Climb off the mandatory activation TRAIn

In this post, we analyse the 40 comments submitted in response to TRAI's consultation paper titled ‘Consultation Paper on Introduction of Calling Name Presentation (CNAP) in Telecommunication Networks’, highlighting privacy concerns, especially in the absence of a data protection law.

28 March, 2023
6 min read

tl:dr

On November 29, 2022, the Telecom Regulatory Authority of India (TRAI) released a consultation paper titled ‘Consultation Paper on Introduction of Calling Name Presentation (CNAP) in Telecommunication Networks’, wherein a proposal for the introduction of CNAP in India was floated. As per the CNAP proposal, the information of a caller would be provided to the receiver, thus giving the consumer the right to make an informed choice as to whether to take the call or not. Robocalls (automated calls used to dupe consumers financially), spam calls (unsolicited marketing calls that bypass the do-not-disturb feature), and fraudulent calls may aim to obtain details of bank accounts or OTPs with an aim to defraud consumers. Further, there is a concern that without the CNAP facility, the Calling Line Identification Presentation (CLIP) service does not provide enough information for consumers to trust that a call is genuine. As a result, even genuine calls are going unanswered, resulting in missed opportunities for both the caller and the receiver.

In addition to 39 other stakeholders, we had submitted our comments on the consultation paper, highlighting privacy concerns, especially in the absence of a data protection law. Read our post explaining the consultation paper here.

Why should you care?

TRAI, in the consultation paper, proposes to make the implementation of CNAP mandatory. Once implemented, a telecom subscriber would no longer have an option to opt-out of these services. This is a significant departure from the current regulatory and operational framework, and doesn’t adequately account for the privacy concerns that may arise in the case of improper implementation. The mandatory nature of this service, which disregards the users right to provide/ withhold consent, is even more concerning in the absence of a data protection law.

Background

At present, all access service providers in India provide CLIP services, i.e., only the telephone number of the caller is displayed on the consumer’s telephone when receiving an incoming call. However, with the introduction of CNAP, personal information of the caller, such as their name, would be made available to the receiver. As part of the implementation of this service, an additional database would need to be created which would result in the increased collection and storage of personal information, such as names.

To be (Mandatory) or not to be- that is the question

Among the comments submitted by stakeholders including associations, organisations, telecom operators, individuals, and consumer rights groups, some recognised the benefits which may be provided by CNAP, including but not limited to prevention of robocalls, spam calls, fraudulent calls, and CLIP spoofing. At present, smartphone users can make use of tools and third-party apps to identify the caller’s name and mark spam calls.

In the consultation paper, TRAI opened the floor to several questions, including:

Q2. Should the CNAP service be mandatorily activated in respect of each telecom subscriber?”

18 stakeholders were against the mandatory activation of the CNAP service. In our comments to TRAI, we state that the mandatory activation of the CNAP service could potentially violate an individual’s privacy by disclosing their name to the recipient without their consent in the absence of an option to opt-out. Further, it would result in a lack of autonomy and control over the user’s informational privacy. This could also potentially lead to the caller’s name being used for identity theft or spamming. In our comments, we suggest that the service must be made opt-in with clear notice to the end users to enable their informed consent. and that a central database should be avoided since it increases privacy risks. We also suggest that creating a central database must be avoided especially in the absence of a data protection law, privacy risks such as data leaks and breaches exist.

Right to privacy being violated

11 stakeholders have placed reliance on the Supreme Court judgement in KS Puttaswamy v. Union of India [(2017) 10 SCC 1] to say that the mandate behind publicising caller information would be violative of the fundamental right to privacy. In our comments, we had detailed the ways in which the use of CNAP can be violative of an individual’s privacy, including but not limited to:

  1. Unauthorised disclosure of personal information;
  2. Lack of control over personal information; and
  3. Potential for misuse of personal information.

DeepStrat, in their comments, submitted reasons for why an individual may opt to remain anonymous:

  1. Concerns about other aspects of their identity being revealed through their name, such as gender or religion;
  2. Concerns of being harassed as an employee and revealing business-related identities;
  3. Concerns of being misidentified, as it is possible that someone’s SIM card could be registered under someone else’s name.

It further states in its comments that in the current absence of a data protection law, it becomes imperative to acquire user consent, with the articulated terms and conditions.

The Consumer Unity and Trust Society (CUTS), in their comments, state that there might be various scenarios wherein consumers may not wish to have their identities revealed on others’ devices- such as victims of domestic abuse, activists, journalists, auditors, investigators, watchdogs, whistle-blowers and those bound by professional secrecy. The same concern exists for consumers making inquiry-related calls to e-commerce delivery personnel, cab aggregator drivers, booking agents, other intermediaries and aggregators. This one size fits all approach, of displaying identity of all callers, which is bereft of nuances, may not necessarily be an optimal solution according to CUTS.

Alternatives already in place

In the comments submitted to TRAI by the Cellular Operators Association of India (COAI), they observe that alternatives to CNAP are already in place within the Indian telecom infrastructure. These include CLIP, a ‘Do Not Disturb’ service launched by TRAI vide which unsolicited communications from unregistered telemarketers can be regulated and prevented as well as third-party apps such as Truecaller. Thus, CNAP essentially will be a duplication of a free feature/service that is already in existence and use. Said point is reiterated by 4 other stakeholders in their submissions- namely the New Indian Consumer Initiative, AP & Partners, CUTS, and the Bhanja Institute for Rural Development.

Financial Implications

3 stakeholders, namely the CCAOI, Blockchain for Productivity Forum, and the Consumer Protection Association, Himmatnagar, raise an important concern about the financial implications of mandatory CNAP implementation. In CCAOI’s comments, they submit that the enhancement of systems and networks would incur a financial cost for telecommunications companies, which may not be proportional to the anticipated outcomes. With an increase in financial burden upon the companies, it would have a ripple effect on the costs being incurred by users in availing these services.

Lack of technology to support mandatory service

Reliance Jio InfoComm, in their comments, placed on record possible technological roadblocks to the mandatory implementation of CNAP. As per their market analysis, there is “no definitive number of feature phones being enabled with the CNAP feature”. Smartphones working on 4G networks also do not support this feature as in most jurisdictions, this feature is kept off by most Original Equipment Manufacturers. In addition, there are no technical standards available for sharing CNAP information over TDM Points of Interconnection (POIs). Reliance emphasises on the importance of having technical standards, especially for India where “there is a heavy usage on the wireless networks due to the combination of higher subscriber count and high usage per customer”.

The COAI, in their comments, reiterate that there are no standards for CNAP over 2G/3G networks and hence, there is no ready solution available for it. Even if a solution is developed and deployed, it would require extensive testing which would be a costly and cumbersome process.

Recommendations

The fact that so many of the stakeholders oppose CNAP and its attempted mandatory implementation is a cause of concern. Instead of implementing another scheme with legal, technical and procedural loopholes, it may be more sound for TRAI to work on strengthening the existing models, such as the DND Registry. Given that the right to choice is a fundamental right, no user must be compelled to opt for services they have no interest/need in utilising.

We urge TRAI to take into account the valid and pertinent arguments made in the responses submitted to the consultation paper. We await TRAI’s response to the several comments which oppose/raise concerns against the idea of CNAP, and hope that it undertakes efforts to address and resolve these concerns.

Important Articles

  1. Consultation Paper on Introduction of Calling Name Presentation (CNAP) in Telecommunication Networks (Link)
  2. IFF's response to TRAI's consultation on CNAP (Link)
  3. Comments on TRAI's CNAP consultation paper (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

2
Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

3
IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!