On 29th May, 2018, the Telecom Regulatory Authority of India (“TRAI”) released the draft Telecom Commercial Communication Customer Preference Regulations, 2018 (“Regulations”), aimed to curb the problem of unsolicited commercial communication, or spam, for telecom subscribers. As stated in the accompanying press release, TRAI has chosen to adopt Distributed Ledger Technology (also known as “blockchain”) as the “RegTech” for the Regulations. As per TRAI, this appears to be the first instance of blockchain technology being used at such scale in the telecom sector.[1] Here is a guide to understanding the Regulations:
I. Background:
On 14th September 2017, TRAI issued a consultation paper on Unsolicited Commercial Communication (“Consultation Paper”), inviting stakeholders to send in their comments and assist the TRAI in improving upon the Telecom Commercial Communication Customer Preference Regulations, 2010 (“2010 Regulations”). Under the 2010 Regulations, TRAI had established a Do Not Disturb (“DND”) registry which allowed subscribers to register themselves to record their preferences in order to block calls and messages from telemarketers. However, this had failed to definitively curb spam because certain telemarketers had started obtaining subscribers’ consent surreptitiously.[2] The present Regulations aim to address this problem by securing information cryptographically and making it available only on a need-to-know basis.[3]
In order to understand how Distributed Ledger Technology (“DLT”) will operate as the “RegTech” for these Regulations, it is important to understand how this technology works. This is addressed in the section below.
II. What is Distributed Ledger Technology?
A distributed ledger is a type of database that is “shared and updated independently by each participant (or node) in a large network.”[4] The distributed ledger records transactions among network participants. Changes to the ledger are made only when network participants agree to do so by consensus, and every record has a timestamp and unique cryptographic signature that enables accurate auditing.[5]
Blockchain is essentially a kind of distributed ledger[6] that records transactions in a public or private peer-to-peer network.[7] Information is added onto the ledger in cryptographic hash-link “blocks”,[8] with each new block linked to the previous block in a chain.
Thus far, DLT has been used for the accounting of cryptocurrencies (such as BitCoin, Ethereum, etc).[9] Its use is now being piloted across sectors and countries.[10] A Google search analysis shows that the interest in the term “blockchain” has grown almost 250% between January 2017 and December 2017, particularly peaking in the third week of December, coinciding with the peaking value of Bitcoin. [11]
III. How is TRAI proposing to use DLT?
The draft Regulations require access providers to record the consent and preferences of users on a “consent register”[12] and a “preference register”[13] respectively, using DLT.[14] Further, the user is given the option to withdraw consent[15], if the consent is “abused or is no longer relevant”.[16] The is meant to independently and cryptographically secure the user’s information to enable a consensus based bookkeeping of their consent and preferences. Consensus is key to lowering the risk of fraudulent transactions, because it ensures that all transactions are recorded with every participant’s consent. Thus, for tampering to occur, it must be approved by all the participants in the network at exactly the same time.[17] This is enabled through “consensus algorithms”.[18]
IV. What are the advantages and disadvantages of using DLT?
Theoretically, DLT is considered secure for the following reasons :
1. Transparency: DLT ensures robustness and transparency[19] of the system since any changes require the consensus of each participant in the network. Each transaction can be viewed, albeit cryptographically by each node, keeping the system open.
2. Fraud prevention: Existence of many distributed nodes may allow for efficiency[20] and also reduce the chances of fraudulent transactions being approved. The transactions are approved by various nodes, and this distributes the workload. Further, blockchains are open source ledgers, and it is easy to detect any fraud thereon. Thus, the various nodes, that approve transactions cryptographically, ensure the integrity of the system[21]. In the case of TRAI’s customer preference registry, this will make hacking and adding fraudulent records of consent and preferences much harder.
3. Decentralisation: This leads to increased trust in the system since no single participant or group of participants controls the entire system. Responsibility is devolved onto each individual participant in the network, meaning that everyone is on an equal footing.
4. Immediacy: Changes made to a ledger are recorded in real time using DLT.[23] In the case of the TRAI’s customer preference registry, this would mean that the preferences and consent of the users may be recorded on the ledger in near real time, making the change effective almost immediately.
Most, if not all of these advantages however, are associated with public distributed ledgers. Public distributed ledgers are open, accessible to anyone who wants to join and do not place any restrictions on membership. Data on a public ledger can be viewed by all participants, in cryptographic form. [24]
In the case of the draft Regulations, TRAI has mandated access providers to introduce “private”[25] and “permissioned” [26] DLT networks. Here, only the entities participating in a particular transaction will have knowledge of and access to the network[27]. Private networks allow the network operator to restrict access and create an environment of known and trusted parties. On private networks, permission levels may also be tiered such that different entities and individuals may have varying levels of authority to transact and view data[28].
While this proposal does provide a closed and trusted network of nodes, it poses the following problems:
1. Unclear rationale: The fundamental intent behind adopting DLT networks is to keep data cryptographically secure with no centralized point of control. However, in a private DLT network, the central authority (here, the access provider) acts as a gatekeeper[29] to the ledger itself, controlling who goes in and out of the ledger and thus, who mans the ledger nodes. This undermines that very rationale of adopting DLT in the first place.
2. Scope for misuse: In private and permissioned networks, the authority determines who may run the blockchain and who will act as a transaction validator[30]. Since such networks are likely to be composed of a select few users, chosen by the central authority itself, the idea of consensus is significantly eroded. In the case of the Regulations in question, there is no mechanism for choosing the third party service providers. Thus, the authority may plant puppet nodes, that are manned by yes-men, and approving any transaction will merely require their sanction. This creates significant scope for misuse.
3. Lack of reliability: The DLT architecture is new to the telecom sector, and stakeholders are not aware of the technological vulnerabilities that may arise. Even the World Bank has shied away at giving exact recommendations for its use.[31]
Thus, the proposed DLT networks are not 100% secure. In the light of this, the proposed sandbox is a good way to test the technology’s scalability and viability.
V. How can these Regulations be made better?
DLT can be effectively exploited for the desired purpose by ensuring the integrity of the consensus amongst network participants.[32] This can be done by:
1. Ensuring independence of participants in the network: Under the present Regulations, the access providers are responsible for choosing the participating nodes in the network. However, there is no mechanism to ensure that each node behaves independently. This undermines the trust that can be placed in the system since all the nodes can be controlled by an access provider, defeating the rationale behind establishing consensus. It is important to address this issue and ensure that participants can operate independent of the access providers’ influence.
2. Exploring the middle ground between public and private DLTs: Hybrid consortium blockchains are partly private in nature and provide a middle ground between the “low-trust provided by public blockchains and the single highly-trusted entity model of private blockchains”.[33] They function somewhat like a “council of elders; the council members are generally known entities and they can decide who has access to the blockchain ledger[34].” Hybrid Consortium Blockchain platforms retain most benefits of private blockchains, and yet operate under the aegis of a group instead of one central authority.[35]
Thus, while well meaning, DLT in the proposed forms is antithetical to the very idea of decentralisation. In fact, the Regulations seem to be capitalising on the brand value of blockchain[36], without actually retaining its principle features. These regulations, in conclusion, are an effort at centralised distribution, and not at decentralisation. However, concentration of power can be prevented through institutionalized mechanisms. Access providers can therefore, effectively harness hybrid forms of DLT for curbing unsolicited “spam calls and text messages” by marketers.
[This post has been authored by Ankita Dhawan, a second year student at Campus Law Centre, Faculty of Law, University of Delhi, during her externship with TRA. Tuhina Joshi (Associate, TRA) gave inputs.]
[1] Paragraph 8, Press Release No. 58/2018, Telecom, Telecom Regulatory Authority of India (29 May 2018), available at http://www.trai.gov.in/sites/default/files/PRNo.5829052018.pdf.
[2] Paragraph 3, Press Release No. 58/2018, Telecom, Telecom Regulatory Authority of India (29 May 2018), available at http://www.trai.gov.in/sites/default/files/PRNo.5829052018.pdf.
[3] Paragraph 8, Press Release No. 58/2018, Telecom, Telecom Regulatory Authority of India (29 May 2018), available at http://www.trai.gov.in/sites/default/files/PRNo.5829052018.pdf.
[4] Nolan Bauerle, What is a Distributed Ledger?, CoinDesk, available at https://www.coindesk.com/information/what-is-a-distributed-ledger/.
[5] https://www.ibm.com/developerworks/cloud/library/cl-blockchain-basics-intro-bluemix-trs/index.html
[6] Blockchain & Distributed Ledger Technology (DLT), World Bank Group (12 Apr. 2018), available at http://www.worldbank.org/en/topic/financialsector/brief/blockchain-dlt.
[7] Laura Anthony, Overview of Distributed Ledger Technology (Blockchain Technology), Legal and Compliance, available at
http://www.legalandcompliance.com/distributed-ledger-technology-blockchain-technology/.
[8] Blockchain basics: Introduction to distributed ledgers, IBM Developer Works Tutorials (18 March 2018) , available at https://www.ibm.com/developerworks/cloud/library/cl-blockchain-basics-intro-bluemix-trs/index.html.
[9] What Is Blockchain Used For Besides Bitcoin?, Forbes (17 Nov. 2017), available at https://www.forbes.com/sites/quora/2017/11/17/what-is-blockchain-used-for-besides-bitcoin/.
[10] Abhishek Kumar, Regulatory Wave Around Blockchain in Major Countries, Block Chain Magazine (8 Apr. 2018), available at https://blockchainmagazine.net/regulatory-wave-around-blockchain-major-countries/
[11] Search trend for the term “Blockchain” (worldwide, between Jan 1 2017 & Dec 31 2017), Google Trends, available at https://trends.google.com/trends/.
[12] Telecom Commercial Communication Customer Preference Regulation, 2018, Telecom Regulatory Authority of India (29 May. 2018), available at http://www.trai.gov.in/sites/default/files/DraftUCCRegulation29052018.pdf.
Reg. 2(m): “Consent Register” means a Distributed Ledger for Consent (DL-Consent) having all relevant details of consent acquired by sender, in a secure and safe manner, to send commercial communications and may be required for the purpose of pre and post checks for regulatory compliance based on the consent.”
[13] Telecom Commercial Communication Customer Preference Regulation, 2018, Telecom Regulatory Authority of India (29 May. 2018), available at http://www.trai.gov.in/sites/default/files/DraftUCCRegulation29052018.pdf.
Reg. 2(aq): “Preference Register” means a Distributed Ledger for Preference (DL-Preference) which keeps records of preference(s) of customers about category of content, mode(s) of communication, time band(s), type of day(s) along with the details of customer who has exercised choices of preference(s), day and time such choices or changes in choices were exercised in a safe and secure manner.”
[14] Telecom Commercial Communication Customer Preference Regulation, 2018, Telecom Regulatory Authority of India (29 May. 2018), available at http://www.trai.gov.in/sites/default/files/DraftUCCRegulation29052018.pdf.
Reg. 13 : “Access Providers shall adopt Distributed Ledger Technology (DLT) with permissioned and private DLT networks for implementation of system, functions and processes as prescribed in Code(s) of Practice: – (1) to ensure that all necessary regulatory pre-checks are carried out for sending Commercial Communication; (2) to operate smart contracts among entities for effectively controlling the flow of Commercial Communication.”
[15] Telecom Commercial Communication Customer Preference Regulation, 2018, Telecom Regulatory Authority of India (29 May. 2018), available at http://www.trai.gov.in/sites/default/files/DraftUCCRegulation29052018.pdf.
Reg. 2(k): “Consent” means any voluntary permission given by the customer to sender to receive commercial communication related to specific purpose, product or service; and which can be (i) explicit consent (A) where sender has acquired consent of the recipient through a robust verifiable consent acquisition process to receive messages or voice calls from the sender for the purpose which is clear and unambiguous; (B) where sender has acquired consent,via transfer, from other person or entity who is consent acquirer and a conspicuous notice at the time the consent was communicated that the recipient’s phone numbers could be transferred to such sender for the purpose of initiating commercial communication via messages or voice calls; (C) where Authority has issued, if any, specific additional instruction(s) direction(s) or order(s) with respect to explicit consent; Explanation: (I) merely sharing his phone number(s) by the recipient to the sender or given by the recipient to sender for publishing for some purpose shall not be treated as consent given by recipient to receive the commercial communication message/ voice call; (II) where a recipient of a message or voice call revokes consent for the sender then it shall not be treated as consent; (ii) or; inferred consent (A) that can be reasonably inferred from the customer’s conduct or the business and the relationship between the individual and the sender; (B) where Authority has issued, if any, specific additional instruction(s).”
[16] Para 8, Press Release No. 58/2018), Telecom, Telecom Regulatory Authority of India (29 May. 2018), available at http://www.trai.gov.in/sites/default/files/PRNo.5829052018.pdf.
[17] CIS Comments on the Telecom Commercial Communications Customer Preference Regulations, available at https://cis-india.org/internet-governance/blog/comments-on-the-telecom-commercial-communications-customer-preference-regulations.
[18] Consent Algorithms Defined, Whatis Techtarget, available at http://whatis.techtarget.com/definition/consensus-algorithm
[19] Rodney Peixoto, Blockchain: Public, Consortium and Private models, Contractize (8 Mar. 2018), available at http://contractize.com/blockchain-public-private/.
[20] Blockchain & Distributed Ledger Technology (DLT), World Bank Group (12 Apr. 2018), available at http://www.worldbank.org/en/topic/financialsector/brief/blockchain-dlt
[21] Advantages and Disadvantages of Decentralized Blockchains, World Crypto Index, available at https://www.worldcryptoindex.com/advantages-disadvantages-decentralized-blockchains/
[22] Advantages and Disadvantages of Decentralized Blockchains, World Crypto Index, available at https://www.worldcryptoindex.com/advantages-disadvantages-decentralized-blockchains/
[23] Advantages and Disadvantages of Decentralized Blockchains, World Crypto Index, available at https://www.worldcryptoindex.com/advantages-disadvantages-decentralized-blockchains/
[24] Distributed Ledger Technology: Implications of Blockchain for the Securities Industry, Finra (21 Jan. 2017), available at https://www.finra.org/sites/default/files/FINRA_Blockchain_Report.pdf.
[25] Telecom Commercial Communication Customer Preference Regulation, 2018, Telecom Regulatory Authority of India (29 May. 2018), available at http://www.trai.gov.in/sites/default/files/DraftUCCRegulation29052018.pdf.
Reg. 2(ar) : “Private DLT networks” means those DLT networks where visibility is restricted to a subset of users”
[26] Telecom Commercial Communication Customer Preference Regulation, 2018, Telecom Regulatory Authority of India (29 May. 2018), available at http://www.trai.gov.in/sites/default/files/DraftUCCRegulation29052018.pdf.
Reg. 2(am): “Permissioned DLT networks” means those DLT networks where participants in the process are preselected and addition of new record on the ledger is checked by a limited consensus process using a digital signature”
[27] Praveen Jayachandran, The difference between public and private blockchain, IBM (31 May. 2017), available at https://www.ibm.com/blogs/blockchain/2017/05/the-difference-between-public-and-private-blockchain/.
[28] Distributed Ledger Technology: Implications of Blockchain for the Securities Industry, Finra (21 Jan. 2017), available at https://www.finra.org/sites/default/files/FINRA_Blockchain_Report.pdf.
[29] Private or Public Blockchain – What’s Right For You?, Draglet.com, available at https://www.draglet.com/blockchain-services/private-or-public-blockchain/.
[30] What is the Difference Between Public and Permissioned Blockchains?, Coindesk, available at https://www.coindesk.com/information/what-is-the-difference-between-open-and-permissioned-blockchains/
[31] Blockchain & Distributed Ledger Technology (DLT), World Bank Group (12 Apr. 2018), available at http://www.worldbank.org/en/topic/financialsector/brief/blockchain-dlt
[32] CIS Comments on the Telecom Commercial Communications Customer Preference Regulations, available at https://cis-india.org/internet-governance/blog/comments-on-the-telecom-commercial-communications-customer-preference-regulations.
[33] Collin Thompson, The difference between a Private, Public & Consortium Blockchain, Blockchain Daily News (26 Oct. 2016), available at https://www.blockchaindailynews.com/The-difference-between-a-Private-Public-Consortium-Blockchain_a24681.html
[34] Collin Thompson, The difference between a Private, Public & Consortium Blockchain, Blockchain Daily News (26 Oct. 2016), available at https://www.blockchaindailynews.com/The-difference-between-a-Private-Public-Consortium-Blockchain_a24681.html
[35] Collin Thompson, The difference between a Private, Public & Consortium Blockchain, Blockchain Daily News (26 Oct. 2016), available at https://www.blockchaindailynews.com/The-difference-between-a-Private-Public-Consortium-Blockchain_a24681.html
[36] Shirsendu “Troy” Karmakar, My response to The Draft Telecom Commercial Communications Customer Preference Regulations , 2018, (9 Jun. 2018), Medium, available at https://medium.com/@troysk/my-response-to-the-draft-telecom-commercial-communications-customer-preference-regulations-2018-4e82da95952a.