Reform, regulation: What expansive telecom bill seeks to do
The Telecommunications Bill, 2023, also seeks to amend the Telecom Regulatory Authority of India (TRAI) Act, 1997.
New Delhi IT and communications minister Ashwini Vaishnaw introduced on Monday in Parliament a new bill that seeks to reform and simplify the regulatory and licensing regime for telecommunications, even as it removes bottlenecks in creating telecom infrastructure, protects users, and provides a four-tiered structure for dispute resolution.
“The bill [seeks] to amend and consolidate the law relating to development, expansion and operation of telecommunication services and telecommunication networks; assignment of spectrum; and for connected matters,” Vaishnaw said as he introduced the bill.
The Telecommunications Bill, 2023, also seeks to amend the Telecom Regulatory Authority of India (TRAI) Act, 1997, and bring cable television network providers as licensees under it.
The bill was received well by industry, with the Internet and Mobile Association of India (IAMAI) indicating that it has maintained the distinction between “spectrum controlling entities” which need to be regulated, and spectrum using ones. In a statement, IAMAI added that the bill “excludes email, internet-based communication services, broadcasting services, machine to machine communication services, and over the top (OTT) communication services”. The last includes services such as WhatsApp, Signal, Zoom, Virtual Private Networks, and there were fears before the bill was introduced that these could come under the purview of the proposed law.
However, privacy and technology activists expressed concern on three main fronts, including their reading of the proposed law that , they claim, will cover “online services” including OTT messaging ones; stringent user verification norms; and fears of heightened surveillance.
"The bill requires telecommunication service providers to force people to submit to 'verifiable biometric based identification,' in order to be connected despite the Indian Supreme Court's 2018 declaration that the mandatory linking of mobile connections with biometric identification is unlawful. India's weak --- and not yet enforced --- data protection law means personal data is at risk," Access Now said in a statement.
On the licensing front, the proposed law has bundled the current regime where at least 100 different types of licences are issued into one that categorises almost all of these into three permissions -- for telecom services, telecom networks, and radio equipment.
The government has prioritised auctioning the spectrum to telecom service operators for all reasons except the nineteen reasons that are listed in the First Schedule. These include national security and defence, law enforcement and crime prevention, public broadcasting services, disaster management, BSNL and MTNL, etc. For these, the government will assign the spectrum through “administrative process”, that is, without an auction. Similarly, the government will allocate satellite spectrum to the likes of Airtel’s OneWeb, Jio’s Satellite Communications, Elon Musk’s Starlink, and Amazon’s Project Kuiper through the administrative process. The government has the liberty to amend the First Schedule in public interest, to perform a government function, or where auction may not be the preferred mode due to technical or economic reasons.
The government wants to optimise the use of the spectrum. To that end, it is allowing re-farming (repurposing of frequency range for a different use than for which it is used by an existing assignee) and harmonisation (rearrangement of a frequency range), long-standing demands from industry. It also wants to allocate spectrum that is already assigned to an entity (the primary assignee) to one or more other entities (secondary assignees) as long as their is not harmful interference for the primary assignee. The government also wants to allow sharing, trading, leasing and surrendering of assigned spectrum.
Both the IAMAI and Broadband India Forum (BIF) lauded the inclusion of allocation of satellite spectrum though administrative process. "Inclusion of allocation of satellite communication and global mobile personal communication by satellites (GMPCS) through administrative process is a positive move that safeguards the space sector. This will help connect unconnected villages through satellites," TV Ramachandran, president of BIF, said.
Pricing of the spectrum will remain in telecom regulator TRAI’s domain. Ramachandran also lauded the government for not diluting the powers of the TRAI, as the 2022 bill had sought to do. "That would have harmed investor confidence," he said.
The central government wants there to be common ducts in infrastructure projects for laying telecom infrastructure on an open access basis. The district magistrate has been empowered to deal with issues related to the practical execution of right of way, while for compensation related issues, the matters will go to the district judge. Right of way issues have long plagued the industry.
The government has also sought to set up a four-tier dispute resolution mechanism -- voluntary undertaking (to be given before the government informs the authorised entity about contravention of the law), adjudicating officer (who can pursue an inquiry and impose civil penalties), designated committee of appeals (to appeal an AO’s orders), and Telecom Disputes Settlement and Appellate Tribunal (TDSAT). Like the Data Protection Board under the Digital Personal Data Protection Act, 2023, the AO and the DAC will, as far as possible, “be digital by design” and “function as digital offices” and deploy to be prescribed “techno-legal measures”.
All authorised entities are also required to set up an online grievance redressal mechanism to deal with grievances related to pesky calls and messages. The government has proposed that telemarketing calls and messages should require prior consent of the users. Any such regulation would be notified by TRAI and will coexist with the regulator’s Telecommunication Commercial Communications Customer Preference Regulations, 2010.
The bill also proposes a new term -- telecommunication identifiers -- which are essentially phone numbers in keeping with the International Telecommunication Union (ITU) standards. "Telecom identifiers could include IP addresses as well," Nikhil Narendran, partner at Trilegal. This is because IP addresses mapped against a particular timestamp are unique to a user.
The 2023 version also seeks to rename the Universal Service Obligation Fund as Digital Bharat Nidhi, and expands its scope to funding research and development.
The new bill seeks to replace three existing acts: the Indian Telegraph Act (1885), Wireless Telegraphy Act (1933), and Telegraph Wires (Unlawful Possession) Act (1950). Since the oldest of these acts were passed, technology and communication services have evolved much beyond telegraphs, which is why the ministry has been keen on revamping the legislative architecture.
In a statement, the Internet Freedom Foundation said that biometric based user verification “exacerbates privacy invading provisions”. “This, coupled with the uncertainty brought by the phrase ‘as may be prescribed’, and ambit of the bill, threatens to a user’s ability to staty anonymous online,” it added. Similarly, the obligation on users to not furnish false information online “will have serious implications for anonymity”.
The extant Telegraph Act allows the government to take temporary possession of any telegraph in case of any public emergency or in interest of public safety. The clause has been retained in its essence. In addition, during a war, for national security reasons, and for foreign policy reasons, the government can take control over a telecom network or service, or suspend it.
The bill empowers the central and state governments or a specially authorised officer to seek interception, disclosure, and suspension powers (telecom service and internet shutdowns), in case of a public emergency or interest of public safety. The definition of message is now more expansive and includes “any sign, signal, writing, text, image, sound, video, data stream, intelligence or information” sent through telecommunication. It is not clear if this could include messages sent through online services such as WhatsApp.
Legal experts say that despite the deletion of the term OTT services, online communication services are still covered. "The current definition of telecommunication read with the circular definition of message indicates that online communication services such as VOIP [voice over internet protocol] could be covered under the proposed Telecom Bill," Narendran said.
Sneha Jain, partner, litigation, at Saikrishna & Associates, concurred. "The definition of 'telecommunication' is arguably broad enough to include online communication services. In fact, one can argue that the existing limitation on TRAI's jurisdiction to only regulate section 4 of the Telegraph Act licensees is being broadened to also include online communication services by replacing the definition of 'telegraph' under the Telegraph Act with this proposed definition of 'telecommunication'."
"The lack of mention of OTT and internet-based communication services may not have a metrial impact on the Department of Telecommunications' jurisdiction creep towards OTT communication services like WhatsApp because the underlying definitions of 'telecommunication' and 'message' are unchanged [compared to the 2022 bill]. They are broad enough to capture a wide rainge of internet based services and activities, including communications," Vijayant Singh, principal associate at Ikigai Law, said.
Jain also pointed out that online communication services could also fall within the scope of "broadcasting services" under the draft Broadcasting Services (Regulation) Bill. "There may be jurisdictional overlap," she said.
The bill also allows such interception and disclosure to be done for “any particular subject”, which is possible only if all messages are being monitored.
Press messages, meant for publication in India and of correspondents accredited to state or central governments, are framed as an exemption from such interception. But they are also subject to suspension and interception for national security and public order reasons. The bill is silent on press messages meant for publication outside India, and of journalists not accredited with the government.
The government can also declare any telecommunication network as a “Critical Telecommunication Infrastructure” (CTI), the “disruption of which shall have a debilitating impact on national security, economy, public health or safety”.
The government can notify rules for standards, security practices, upgradation requirements, and procedures for such CTI. Currently, the National Critical Information Infrastructure Protection Centre (NCIIPC), a unit of the National Technical Research Organisation under the Prime Minister’s Office, designates telecom as a “critical information infrastructure” under the Information Technology Act. It is unclear if CTI would remain under NCIIPC.
The proposed law also seeks to strengthen punitive measures to prevent fraud and protect customers.
Penalties of up to ₹5 crore can be imposed for “severe” contraventions of the law, for “minor” contraventions, penalties of up to ₹1 lakh can be slapped. For “non-severe” contraventions, a written warning can be issued. Severity of the contravention will be determined by the adjudicating officer on the basis of factors such as nature, gravity and duration of the contravention; number of people affected and the level of harm; whether it was caused intentionally or negligently; revenue loss to central government; and if any actions were taken to mitigate the contravention, amongst other things.
Any person getting “unauthorised access to a telecommunication network or data of an authorised entity or transfers data of an authorised entity” or unlawfully intercepts a message can be punished with a jail term of up to three years and/or a fine of up to ₹2 crore. This data only includes “data records, internet protocol data records, traffic data, subscriber data records, and the like”. It is unclear if this “unauthorised access” essentially means all kinds of hacking.
Procurement of SIM cards or other telecommunication identifiers through “fraud, cheating or personation” is also proposed to be punishable with a jail term of up to three years and/or fine of up to ₹50 lakh, in a move aimed at cracking down on cybercrime. Tampering with telecom identifiers, and using telecom identifiers that are not allotted or permitted are similarly punishable. A person knowingly using unauthorised telecommunication services can be penalised with a fine of up to ₹10 lakh.