatory provision for providing necessary facilities for continuous monitoring of the systems, and sharing the decryption keys with the licensing body, for all encryption deployed in the country.
- There should also be call data records, and IP data records to identify and track users.
- These companies should also collect and store information of users so that their customers can be tracked by security agencies, and the app platforms should also be held responsible for unlawful content on their platform.
- Local hosting of critical customer data should also be made mandatory.