A Surveillance Story

[This post has been authored by Ada Shaharbanu and Reuel Davis Wilson.]

Our familiarity with surveillance generally brings to mind the methods adopted in the 20^th century. Common among these are the tapping of telephone lines, stakeouts and the interception of postal services. However, it becomes difficult to keep a track of the multiplicity of ways in which surveillance is presently conducted. Advanced technology has barely allowed us to familiarize ourselves with one thing before the next comes along.

How are we monitored?

The primary change over the years, in terms of surveillance, is that now it is not just the State but private entities who are increasingly conducting surveillance. A common example of the latter would be the consolidation of our profile and usage data from social media platforms such as Facebook, Instagram or Twitter along with our internet browsing history and processing and analyzing it to make what is known as our ‘digital profiles’. This data mining and profiling policy has increasingly been adopted by almost every popular service on the internet, be it in the e-commerce industry or gaming applications – to maximize the profit potential in each product. The dangers associated with the sale of user data to third parties are now being tackled by innovative data protection laws across the globe. In India, the issues associated with surveillance still haven’t taken center stage as they have in the US (particularly after Snowden’s leaks on NSA’s Prism). On that note, it is worth pointing out that the Indian government has mass surveillance working on as large a scale as was criticized outside these shores. An example of such supervision is the Central Monitoring System (CMS) in India. This was installed by the Centre for Development of Telematics (C-DOT) and is operated by Telecom Enforcement Resource and Monitoring (TERM) Cells. It was envisioned by the Government to automate the process of interception and monitoring of telecommunications technology. It also gives our security agencies and income tax officials centralized access to our telecommunications network by requiring all Telephone Service Providers (TSPs) to install Lawful Interception Systems in their premises to conduct targeted surveillance of individuals in their networks.

Another example is the software network developed by the Defence Research and Development Organization (DRDO) called NETRA (Network Traffic Analysis). The primary use is claimed to be the interception and analysis of internet traffic to pick up on keywords such as ‘bombs’ as a pre-emptive measure against threats to the State.

The government has been mass requesting call data records (CDRs) in various states across the country without following the user privacy guidelines mandated by the Supreme Court. There have also been reports of an ‘all-encompassing, auto-updating, searchable database’ being in the works by the government under the garb of creating a National Social Registry that updates in real time. Additionally, the lack of oversight while rolling out contract tracing apps, including the government’s Aarogya Setu app, has exposed users to privacy vulnerabilities and an unchecked mechanism for additional unchecked surveillance that could be misused.

Are we protected by any laws?

Presently, though we don’t have any laws preventing surveillance, we do have laws that justify it with, arguably, some safeguards. One common surveillance method is the interception of phone calls. The Indian Telegraph Act, 1885, covers this area and Section 5 of the Act legitimizes surveillance in the interest of ‘public emergency’ and ‘public safety’.

Rule 419A was added to the Indian Telegraph Rules, 1951 stating that orders of interception could only be issued by the Secretary of the Ministry of Home Affairs. In unavoidable circumstances, such orders can be issued by an officer, not below the rank of a Joint Secretary of the Government. These rules deal with how the order must contain reasons, how it cannot be acquired unless all other reasonable means are exhausted, and disclosure of the name of the officer handling the same, and rules that service providers should comply with. The Information Technology Act, 2000 has similar rules for interception of data. The threshold here is extremely low; it’s mostly procedural and easy for the surveillance to come under the ‘permissible limits.’ All that needs to be established is a simple authorization request. The overburdened judiciary is also unlikely to enforce these rules. A recurring theme is that surveillance is seen as legal unless expressly prohibited.

Why do we need a surveillance policy?

The most common argument for why surveillance is necessary is the threat of terrorism. However, surveillance is in most cases, just another form of social and economic control.

An argument can be made that metadata is not personally identifiable so a collection of the same would not pose problems for the general public– this suggests that the State would have access to emails, list of phone calls made and all forms of social media of the targeted individual and that the surveillance could be based on particular keywords. This puts every dissenting individual on the internet at risk of being watched and targeted for sharing their views online; some groups are more likely to get flak for their views and ideas owing to the inherent bigotry in society, which can and have in the past, lead to coercion and selective enforcement.

Another unsettling issue is the misuse of data collected through digital surveillance; it can be used to shut down lawful protests and journalists reporting the same. It can suppress thoughts and put pressure on political opponents and their supporters. India being extremely diverse – it’s likely that the plight of religious, caste based and gender minorities would worsen. It can intensify the level of discrimination already faced by these groups in turn leading to other fundamental rights violations. It creates a tense atmosphere, encouraging a linear narrative that encourages the ostracization of sections of society. Therefore, it can be said that the intellectual privacy of the country is likely to be threatened.

How should it be modelled?

Though it has been established that surveillance has, time and again, impinged upon our civil liberties, it continues to remain deeply rooted as a necessary evil to govern society. It thus stands to reason that the pragmatic solution would be to bring into effect a well-rounded surveillance policy that would protect our individual rights.

At present, the general populace is regularly surveilled by both corporations (‘private surveillance’) as well as the government (‘public surveillance’). Quite often, the lines between the two have gotten blurred as data mining giants, such as social networking platforms, have aided governments in gathering intelligence. Therefore, the surveillance policy should make a distinction between private and public surveillance and whether it would apply to both kinds. As a democratic state, we should not under any circumstance be secretly surveilled. We should reject the notion that our calls and internet usage are allowed to be monitored at all times because we live fairly regular lives. One of the core ideals of our constitution is that we should have the right to dissent and be reasonably aware of what the State is going to do. When surveillance is unofficial, there’s no scope or law under which citizens can claim that their interests or rights have been violated. The risks and concerns associated with such unsupervised activity need to be addressed and rectified.

Ideally, an independent body or commission could be constituted to oversee the government agencies that are permitted to engage in legal surveillance, a body that is capable of being independent of political interference. If permission or a warrant is to be issued for surveillance, the threshold required must be extremely high, and a mechanism for remedies should be put in place, in case unauthorized surveillance takes place.

The age of information technology has utterly decimated any semblance of privacy in an individual’s life. Tailoring a surveillance policy with the aforementioned ideals would advance us into the nascent stages of carving out a digital air bubble of self-ownership.