The government should not include the misuse of telecommunication services and identifiers within the scope of the Telecom Cybersecurity rules, Reliance Jio had said in its comments to the Department of Telecommunications (DoT). MediaNama had filed an RTI seeking comments the government received on draft rules in 2024, but the government only sent a response in August this year, much after it finalised the rules.
“Any rules framed under Section 22(1) and Section 56(2)(v) [of the Telecommunication Act, 2023] must be strictly limited to the protection and cybersecurity of telecommunication networks and telecommunication services as defined by the Act,” Jio argued. For context, both Section 22(1) and Section 56(2)(v) of the Act give the government powers to make rules to protect telecom cybersecurity. Jio noted that the draft rules, which sought to prevent misuse of telecom services (such as fraud, impersonation, or cheating), went beyond the legislative scope of the Act by addressing broader issues.
The draft rules had stated that telcos must establish security operations centres (SOCs), either independently or in collaboration with each other, within a specified time period to monitor telecom cybersecurity incidents, attempts, and misuse of telecom services/networks. Jio explained that the concept of telecom service misuse includes information at the application layer, which is beyond the control of the telecom service provider. “Any requirement to be fulfilled by the SOC must be based on technical feasibility. This will ensure that TSPs (telecom service providers) are not held responsible for incidents that cannot be monitored or controlled by them,” Jio argued.
How did the government address this concern?
The government exempted SOCs from the responsibility of monitoring telecom service misuse under the notified rules. However, the DoT has since clarified that these rules serve as an overarching framework for telecom cybersecurity, covering telecom service providers as well as users misusing telecom resources (e.g., for digital fraud or other unlawful activities).
Further, the government addressed the technical feasibility issue in a draft amendment to the notified rules this year. These amendments introduce a new entity category within the scope of the rules called Telecom Identifier User Entities (TIUEs). These TIUEs will have to collect and share telecom identifier data with the central government, and the government may also require them to validate telecom identifiers using a government-run Mobile Number Validation (MNV) Platform. Through this amendment, the government appears to be shifting responsibility from telcos to TIUEs.
Other significant comments on the draft rules:
Don’t include spam within the scope of rules:
The draft rules stated that the DoT can take action against anyone who uses telecom services for purposes contrary to any provision of law in force. Airtel, in its comments, argued…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
