Skip to Content

Cybersecurity & Standards, Government Surveillance, Privacy & Data

India Looks at Regulating Internet Communications

For the last few years, the Telecom Regulatory Authority of India (TRAI) has been revisiting and updating its policies to reflect the new paradigm the internet has created for telecommunications networks and the ways people use them. In an effort to wrap up some unresolved issues from a 2015 consultation regarding “over-the-top” or “OTT” services, which are basically everything one can access over the internet, the TRAI is now addressing its regulatory stance on OTT services that are “the same as or similar to” communication services provided by traditional telecommunication service providers (TSPs) such as voice calling and messaging services.This is interesting because it presents the possibility of extending regulatory obligations to providers of online communications services in one of the world’s largest markets for those services. We commend the TRAI for tackling these issues head-on and hope it will be careful not to draw regulatory parallels between TSPs and OTT providers that inaccurately reflect the nature of the services and the reasons for regulation.

In the consultation, the TRAI asked what specific services should be considered, whether a decision to include certain services should be based on their “substitutability” for TSPs’ communication services, whether there is regulatory imbalance between TSPs and OTT providers and how to address it, as well as what kinds of regulations might be applied to OTT communication services. CDT submitted brief comments in response to the TRAI’s questions to illustrate the distinctions between TSPs and OTT providers and the reasons for regulating their services.

Although they are sometimes marketed together, TSPs offer two different kinds of service: one to transmit information across their networks and another that allows person-to-person communication dependent on the underlying network transmission. In other words, TSPs offer their own OTT communication services. They just happen to also own and operate the network transmission facilities that they and other OTT providers use to provide those communication services. CDT’s comments suggest that the TRAI should consider the TSPs’ transmission and OTT services independently to avoid conflating the purposes of regulating the former with those of the latter.

At least in part, this consultation came about because TSPs voiced concerns that OTT services had an unfair advantage due to fewer regulatory obligations and that the TSPs were losing potential revenue to competing OTT service providers offering VoIP (voice over IP) and messaging services. The TSPs warned that competition in the communications market would cause them to be less interested in building or improving networks because of the business lost to OTT services. But TSPs have already begun to adjust their business models to account for the shift away from traditional communication services towards more data transmission as a way to monetize their networks. From this perspective, TSPs should benefit from consumers’ increased use of OTT services because each requires data transmission. We point to the entry of Reliance Jio, India’s newest telecom provider, as evidence of the health of the current market. Even further, there is room for growth; fewer than a third of the population currently subscribes to an internet connection, which means there are still hundreds of millions of potential customers.

The TRAI’s approach of attempting to identify OTT services that are the same as (or are substitutes for) TSPs’ services presents a moving target, requiring constant reassessment as our uses of OTT communication services evolve and new services develop. Instead, the TRAI could describe in more detail the functions of the services it wishes to consider and the purposes for regulating them. When separated from the network operation and data transmission elements, the TRAI can more accurately address the purposes for regulating communication services and apply any necessary controls equally to all providers.

For example, many of the regulations to which TSPs are subject relate to their roles as network operators, such as interconnection obligations, and are simply not applicable to provider of OTT services who have no physical networks. Other obligations stem from TSPs’ potential monopoly positions as the sole provider of an essential service (formerly, traditional telephone service, now, network connectivity). But the market for OTT communication services is not so limited, nor are users as likely to depend on a single OTT provider. They have choices, and switching providers, whether because of poor service, price, or other reasons, is relatively easy.

One especially troubling obligation the TRAI asked about is a requirement imposed on TSPs to interconnect their networks with national “interception” points, which serve as centralized wiretap locations. That this obligation is imposed on network operators is problematic; extending the same obligation to OTT providers even more so. Although the TRAI did not propose exactly how an obligation to interconnect with these centers could be applied to OTT providers (whose traffic already flows through them), the regulatory language suggests that encrypted OTT services, like WhatsApp, Signal, or iMessage, would either need to provide a “backdoor” for government interception, or would simply be barred entirely.

Both options are undesirable and (we hope) unlikely. On top of the privacy and due process concerns associated with government wiretapping, encryption backdoors create inherent security vulnerabilities. Doors need keys, which can be misused or stolen, potentially exposing the private communications of millions to more than just government eavesdroppers. It seems unlikely that India would ban encrypted communications or mandate backdoors, but… Australia already has. Signal, whose code is open-source, has explained why it cannot build in a government interception point and why a country-wide ban is likely to fail.

As the world’s largest democracy, with half a billion internet users (and counting), India will play an increasingly influential role in the development, use, and regulation of communication networks and technologies. The policies it adopts now will shape the lives of billions and could impact not only its own relationship with online services, but the services themselves. It is unclear when the TRAI will issue its recommendations from this consultation, but CDT will continue following India’s policy moves with interest. Stay tuned!