Businesses in a quandary as India battles mobile spam

The Telecom Regulatory Authority of India (TRAI) has initiated a major crackdown on spam and malicious messages sent via SMS services. Under the new regulations, businesses are required to whitelist any official links sent through SMS, ensuring better traceability of content being sent from telemarketers to users.

While this move is a positive step towards safeguarding India’s digital economy by curbing Unsolicited Commercial Communications (UCC), it poses a potential problem: legitimate SMS communications could be disrupted. The core issue lies in whether businesses such as e-commerce firms and banks have registered all their communication channels and whitelisted every link typically used for user interactions. This creates a complex scenario, potentially affecting both businesses and users.

TRAI has mandated that the entire messaging trail between a commercial telemarketer and a recipient must be transparent and traceable.

The TRAI crackdown

It is important to understand what the TRAI crackdown entails. Starting in November, TRAI seeks to bring in traceability of communications delivered through SMS messaging in a series of measures. The reason for this is the rising number of spam and scam messages sent to all users, leading to a massive rise in bank fraud and theft of money through digital interfaces.

To begin with, TRAI said in August that telemarketers who contact users through commercial communication lines starting with ‘140’ must compulsorily shift to digital ledgers and blockchain platforms—the first step towards ensuring accountability and traceability. The shift must be completed by 30 September by the commercial operators themselves so that they can continue their user communications services.

However, crackdowns will begin before this—the TRAI directive further said that as part of its first steps, starting 1 September, any business messaging that contains links that have not been previously white-listed with telecom operators or include executable files that can lead to any app being installed on Android smartphones (Apple’s iOS does not allow external download links) will be suspended. Further, messages containing call-back numbers will also be prohibited.

As part of the second phase of this enforcement, TRAI has mandated to telecom operators that the entire trail of messaging between a commercial telemarketer and a recipient must be transparent and traceable, starting 1 November. Once this is enforced, any message that fails to comply with the three points mentioned above—traceability, white-listed links and digitally ledgered—will be rejected. Telecom operators, including state-owned BSNL and the private troika of Bharti Airtel, Reliance Jio and Vodafone Idea, must enforce the mandatory blocking of unsanctioned conversation attempts between unauthorised or non-compliant sources.

On this note, the preventive measures enforced by TRAI include a cautionary suspension of messaging service from any party not authorised based on the above clauses. Repeat offenders will eventually be blacklisted and, therefore, completely banned from communicating with users.

Media reports indicate that in case of messaging suspensions, suspended telemarketers must file a First Information Report within two business days of suspension. If this is not received, telcos must file a formal complaint against the marketer to the Centre, following which all communication attempts made by the corresponding marketer will be suspended indefinitely.

The crackdown will not apply to Internet-connected Over-the-Top (OTT) digital messaging platforms like WhatsApp for Business.

The initiative is designed to crack down on spam and scam messaging, which should benefit most users. To ensure uniformity in legitimate messaging, TRAI has also recommended a prescribed guideline for official communications or a template that marketers can follow.

TRAI has also started reviewing existing user protection guidelines in the telecom domain, with a review of 2018’s Telecom Commercial Communications Customer Preference Regulations (TCCCPR) currently underway, as per media reports. The regulatory body is currently seeking industry feedback and stakeholder comments on enforcing a cap to commercial messaging between a marketer and a user and establishing a varying tariff regime for the sake of businesses. A higher fine, amounting to Rs 50 lakh per month per circle for each telecom operator found erring of noncompliance, is also being discussed.

What this means for users

This simplified crackdown means businesses will need a more streamlined messaging regime. There could be some disruption to ensure compliance, as every bank, government service, healthcare provider, e-commerce firm, and any other legitimate operation may need some time to comb through each point of compliance and subsequently apply the same to their messaging operations.

For users, this may eventually mean fewer SMS messages from businesses every day. This can be largely beneficial, and the knowledge of a usage template for business messaging on SMS implies that users may also be able to distinguish a spam message from a legitimate one. This will eventually benefit all parties involved.

Businesses such as e-commerce firms and banks must register all their communication channels and whitelist links used for interactions.

However, it is important to note that the crackdown will be implemented only on SMS messaging, not business messaging on Internet-connected over-the-top (OTT) digital messaging, such as WhatsApp for Business. With the proliferation of the Internet and the increase in digital messaging as part of everyday lives, business messaging has shifted considerably to WhatsApp, and even government services today offer WhatsApp communications as a key user offering.

Currently, this space remains largely unregulated, leaving users unprotected from spam and scams that could be directed at them through such platforms. While certain checks and balances exist, such as the need for a user to register as a business and fill out key forms, ample workarounds enable businesses to bypass safety filters on OTT communications platforms such as WhatsApp.

Operationally, too, this could not be very easy. WhatsApp, for instance, offers end-to-end encryption as part of a key offering of its suite and has consistently argued around the world that enforcing a loophole in an encrypted messaging service could expose it to various breaches and malicious use cases—as a result, it cannot make an exception for one.

This leaves users potentially at risk of spam and scam messaging on WhatsApp, even as TRAI looks to clean up the SMS messaging domain. Going forward, it remains to be seen if regulatory intervention also comes to OTT messaging. However, this leaves another domain open for debate: whether traditional and Internet-connected messaging services must be considered under a unified regulatory approach.

By Vernika Awal

feedbackvnd@cybermedia.co.in