Privacy Via-a-Vis Surveillance in India

Surveillance is a necessary tool for maintaining the sovereignty, integrity, and security of the State and it helps in the prevention and investigation of these crimes. However, the absence of any Data Protection law overlooking the millions of orders for surveillance, the State has untrammelled access to the private lives of the citizens.

Until 2017, the position of law, viz. Whether the right to privacy is a fundamental right under the Constitution of India, was unclear. Thereafter, nine judges of the Supreme Court in the celebrated judgment of K.S. Puttuswamy Vs. Union of India proceeded to hold that the right to privacy is a fundamental right under Article 14, 19 and 21 of the Constitution of India and the same should not be infringed unless the same is necessary for protecting the sovereignty and integrity of the State.

However, despite right to privacy being declared a fundamental right of the citizens, interceptions and monitoring can be ordered merely by issuing orders by the concerned law enforcement agencies, with close to no vigilance over their actions. There is no scope of any judicial scrutiny of these orders when they are being passed, in the realm of national security and also due to the fact that the people under surveillance, would not know that they are being monitored, thus negating any scope of challenge to the said orders.

This leads to a situation where the powers of interception and monitoring is now being used as per the whims and fancies of the government. The absence of a Data Protection Legislation does not help.

K.S. Puttuswamy Vs Union Of India [Right To Privacy Judgment]

The Supreme Court of India in a landmark decision titled K.S. Puttuswamy Vs. Union of India [2017 (10) SCC 1] held that the right to privacy is a basic fundamental right. It also held that the right to privacy forms an intrinsic part of Article 21 (Right to life) and the freedom guaranteed under Part III (Fundamental Rights) of the Constitution of India.

The Court held that the right to privacy is not independent of the other freedoms guaranteed under part III of the Constitution of India and that it was an element of human dignity and is, therefore, an inalienable natural right. Another pertinent observation in the judgment was regarding the negative and positive elements of privacy, the requirement of the State to unfairly interfere with the privacy of individuals, and the need for a legislative framework to restrict others from doing so.

It was held in the judgment that the requirement of reasonableness prevails throughout Part III (fundamental rights chapter) of the Constitution of India. The Court held that a menu of tests should be applied, depending on the rights that may be infringed.

This in essence would mean that if the action of the State is arbitrary, the rights guaranteed under Article 14 of the Constitution would be infringed and such an infringement would have to pass the test of not being violative of the said Article. Similarly, privacy invasions that implicate freedoms guaranteed under Article 19 would fall under restrictions like public order and obscenity. The intrusion into the life and liberty of an individual would fall under Article 21 of the Constitution and the same would have to be just, fair and reasonable.

To summarise the findings of the judgment, it would be fair to say that the judgment provides that there should be the existence of an appropriate Data Protection law and the said law should seek to achieve a legitimate State aim and the proposed action must be necessary for maintaining a democratic society. There should also be a rational nexus between the objects and the means adopted to achieve this, to ensure that the extent of interference is proportionate to its needs. Lastly, it was observed that checks against the abuse of State interference is a must.

Law Governing Surveillance In India

In India, mainly two legislations regulate digital and telephonic surveillance, i.e. Information Technology Act, 2000 and the Indian Telegraph Act, 1885.
The Indian Telegraph Act, under Section 5 empowers the Central and State government to intercept messages during two instances, viz.

1. In the occurrence of any public emergency or the interest of public safety
2. If it is considered necessary or expedient to do so.”

(1)Apart from the above, messages may also be intercepted, in the interest of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order and for the prevention of incitement to the commission of an offense.

Rule 419A of the Indian Telegraph Rules, incorporated in 2007 and last amended in 2014, provides that an order for the interception can be issued by the Secretary of the Ministry of Home Affairs in the case of Central Government and by the State Government in-charge of Home department in case of State Governments. The rules also provide that in unavoidable circumstances, the order for interception may be issued by an officer, not below the rank of Joint Secretary to the Government of India, who is authorized either by the Central or the State Government.

It has been provided for in Rule 491A of the Indian Telegraph Rules for creation of a review committee with the Cabinet Secretary as its Chairman, the Secretary of the Government in charge of legal affairs and the Secretary of the Department of Telecommunications as its members. The committee is tasked with reviewing every order of interception, and the details of a request for interception have to be sent to the committee within seven days of being issued.

It may, however, be noted that failure to do the same, does not in any manner, make any officer failing to do so, to be liable. The Committee only has power to revoke orders of interception and can direct destroying the data collected, if found that the order of interception do not meet the requirement laid down in the case of People's Union for Civil Liberties (PUCL) Vs. Union of India [1997 (1) SCC 301], i.e. if the order of interception have not been issued in the interest of public safety or on the occurrence of any public emergency.

However, the insertion of the said rule, renders itself obtuse since there exists no mechanism for taking any action against any government officer, for initiating interception, without having any valid grounds for doing so. It is worthwhile to note that the fundamental right of privacy of citizens can be legally infringed for sixty days, till the committee meets, to decide the validity of the orders of interception. This liberty is widely misused by the various government agencies, since, there is no adverse action taken for wrongful interception and any order of interception is not even weighed, to be either correct or incorrect for sixty days at least.

Similarly, the Information Technology Act under Section 69 allows the Central and the State Government to issue directions for monitoring, interception and decryption of any information transmitted, received or stored in a computer resource. The power under Section 69 of the Act, expands upon the grounds upon which interception can take place, as compared to the Telegraph Act.

The Ministry of Home Affairs vide its office order no. S.O. 6227 (E) dated 20.12.2018, issued while exercising powers under Section 69(1) of the IT Act r/w Rule 4 of the Information Technology (Procedure and safeguards for interceptions, monitoring, and decryption of information) Rules, 2009 authorized 10 agencies for the interception, monitoring, decryption of any information generated, transmitted, received or stored in any computer source under the Act.

These agencies are Intelligence Bureau, Narcotics Control Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Central Bureau of Investigation, National Investigation Agency, RAW, Directorate of Signal Intelligence (For Jammu and Kashmir, North East and Assam only) and the Commissioner of Police, Delhi.

The Agencies Authorized For Interceptions And Monitoring Are Exempted From Disclosing Information Under The Right To Information Act

The agencies and authorities tasked with interception and monitoring work, are mostly intelligence agencies and are not obligated to reply to the queries raised regarding the extent of surveillance that is carried out by them under Section 24 (1) of the Right to Information Act. The only exception to this rule is that these agencies have to supply the information that is requested only if it pertains to allegations of corruption or of human rights violations since these requests fall under the exemption clause of Section 24 of the RTI Act.

The procedure prescribed under the various legislations, which empower the government to intercept and monitor citizens requires the authorities to function as a quasi-judicial authority and demands application of mind. However, in response to a 2014 RTI query, the Central Government responded by acknowledging that annually, the Union Home Ministry approves about 1 lac requests for interception and some estimates place the number between 7,500-9,500 interceptions per month. Even if the lower limit of 7,500 requests for interception is taken to be correct, it would mean that either the officers in the Union Home ministry are applying their mind and then allowing about 250 requests for interception per day. The more believable assumption would be that the orders for interceptions and monitoring are being permitted without even looking into the legality or the authenticity of the requests made by the authorities.

The Ministry of Home Affairs, in response to an RTI request for providing the number of sanctions issued by the Ministry to Central agencies permitting them to intercept phones between 2008-2018, invoked the exemption clause under Section 8(1)(a) of the RTI Act, to deny the said information. Pertinently, the applicant did not seek any specific details regarding cases, individuals or file noting. However, the request was not entertained.

Officers Passing Orders For Interception Are Under No Obligation To Protect The Privacy Of Citizens

The Home Secretaries at the Central and the State level are drawn from the Indian Administrative Services. Any decision regarding a fit case for interception and monitoring is therefore not made under the guidance of any judicial officer, which has serious ramifications since the Secretaries are under no obligation to ensure that the fundamental right to privacy of citizens is protected.

Furthermore, no adverse actions are taken against the bureaucrats for allowing the interception and the mere steps that are taken are that the data already collected is destroyed.
It is worthwhile to mention that since all the requests for interception and monitoring are made citing either national security, terrorism-related activities, smuggling of arms of currency notes, or a possible huge revenue loss to the public exchequer, therefore, no officer would risk any liability by disallowing a request for surveillance.

Furthermore, even under the Statutes, no liability is imposed either on the Home Secretary of the Centre or of the State government, for allowing interception on the request of the law enforcement agencies, although nothing substantial may have been obtained by them, pursuant to infringing the fundamental rights of the citizens.

Right To Privacy In The United States

Contrary to the position to India, in the United States of America, electronic surveillance is considered a Search under the fourth amendment, which protects individuals from unreasonable search and seizure.

The law enforcement agencies have to obtain a warrant in each case and have to also establish that probable cause is justified. No such steps are needed in India. While obtaining warrants, the law enforcement agencies in the United States are also required to provide a specified period under which the surveillance is to be conducted and h as to also provide in particular, the conversations which have to be intercepted. Only in exceptional circumstances, may the government proceed without any warrant.

Position Of Courts Post The Puttuswamy Judgment

The Hon'ble High Court of Bombay in the case of Vinit Kumar Vs Central Bureau of Investigation [2019 SCC Online Bom 3155], while determining the validity of tapping orders issued against one of the accused persons, observed that in the absence of any ingredients of risk to the people or interest of public safety, orders for tapping and intercepting of phone calls, would not be justified.

The Hon'ble High Court also noted that the orders for interception, passed in that case, would in no manner pass the test of “Principles of proportionality and legitimacy” and would therefore not be sustainable in law. The Hon'ble High Court also directed the concerned authorities to delete the stored intercepted message, since the same were collected in contravention of the provisions of Section 5(2) of the Telegraph Act.

Data Protection Legislation In India

There exists no legislation which protects the data of individuals and honours the fact that the right to privacy if a fundamental right of the citizens. It was only in July 2017 that an expert committee was set up by the Indian Government to draft a Data Protection Bill. This Committee released its final report and a Date Protection Bill in July 2018.

The Bill provides for the establishment of a Data Protection Authority to oversee the activities that involve the processing of the data that has been collected. It also recognizes the need for protection of personal data, under the fundamental right to privacy of citizens. Broadly, the Bill seeks to follow the European Union General Data Protection Regulation. The Bill also provides for setting up of an Appellate Tribunal for Data Protection, the appointment of Data protection officers and an Adjudicating officer.

This Bill has a long way to go, before ensuring that the fundamental right to privacy of citizens is not infringed merely by passing of office orders directing interceptions and surveillance and to ensure that the powers vested with government officials for ensuring the national security, integrity, and sovereignty of India, are not misused.

References:

1. https://dot.gov.in/sites/default/files/358%20GI2014%20dated%208.2.2014_6.pdf?download=1
2. https://privacyinternational.org/state-privacy/1002/state-privacy-india
3. https://medium.com/indrastra/an-analysis-of-puttaswamy-the-supreme-courts-privacyverdi ct-53d97d0b3fc6
4. https://cs.stanford.edu/people/eroberts/cs181/projects/ethics-of-surveillance/eth ics.html
5. https://dot.gov.in/sites/default/files/358%20GI2014%20dated%208.2.2014_6.pdf?download=1
6. https://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf
7. https://www.epw.in/engage/article/can-government-continue-unhindered-wiretappingwitho ut-flouting-right-privacy
8. https://eur-lex.europa.eu/legalcontent/EN/TXT/?qid=1532348683434&uri=CELEX:020 16R0679-20160504
9. https://www.epw.in/engage/article/can-government-continue-unhindered-wiretapping-without-flouting-right-privacy
10. https://m.economictimes.com/news/politics-and-nation/cannot-disclose-data-on-phone-tapping-permissions-mha/articleshow/67993239.cms
11. https://www.thehindu.com/news/national/what-are-the-surveillance-laws-in-india /article29993602.ece
12. https://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf
13. 2017 (10) SCC 1, titled J.S. Puttuswamy Vs. Union of India
14. https://cis-india.org/internet-governance/blog/policy-paper-on-surveillance-in-india
15. https://medium.com/indrastra/an-analysis-of-puttaswamy-the-supreme-courts-privacy-verdict-53d97d0b3fc6
16. K.L.D. Nagasree Vs. Government of India [AIR 2007 AP 102]
17. https://www.uprinfo.org/sites/default/files/document/india/session27may2017/js35upr27indemain.pdf

Citations:

1. https://cis-india.org/internet-governance/blog/policy-paper-on-surveillance-in-india