This article is written by Kamal Singh Rautela, an intern under Legal Vidhiya
ABSTRACT:
Interception and surveillance have existed since the beginning of time, and “state” has always played a significant role in this history. It is quite important to understand how the current legal status of our nation, is advocating the control over communication surveillance in the hands of the Indian government. The Indian legal system works with respect to the surveillance of information which is then processed by the government in India, and it is important to understand how the privacy concerns arises with all such statutory safeguards and procedures. This is also important to know that judicial precedents worked a lot in the sector of fundamental rights and the constitutional interpretation through which we get and claim our rights.
KEYWORDS: Privacy, Interception, Information Technology Act, Telegraph Act,
INTRODUCTION:
We are currently living in a world, where everyone can connect to every other person via Phone, internet or through various social media. What would happen, when you came to know that your chats or your conversation has been continuously observed or monitored by a third party? Obviously, you will not feel safe anyway. When we are doing any conversation be it either personal or official, we all want that thing to be private. But, what, if I tell you that, you are continuously been gazed through a secret agency?
A recent news of a Pegasus spyware scandal[1] has horrified the whole world. This spyware was produced by an Israeli cybersecurity company, which sells it to various foreign countries and law enforcement organizations. India, is one of the nations where, this spyware has been deployed. It not only made people conscious about their privacy but also question their basic human or fundamental right. Their right to privacy, right to freedom of press and speech, right to life and liberty has been snatched by the authority.
Before, further delving into the topic of privacy and intercept of communication, it is pertinent to know, what basically is intercept means. According to Black’s Law Dictionary, 2nd Ed[2], interception, means a wiretap or the intercepting of messages. Phone tapping, is also known as wiretapping, is one of the methods used to intercept and monitor telephone conversations or communications.
Interception and surveillance have existed since the beginning of time, and “state” has always played a significant role in this history. It was first established in the United States in the 1890s with the development of the telephone recorder. Katz v. United States[3] established the rule of a prerequisite need of warrant for purposes of wiretapping in 1967 followed by the creation of Foreign Intelligence Surveillance Act (FISA)[4] to issue warrants for the purposes of wiretapping cases pertaining to national security in 1978.
The circumstances in India, is also quite problematic, until the judgment of People’s Union for Civil Liberties v. Union of India, 1996[5], where the Supreme Court of India held that telephone tapping of any person infringes the right of free speech and expression which is guaranteed under Article 19(1)(a)[6]. This has been further bulwark by judgement in Justice K.S. Puttaswamy and Ors. v. Union of India (UOI) and Ors[7], after which right to privacy has been included under ambit of Article 21 of the Constitution of India. Also, the laws and regulations governing phone tapping in India are outlined in the Indian Telegraph Act, 1885, and the Information Technology (IT) Act, 2000 and some rules notified by the government on times which will be elucidated subsequently.
OBJECTIVE:
This article aims to analyse and identify the concept of privacy and interception alongside the loopholes in it and highlight the various legislative steps that should be taken to cater to the issues. We shall also discuss the forever evolving nature of the same. The article comprises information from different statutory provisions, articles, news articles, publications, etc.
LEGISLATIVE FRAMEWORK OF INTERCEPTION BY GOVERNMENT:
It is quite important to understand how the current legal status of our nation, is advocating the control over communication surveillance in the hands of the Indian government.
To begin with, the Telegraph act of 1985, under section 5(2) empowers the government in cases of any public emergency or in the interest of public safety, or in the interest of the sovereignty and integrity of India or security of the state or friendly relation with the foreign state or public order or for preventing incitement of commitment of an offense, to intercept any transmitted communication by any telegraph except for the press messages intended to be published in India of correspondence accredited to the central or state government unless been prohibited.[8] The directions of interception, however, can only be issued by Secretary to the Government of India in the Ministry of Home Affairs in the case of Government of India and by the Secretary to the State Government in-charge of the Home Department in the case of a State Government.[9] In unavoidable circumstances, such order may be made by an officer, not below the rank of a Joint Secretary to the Government of India, who has been duly authorized by the Union Home Secretary or the State Home Secretary.[10] Further, rule 419 A of the Telegraph rules, 1951 also provides for establishment of a review committee to which the competent authority is liable to forward any such directions it issued.
Further, section 7(2)(b) empowers the central government to make rules relating to precautions to be taken for preventing the improper interception or disclosure of messages[11] which reflects the government’s scope of power to decide the extent of the provisions regarding interception of data. However, any rule under section 7 would be subject to House of Parliament’s decision as provided in sub-section (5) of the same.
Additionally, section 7B provides for arbitration as the fundamental method of dispute resolution unless provided contrary wherein the arbitrator would be appointed by the central government itself.[12] This again compromises with the grievance redressal mechanism in cases of general disputes where anything otherwise is not provided expressly, thus holding the government with on an upper edge.
On the other hand, section 69 of the Information Technology Act, 2000 empowers the central and the state government to issue directions for interception or monitoring or decryption of any information through any computer resource. However, the same can be done only in certain circumstances, where the government realises the necessity in the Interest of sovereignty or integrity of India, defense of India, security of the state, friendly relations with foreign state or public order or for preventing incitement of commission of any cognizable offences relating to the above or for the investigation of any offence.[13]
Additionally, it mandates an intermediary or subscriber of the computer source to provide the stored information of facilitate in interception or monitor or decrypt the information, etc. when called upon by any agency.[14] This section puts an obligatory duty of the concerned person otherwise would be penalised for imprisonment extendable to 7 years with additional fine[15] which further promote the breach of privacy on the government’s end.
Moreover, Section 69 B empowers the central government to authorize any intermediary for monitoring and collecting traffic data or information through any computer resource to enhance cyber security and for identification, analysis and prevention of intrusion or spread of computer contaminant in the country.[16]
The Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 provides for the procedural aspects to be duly followed by the government to move forward with their actions of interception. It sets prerequisite of an order by a competent authority which cannot be below the rank of joint secretary authorised by the government even in unavoidable circumstances.[17] Further, in emergency cases also, it provides the authority to rest with the head or the second senior most officer of security and law enforcement agency at central level to pass prior order for any such tasks or interception or monitoring of information which is duly needed to be communicated to the competent authority in writing within 3 days and requires their approval within 7 working days[18]. The competent authority may also authorize an agency of government for the purposes related to interception of information under section 69(1) of the IT Act, 2000.[19] Furthermore, it provides for many other such safeguard interests like limitation period of such orders for 60 to 180 days[20] or submission of the list of interception or monitoring or decryption of information to nodal officer with all the details within[21].
Information Technology (Reasonable security practices and procedures and Sensitive personal data or information) Rules, 2011, empowers a body corporate (any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities)[22] for collection of sensitive personal data or information[23] which can be further shared to the third-party if authorized by the government[24].
Information Technology (Guidelines for Cyber Cafe) Rules, 2011[25], comprises of some provisions under its section 5 and section 7, which again makes users data and surfing information accessible to government.
There are indeed such provisions for safeguards from unauthorized or third-party intrusion by interception of any data, and even mentions penal offences for the government authorised officers in cases of misconduct[26], bribery[27], intercepting with the content of telegraph by any person[28] or other violations yet the question arises over these provisions despite being claimed to not being misused if being stored or collected is abridging the privacy rights of people.
HOW THE CONCERNS OF PRIVACY ARISE?
Now that we all know how the Indian legal system works with respect to the surveillance of information is being processed by the government in India, we will understand how the privacy concerns arises with all such statutory safeguards and procedures.
This is also important to know that judicial precedents worked a lot in the sector of fundamental rights and the constitutional interpretation through which we get and claim our rights. The Justice K.S. Puttaswamy (Retired) and Ors. Vs. Union of India, 2018[29] set the bedrock of the right to privacy by not only recognizing informational privacy as a facet of the same and including it as fundamental right of an individual in the age of internet but also including in the vast ambit of article 21 of the Indian Constitution under the purview of right to life and personal liberties. Consequently, it gave proper recognition to information privacy of citizens also.
Interception by the government authorities might have its positive effects while using wisely for resolution of a complicated criminal offence which could be traced by intercepting a certain conversation or in similar other incidents. However, its vulnerable side forces the privacy of every citizen is quite disturbing element. In the world of Big Data and AI driven internet society which is filled with ransomware or phising attacks, deepfakes, dark web and likewise horrifying hunters always stay up for loopholes in either laws or knowledge of their target to capture them in their traps, now people would also be kept worrying for their personal or sensitive data which they don’t know is being heard or observed by a third party even it is government. People shows their vulnerable side only to whom they trust and now as we know government can access all that data. The provisions in our legislations are not quite entrenched or of such nature that can obstruct government to use it for their purposes.
In 2020, Centre for Public Interest Litigation (CPIL) and Software Freedom Law Center (SFCL) raised issues of infringement of privacy against the government owned Central Monitoring System (CMS), Network Traffics Analysis (NETRA) and National Intelligence Grid (NATGRID). They alleged against how they all collectively intercept the individual’s data including their search histories, financial transactions, location, etc. without presence of any oversight mechanism to look after the misuse of these tools or to held accountability.[30] They have argued on absence of proper oversight mechanism sought in PUCL judgement and non-implementation of the test of proportionality set in the Justice Puttaswamy judgement of 2018.[31]
In December 20, 2018 a storm emerged when the Ministry of Home Affairs notified to listed 10 central agencies for interception of information under the IT laws, however, on the very next day after facing a deep backlash the Press Information Bureau notified that there is no change in any laws, these agencies have no blanket exemption and required to follow the procedure prescribed.[32] The 10 agencies are: Â Intelligence Bureau, Narcotics Control Bureau, Enforcement Directorate, the Central Board of Direct Taxes (for Income Tax Department), Directorate of Revenue Intelligence, Central Bureau of Investigation, National Investigation Agency, the Research and Analysis Wing, Directorate of Signal Intelligence (in service areas of J-K, North East and Assam) and the Delhi Police.[33]
With the above discussion it becomes quite clear, that our data also does not have blanket safeguards and that this is concerned area where we would never able to know about any monitoring of our data which outcasts our rights to demand compensation or penalise the offender as how can anyone sue for crimes in ignorance. Further, the laws are more of government centric and gives every possible way for them to collect the data of citizens. This is how privacy concerns arises in India.
CONCLUSION:
More than only taking individuals, personal harms into account, privacy is a crucial component of an orderly, democratic society. As technology develops, protecting it is in everyone’s social and personal interest. There lacks a prudent mechanism for the same and hence utmost care should be taken for the same so as to protect and systematize the entire process in order to attain the desired outcomes.
[1] Express Web Desk, A timeline of the Pegasus snooping scandal, Indian Express (27/10/2021), available at https://indianexpress.com/article/india/a-timeline-of-the-pegasus-snooping-scandal/, last seen on 22/08/2023
[2] Interception definition & legal meaning, The Law Dictionary, last seen on 22/08/2023
[3] Katz v. United States, 389 U.S. 347 (1967)
[4] Foreign Intelligence Surveillance Act (FISA) and Section 702, FBI, available at https://www.fbi.gov/investigate/how-we-investigate/intelligence/foreign-intelligence-surveillance-act-fisa-and-section-702, last seen on 22/08/2023
[5] People’s Union of Civil Liberties v. Union of India, (1997) 1 SCC 301
[6] Article 19(1), The Constitution of India, 1949
[7] Justice K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1
[8] S. 5(2), The Indian Telegraph Act, 1985
[9] Rule 419 A, Indian Telegraph rules, 1951
[10] Ibid
[11] S. 7(2)(b), The Indian Telegraph Act, 1985
[12] S. 7B, The Indian Telegraph Act, 1985
[13] S. 69(1), The Information Technology Act, 2000
[14] S. 69(3), The Information Technology Act, 2000
[15] Ibid
[16] S. 69B, The Information Technology Act, 2000
[17] S. 3, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009
[18] Supra 16
[19] S. 4, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009
[20] S. 11, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009
[21] S. 12, Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009
[22] S. 43A, The Information Technology Act, 2000
[23] S. 6(1), G.S.R. 313(E), Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
[24] S. 6(2), G.S.R. 313 (E) Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
[25] G.S.R. 315(E), Information Technology (Guidelines for Cyber Cafe) Rules, 2011
[26] S. 31, The Indian Telegraph Act, 1985
[27] S. 28, The Indian Telegraph Act, 1985
[28] S. 25, The Indian Telegraph Act, 1985
[29] Supra 6
[30] CPIL & Anr. v. Union of India and Others, Writ Petition (Civil) No. 8998 of 2020 (P.I.L)
[31] Ibid
[32] Press Information Bureau, Some points on Lawful interception or monitoring or decryption of information
through computer resource, Ministry of Home Affairs, available at https://www.mha.gov.in/sites/default/files/PressReleaseLawfulinterception_24122018.pdf, last seen on 22/08/2023
[33] No blanket powers to 10 agencies to intercept; every action requires prior approval: MHA, The Economic Times, available at https://economictimes.indiatimes.com/tech/internet/no-blanket-powers-to-10-agencies-to-intercept-every-action-requires-prior-approval-mha/articleshow/67309286.cms?from=mdr, last seen on 22/08/2023
0 Comments