In September this year the Telecom Regulatory Authority of India (TRAI) released its recommendations on the regulation of Over-The-Top (OTT) communication services. After an extensive five-year long consultation and review of the global debate, the TRAI recommended that the time is not opportune to recommend a comprehensive regulatory framework for OTT service providers beyond the extant of laws already in place. OTT communication services consist of applications that deliver multimedia to consumers through a data network.
The TRAI added that it would be best to let the market forces respond to the situation. Most importantly, it opined that mandating lawful interception by compromising encryption will render the users’ personal data vulnerable to attacks by unlawful actors, and therefore the privacy and security architecture of the OTT services must not be tinkered with. At the end of this, the overriding ethos of the recommendations is a stance of non-confrontational observation for the foreseeable future.
Essentially, this amounts to a rejection of complaints raised by telecom operators who demanded that OTT apps provided a substitutable service and must be regulated in a similar way to telecom companies themselves. Clearly, TRAI was not convinced and its forbearance is a step forward to protect the interest of the users. While the call for regulation emanated from an economic standpoint, TRAI in its 2015 consultation also took into account how OTT platforms have regulated themselves as users demand for greater privacy and encryption. This was followed by another consultation in 2018 where TRAI released a paper on exploring regulatory frameworks for OTTs in India. This is especially relevant post the Cambridge Analytica scandal that revealed to the world that a greater sense of accountability needed to be imposed on companies that now facilitate conversations and data online.
To gain a better understanding of these recommendations, it is important to understand some of the progressive moves being put in place.
Firstly, it allows for market forces to self-regulate without government interference and oversight. This is in line with the argument put forth by civil society organisations that the IT Act already regulates OTT platform interaction and any additional regulatory framework to come will act as a form of over-regulation. Secondly, by refraining from regulating OTT platforms at this point, the TRAI has quelled concerns regarding freedom of speech and potential over-surveillance of citizens by the government.
Another closely-related decision is the move to uphold encryption standards and not mandate back-door access to OTT data. Encryption is an integral aspect of maintaining user privacy and security and maintaining high standards of the same is a positive move. While American and Brazilian laws seeking to break strong encryption have been emphatically criticised by experts, the Indian regulator’s forward looking approach that seeks to preserve privacy and freedom of speech on the internet must be welcomed by the international audience, and should be an example to follow globally.
A senior intelligence veteran we had recently interviewed clearly pointed out that creating back-doors on specious security grounds has the potential to be problematic as it not only provides the government unfettered access to user data, but also makes data vulnerable to foreign governments and hackers which in turn impacts national security and user-privacy. By embracing the status quo, TRAI has adopted a stance which is beneficial to the privacy and safety of users online. End-to-end encryption ensures that not even the OTT platforms can decrypt the personal data of the consumers. This encryption technique ensures the highest standards of privacy available online currently and provides a sense of security and safety online to its users. The TRAI rightly recognised that imposing the requirement to provide the communication details to law enforcement agencies in clear text would force the OTT players to change the entire architecture of the platform which would render the space vulnerable to attacks by unlawful actors. Regulators across the world should heed to TRAI’s recommendations, which has been the result of extensive conversations involving civil-society and the industry, setting the way forward towards a privacy enabling regime.
Looking ahead, TRAI’s recommendations are an important milestone that should encourage domestic policy-makers to adopt a more progressive approach towards enhancing privacy while upholding India’s national security. It will hopefully set the tone for policy decisions that are based on detailed and nuanced conversations and which are not mere knee-jerk reactions, paving the way for a more user-centric approach to policy-making.
(Kazim Rizvi is a public policy entrepreneur and Founder of The Dialogue, a tech policy think-tank based out of New Delhi, and one of the leading voices on technology policy in India. Saikat is a Strategic Advisor to The Dialogue and Nullcon. The views expressed are personal)