Privacy issues in United States are in the middle of the storm due to the recent disclosure about the surveillance and eavesdropping exercises of NSA code named PRISM. Even James Clapper has confirmed that NSA is targeting foreign nationals for surveillance purposes.
India is even worst situated when it comes to e-surveillance and eavesdropping. India has launched e-surveillance oriented project like Central Monitoring System (CMS) that is extremely dangerous in nature.
India has also announced initiatives like national critical information infrastructure protection centre (NCIPC), national cyber coordination centre (NCCC), national intelligence grid (Natgrid), etc. None of these projects are governed by any regulatory framework and parliamentary oversight. In these circumstances self defence and privacy protection in India must be ensured through techno legal means.
Meanwhile, U.S. is trying to justify its stand on PRISM and e-surveillance exercises. NSA has claimed in the past that all e-surveillance exercises engaged by NSA are in conformity with U.S. laws especially Section 702 of the FISA.
Now the Federal Communications Commission (FCC) of U.S. has released a Declaratory Ruling that would protect the privacy of consumers of wireless services. The FCC has clarified its customer proprietary network information (CPNI) policies in response to changes in technology and market practices in recent years.
The ruling has endorsed the principle that when a telecommunications carrier collects CPNI using its control of its customers’ mobile devices, and the carrier or its designee has access to or control over the information, the carrier is responsible for safeguarding that information.
Specifically, the Declaratory Ruling makes clear that when mobile carriers use their control of customers’ devices to collect information about customers’ use of the network, including using preinstalled apps, and the carrier or its designee has access to or control over the information, carriers are required to protect that information in the same way they are required to protect CPNI on the network. This sensitive information can include phone numbers that a customer has called and received calls from, the durations of calls, and the phone’s location at the beginning and end of each call.
Carriers are allowed to collect this information and to use it to improve their networks and for customer support. Carriers’ collection of this information can benefit consumers by enabling a carrier to detect a weak signal, a dropped call, or trouble with particular phone models. But if carriers collect CPNI in this manner, today’s ruling makes clear that they must protect it.
The Declaratory Ruling does not impose any requirements on non-carrier, third-party developers of applications that consumers may install on their own. The ruling also does not adopt or propose any new rules regarding how carriers may use CPNI or how they must protect it.
The Commission can take enforcement action in the event that a failure to take reasonable precautions causes a compromise of CPNI on a device. This clarification avoids what would otherwise be an important gap in privacy protections for consumers.
Today’s action is the latest by the FCC to protect consumer privacy as part of the agency’s mission to serve the public interest. By taking action in this area, the Commission reaffirms that it is looking out for consumers in the telecommunications market.