[Editorial Analysis] When the state plays I spy

Mains Paper 2: Governance

Prelims level: Right to Privacy

Mains level: Government policies and interventions for development in various sectors and issues arising out of their design and implementation

Context

• Privacy concerns regarding the state, in terms of the exercise of surveillance powers, stems from the asymmetry and monopoly of power in favour of the executive.

• These concerns have only increased in a digital world where our intimate details, thoughts, and relationships are contained in our smartphones and computers.

Key highlights of the IT Act

• The notification and the underlying section and rules of the IT Act have reignited the debate on the constitutionality of such surveillance measures.

• First, unlike the Telegraph Act, the powers under the IT Act are broader, and include the power to intercept, monitor, and decrypt “any information” generated, transmitted, received, or stored in “any” computer resource (think all your WhatsApp conversations, Facebook messages on your computer and smartphone).

• Second, while the amended Section 69 of the IT Act, and its 2009 regulations,
empowered the central and state governments, or “any of its authorized officers”, to conduct such activities, the notification has empowered 10 agencies (including the Commissioner of Police, Delhi) to do so.

• Orders for such digital surveillance actions could only originate after the preapproval of the Union home secretary or the appropriate state government’s home secretary; law enforcement agencies had no competence to do so.

• However, the MHA notification denudes the competent authority of such powers and sets up the stage for mass surveillance.

• The actual notification itself does not clearly require the Union Home Secretary to pre-approve such surveillance orders.

• In contrast, the legal regime under the older Telegraph Act and its rules still explicitly requires the appropriate home secretary to pre-approve wiretapping orders, except in emergency situations.

• Third, after the Supreme Court’s decision in the privacy and Aadhaar cases (that allowing disclosure of information in the interest of national security in the hands of a joint secretary is unconstitutional and judicial scrutiny may be necessary), these legal provisions are untenable.

• Finally, it is also jarring that the notification was not preceded by any public discussion, consultation or parliamentary debate, even though Parliament’s Winter Session had already commenced at the time of its issuance.

Raising concerns

• The MHA notification raises the larger issue that our current communications surveillance and data access laws are contradictory, anachronistic and insufficient to protect privacy, rule of law and institutional accountability in digital India.

• We have the second-largest internet user base in the world.

• Our current surveillance infrastructure lacks proper transparency and accountability.

• It is completely under executive control, with no parliamentary or judicial oversight, either ex-ante or ex-post, of surveillance measures.

• This is in stark contrast to the situation in other countries such as Germany, South Africa, UK and the US.

• Even the report released by the Justice Srikrishna Committee on Data Protection noted that the lack of inter-branch oversight in surveillance, “is not just a gap that is deleterious in practice but, post the judgment of the Supreme Court in Puttaswamy, potentially unconstitutional.”

• Notably, many agencies listed in the notification, such as the Intelligence Bureau and R&AW lack statutory basis.

• The situation is further exacerbated because illegally obtained evidence is admissible in India.

• Indeed, in 2014, in response to a question in Parliament, the government acknowledged that there had been multiple incidents of physical and electronic surveillance taking place without authorisation across Gujarat, Himachal Pradesh, and the NCT of Delhi.

Way forward

• India urgently needs a Privacy Act, which will specifically address issues of surveillance and interception, an issue left unaddressed in the draft Data Protection Bill released by the Justice Srikrishna Committee.

• The Indian Privacy Code, 2018, is a model Bill that stipulates that all communications surveillance and data access orders require approval by serving high court judges designated to special surveillance review tribunals.

• It also envisages a division of a privacy commission to help regulate and oversee surveillance activities, with regular briefings to Parliament to ensure democratic accountability.

• Surveillance is a serious issue that affects all of us.

• Urgent legislative action is needed if we are to avoid sleepwalking into a surveillance society.

———————————————

Prelims Questions:

Q.1) Which of the following rights are recommended by National Commission to
Review the Working of the Constitution (NCRWC) to be made as Fundamental Rights?

1. Right to privacy and family life

2. Right against torture

3. Right to safe drinking water

4. Right to rural wage employment for a minimum of 80 days in a year.

Select the correct answer using the code given below.

(a) 1, 2 and 4 only

(b) 2 and 3 only

(c) 3 and 4 only

(d) 1, 2, 3 and 4

Answer: D

Mains Questions:

Q.1) Define the IT Act. What are the major highlights raised in the Indian Privacy Code, 2018?

Share article