The Status of Electronic Surveillance Laws in India: An Overview (Part II)

Posted on by Tech Law Forum @ NALSAR

(Image Source: https://flic.kr/p/6YSTmq)

The following is the last in a series of two posts on the Electronic Surveillance laws in India, brought to us by Anurag Dasgupta, CNLU Patna.

FEW OTHER STATUTES WHICH AIM AT REGULATING SURVEILLANCE IN INDIA

  • Information Technology (Due Diligence Observed by Intermediaries Guidelines) Rules 2011: It aims at creating criminal, administrative and civil obligations for the internet intermediaries (i.e. ISPs, search engines etc.), which includes foreign companies as well as their Indian subsidiaries as well, something which is considered as an ambitious step.
  • IT (Reasonable Practices and Procedures and Sensitive Personal Information) Rules 2011: It is one of the first legislative endeavour which aims to protect the personal information, at the same time securing collection, usage and storage of personal and private entities. However it has been subjected to a lot of criticism, warranting thereby scrutiny and ratification.[1](as per the article of Bhairav Acharaya, here)
  • IT (Guidelines for Cyber Café) Rule 2011: A liability has been fixed, subjected to certain exemptions, on the cyber cafes to furnish any third party information, communication, data or link made available or hosted by users of cyber cafes. However no such liability has been fixed for failing to collect information from the users; which otherwise militates against the basic objectives of the rules, as a result it has also been subjected to fair amount of chastisement on the part of internet users[2]. (as per the article of Bhairav Acharya, here)
  • News Broadcasting Code of Ethics: The aforementioned code has laid down certain regulatory mesh for regulating the conduct of professional journos while conducting investigations in the process of reportage (which clearly includes any mode of electronic surveillance). It has laid down that no reporting must be such as to promote a biased viewpoint of any controversy. Furthermore while indulging in any such operations depicting sex and nudity, it should be morphed. Furthermore unless and until the public interest so warrants, no such intrusion can take place within the private sphere of any individual and in case where the privacy of a minor is concerned, permission has to be obtained from the concerned guardian. Similarly while conducting such sting operation; sex, sleaze, narcotics, intimidation etc. should not be used as a means to elicit information.
  • Telecom Regulatory Authority of India Act: The act was mooted out as an independent legislation mainly to regulate the telecom sphere and to create a transparent policy environment. Moreover in the year 2000, TDSAT (Telecom Disputes Settlement Appellate Tribunal) was conceived which is essentially a redressal mechanism to address the disputes of not only the licensor and the licensee, but also the customers.
  • Unlawful Activities Prevention Act 1967: This act has given immense powers to the executive in the interest of public at large even at the cost of Article 19(1)(a) i.e. freedom of speech; which certainly means that the required authorities can engage in electronic surveillance of the public at large even jeopardizing their privacy concerns, if the subject happens to be of concern to national security and sovereignty. However on the other hand, the act also includes under section 15 that terrorist act would comprising of any loss or damage to the property and under section 2(h), it includes electronic or digital documents within the definition of property, which clearly indicates that damage so done by any such terror groups which includes hacking or surveillance would be liable to be penalized under section 10 of the act.

Apart from the above mentioned legislations, there are others for instance, The Constitution of India 1950 (Article 14, Article 19, Article 21 etc.); Indian Telegraph Rules 1951, RBI Guidelines, Credit Information Companies Regulation Act 2005 etc. which aim to regulate the surveillance mechanism in India.

CHALLENGES AHEAD

However what remains a matter of concern is how far these laws operate at the global level and not merely remain constricted within the national boundaries. It is well known that, surveillance operations, like hacking internet data or intercepting need not necessarily be carried out within India. It can be very effectively be carried out by government of some other countries or any such private bodies operating in a foreign land e.g. As per the revelations made by Edward Snowden; The NSA (National Security Agency) , along with FBI (Federal Bureau of Investigation) and CIA (Central Intelligence Agency) had secretly partnered with various governments to share the intercepted data of each other citizens or the fact that as per the news report published by the Dutch newspaper NRC Handelsblad (here); it has been unveiled that India was a target by the NSA’s Tailor Access Operations, which has infected various computer networks of Indian cyberspace with malicious software aimed to steal sensitive data[3] or for  that matter US drones like the MQ-9 Reaper[4], a U.S. drone plane used for domestic operations by the Department of Homeland Security, carries cameras that are capable of identifying an object the size of a milk carton from altitudes of 60,000 feet[5] (as per article by Michael Fickes, here)which obviously implies that for carrying such surveillance operations; territorial boundary of a country can hardly be treated as an obstacle.

Yet another problematic dimension needs to be taken into account, and that is whether the surveillance laws are compatible with the other existing laws. Section 5 of the Indian Telegraph Act and Section 26 of the Indian Post Office Act, prescribes a two tier test for legitimizing interception. The first being the existence of public emergency/safety and the second being in the interest of sovereignty, integrity, and security of India. However, the words “public emergency” has nowhere been defined authoritatively as a result of which, the administrative agencies are vested with powers; which runs a high probability of becoming arbitrary in character.[6](as per the article of Bedavyasa Mohanty,here) Yet another problem that lies is when does one demarcate the concept of “freedom of speech and expression of citizens” and “the national interest pertaining to security and sovereignty” i.e. Article 19(1)(a) and Article 19(2). Since the concept of privacy has been interpreted by various courts as being too broad and abstract[7]; a common question is put up by the legal luminaries: Do surveillance laws militate against the basic principles of freedom of speech and expression or are they compatible with the concept? Hence what needs to be seen is how the legislature or the judiciary deals with the concept of “public emergency” and “privacy” in near future so as to avoid unwanted overlap of surveillance laws with individual interest of the users.

ELECTRONIC SURVEILLANCE AND PRIVACY: SOME RECENT ISSUES

We find a scathing anomaly i.e. no Indian statute gives an exhaustive aspect about the process of obtaining data, the exact circumstances under which it is to be obtained and ultimately the storage of data so obtained. Moreover such contentions, as to the required amount of security have been arising ever since the Indian government has asked the Blackberry to disclose the BBM pin which otherwise for practical purposes are encrypted. (as per the article by Christopher Parsons , here) Also there has been wide spread dissatisfaction amongst the netizens with regard to Google’s privacy policies, Microsoft’s policies related to Skype conversations amongst others which seem to keep a tab on the users activities in the cyber space, just to further their own commercial interests. It is not the policies as much as the ominous silence which the government agencies are subjecting themselves to.

CONCLUSION

Though it has been contented by various legal pundits and academicians that the Indian surveillance laws are quite feeble as far as comparison is concerned with the UK and US laws. Nevertheless it can be seen clearly that the Indian legal system with regard to the laws related to surveillance are not altogether defunct, regular endeavours have been taken by all the three components of the state machinery to redefine and explore the grievances so existing within the surveillance laws in India; something which can be clearly be witnessed by us but what really needs to be seen is, how far these laws are compatible with the various dimensions of cyberspace security and privacy of the citizens, and how far such endeavour sustains, since acts of surveillance and their related electronic implications are something which transcends the territories of any county, and is subjected to transmutation at every single moment. Well, it’s only for the future to testify the same.

REFERENCES:

(Hyperlinks)

[1] http://cis-india.org/internet-governance/blog/comments-on-the-it-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011

[2] http://cis-india.org/internet-governance/blog/comments-on-the-it-guidelines-for-cyber-cafe-rules-2011

[3]  Floor Boon, Steven Derix and Huib Modderkolk. “NSA infected 50,000 computer networks with malicious software”. NRC Handelsblad, Retrieved November 23, 2013

[4] Gasparre, Richard (January 25, 2008). “The U.S. and Unmanned Flight: Part 1”. airforce-technology.com. Retrieved March 13, 2009

[5] Fickes, Michael (October 1, 2004). “Automated Eye In The Sky”. GovernmentSecurity.com. Retrieved March 13, 2009.

[6] http://cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law

[7] PUCL v. Union of India, AIR 1997 SC 568