The order issued by the Union Ministry of Home Affairs on December 20, empowering 10 agencies to intercept, monitor and decrypt any information generated, transmitted, received or stored in any computer resource under the Information Technology Act, tramples India’s hard won civic freedoms. Not only does the order fundamentally attack the gains made in the right to privacy case, it also strikes at the heart of the federal character of the Constitution of India. Apart from the Opposition’s veiled allegations that the order is intended to intimidate them, the groundwork has been laid for legitimising a surveillance system that can be abused by any government.
The Union Government’s clarification of its order on December 21 spelt out that there was no change to existing laws and that the decision had been made based on statutes that existed during the United Progressive Alliance (UPA) regime. Therefore, there is no need to panic as nothing has changed. However, while it is true that the laws and rules have existed since the UPA’s time, section 69 of the Information Technology Act, through which this Order was issued, can shed light on some additional aspects.
Also Read | How safe is your personal information with India being part of Cold War era global snooping network?
Subsection 1 of section 69 lays down that such an order can be issued by either a state or the Union Government. The circumstances for doing so are that it should be necessary or expedient and in the interest of; the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence. The caveat is that the reasons for doing so must be recorded in writing. This was one aspect missing from the December 20 order.
The Right to Privacy
The right to privacy is the most recent addition to the rights recognised to emanate from Article 21 of the Constitution. Article 21 is commonly referred to as the right to life and personal liberty. However, the title of the Article mentions ‘protection of life and personal liberty’. Jurisprudence over the years has expanded the scope of Article 21 to include the right to education, which now is protected under Article 21A. During the Aadhaar hearings, a question arose as to whether a fundamental right to privacy exists in India. The matter went before a nine-judge Constitutional bench of the Supreme Court which held that the right is a part of Article 21 on August 24, 2017.
Also Read | Srikrishna Committee Report: A New Understanding of Right to Privacy and Information
Before the judgement was delivered, in August 2017, a committee was set up headed by retired Supreme Court Judge, BN Srikrishna to compile a report on informational privacy and draft a data protection law. The Srikrishna Committee submitted its report on July 27 this year along with a draft Data Protection Bill. The key takeaway from the committee report and the draft Bill was the need for establishing an independent statutory authority to check for privacy compliance. The draft Bill has not been adopted as yet.
Another drawback in the notification is that it is yet another step towards centralisation. Though the government put out a clarification the next day, what the notification represents is yet another example of India’s eroding federal structure. The fact that all 10 agencies notified fall under the control of Union Ministries, is illustrative of this. For example, the Central Bureau of Investigation (CBI) – which is one of the authorised agencies – cannot carry out an investigation in a state without a green signal from the state government. With this notification, the CBI can theoretically carry out a digital investigation in any state without the knowledge of any state government.
Also Read | The Government's Cambridge Analytica Project Faces a Petition in the Supreme Court
Application of Mind
It is a basic principle in law and enshrined in Article 14 of the Constitution – right to equality – that any discretionary power must be accompanied by a requisite application of mind. Manoj Joshi in an article in The Tribune, mentioned journalist Saikat Dutta’s application under the Right to Information Act some years ago. Dutta had asked how many phones were tapped at the Union level every year. The answer was one lakh phones a year. Of course, some of the phone taps may be carried over from the previous year. However, this reply was solely in relation to phone tapping, it does not include data interception requests and re-routing network traffic. The government’s clarification following the December 20, 2018 notification was that;
“Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 provides that ‘the competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub-section (1) of Section 69 of the Act’.”
In the same clarification, the government mentioned that; “Each case of interception, monitoring, decryption is to be approved by the competent authority i.e. Union Home secretary. These powers are also available to the competent authority in the State governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009.”
Also Read | Aadhaar Linkage With Voter IDs: ECI Compromised Privacy of Voters
Since the Union Home Secretary is the authority at the Union level, and assuming that the data for phone tapping corresponds with data interception requests, it is worth considering whether it is humanly possible for the Union Home Secretary to apply his mind to all the requests. This does not include the other routine duties that a Union Home Secretary is obliged to perform. It would also beg the question as to whether the process is so automated that the Home Secretary routinely signs off on such requests. However, there may be also be a team of designated officers to look after such affairs for the Home Secretary to approve.
On one hand, one can concede that the Union Government is correct in stating that the notification is correct in law. One can also concede that data interception was going on in any case. This is also substantiated by the creation of the Central Monitoring System around 2013 which has powers similar to what the 10 agencies now officially have. However, this cannot excuse the fact that the government is attempting to trample over the hard-won fight for the right to privacy that the Supreme Court confirmed in 2017.