Context: A Ministry of Home Affairs (MHA) notification authorized 10 Central agencies to intercept, monitor, and decrypt online communications and data.
What is surveillance state
A surveillance state is defined as a state which legally surveils all actions, locations, and friends of its citizens, in order to prevent crimes or in order to solve them faster.
- One of the most important tasks of a state is to provide security for its citizens. At the same time, the state has to allow them liberties so that everyone can live their life individually.
- When a state takes measures to ensure security, it simultaneously restricts liberty of people also. Hence there should be balance between security and liberty.
Need of surveillance by state:
- Unregulated domain: Social media platforms are self-regulated as government does not regulate content appearing on social network platforms; hence ‘due diligence’is need of the hour for social media.
- Organised crime: Social media has become a tool for facilitating organized crime i.e. to commit and provoke extremism, money laundering, violence and crime.
- Neutralising terrorist activities Surveillance would help in countering possible terrorist activities by offering better information on potential terror attacks.
- Curb on fake news: Fake news is a new challenge for law enforcement agencies as many lynching incidents reported in 2018 were triggered by fake news being circulated through Whatsapp and other social media sites.
- Misuse of privacy clause: Until now, it was not possible to trace the origin of a message given the privacy settings of companies. However, the government has sought “technical innovation” from the company to address the issue. The regulations are justified as they strike a pragmatic balance between the competing values of privacy and security.
- Enforces Supreme Court’s advisory: The draft enforces SC order in Tehseen S. Poonawalla case and Prajwala Letter Case,which asked government to frame guidelines or a standard operating procedure (SOP) to deal with the publication and proliferation of unlawful content through social media intermediaries like Google, YouTube, Facebook, and WhatsApp.
India’s Mass Surveillance Projects
- Central Monitoring System Project: Government has set up the CMS to automate the process of lawful interception and monitoring of mobile phones, landlines and the internet in the country. The project is run by Centre for Development of Telematics.
- Network Traffic Analysis (NETRA):It has been developed by the Center for Artificial Intelligence & Robotics (CAIR) laboratory under the Defence Research and Development Organisation. The system could detect selective words like “bomb”, “blast”, “attack” or “kill” within seconds from emails, instant messages, status updates and tweets.
- National Intelligence Grid (NATGRID):NATGRID was proposed just after the 26/11 Mumbai attacks. It is essentially an intelligence grid that links all the stored data from different government and intelligence entities, which enables it to analyse data gathered by the linked agencies.
- Lawful Interception and Monitoring Project (LIM):The LIM works in a similar way to NETRA. It is a program for surveillance of Internet traffic in India, allowing the monitoring of all traffic (text and audio) passing through ISPs. The LIM’s unique capability is to conduct automated keyword searches, which allows government agencies to track data passing through servers for as long as they want, without the ISP’s knowledge.
ECHELON: The ECHELON surveillance system is a purported intelligence program involving the development and operation of a top-secret global surveillance network by five signatories of the UKUSA Agreement—Australia, Canada, New Zealand, the United Kingdom, and the United States. It was publicly disclosed in 1988 by investigative journalist Duncan Campbell and later expositions from journalists, government officials, and even the European Parliament seemingly confirmed its existence.PRISM: PRISM is a code name for a program under which the United States National Security Agency (NSA) collects internet communications from various U.S. internet companies. The program is also known by the SIGAD US-984XN. PRISM collects stored internet communications based on demands made to internet companies such as Google Inc. under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms. This surveillance program was disclosed by Edward snowden in 2013.
The surveillance of citizens by the state in India is governed through several laws:
- The Indian Telegraph Act, 1885:The British-era law allowed the Raj to control and restrain telegraph communications during their rule. Section 5 of the Act allows both central and state governments to intercept messages 1) in “public emergency” or in the interest of “public safety” and 2) in interest of sovereignty and integrity of India, security of the State, friendly relations with foreign states, public order, and prevention of incitement to the commission of offence. It also creates a Review Committee to oversee interception orders.
- In 2007, Rule 419 (A) is added to the Indian Telegraph Rules under the Telegraph Act. It outlines the sanctioning authority, the review process, the duration of the order, and other process rules. A secretary of the Union Home Ministry or a state’s Home Department can issue interception orders.
- The Indian Post Office Act, 1898: It allows the Centre and state to intercept postal articles in public emergencies or in the interest of public safety or tranquility.
- The Unlawful Activities Prevention Act, 1967: It allows the information that was intercepted in the Telegraph Act to be used as evidence.
- The Information Technology Act (IT Act), 2000: It is one of the primary laws regulating interception, monitoring, decryption, and collection of digital communications and information.
- In the wake of the Mumbai terror attacks in 2008, the Information Technology Act was amended to include section 69.It allows for seven years imprisonment or a fine for any person or intermediary who fails to assist with the interception. While many aspects mirror the section 5 of Telegraph Act, it is distinct because it eliminates the prerequisite of “public emergency” or “public safety”.
- AADHAR Act, 2016: In the interest of national security central government may issue a direction for revealing information from Aadhar database.
- Recently, Ministry of Electronics and Information Technology (MeitY) has prepared the draft Information Technology (Intermediary Guidelines) Rules 2018 which would replace the rules notified in 2011. The rules are brought in the wake of several cases where the police have expressed their inability to trace offenders because intermediaries have refused to cooperate.
• Any person providing any service with respect to electronic messages including receiving, storing, transmitting it would qualify as an ‘intermediary’, example facebook, watsapp etc.
• It includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.
• The definition of intermediaries was inserted by the IT (Amendment) Act, 2008, and the liability of the intermediaries is explained in section 79 of the Act.
• “Safe harbor protection”i.e. exemption from liability in certain instances, is available to intermediaries under Section 79. Intermediaries will not be liable for any third party information, data or communication link made available by them, when they merely act as a facilitator and do not play any part in creation or modification of the data or information.
• Safe- harbor protection is contingent on the intermediary removing any unlawful content on its computer resource on being notified by the appropriate Government or upon receiving actual knowledge.
• An intermediary would be liable and lose the immunity, if the intermediary has conspired or abetted or aided the commission of the unlawful act.
Judgements/Recommendation on surveillance of citizens by the state
- In Kharak Singh vs UP, 1962,the Supreme Court strikes down certain UP Police Regulations that allowed for home visits to “habitual criminals” or those who were likely to become habitual criminals.
- In Union for Civil Liberties vs Union of India, 1996,the Supreme Court gives guidelines for interception of telecommunications, specifying who can issue interception orders, on other alternatives, on the duration of the order, and on the specific nature of the order.
- In Justice K.S. Puttaswamy v. Union of India, 2017,the SC ruled that privacy is a fundamental right. But this right is not unbridled or absolute.
- In 1968, The Law Commission of India in its 38threport recommends curtailing the interception provisions but these provisions remain till date.
• The Act creates a new framework of oversight intended to prevent abuse, which includes setting up an independent body tasked with reviewing and reporting on the government’s surveillance activities.
• The Act also effectively legalises state-sponsored hacking, and clarifies the government’s use of mass surveillance tactics known as bulk powers
• The legislation has been hailed as the biggest reform of the country’s surveillancebut privacy experts have heavily criticised measures it contains.
• It is also called the “snoopers charter”.
- Against freedom of speech: The draft places restrictions on citizen’s freedom of speech as enshrined in Article 19(2).
- Against right to privacy: Tapping of private messages, calls and mails on the basis of vague and arbitrary provisions is against individual’s right to privacy under Article 21, as highlighted in Privacy Judgement, and against the Aadhaar judgement where SC upheld the supremacy of individual rights.
- Arbitrary application:A blanket approval to security agencies for carrying out surveillance is arbitrary and against SC’s 2017 judgment in ‘the right to privacy case’ where SC made mandatory for government to answer the questions of ‘how, when, and what kind’ while impinging on citizen’s right to privacy.
- Arbitrary choice of authorized agencies: Agencies such as the Delhi Police, the CBI, and the Directorate of Revenue Intelligence cannot be strictly termed as organisations concerned with homeland security.
- Lack of review:Decisions about surveillance are taken by the executive branch (including the review process), with no parliamentary or judicial supervision.
- Lack of safeguards: An individual will almost never know that she/he is being surveilled due to clandestine nature of the act, hence challenging it before a court is a near-impossibility.
- Vague and ambiguous:The grounds of surveillance have been simply lifted from Article 19(2) of the Constitution, i.e. to maintain “friendly relations with foreign States” or protecting “sovereignty and integrity of India;” and have been pasted into the law.
- Opaque and liable to be misused:There is almost no information available about the bases on which surveillance decisions are taken, and how the legal standards are applied, turning it into a tool in the hands of politicians for misuse.
- Applying surveillance more objectively: In place of using terms like ‘national sovereignty’ or ‘public security’, situations attracting surveillance by the state should be made more precise and objective.
- Every surveillance request must mandatorily specify a probable cause for suspicion.
- Setting out, in concrete terms, what the proposed target of surveillance is suspected of doing.
- Evidence obtained through unconstitutional surveillance must be statutorily stipulated to be inadmissible in court.
The debate, therefore, is not about ‘whether surveillance at all’, but about ‘how, when, and what kind of surveillance’.
- Parliamentary and judicial oversight: As per the draft, surveillance decisions of executive will be approved by another executive body i.e. MHA. There must be parliamentary oversight over the agencies that conduct surveillance and all surveillance requests must necessarily go before a judicial authority to evaluate the merits of surveillance request.
- Independent review committee: Instituting an independent review committee or a ‘Privacy Commission’ comprising of retired civil servants, retired judges and civil society representatives to oversee the surveillance requests of government.
- Lawyer as a safeguard: It will be very difficult for a judge to deny a surveillance request with only one side presenting a case, hence there must be a lawyer to present the case on behalf of the target of surveillance.
- Private initiatives: Citizens’ initiatives such as the Indian Privacy Code have also proposed legislative models for surveillance reform, which could be used by the parliament to take this forward.
- Surveillance is indispensable in the age of cyber warfare and globalization but it must be carried out in a transparent and systematic manner strictly. A government that is not checked in any meaningful way will tend to go overboard with surveillance and, in the process, gather so much material that actually vital information can get lost in the noise.