The Department of Telecommunications (DoT) has amended the Unified License Agreement asking telecom and Internet service providers as well as all other telecom licensees to maintain commercial and call detail records for at least two years, instead of the current one-year practice. The additional time, sources said, was based on requests from multiple security agencies.
Through a notification, the DoT has said all call detail record, exchange detail record, and IP detail record of communications “exchanged” on a network must be archived for two years or until specified by the government for “scrutiny” for security reasons. Internet service providers will also have to maintain details of “internet telephony” in addition to the usual IP detail record for a period of two years, the notification said.
“It is a procedural order. Many security agencies pointed out to us that they needed data even after a year since most investigations take more than that to be completed. We had a meeting with all service providers who agreed to keep the data for the extended period,” a senior DoT official said.
Under Clause No. 39.20 of the licence agreement that the DoT has with the operators, the latter have to preserve records including CDRs and IP detail records (IPDR), for at least one year for scrutiny by the Licensor (which is DoT) for “security reasons,” and the Licensor “may issue directions/instructions from time to time” with respect to these records.
The licence condition also goes on to mandate that CDRs be provided by mobile companies to law-enforcement agencies and to various courts upon their specific requests or directions, for which there is a laid-down protocol.
Senior executives from telecom and Internet service providers said that even though the government asks companies to keep these details for at least 12 months, the norm is to keep it for up to 18 months.
“Whenever we destroy such details, we notify the liaison office or the officer of the time period for which the data is being wiped. If any additional requests come to us through proper legal channels, we keep that data. But then everything else is removed within the next 45 days,” an executive at a telecom service provider said.