Counter-comments on the Consultation Paper on the Introduction of Calling Name Presentation (CNAP) in telecommunication networks

To,

Shri Akhilesh Kumar Trivedi,

Advisor (Networks, Spectrum and Licensing),

Telecom Regulatory Authority of India

Date: January 31, 2023

SUB: Our counter-comments on the consultation paper on the introduction of Calling Name Presentation (CNAP) in telecommunication networks

Dear sir,

Greetings from DeepStrat, a New Delhi-based think tank and strategic consultancy. 

We commend TRAI for the release of a comprehensive and insightful consultation paper on the introduction of CNAP in telecommunication networks. We believe that the paper raises many important issues, some of which also impinge on our constitutionally-mandated fundamental rights, and serves as the starting point of an important discussion. We also appreciate the transparent consultation approach adopted by TRAI, which has been greatly useful in shaping an informed discourse on the issue.

Our counter-comments are focussed on three key issues:

1. Privacy implications of introducing CNAP
2. Issues with using Customer Acquisition Forms (CAFs) for the purpose of CNAP
3. Infrastructural Challenges in enabling CNAP

We will be grateful if you could acknowledge our counter-comments and also consider them in the consultation process that follows.

Yours sincerely,

Shachi Solanki

Programme Manager

DeepStrat | StratDeep Pvt. Ltd.

1. Privacy implications of introducing CNAP

While there is a need to address the issue of increased spam calls, fraudulent calls, etc, our stance is that introducing CNAP supplementary services is currently not a viable or desirable  solution. It can only begin to be considered once comprehensive privacy laws are in place in India. 

The Hon’ble Supreme Court of India in the case of Justice K. S. Puttaswamy v. Union of India (2017) [Justice K. S. Puttaswamy v. Union of India, (2017) 10 SCC 1, AIR 2017 SC 4161] has declared privacy to be a fundamental right under Part III of the Constitution. The Court also ruled that the grounds for restricting the right to privacy have to meet the three-fold test of legality, necessity and proportionality. 

The objectives for deliberating on CNAP are to address the concerns of telecom users with respect to unsolicited commercial calls from unregistered telemarketers, robocalls, spam calls, fraudulent calls and spoofing.  CNAP, however, will mandate disclosure of personal information of all end users, regardless of whether they are legitimate users or otherwise.  While there is a necessity, there is no reasonable nexus between the objective and the means for achieving it. Therefore, in our view, the proposed solution and the harm it poses, are completely disproportionate and thus fails the Supreme Court’s threshold for restricting the right to privacy. 

We raise the following concerns to support this stance:

• CNAP would enable the end user to receive the calling name information of the calling party and then make an informed decision about whether to accept the call. In order to achieve accuracy in identifying all callers, everyone must be included in a CNAP database. Until a privacy law is in place, this goal is not possible without the caller’s personal information being at risk. This risk has also been highlighted by the telecom service providers in their submission on the proposal.
• Storing a user’s personal information in any database and then disclosing it through a caller id has privacy implications. Further, given the technical complexity of creating such a database, the feasibility of introducing this solution remains impractical. Included in the technical complexity will be the transfer of data between TSPs. This complexity is not proportional to the privacy concerns inherent in the flow of data between different entities. 
• While our recommendation is that CNAP services should not be considered at this time, if they were to be considered once a privacy law is in place, acquiring user consent should form the basis of sharing their personal data. The only way to achieve this would be to implement CNAP as an Opt-in process. However, then those numbers who are calling as fraudsters/scammers can simply choose to remain anonymous. The problem CNAP is trying to solve in the first place will still exist.

2. Issues with using Customer Acquisition Forms (CAFs) for the purpose of CNAP 

2.1 Legal issues

• The Hon’ble Supreme Court of India in the case of Justice K. S. Puttaswamy v. Union of India (2017) had ruled that the grounds for restricting the right to privacy have to meet the three-fold test of legality, necessity and proportionality. CAFs which collect the personal information of all end users do not take their explicit consent to disclose the same information on caller id. In the absence of a robust privacy regime, this will be a disproportionate measure for addressing the stated objective.
• Using the information provided in CAFs for the purposes of CNAP also misses the threshold of reasonable expectation of users that this information may be used for displaying their names. An individual may not want to use their names given in the CAFs due to various societal and personal reasons. The Supreme Court has held that the right to privacy includes decisions, choices, information and freedom. Linkage of CAFs with CNAP will strip the users of their right to decide and exercise free choice.

 2.2 Practical issues

• At present, TSPs use Customer Acquisition Forms (CAFs) to acquire subscribers. The Consultation Paper discusses the two categories of telephone subscribers, which are both subject to different documentary requirements for CAFs. Individual subscribers need to submit Proof of Identity (PoI) and Proof of Address (PoA) documents with the CAF. The bulk subscribers need to submit a PoA of the entity and PoI of the authorised signatory. Since in the latter case PoI of only the authorised signatory and not the end users is collected, the CAF information for end users under bulk subscribers might be inadequate and at times, inaccurate.
• The current rules allow for one individual to purchase up to nine sim cards by submitting their documentary proofs of identity and address. The end users of these sim cards may be different from the individual who obtained them by giving the PoI and PoA. This can happen in cases of joint Hindu family businesses, or dependents who use their guardian’s sim cards, or in the cases of women whose sim cards are linked to a male family member, etc. In such cases the CAF information may not represent the accurate identity of the end user. This would not solve the problems envisaged in the consultation paper.

2.3 Failure of the KYC process

• At present, the CAF and KYC verification are the basis for acquiring sim cards. Our study has revealed that unlawful actors often have poor or incorrect KYC details. There are multiple stakeholders who seek KYC but there is no standardisation of the KYC data, resulting in multiple KYCs. So a person may have signed up with different details for different KYCs collected by stakeholders.
• Apart from the discrepancies in KYC data, the law enforcement agencies also face numerous problems in investigation through KYCs due to various reasons. There are often long chains of KYCs. For instance, when a person using an identity proof issued in Tamil Nadu, purchases a SIM card in Jharkhand, moves to Rajasthan and uses it to target a victim in Maharashtra. This leads to multiple jurisdictions and conflicting KYCs for LEA investigators.
• The track down mechanism of the police through Base Tower Location depends on KYC. Investigators often find it to be inadequate to track them down and are unable to effectively rely on S. 102 of the CrPC because of KYC norms not being enforced strictly.
• We, therefore, believe that the KYC verification for obtaining sim cards is not the most accurate and robust process. It has been shown to result in inaccurate or inadequate data, and is insufficient to help investigators in tracking down offenders.

3. Infrastructural Challenges in enabling CNAP

In the consultation paper [Consultation Paper on Introduction of Calling Name Presentation (CNAP) in Telecommunication Networks, Telecom Regulatory Authority of India, 29/11/2022], TRAI points out that there are already concerns about enabling CNAP on different types of phone networks. For example, some legacy wireless networks may require an upgrade to support the CNAP service. The feasibility of implementing the CNAP feature within today’s increasingly complex software ecosystem is a major cause of concern. The CNAP database has to be accessible to all service providers, across both landline and wireless networks. This will require a large amount of cooperation and work between TSPs that we do not deem worth the aforementioned security risks. 

Telecom Service Providers have highlighted the concern that features phones and smart feature phones do not support the CNAP feature and a large segment of smart phones will need an intervention at the OEM level to enable the feature. BSNL, amongst others, has pointed out that all landline telephones in service may not have this feature, making it challenging for legacy networks to implement the feature. As of October 31, 2022 there are around 1143 million wireless and 26 million wireline telecom subscribers in India. Differential availability of CNAP will not solve the problem that this paper seeks to address.

If the CNAP feature were to be enabled across more than 1170 million telecom subscribers, setting up the architecture for it would come at a huge cost.  The CNAP feature will also increase call set-up time and impact latency, leading to customer dissatisfaction. We, therefore, agree with the industry submission that a Regulatory Impact Assessment should be carried first and should form the basis for considering the feasibility of adopting this proposal.