Central Monitoring System / Lawful intercept and monitoring systems

[Twinblade]

NEW DELHI, September 8, 2013
Updated: September 9, 2013 16:21 IST
Govt. violates privacy safeguards to secretly monitor Internet traffic
SHALINI SINGH

Keyword-based monitoring can snoop in on emails, web-browsing, chat

Amid fresh controversy following reports of the U.S.'s Prism programme targeting the Brazilian President, and the impending launch of the Indian government's own Central Monitoring System (CMS) project, an investigation by The Hindu reveals that the Internet activities of India's roughly 160 million users are already being subjected to wide-ranging surveillance and monitoring, much of which is in violation of the government's own rules and notifications for ensuring "privacy of communications".

While the CMS is in early stages of launch, investigation shows that there already exists — without much public knowledge — Lawful Intercept and Monitoring (LIM) systems, which have been deployed by the Centre for Development of Telematics (C-DoT) for monitoring Internet traffic, emails, web-browsing, Skype and any other Internet activity of Indian users.

SECRET MONITORING

While mobile operators deploy their own LIM system, allowing "interception" of calls by the government, only after checking "due authorisation" in compliance with Section 5(2) of the Indian Telegraph Act read with Rule 419(A) of the IT Rules, in the case of the Internet traffic, the LIM is deployed by the government at the international gateways of a handful of large ISPs. The functioning of these secretive surveillance systems is out of reach of these ISPs, under lock and key and complete control of the government.

Following the leak of the Amar Singh tapes, the government had notified safeguards on February 7, 2006 for monitoring Internet traffic titled "Instructions for ensuring privacy of communications", which mandates all ISPs to have "designated nodal officers" for communicating and receiving the "intimations for interceptions". Nodal officers are required to hold meetings with the government to "seek confirmation regarding their (interception orders) authenticity every 15 days". The safeguards include the need for 24x7 availability of "nodal officers", and a procedure for monitoring traffic during "exceptions in emergent cases".

However, in reality, these safeguards stand violated for the most part. This is because a majority of the Indian ISPs neither have the government's LIM system installed nor do they have functional nodal officers — and, as a result, the ISP-level mandatory check for authenticating government's monitoring orders to protect user privacy is absent. In effect, all Internet traffic of any user is open to interception at the international gateway of the bigger ISP from whom the smaller ISPs buy bandwidth.

Even where the LIM exists, the process of seeking authentication by nodal officers exists mostly on paper. Since the government controls the LIMs, it directly sends software commands and sucks out whatever information it needs from the Internet pipe without any intimation or information to anyone, except to those within the government who send the Internet traffic monitoring commands. No ISP confirmed as to whether they had ever received an "authorization" letter for interception or monitoring of Internet content.Further, unlike mobile call interception safeguards, where only a pre-specified, duly authorized mobile number is put under "targeted surveillance", to prohibit misuse, in the case of Internet traffic, the government's monitoring system, which is installed between the ISPs Internet Edge Router (PE) and the core network, has an "always live" link to the entire traffic. The LIM system, in effect, has access to 100% of all Internet activity, with broad surveillance capability, based not just on IP or email addresses, URLs, fttps, https, telenet, or webmail, but even through a broad and blind search across all traffic in the Internet pipe using "key words" and "key phrases".

In practical terms, this would mean that security agencies often launch a search for suspicious words such as "mithai" (sweets) — a code often used by extremist organizations to describe an explosive. However since the monitoring is broad, blind and based on "key word" or "key phrase", the LIM system, using "text search", "check some search", "serial scanning", "wildcard search" software commands, etc., monitors the entire Internet pipe indiscriminately for all traffic of every and any Internet user for as long as it desires, without any oversight of courts and without the knowledge of ISPs.

This monitoring facility is available to nine security agencies including the IB, the RAW and the MHA. It is unclear whether future safeguards promised for CMS exist while monitoring Internet traffic today.

Though it is presumed that the provisions of Rule 419(A) are followed, no one within the government or the ISPs was willing to reveal as to who sends the "intimation for interception", or who checks its authentication and who implements it, especially since the search is made on the basis of "keyword" across all traffic rather than a specified targeted surveillance.

Govt. violates privacy safeguards to secretly monitor Internet traffic - The Hindu

NEW DELHI, August 16, 2013
Updated: August 16, 2013 07:45 IST
Government buying deep surveillance, monitoring equipment
SHALINI SINGH

Amid a raging global debate on privacy versus surveillance, monitoring and use of intrusive technologies by governments, the Directorate of Forensic Sciences in the Ministry of Home Affairs (MHA) is set to purchase a range of equipment and software that will allow it to conduct deep search, surveillance and monitoring of voice calls, SMS, email, video, Internet, chat, browsing and Skype sessions on an unprecedented scale.

The shopping list may help the government counter crime and terrorism but civil liberties advocates worry about the misuse of these technologies against ordinary citizens, especially given the absence of strong privacy protection.

The MHA document of July 12, 2013 also lists software-based tool kits for logical level analysis of GSM and CDMA mobile phones — which will comprehensively cover phones and SIMs used by India's 860 million subscribers across 2G and 3G networks. This will be capable of extracting the phone's basic information and SIM card data, including in your phonebook and contact list, call logs, caller group information, organizer, notes, live and deleted SMSs, web browser artifacts, multimedia and email messages with attachments, multimedia image audio and video files and details of installed applications, their data, traffic and sessions log. It will allow access to iPhone backup analysis, including those which are password protected. Blackberry, considered safe by unsuspecting users, will also be fair game, since it will support Blackberry IPD backup analysis, even when password protected.

MOBILES AND SMS

The specialised hardware on the MHA's list will be able to extract all data, including call logs, phone books, SMS, email messages along with attachments, MMS, calendars, including passwords and location information. It will be able to read SIM cards and extract SIM-card-related information along with all user information on the SIM card, like phone call register and text messages, even if they have been deleted. The software will be capable of data authentication by hashing algorithms, and will even access deleted phone information by recovering or bypassing passwords. Special forensic kits are being brought in for Chinese mobile phones.

BYPASSING PASSWORDS

Hardware forensic imaging devices with the capability to acquire data from live systems and content-based images are being procured. The capabilities also include the ability to search for key words in the suspected media and to acquire data over a network. Essentially, this would mean blind, across-the-board search on mass data rather than a targeted search based on an authorised target phone number, email or IP address.

The MHA is also set to acquire software for forensic previewing, for analysis of digital media and smartphones. This can acquire date from various types of storage media including in multi-sessions. It can support Windows, Unix, Linux, Sun, Solaris, Macintosh, Apple's iOS, Android, Blackberry, HP's palm OS, Nokia Symbian, Windows Mobile OS, etc. The software will be capable of decrypting volumes, folders and files of suspected media including that which is subject to various types of encryption — including 32 and 64-bit systems.

Software is also being ordered for previewing, image mounting, password cracking and forensic analysis of digital media. This would allow recovering folders, expanding compounded files, saved email data bases, extracting artifacts, time line analysis, and registry log analysis. It will allow the government to auto-detect passwords of protected files and their decryption across a range of encryptions.

The new forensic tool will automatically check for disk encryption, including Truecrypt, PGP, Bitlock and Safeboot. This forensic tool will be capable of collecting and recovering artifacts from live and off-line systems when using cloud artifacts like Dropbox, Carbonite, Skydrive, Googledocs, Google Drive and Flickr. It will link into, and extract data out of, users' social networking pages like Facebook, Twitter, Bebo Chat, Myspace Chat, Google+ and Linkedin. Similarly, webmail applications like Gmail, Yahoo, Hotmail and instant messenger chat can be targeted through this kit. Instant messenger chat like GoogleTalk chat, Yahoo chat, MSN/Windows Live Messenger, AOL, Skype, ICQ, World of War Craft, Second Life and Trillian, will all be open to collection of artifacts, whether live or offline. The system will also accurately target web browser activity on Internet Explorer, Firefox, Google Chrome, Apple Safari, Opera, Google Maps, etc.

The MHA is one of the nine authorised departments, along with IB and RAW, which is allowed to order surveillance and monitoring of citizens under the Indian law. It has been in the news for being closely involved in the implementation of a nationwide Central Monitoring System covering mobile and Internet users.

Government buying deep surveillance, monitoring equipment - The Hindu

NEW DELHI, June 21, 2013
Updated: June 21, 2013 16:14 IST
India's surveillance project may be as lethal as PRISM
SHALINI SINGH

Project documents relating to the new Centralized Monitoring System (CMS) reveal the government's lethal and all-encompassing surveillance capabilities, which, without the assurance of a matching legal and procedural framework to protect privacy, threaten to be as intrusive as the U.S. government's controversial PRISM project.

These capabilities are being built even as a debate rages on the extent to which the privacy of Indian Internet and social media users was compromised by the PRISM project. A PIL petition on the subject has already been admitted by the Supreme Court.

The documents in the possession of The Hindu indicate that the CMS project now has a budgeted commitment nearly double that of the Rs. 400-crore estimate that senior officials mentioned in a recent briefing to the media. Once implemented, the CMS will enhance the government's surveillance and interception capabilities far beyond 'meta-data,' data mining, and the original expectation of "instant" and secure interception of phone conversations.

The CMS will have unfettered access to the existing Lawful Interception Systems (LIS), currently installed in the network of every fixed and mobile operator, ISP, and International Long Distance service provider. Mobile and long distance operators, who were required to ensure interception only after they were in receipt of the "authorisation," will no longer be in the picture. With CMS, all authorisations remain secret within government departments.

This means that government agencies can access in real time any mobile and fixed line phone conversation, SMS, fax, web-site visit, social media usage, Internet search and email, including partially written emails in draft folders, of "targeted numbers." This is because, contrary to the impression that the CMS was replacing the existing surveillance equipment deployed by mobile operators and ISPs, it would actually combine the strength of two — expanding the CMS's forensic capabilities multiple times.

Even where data mining and 'meta-data' access through call data records (CDRs) and session initiation protocol data records (SDRs) — used for Internet protocol-related communications including video conferencing, streaming multi-media, instant messaging, presence information, file transfer, video games and voice & fax over IP is concerned — the CMS will have unmatched capabilities of deep search surveillance and monitoring. The CMS is designed to have access to call content (CC) on multiple E1 leased lines through operators 'billing/ mediation servers'. These servers will reveal user information to the accuracy of milliseconds, relating to call duration, identification and call history of those under surveillance. Additionally, it will disclose mobile numbers and email IDs, including pinpointing the target's physical location by revealing cellphone tower information.

Nationwide surveillance

The Hindu's investigation has also unveiled the mystery relating to the CMS's national rollout. Contrary to reports about it being active nationwide, only Delhi and Haryana have tested "proof of concept" (POC) successfully. Kerala, Karnataka and Kolkata are the next three destinations for CMS's implementation. Till 2015, two surveillance and interception systems will run in parallel — the existing State-wise, 200-odd Lawful Intercept and Monitoring (LIM) Systems, set up by 7 to 8 mobile operators in each of the 22 circles, plus the multiple ISP and international gateways — alongside the national rollout of CMS. The aim is to cover approximately one dozen States by the end of 2013-14.

On November 26, 2009, the government told Parliament that CMS's implementation would overcome "the existing system's secrecy which can be easily compromised due to manual interventions at many stages." In January 2012, the government had admitted to intercepting over 1 lakh phones and communication devices over a year, at a rate of 7,500–9,000 per month.

Privacy vs. security

Currently two government spy agencies — the Intelligence Bureau (IB), and the Research and Analysis Wing (RAW) — plus seven others, including the Central Bureau of Investigation (CBI), the Narcotics Control Bureau, DRI, National Intelligence Agency, CBDT (tax authority), Military Intelligence of Assam and JK and Home Ministry — are authorised to intercept and monitor citizens' calls and emails, under the guidelines laid down by the Supreme Court, The Indian Telegraph Act 1985, Rule 419(A) and other related legislation.

India's surveillance project may be as lethal as PRISM - The Hindu

Read more:-
Lethal surveillance versus privacy - The Hindu
In the dark about 'India's Prism' - The Hindu
Centre can directly access your phone chat soon - The Hindu