The laws for surveillance in India, and the concerns over privacy

Synopsis: The recent Pegasus attack has raised questions over the degree of protection awarded to an individual’s privacy. 

Relevance – Article highlights laws governing surveillance in India. 

Background:

According to the report of a global collaborative investigative project, Pegasus spyware may have been used by Israeli based NSO group to conduct surveillance on about 300 Indians. 

Why is the Pegasus attack a concerning issue?

If the allegation is true that the government can misuse the critical information for electoral gains, it undermines the spirit of democracy. 

However, the government has claimed that all interception in India takes place lawfully. So, what are the laws covering surveillance in India?

Laws Covering surveillance in India:

Communication surveillance in India takes place primarily under two laws — the Telegraph Act, 1885 and the Information Technology Act, 2000.

Telegraph Act, 1885:

• It deals with interception of calls. Section 5(2) allows for the interception.
• The section states that the Central Government or a State Government or any officer specially authorized by them may order interception of any telegraph. 
• He/she can direct that any message or class of messages shall not be transmitted, or shall be intercepted or detained, or shall be disclosed to the Government making the order. The reasons for such an order should be recorded in writing.
• Such an order can be made in the interests of 
  • the sovereignty and integrity of India, 
  • the security of the State, 
  • friendly relations with foreign states or 
  • public order or for preventing incitement to the commission of an offence.
• Additionally, a proviso in Section 5(2) states that even this lawful interception cannot take place against journalists.
• Public Union for Civil Liberties v Union of India (1996): The SC pointed out the lack of procedural safeguards in the provisions of the Telegraph Act and laid down certain guidelines for interceptions.
  • It called for setting up a review committee that can look into authorisations made under Section 5(2) of the Telegraph Act.
  • These guidelines formed the basis of introducing rule 419A in the Telegraph Rules in 2007 and later in the rules prescribed under the IT Act in 2009.
• Rule 419A states that a Central Home Secretary and State Home Secretary can issue interception orders on behalf of the center and state governments, respectively.
  • In unavoidable circumstances, Rule 419A adds, such orders may be made by an officer, not below the rank of a Joint Secretary. 
  • However, such an officer should be duly authorised by the Union Home Secretary or the state Home Secretary.

Information Technology Act, 2000:

• It was enacted to deal with surveillance of all electronic communication, following the Supreme Court’s intervention in 1996.
• The Information Technology (Procedure for Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 were enacted to further the legal framework for electronic surveillance. 
• Under Section 69 of the IT Act, all electronic transmission of data can be intercepted. Apart from the restrictions provided in Section 5(2) of the Telegraph Act and Article 19(2) of the Constitution, the section adds another aspect that makes it broader.
  • It broadens the scope of interventions as it allows interception, monitoring and decryption of digital information “for the investigation of an offence”.
  • Further, it dispenses with the condition precedent set under the Telegraph Act that requires “the occurrence of public emergency in the interest of public safety” which widens the ambit of powers under the law.

Way Ahead:

• The current legal framework on surveillance has a wide divergence amongst themselves as pointed out by Justice A P Shah committee. 
  • They differ on “type of interception”, “granularity of information that can be intercepted”, the degree of assistance from service providers etc. 
• Thus, there is a need to test the wide reach of these laws in the court against the cornerstone of fundamental rights.
  • IT intermediary rules 2021 and the government’s 2018 order are being already challenged in the SC.
  • The order authorised 10 security and intelligence agencies to intercept, monitor and decrypt any information generated, transmitted, received or stored in any computer resource.
• Further, a comprehensive data protection law to address the gaps in existing frameworks for surveillance should be enacted as recommended by the B.N Srikrishna Committee.