ISSN (Print) - 0012-9976 | ISSN (Online) - 2349-8846
Reader Mode
-A A +A

Questioning Surveillance sans Data Protection

The Ministry of Home Affairs’ recent notification is yet another reason why we urgently need a data protection law.

 

Last week, the Ministry of Home Affairs (MHA) brought out a notification authorising 10 government agencies to intercept, monitor and decrypt “any information generated, transmitted, received or stored in any computer” under the Information Technology (IT) Act, 2000 and its 2009 rules. It has also emerged since that the government is proposing to bring in amendments to the 2011 rules under the IT Act regarding guidelines for intermediaries (communications platforms like WhatsApp and Telegram). It proposes the regulation of “unlawful” social media content, requiring these intermediaries to provide the government with “traceability” of encrypted content—defeating the purpose of end-to-end encryption—and increasing the period of time for which data has to be stored by them. The scare and frenzy that erupted following the notification was responded to by the government, quite characteristically, as just implementation of the laws that were brought in by the previous United Progressive Alliance (UPA) government.

There is a need to revisit not just this notification, but the IT Act itself as well as India’s surveillance framework, especially in light of the landmark judgment on privacy in the K Puttaswamy case in 2017. It is not as if the government has not already been surveilling and intercepting data all these years; a 2014 report had stated that 9,000 phones were tapped every month in India. The government’s Centre for Development of Telematics (C-Dot) had also rolled out in 2013 the Central Monitoring System, an automated mass surveillance project that the C-Dot annual report, released earlier this year, describes as “practically complete.”

In a world where people’s lives are so enmeshed in the digital, one’s computer or phone has become an extension of one’s very person. With the government itself promoting and pushing for a “Digital India,” it, then, becomes all the more essential that there be a strong data protection law protecting the interests of the individual, rather than laws that only protect the actions of the state in the name of national security. In fact, the building blocks of the country’s surveillance framework can be found in the Indian Telegraph Act, 1885 and the Indian Post Office Act, 1898. Section 69 of the IT Act merely echoes these colonial-era laws in the conditions under which the government can intercept, monitor and decrypt data: “in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence.”

As the B N Srikrishna Committee on data protection has noted, “Surveillance should not be carried out without a degree of transparency that can pass the muster of the Puttaswamy test of necessity, proportionality and due process.” As regards the necessity and proportionality of surveillance, the debate on the trade-off between privacy and security is an old one. However, it is a lopsided debate, where, in the absence of a data protection law, the implementation of safeguards to protect the individual’s right to privacy, of data and otherwise, has taken a backseat. As for due process, while we wait for some semblance of a data protection act—like the bill drafted by the Srikrishna Committee—to see the light of day, how surveillance processes are working on the ground is something that the government is unwilling to share. Furthermore, the vaguely worded conditions in the IT Act, in the absence of judicial oversight, contribute in making the entire operation opaque. Instead, we have a government that charges ahead by way of one executive order after the other, ducking any legislative or judicial oversight.

With the conditions of necessity, proportionality, and due process being flouted in their implementation on the ground, when the government tries to pass such blanket surveillance measures, it leads to a trust deficit in the government. The furore over the MHA’s notification points to this. While governments in India have passed many a law and committed many a questionable act in the name of national security—recent examples being the Aadhaar project and the demonetisation exercise—which demand an intrusive amount of transparency from individuals, we do not see the government being as forthcoming and transparent with its people.

The nature of communications technology has drastically changed since the Indian Telegraph Act was passed. We communicate a lot more, and to many more people than we could before. Phones and computers, thanks to the medium of the internet, are no longer used to just communicate important messages or work on word processors, but are an integral part of how we express ourselves and lead our everyday lives. Hence, any sort of interception in or monitoring of a person’s phone or computer would mean a much deeper intrusion in their lives than what it would have been earlier. We talk, read, work, bank, express, protest, and dissent via these devices. Concurrently, illegalities and threats to national security have also gone the digital way. However, pervasive and unrestricted curbs on or surveillance of these devices and networks would be tantamount to the government playing the role of an omnipresent Big Brother. What is required is a complete overhaul of India’s surveillance framework, the inclusion of and compliance with the principles of privacy delineated in the Puttaswamy judgment, and the ­urgent implementation of a data protection law.

Updated On : 11th Jan, 2019

Comments

(-) Hide

EPW looks forward to your comments. Please note that comments are moderated as per our comments policy. They may take some time to appear. A comment, if suitable, may be selected for publication in the Letters pages of EPW.

Back to Top