The government should amend legal assistance treaties signed with foreign countries to facilitate lawful interception of data available on cloud computers, telecom regulator TRAI recommended on Wednesday.
In its recommendation on framework for cloud services in India, the Telecom Regulatory Authority of India (TRAI) has suggested the government to consider to enact an overarching and comprehensive data protection law covering all sectors for the cloud services.
The cloud computing services help a user access hardware and software without buying them. A user can store data by paying just access fee.
Email, social media, banking etc websites accessed by people using Internet is an example of cloud service where service of a company is used but all the data is saved remotely in a data centre.
The Department of Telecom on December 31 2012 had sought views of TRAI on framework for cloud computing covering aspects of security, quality of service, interoperability, incentives, legal framework etc.
India has signed Mutual Legal Assistance Treaties (MLATs) with some countries which are intended to facilitate gathering of evidence located offshore.
TRAI said that the country should consider negotiating new MLATs with countries where cloud data is usually hosted and modify to ease process of investigation.
“Existing MLATs should be amended to include provisions for lawful interception or access to data on the cloud,” TRAI recommended.
The regulator has recommended that government should frame rules for registering cloud service providers in India and they should be part of a not-for-profit industry body. The industry body should lay down code of conduct for operating in India based of best practices followed globally and rules issued by government time-to-time.
“DoT may keep close watch on the functioning of industry body and investigate functioning of the body to ensure transparency and fair treatment to all its members,” TRAI recommended.
Over this, the regulator has suggested formation of a Cloud Service Advisory Group (CSAG) to function as oversight body to periodically review the progress of cloud services and suggest the government actions required to be taken.
“DoT may also withdraw or cancel registration of industry body, in case it finds the instances of breach or non-compliance of the directions/ orders issued by it, from time to time or non adherence to code of practices notified by it,” TRAI suggested.
The regulator has said that it will frame rules for registration of industry body, eligibility, entry fee, period of registration, and governance structure once its recommendations issued today are accepted by the government in principle.