Telecom carriers have called on the government to bring over-the-top (OTT) communication platforms such as WhatsApp, Signal, Telegram amongst others within the ambit of India’s cybersecurity and related regulatory rules — that now apply to telcos —- to combat the menace of spam/scam calls and messages.

“Cybersecurity measures need to be reinforced with clear outlines, which is to free people of unwanted spam/fraud calls and messages to the maximum extent possible. It may be judicious that similar cybersecurity and regulatory rules govern all necessary players such as TSPs or OTT Communication Applications. This can be the only way to provide relief,” S P Kochhar, director general, Cellular Operators Association of India (COAI), said in an official statement Tuesday.

The COAI represents Reliance Jio, Bharti Airtel and Vodafone Idea (Vi).

The telecom industry association also cautioned that the nuisance of spam and scam calls/messages could go unchecked if an OTT app used in a particular mobile number is utilised in a different handset. This, it said, happens as online fraudsters, typically, take advantage of the fact that an OTT communications app and the SIM (read: mobile connection) are not closely linked.

“A TSP is fully responsible, and can provide all legal assistance if a (mobile) number is issued by it to a subscriber. But there could be instances where an OTT communications app used on the same number, may be utilised in another handset of the user, and carried beyond the limits of a city/state, and may be used for illegal purposes,” said COAI’s Kochhar.

In such a scenario, he said, the number can only be traced to the city where the mobile phone is residing, but there is no way to trace activities of the OTT app which was initially issued on a (specific) mobile number, but is now running on a separate handset. “This happens because the (OTT) app and the SIM are not tightly bound together even after installation of the OTT app,” said the COAI director general.

Kochhar also flagged fraud-related worries around the issue of `steganography’ or the practice of concealing messages/information/images within other messages. “This is another issue which requires attention, as it makes the presence of the hidden message difficult to detect, encouraging fraud.”

The COAI added that steganography, typically, allows potential cyber-attackers to embed malicious code or scripts within seemingly harmless files, such as images or documents, to infect systems. “This is a serious issue which needs to be looked at.”

In recent months, telcos have repeatedly demanded that OTT platforms as well as business entities such as banks, financial institutions and telemarketers be held accountable for spam communications. According to them, this is since large amounts of commercial traffic have now shifted to OTTs platforms, and if the latter are kept outside the purview of regulations, spam and scam calls/messages cannot be reined in as the IT Act does not include issues around combating these problems.

Telcos have previously said that mere strengthening of the Telecom Commercial Communications Customer Preference Regulations (TCCCPR) by the sector regulator to curb unsolicited commercial communications (UCC) or spam calls/messages won’t be enough when significant volumes of such traffic is getting delivered via OTTs platforms.