The Telecommunications Bill, 2023 (“Telecom Bill, 2023”) was introduced in the Lok Sabha on December 18, almost a year after the conclusion of the consultation process for its 2022 counterpart, i.e. the draft Indian Telecommunication Bill, 2022 (“Telecom Bill, 2022”). After several reported inter-ministerial discussions over the year, the Department of Telecommunications (“DoT”) has released a repackaged version of the colonial 1885 law it meant to overhaul, which continues to retain the draconian surveillance and internet suspension powers of the Union government.
Why should you care?
Laws governing telecommunication services in the country have historically been used and misused to surveil our devices and suspend our internet. With changing times, these laws are also evolving, expanding the scope of applicability to new and emerging services. The Telecom Bill, 2022 attempted to include online communication services (Signal, Zoom, Skype, Gmail) under the licensing regime historically applicable to broadcasting services. The expansion of surveillance and suspension powers from traditional broadcasting services to online communication services will cause irreparable damage to user rights and democratic freedoms. Definitional ambiguity in the Telecom Bill, 2023 leaves us worried and confused about its application to internet services. In any scenario, the bill will have implications for our fundamental right to privacy as well as our constitutional freedoms such as freedom of expression and right to receive information.
The journey of the Telecom Bill from 2022 till 2023
The Indian Telecom Bill, 2022 was released for public consultation on September 21, 2022, following the release of the consultation paper on the “Need for a new legal framework governing Telecommunication in India” which was published on July 23, 2022. Interestingly, the Telecom Bill, 2022, which was released merely three weeks after the conclusion of the consultation period for the paper, inserted controversial provisions, which was not present in the latter. In a response to a Right to Information (“RTI”) filed by us, the DoT shared all responses it received on the consultation paper [Read our comments on the paper here]. The DoT however refused to share the comments it received on the Telecom Bill, 2022, which were invited till late last year [Read our comments on the paper here]. The absence of such disclosures make the reasoning/inspiration behind the changes non-transparent.
Repackaged control, replicated language
The ‘statement of objects and reasons’ under the Telecom Bill, 2023 acknowledges the need to create a “legal and regulatory framework that focuses on safe and secure telecommunication network that provides for digitally inclusive growth”. According to the Telecom Bill, 2022, the aim of introducing such a bill was to create a modern and future-ready comprehensive framework for the telecommunication sector in India which is currently governed by several colonial laws. While we agree with the need to reform the laws governing the sector, we dispute the approach adopted by the DoT to do so. Key provisions relating to surveillance and internet suspension, which have a long lasting, profound impact on our digital rights, have been replicated verbatim from the Telegraph Act of 1885. It will be unfair to say that the bill has not undergone changes in phrasing, but it will also be unfair to equate this change with reform. A contested provision of the Telecom Bill, 2022, i.e. licensing, has been replaced, only in name, by a concept of “authorisation”. The fundamental function of issuing authorisation is still an exclusive right of the Union government. Reliance on “public safety” and “national security” grounds to empower the Union government with powers to temporarily possess, suspend, intercept, detain any telecommunication service or telecommunication network from an authorised entity is nothing more than an old trick of the 1885 playbook.
Ambiguity around fundamental concepts of scope
Much backlash received by the DoT during the public consultation on the Telecom Bill, 2022 was around the wide definition of ‘telecommunication services’ which explicitly included a long list of online communication services. The definition of ‘telecommunication’ [Clause 2(p)] read with ‘telecommunication services’ [Clause 2(t)] is now heavily diluted and truncated, creating uncertainty about the scope of applicability to internet services. Without this clarity, it creates hindrances in foreseeing the impact on user rights and thus meaningfully responding to or analysing the bill. Such definitional ambiguity, whether or not intentional, leaves the scope wide enough for online communication services to be included within its ambit. If internet services are included in the law’s ambit, then the several alarming requirements related to surveillance, possession, suspension, authorisation, etc. will be applied to those services as well, deepening the threats to our rights and freedoms. To avoid expansion or re-interpretation of the scope in the future, the definition of telecommunication and telecommunication services, in the bill itself, must explicitly exclude internet services.
Threats to user privacy and rights
The Telecom Bill, 2023 deteriorates user rights in several other ways, many of which directly infringe on the user’s fundamental right to privacy. Clause 3(7) is one such privacy invading provision which imposes an obligation on any authorised entity, as notified by the Union govt, to identify the person to whom it provides telecom services, through use of any verifiable biometric based identification “as may be prescribed”. The Telegraph Act, 1885 also contained a similar provision for licensed entities, but with safeguards and specificity. Section 4(3)(a) listed the various modes of authentication that may be used by the licensee, including offline authentication, and also explicitly mentioned alternatives authentication modes to Aadhaar such as passport. The “biometric” based identification mode did not even feature in the Telecom Bill, 2022. This inclusion of “verifiable biometric based identification” raises fears that it may provide a legislative basis for the mandatory linking of Aadhaar to mobile phones which was ruled as unconstitutional by the Supreme Court of India. Thus, this provision is bereft of safeguards on many levels, but is most prominently inadequate for pushing technology solutions for a country which is still largely not digital literate. In the absence of informed understanding of how such biometric data will be used, stored, processed, and shared among majority of the public, and in the presence of a non-robust data protection act which provides wise ranging exemptions to the government, such technology should not be adopted for a routine procedure, especially in the absence of offline alternative.
Another potentially privacy infringing provision is Clause 29 of the Telecom Bill, 2023 which imposes a duty on users to not furnish any false information while establishing their identity for availing ‘telecommunication services’. If applicable to internet services, the ambiguous phrasing of Clause 3(7) and 29 will have damaging consequences for a user’s ability to stay anonymous while communicating. This can have a deleterious impact on vulnerable individuals such as whistleblowers and journalists, who wish to keep their identity anonymous. Services such as Twitter and Instagram, which currently provide users with the option to communicate anonymously, will possibly have to take back this facility if they wish to operate in India. The application of this clause in the context of traditional telecommunication services can be viewed from the perspective of rising cybercrime in the country. Notably, the associated penalty for failing to comply with these provisions are, i.e. up to INR 25,000 for the first offence and for the second or subsequent offences, up to INR 50,000 for every day till the contravention continues. The imposition of such hefty fines must be avoided for such clauses given the low digital literacy rates in the country as well as to avoid the misuse of the associated penalty by authorities, to coerce users into mandatorily using Aadhaar.
Centralised executive control and powers
The ability to suspend, curtail, or revoke the authorisation or assignment in case of breach of any of its terms and conditions rests with the Union government [Clause 32(2)]. A similar provision to revoke the licence exists in the Telegraph Act, 1885, but it does not have any provisions for suspension of the licence. The entirety of Clause 20 in the Telecom Bill, 2023, whether it is the Union government’s power to temporarily possess, suspend, intercept, detain any telecommunication service [20(1)(a)], to intercept, detain, disclose, or suspend any message or class of messages [20(2)(a)], to direct suspension of any telecommunication service or class of telecommunication [20(2)(b)], or to notify encryption and data processing standards [19(f)], cements the colonial powers of the Union government, which upon misused and if extended to internet services, may become nothing less than draconian.
Clause 22(3) read with 2(f) empowers the Union government to notify ‘critical telecommunication infrastructure’ and issue measures related to the protection of such telecommunication networks and services. Protection measures listed include collection, analysis, and dissemination of traffic data, wherein ‘traffic data’ is defined as any data generated, transmitted, received or stored in telecommunication networks including data relating to the type, routing, duration or time of a telecommunication. This special categorisation and the Union government’s power to notify them, provide rules for their standards, and give them directions did not exist in the Telegraph Act, 1885. Thus, in addition to retaining several provisions that centralised power and control with the Executive, the Telecom Bill, 2023 has created new ones that does so.
Clause 43 is reflective of this effort as it confers quasi-judicial powers to any officer authorised by the Union government to “search any building, vehicle, vessel, aircraft or place in which he has reason to believe that any unauthorised telecommunication network…. in respect of which an offence punishable under section 42 has been committed, is kept or concealed and take possession thereof.” Such search and seizure powers are accompanied with the power to summon information, documents, or records in possession or control of any authorised entity if it is believed by the Union government to be necessary for any pending or apprehended civil or criminal proceedings [Clause 44]. Such powers, non-existent in the Telegraph Act, 1885, may be open to misuse due to its ambiguous phrasing, absence of clear parameters of information that may be revealed, and overbroad grounds for revealing information due to the use of the phrase “apprehended”. This vagueness may lead to overbroad requests for disclosure which could result in the violation of the right to privacy of users, especially if it is applicable to internet services.
Missed opportunity for surveillance and suspension reform
There is replication of language from the Telegraph Act, 1885 [Section 5(2)] to the Telecom Bill, 2023 [Clause 20(2)(a)], maintaining surveillance powers without any meaningful oversight or accountability processes. This centralises power in the Union and State Executive and is contrary to Supreme Court judgements and advances in surveillance regulations in comparative, common law jurisdictions (see here, here, and here). Through Clause 20(2)(b), the Telecom Bill, 2023 cements the internet suspension power with the DoT without putting in place any of the procedural safeguards directed by the Supreme Court in Anuradha Bhasin vs Union of India (2020) [3 SCC 637] and the Standing Committee on Information Technology in its report. It also misses an opportunity to fix the shortcomings of the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules, 2017. If the Telecom Bill, 2023 becomes applicable to online communication services, service providers such as Whatsapp, Signal etc., which adopt the privacy protecting practice of End-to-End encryption (“E2EE”), may also be required to intercept, detain, disclose, or suspend any message, wherein "message" is defined as “any sign, signal, writing, text, image, sound, video, data stream, intelligence or information sent through telecommunication” [Clause 2(g)]. The Telecom Bill, 2023 has failed to introduce improvements in the surveillance and internet shutdown architecture of the country on the basis of privacy, transparency, and accountability.
Users in the eye of the storm
The penalty imposed on users for using unauthorised telecommunication services, either knowingly or having reason to believe it to be unauthorised, has been increased from INR 50 in the Telegraph Act, 1885 and INR 1 Lakh in the Telecom Bill, 2022 to a hefty 10 Lakh in the Telecom Bill, 2023 [Third Schedule]. The ground “having reason to believe so” may be misused and may put the user at a disadvantage as it appears to place the burden on them to prove lack of knowledge about the authorisation status of any service.
Troubling patterns of delegated legislation
Much like several of the legislations and draft bills released in the recent past, the Telecom Bill, 2023 suffers from excessive delegation by according the Union government overbroad rule-making powers without introducing adequate safeguards. While some instances of delegated legislation are justifiable, even necessary, at several instances out of the total 46 instances, specificity in the Bill is left to future rulemaking. Leaving relevant clarifications open to details that “may be prescribed” or “notified” in certain instances such as providing exemption from and terms and conditions for authorisation, specifying duration, and manner of interception, disclosure, and suspension of telecommunication services, etc. contribute to increased uncertainty, vagueness, and raise concerns around arbitrary rule-making.
Some improvements do exist in the Telecom Bill, 2023. For instance, an attempt to dilute TRAI’s powers with respect to the governance of this sector introduced in the Telecom Bill, 2022 has been reviewed and improved on in the 2023 bill. The controversial provision in the 2022 version allowing the identity of the sender of a message using telecommunication services to be made available to the user receiving such message, in such form as may be prescribed, has been removed in the Telecom Bill, 2023.
The Telecom Bill, 2023, like its 2022 counterpart, has retained its colonial roots and missed an opportune moment for bringing about reform. The DoT must thus publicly release the comments received by it during the consultation on the Telecom Bill, 2022 in the interest of transparency and accountability, so the stakeholders can gain insight into the DoT’s reasoning for holding on to provisions of an archaic law. Secondly, we urge the DoT to withdraw the Telecom Bill, 2023, and replace it with a right-centric version that protects and promotes individual rights. This version must be accompanied with a white paper/ explanatory note with justifications and reasoning for introducing any changes introduced in comparison with the Telecom Bill of 2022 as well as 2023. The DoT must also hold another consultation, that is broad, multi-city, in-person stakeholder.
The Telecom Bill, 2023 is slated for passage in the Lok Sabha today, i.e. December 20. In the absence of the crucial voice of the suspended 140+ opposition Members of Parliament and in light of the current state of chaos, disarray, protest, and walk outs in the Parliament, the Telecom Bill, 2023 must not be passed. We also recommend the Union Government to appoint a Law Commission and/or an unbiased, independent Standing Committee or expert body to look into the kinds of reforms needed for the telecommunication sector. Finally, the clarification about online communication services being excluded from the scope of the bill must be explicitly and clearly added in the text of the bill itself, and not be inserted in subsequent, not enforceable FAQs (frequently asked questions) or clarified through verbal statements by the Union Minister, or unnamed ‘senior officials’.
- The Telecommunications Bill, 2023 (link)
- The draft Indian Telecommunication Bill, 2022 (link)
- Covering letter to our submission on the Telecommunication Bill, 2022 (link)
- Public Brief on Telecommunication Bill, 2022 (link)
- Paper on “Need for a new legal framework governing Telecommunication in India” (link)
- Our comments on the 2022 paper (link)