TRAI-caller? We tell TRAI why a central registry is a bad idea.

We submit our comments on TRAI's consultation paper on the ‘Introduction of Calling Name Presentation (CNAP) in Telecommunication Networks’. We emphasise on the need to obtain informed consent from subscribers and the need to use this service responsibly and ethically.

09 January, 2023
4 min read

tl;dr

The Telecom Regulatory Authority of India released its consultation paper on the ‘Introduction of Calling Name Presentation (CNAP) in Telecommunication Networks’ on 29th November 2022. On December 23, 2022, we submitted comments on the citizens’ privacy-centric issues identified in the consultation paper. In our comments, we have suggested that the service must be made opt-in with clear notice to the end users to their enable informed consent; a central database should be avoided since it increases the threat surface to privacy risks. It must be enabled only after a data protection law is in place.

Why should you care?

The introduction of CNAP in telecommunication networks is a significant change in how the telecom industry operates. It can potentially increase trust between third parties, allowing for higher rates of call answering. Additionally, it presents the potential for privacy risks if not implemented correctly, which is why it is important that an effective data protection regime is in place before its operationalisation.

Given the privacy concerns with the CNAP service, the use of it can potentially violate an individual's privacy by disclosing their name to the recipient without their consent. This could be particularly problematic if the service is mandatorily activated, as it would not give users the option to opt-out.

Moreover, it can potentially lead to a caller's name being used for malicious purposes, such as identity theft or spamming.

Background

Telephone consumers have voiced their need to identify the calling party, which is currently not met by the Calling Line Identification (CLI) supplementary service. This can be achieved through a name presentation facility that would display the identity of the calling party on the called party's telephone. Additionally, they have raised concerns about robocalls, spam calls, and fraudulent calls. Robocalls are automated calls used to dupe consumers financially, spam calls are unsolicited marketing calls that bypass the do-not-disturb feature, and fraudulent calls may aim to obtain details of bank accounts or OTPs with an aim to defraud consumers.

There is a concern that without the CNAP facility, the CLI service does not provide enough information for consumers to trust that a call is genuine. As a result, even genuine calls are going unanswered, resulting in missed opportunities for both the caller and the receiver.

Our Suggestions

Our core recommendation is for a CNAP to be introduced only after a rights-respecting Data Protection Law is in force under which an independent Data Protection Authority may assess its impact on individual privacy.

In our comments to TRAI, we have emphasised that since the CNAP service will require the creation of an additional database and information sharing it will result in an increase in the amount of personal information that is stored on every Indian who owns a telephone or broadband connection. Hence, we recommend that its operationalisation should be preceded by a data protection statute as it may have the likelihood of data leaks and breaches resulting in increased spam for users.

The CNAP service should also not be mandatorily activated for each telephone subscriber and must be an opt-in service. Further, additional clarity and control must be provided to the users for the part of the service they opt for. There must be a distinction between activating CNAP on incoming and outgoing calls separately.

Since CNAP can potentially violate an individual's privacy in the following ways, citizens must understand what they are consenting to:

  1. Unauthorised disclosure of personal information: The caller's name is considered personal information, and disclosing this information without the caller's consent could be considered a violation of their privacy.
  2. Lack of control over personal information: The caller may not have control over whether or not their name is displayed to the recipient, which can violate their right to privacy.
  3. Potential for misuse of personal information: The caller's name may be used for malicious purposes, such as identity theft or spamming, if it is displayed to unauthorised parties.

For recording the consent of the subscribers, we have suggested the following mechanisms:

  1. Opt-in process: One way to obtain consent for the activation of the CNAP service is to use an opt-in process. This could involve providing clear information about the service, its benefits, and any potential privacy implications and giving users the option to choose whether or not they want to use the service.
  2. Written consent: Requiring written consent from users could involve having users sign a form or agree to terms and conditions that outline the use of the service and any potential privacy implications.
  3. Online consent: In an online setting, consent for the activation of the CNAP service could be obtained by having users check a box or click on a button to indicate that they agree to the use of the service. It is important to ensure that this consent is obtained clearly and unambiguously.

It is important for telecommunications companies to ensure that they obtain the consent of telephone subscribers before activating the CNAP service. This can help to protect the privacy of users and ensure that the service is used responsibly and ethically. TRAI and the TSPs can run awareness campaigns and encourage users to sign up for the CNAP service.

We have opposed using Customer Acquisition Forms (CAFs) for the purpose of Calling Name Presentation (CNAP). Apart from the risk of being inaccurate, using CAFs for CNAP lacks explicit consent and can lead to potential misuse of personal information.

Important documents:

  1. Consultation paper on the ‘Introduction of Calling Name Presentation (CNAP) in Telecommunication Networks’ (link)
  2. IFF’s comments (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Summary: A Global Witness and IFF report documenting YouTube and Koo’s ineffective response to flagged hate speech

With endorsement from civil society organisations and individuals, we wrote to electoral candidates, political parties, and parliamentarians, urging them to publicly declare that they will not use deepfake technologies to create deceptive or misleading synthetic content for the 2024 Elections.

3 min read

2
No place for tech: How digital interventions in NREGA are undermining rural social security

Mandatory digital ‘solutions’ introduced in the NREGA scheme by union and state governments, like Aadhaar-based payments, mobile monitoring apps, facial authentication and surveillance tools, are impinging on workers’ statutory rights and poking holes in the rural social security net.

8 min read

3
Into IT Standing Committee’s review of action taken by MeitY following its recommendations on citizen data security and privacy

This post breaks down the 55th report of the Standing Committee on Communications and IT, in which the Committee assesses the extent to which its recommendations on citizen data security and privacy were accepted and acted upon by the Ministry of Electronics and IT.

11 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!