S
sTrOnTiaBOnd
http://cis-india.org/internet-governance/blog/data-retention-in-india
RTI Request to BSNL and MTNLOn September 10, 2012, the Centre for Internet and Society sent an RTI to MTNL and BSNL with the following questions related to the respective data retention practices:
[*]Does MTNL/BSNL store the following information/data:
[*]Text message detail (To and from cell numbers, timestamps)
[*]Text message content (The text and/or data content of the SMS or MMS)
[*]Call detail records (Inbound and outbound phone numbers, call duration)
[*]Bill copies for postpaid and recharge/top-up billing details for prepaid
[*]Location data (Based on cell tower, GPS, Wi-Fi hotspots or any combination thereof)
[/list][*]If it does store data then
[*]For what period does MTNL/BSNL store: SMS and MMS messages, cellular and mobile data, customer data?
[*]What procedures for retention does MTNL/BSNL have for: SMS and MMS messages, cellular and mobile data, and customer data?
[*]What procedures for deletion of: SMS and MMS messages, cellular and mobile data, and customer data?
[*]What security procedures are in place for SMS and MMS messages, cellular and mobile data, and customer data?
[/list] BSNL ResponseBSNL replied by stating that it stores at least three types of information including:
[*]IP session information - connection start end time, bytes in and out (three years offline)
[*]MAC address of the modem/router/device (three years offline)
[*]Bill copies for post paid and recharge/top up billing details for prepaid. Billing information of post paid Broadband are available in CDR system under ITPC, prepaid voucher details (last six months).
[/list] MTNL ResponseMTNL replied by stating that it stores at least () types of information including:
[*]Text message details (to and from cell number, timestamps) in the form of CDRs (one year)
[*]Call detail records including inbound and outbound phone numbers and call duration (one year)
[*]Bill copies from postpaid (one year)
[*]Recharge details for prepaid (three months)
[*]Location of the mobile number if it has used the MTNL GSM/3GCDMA network (one year)
[/list]It is interesting that BSNL stores information that is beyond the required time period required in both the ISP and the UASL licenses. The responses to the RTI showed that each service provider also stores different types of information. This could or could not be the actual case, as each question could have been interpreted differently by the responding officer.
ConclusionThe responses to the RTI from BSNL and MTNL are a step towards understanding data retention practices in India, but there are still many aspects about data retention in India which are unclear including:
[*]What constitutes a ‘commercial record’ which must be stored for one year by service providers?
[*]How much data is retained by service providers on an annual basis?
[*]What is the cost involved in retaining data? For the service provider? For the public?
[*]How frequently is retained information accessed by law enforcement? What percentage of the data is accessed by law enforcement?
[*]How many criminal and civil cases rely on retained data?
[*]What is the authorization process for access to retained records? Are these standards for access the same for all types of retained data?
[/list]Having answers to these questions would be useful for determining if the Indian data retention regime is proportional and effective. It would also be useful in determining if it would be meaningful to maintain a regime of data retention or switch over to a more targeted regime of data preservation.
Though it can be simple to say that a regime of data preservation is the most optimal choice as it gives the individual the greatest amount of immediate privacy protection,
http://cis-india.org/internet-governance/blog/data-retention-in-india
admin ji you shoud better dump bsnl
RTI Request to BSNL and MTNLOn September 10, 2012, the Centre for Internet and Society sent an RTI to MTNL and BSNL with the following questions related to the respective data retention practices:
[*]Does MTNL/BSNL store the following information/data:
[*]Text message detail (To and from cell numbers, timestamps)
[*]Text message content (The text and/or data content of the SMS or MMS)
[*]Call detail records (Inbound and outbound phone numbers, call duration)
[*]Bill copies for postpaid and recharge/top-up billing details for prepaid
[*]Location data (Based on cell tower, GPS, Wi-Fi hotspots or any combination thereof)
[/list][*]If it does store data then
[*]For what period does MTNL/BSNL store: SMS and MMS messages, cellular and mobile data, customer data?
[*]What procedures for retention does MTNL/BSNL have for: SMS and MMS messages, cellular and mobile data, and customer data?
[*]What procedures for deletion of: SMS and MMS messages, cellular and mobile data, and customer data?
[*]What security procedures are in place for SMS and MMS messages, cellular and mobile data, and customer data?
[/list] BSNL ResponseBSNL replied by stating that it stores at least three types of information including:
[*]IP session information - connection start end time, bytes in and out (three years offline)
[*]MAC address of the modem/router/device (three years offline)
[*]Bill copies for post paid and recharge/top up billing details for prepaid. Billing information of post paid Broadband are available in CDR system under ITPC, prepaid voucher details (last six months).
[/list] MTNL ResponseMTNL replied by stating that it stores at least () types of information including:
[*]Text message details (to and from cell number, timestamps) in the form of CDRs (one year)
[*]Call detail records including inbound and outbound phone numbers and call duration (one year)
[*]Bill copies from postpaid (one year)
[*]Recharge details for prepaid (three months)
[*]Location of the mobile number if it has used the MTNL GSM/3GCDMA network (one year)
[/list]It is interesting that BSNL stores information that is beyond the required time period required in both the ISP and the UASL licenses. The responses to the RTI showed that each service provider also stores different types of information. This could or could not be the actual case, as each question could have been interpreted differently by the responding officer.
ConclusionThe responses to the RTI from BSNL and MTNL are a step towards understanding data retention practices in India, but there are still many aspects about data retention in India which are unclear including:
[*]What constitutes a ‘commercial record’ which must be stored for one year by service providers?
[*]How much data is retained by service providers on an annual basis?
[*]What is the cost involved in retaining data? For the service provider? For the public?
[*]How frequently is retained information accessed by law enforcement? What percentage of the data is accessed by law enforcement?
[*]How many criminal and civil cases rely on retained data?
[*]What is the authorization process for access to retained records? Are these standards for access the same for all types of retained data?
[/list]Having answers to these questions would be useful for determining if the Indian data retention regime is proportional and effective. It would also be useful in determining if it would be meaningful to maintain a regime of data retention or switch over to a more targeted regime of data preservation.
Though it can be simple to say that a regime of data preservation is the most optimal choice as it gives the individual the greatest amount of immediate privacy protection,
http://cis-india.org/internet-governance/blog/data-retention-in-india
admin ji you shoud better dump bsnl
