surveillance

In this article, Lavanya Verma put forth regulation of Surveillance of Robots, Drones, and other surveillance technology in private and government hands.

Introduction

  • Surveillance refers to the keen observation or the condition of being observed, of a person or groups, especially those under suspicion. With a manifold increase in connectivity and convenience in our daily lives over the past few years, these technologies allow far-reaching potential for surveillance by state and civil actors.
  • India being a developing nation has enforced multiple amends in its IT policies, but still, a lot more changes are awaited. the
  • This article talks about different provisions under different statutes which allow government to conduct surveillance, various governmental bodies conducting surveillance as well as regulating surveillance in civilian sector in India.
  • Contemporarily, National Intelligence Grid, Central Monitoring System, and others are the new government agencies formed for surveillance in email, telephones, cyberspace, personal messages etc. Further, many private sector companies are also inspecting the material on their websites or products, for research or other security purposes.

Indian government departments working for surveillance

Intelligence Agencies

In India, there are at least sixteen different intelligence agencies often organised by executive order. Intelligence agencies are not in the purview of the Right to Information Act or the Parliament and also, despite few agencies being aided from the Consolidated Fund of India, their workings are not subject to audit by the Comptroller and Auditor General. These agencies may be governed by operational manuals or internal guidelines, for example, that of individual agencies but in accordance with the  in the Telegraph Act and the IT Act and the Rules framed under such legislations.

The following are the Indian intelligence agencies:

  1. National Technical Research Organisation
  2. Intelligence Bureau
  3. Electronics and Technical Services (ETS), which is the electronic intelligence (ELINT) arm of R&AW
  4. Research and Analysis Wing (R&AW)
  5. The Aviation Research Centre (ARC) and the Radio Research Centre (RRC), which are a part of the Research and Analysis Wing (R&AW)
  6. Central Economic Intelligence Bureau
  7. Narcotics Control Bureau
  8. Defence Intelligence Agency
  9. Directorate of Revenue Intelligence
  10. Signals Intelligence Directorate
  11. Central Bureau of Health Intelligence  
  12. Joint Cipher Bureau
  13. Directorate of Navy Intelligence
  14. Directorate of Air Intelligence
  15. Directorate of Military Intelligence
  16. Joint Intelligence Committee (JIC)
  17. Directorate of Income Tax (Intelligence and Criminal Investigation)
  18. Directorate General of Income Tax Investigation

National Intelligence Grid (NATGRID)

National Intelligence Grid works for linking information saved on networks and servers of various governmental ministries and departments and ministries for easy accessibility by any department or intelligence agency. This grid only provides a platform for communication between computers and networks of different government departments.

Central Monitoring System

Monitoring of every byte of communication, be it a phone call, text messages, online activities, etc is dealt by the Central Monitoring System. CMS is managed by Intelligence Bureau and was prepared by the Resource Monitoring (TERM), Telecom Enforcement, and by the Center for Development of Telematics (CDoT).  

Download Now

Twitter and Facebook walls are under government surveillance through the Central Monitoring System.

Crime and Criminal Tracking Network System (CCTNS)

  • Crime and Criminal Tracking Network System is inclined towards collection, storage, analyzing, transferring, sharing of data among several police stations, police organisations and with the State Headquarters.
  • Any police station can get all the information available about any suspect or criminal stored on the servers of other departments or police stations through CCTNS.

NETRA

NETRA (Network Traffic Analysis) is a software network capable of detecting sensitive words like “kill”, “attack”,”blast”,“bomb”, etc. from private and public internet traffic. Designed by India’s Centre for Artificial Intelligence and Robotics (CAIR), a Defence Research and Development Organisation (DRDO) laboratory, it is to be used by the Research and Analysis Wing (RAW), the Intelligence Bureau, India’s domestic and also external intelligence agencies.

Unique Identification Authority of India (UID Scheme)

Every Indian citizen is given a special unique identity along with basic information of the person and his figure print under the Unique identification authority. UID scheme comes under the AADHAAR Scheme of government of India, and issuing process is  still going on.

Indian Computer Emergency Response Team (CERT-In)

CERT has been formed under the norms of Information Technology Amendment Act, 2008. Operational since January 2004, CERT is a nodal government agency in response of any computer security occurrence. It is a government response team which deals with all the cyber security issues across India.

New Media Wing

A New Media Wing (NMW) was established in 2013, under the Ministry of Information and Broadcasting to publicize Government initiatives online and monitor social media to track public opinion.  

National Counterterrorism Center (NCTC)

After the 26/11 Mumbai attacks, NCTC was proposed to combat terrorism and cover-up flaws of other Indian intelligence agencies. NCTC will be a wing of Intelligence Bureau and derive its powers from Unlawful Activities Prevention Act, 1967.

Drone Surveillance

Drones represent a significant development in robotic technology, the private use of which has boosted recently. Drones are aerial vehicles, which can fly without a human operator. Other terminologies referred to describe drones are – Unmanned Aerial Vehicles (“UAVs”), Unmanned Aerial Systems/ Unmanned Aircraft Systems (“UAS”) and Model Aircrafts.

Regulations in India

Initially, till october 2014,  there were no regulations on use of drones, hence their use was banned . This was followed by the Director General of Civil aviation (“DGCA”) issuing a public notice, imposing a blanket ban on the use of civil drones for national security, until further guidelines. Eventually, the DGCA acknowledged drones potential for multiple civil applications. In April, 2016 the DGCA released draft guidelines on possible future drone regulations in India.

The Department of Industry Policy and Promotion (“DIPP”), Ministry of Commerce and Industry in the Press Note No. 3 (2014 series) released a list of electronic aerospace and defence equipment. The Indian Customs Declaration Form has also been revised to add drones in the list of prohibited & dutiable goods requiring travellers entering India to declare and pay duty. Also, while there continues to be restrictions on drone manufacturing/ production and flying, there is no explicit ban on their sale.

Surveillance companies

India provides various security technology expos which include, Convergence Secutech India, Secure Cities, Ground Zero, IFSEC India, International Police Expo, Defexpo, and the India International Security Expo.

These technologies include perimeter protection, Access Control Systems, information security devices, burglar alarm system, debugging and audio-visual surveillance devices, surveillance devices, aviation security, explosive detection and disposal equipment, NBCW protection equipment and disaster management, equipment for forensic science, equipment for bank and hospital security, and more. Many of the world’s largest surveillance companies like Utimaco, Verint systems and ZTE also have their offices in India. FinFishercommand and control servers of intrusion malware is also in India.

The CIS data shows that the intelligence and securities government agencies, law enforcement agencies, internet service providers, military, telecom service providers, corporations and civilians are consumers for the security solution technologies like CCTV cameras and unmanned aerial vehicles (UAV). Legal technological surveillance standards and regulations must be adhered by these companies. Those include rules proposed by

  1. Communications Assistance for Law Enforcement Act (CALEA),
  2. European Telecommunications Standards Institute (ETSI), and
  3. Alliance for Telecommunications Industry Solutions (ATIS).

Also, standards such as

  1. STQC Certification
  2. ISO 9001: 2008
  3. BS 7799
  4. ISO 27001: 2005
  5. INCITS 379

Yet, less than half of the companies in mentioned in study have publically available certification information. Also, less than half of these have privacy policies available on their websites. While the rest of the companies have not clearly defined how they handle their collected data.

Regulations for surveillance technology

IT sector  surveillance in India is governed indirectly by acts and rules passed by the legislature due to lack of specific laws regulating the working of governmental bodies and their powers keeping in mind freedom of speech and protection of individual privacy.

Information Technology Amendment Act, 2008

Section 69 IT Amendment Act, 2008 empowers the government to monitor, intercept, or decrypt any information stored on any computer/network resources for ensuring public order, safety, etc.

Indian Telegraph Act, 1885

The Indian Telegraph Act, 1885 empowers the central or the state government to intercept messages against public safety. Indian legal framework has inefficient provisions about electronic surveillance.

Code of Criminal Procedure, 1973

  • Under Section 91 of the CrPC 1973 intercepts targeted access to stored content by the law enforcement agencies in India. Section 92 of the Code empowers District Magistrates and Courts to issue directions necessitating documents, parcel or “things” from any postal/ telegraph authority to be produced if needed in court proceedings.  
  • There is little judicial clarity on the subject but it has been argued that it is possible to interpret the provisions in a way that even private ISPs can be considered as postal or telegraph authorities and thus become subject to interception under this section.
  • The level of protection granted to postal or telegraph authorities under section 92 is higher than that provided to ordinary citizens under section 91 since even a police officer in charge of a police station can ask for items to be produced whereas under section 92 it has to be either the District Magistrate or a specified Court.

Right to Privacy bill, 2011

Under this bill, an attempt has been made to define “privacy”, circumstances and power to conduct surveillance and the penalties to be levied on misuse of information by way of interception.

The surveillance can only be granted by permission of Home Secretary, Ministry of Home Affairs, Government of India.

Information Technology (Procedure and Safeguard for interception, monitoring and decryption of information) Rules, 2009

The central government on October 27, 2009, has passed Information Technology (Procedure and Safeguard for interception, monitoring and decryption of information) Rules, 2009 in which it laid down that no person shall monitor, intercept, or decrypt any information available on any computer except an order from Home Secretary or Joint Secretary, Ministry of Home Affairs has been obtained. Under Rule 4 the central government has power to delegate such authority to monitor or decrypt any information on any computer resource to any agency.

Information Technology (Procedures and Safeguards for blocking for access of Information by Public) Rules, 2009

Information Technology (Procedures and Safeguards for blocking for access of Information by Public) Rules, 2009 has been passed by parliament in to block access of any information on any computer resource by public. The government has power to block any information whether generated, transmitted, stored or received or hosted by any computer resource for any reasons described in section 69A of IT Act, 2000 i.e. security of the state, sovereignty and integrity of India, friendly relation with foreign state, defense of India,  etc.

Indian Wireless Telegraphy Act, 1933

Under section 3 of the Indian Wireless Telegraphy Act, 1933, the possession of wireless telegraphy apparatus without a license is considered an offense.

Central Motor Vehicles Act 1898 and 2012 Rules  

Rule 138A of the Central Motor Vehicle Rules, 1989 concerning radio frequency identification tags, was proposed. This Rule mandates the installation of radio frequency identification (“RFID”) on all light and heavy motor vehicles to trace their instant identification and monitoring by electronic collection toll booths, the police and any other authority or person that is able to query and read RFID tags.

Conclusion

  • India’s surveillance policies for Robots, Drones and other technologies are not sufficient to tackle future threats and there is an immediate need for amends in the existing legal framework and introduction of strong and effective policies to protect IT industry along with protection of privacy of individuals in the country.
  • Indian legislature must pass acts and rules relating to the functioning of agencies, powers and authorities under whom surveillance is to be done, protection or destruction of such information gathered during surveillance and how far the privacy of individuals is secured.
  • There is a probability of an increase in cyber crimes and cyber terrorism. Although as per the rules, the government all the power to monitor, intercept, block or decrypt any information on any computer resource and also to delegate its powers to agency or any person but the functioning of these agency and persons employed in these agencies have not been made in the rules and also the provisions as to penalties for misuse of such information by any governmental body or person has not been given.

Suggested Reading.

Legality of drones in India

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here