This article is written by Shivam Gupta and Payal Golimar.
In the era of development when technology is growing rapidly all over the world and benefiting the people around it, people are finding newer and different ways of committing crimes. Therefore, development in the recent decade in the field of technology contributed immensely toward the growth of cybercrimes. It is the essence of such offences, that they can be committed without a visible appearance – anonymously and sitting far away from victims. And to make people liable for misusing the technology, we need an entirely different set of regulations dealing with this sector while keeping in mind the constantly changing nature of the sector, also what can be the possible ways of committing crimes under this sector. So, the crimes committed with the use of technology are commonly known as cybercrimes such as E-mail spoofing, forgery, cyber defamation, web jacking, DoS Attacks, and many more. It is to be noted here that, in the present study we are primarily concerned with communication surveillance.
Communication surveillance means monitoring, intercepting, collecting, or preserving the data/information communicated or generated with the use of technology by the third party that can be the government agency, a private company, or any other malicious actor. Advancements in communications have provided us with many ways to access a wide range of networks via which to communicate. With the growth of communication technology from telegraphs to redlines and mobiles to the internet, for people, it becomes easy to communicate. Supervision over electronic communication is needed in the interest of public safety, sovereignty, the integrity of India, and for security purposes.
Henceforth, due to many reasons, surveillance, in this sector becomes a major issue. So, the major national laws covering communication surveillance in India are the Indian Telegraph Act, 1885 an ancient one, and the recent Information Technology Act, 2000. These acts empower the Indian government to monitor and intercept communications.
However, the history of surveillance can be traced back to time immemorial and in the history of surveillance “state” always plays an important role. As surveillance is increasing the questions with regards to privacy are arising as rightly stated by sociologist David Lyon, “the spread of technology within societies will lead to their increased surveillance and subsequent lack of privacy”. Now, as in the recent Indian legal system, the concept of privacy is termed as the constitutional right and hence the issue arises, as up to what extent a person is subjected to surveillance by the appropriate authority. Henceforth, this notion ultimately raised many questions on the existing legal framework of surveillance. In the present study, an effort has been made to analyse some of the provisions pertaining to the surveillance laws in India that have an impact on privacy issues.
Position under international law
One of the basic human rights and is important for every human being for its identity is the right to privacy and it is also recognised by international law such as under Article 12 of the Universal Declaration of Human Rights, Article 17 of International Covenant on Civil and Political Rights, Article 14 of United Nation Convention on Migrant workers, Article 16 of United Nation of the protection of the Child. Article 10 African Charter on the Rights and Welfare of the Child, Article 5 of the American Declaration of the Rights and Duties of man, Article 11 of the American Convention on Human Rights, Article 21 of the Arab Charter on Human Rights, and Article 8 of the European Convention for the Protection of Human Rights.
When we talk about communication surveillance it is kind of a breach of privacy of an individual because according to International Principles on the Application of Human Rights to Communication Surveillance (IPAHRCS), Communication Surveillance is defined as “Communications surveillance in the modern environment encompasses the monitoring, interception, collection, analysis, use, preservation and retention of, interference with, or access to information that includes, reflects, arises from or is about a person’s communications in the past, present or future.” It also defines the term “Communications” which “include activities, interactions and transactions transmitted through electronic mediums, such as the content of communications, the identity of the parties to the communications, location-tracking information including IP addresses, the time and duration of communications, and identifiers of communication equipment used in communications”.
The importance of Communication Surveillance is that it is important for the National Security of the state. Therefore, it can’t be banned even if it breaches the privacy of an individual. In Uzun v. Germany, the European Court of Human Rights examined an application alleging a breach of Article 8 of the European Convention on Human Rights, in which the applicant’s data was collected by investigative authorities via the Global Positioning System (GPS) and used against him in a criminal case. In this case, the petitioner was accused of being involved in left-wing extremist bombings. The Court unanimously decided that Article 8 had not been violated and ruled as follows: Mr. Uzun had been placed under GPS monitoring in order to investigate multiple cases of attempted murder for which a terrorist group claimed responsibility and to prevent additional bombings. As a result, it fulfilled the objectives of national security and public safety, as well as crime prevention and victim rights protection. It had only been requested after less intrusive means of inquiry had been insufficient, and it had only affected Mr. Uzun when he was travelling with his accomplice’s automobile. As a result, he could not be claimed to have been under constant and thorough observation. Given the severe nature of the inquiry, the Court determined that Mr. Uzun’s GPS monitoring was reasonable.
The IPAHRCS provide some principles which the states should consider while doing communication surveillance which are-
- There should be a legitimate aim for doing surveillance.
- There should be the necessity of such surveillance and if there are other methods that will not affect human rights then they should be explored first.
- Any surveillance must be legal and prescribed by law.
- Only adequate surveillance should be done which can help in achieving the purpose.
- Before starting surveillance, it must be established that the need for surveillance is more important than the breach of the right to privacy of an individual.
- Competent judicial authority must be established and the due process of law should be followed.
- Individuals must be notified of surveillance. If notifying the individual will defeat the purpose of surveillance then it can be avoided.
Surveillance in India
As per Indian laws, Surveillance is prohibited, nevertheless, surveillance conducted by the government is legal if a proper legal channel is followed by the appropriate government. In the legal regime of technology, the concerned laws governing communication surveillance in India, are:
- THE INDIAN TELEGRAPH ACT, 1885
- THE INFORMATION TECHNOLOGY ACT, 2000
- THE INFORMATION TECHNOLOGY RULES
The Telegraph Act which was enacted way back in India majorly deals with the interception of calls by the government. The government derives its right of interception from Section 5 of The India Telegraph Act, which states, “Power for Government to take possession of licensed telegraphs and to order interception of messages”. Section 5(2) of the Act grants the central or state government authority over the transmission, interception, and retention of any communication if the following criteria are met:
- If it is essential in the interests of India’s sovereignty and integrity,
- State’s security,
- Friendly relations with other nations,
- Public order, and
- Lastly for preventing incitement to the commission of an offence.
The clause’s proviso restricts the interception of communications of “press messages” of the correspondents who are “accredited to the Union government or state government”.
Another major law dealing with communication surveillance is the Indian Information Technology Act, 2000. The statute primarily addresses data interception., which means it governs digital surveillance. Accordingly, it can be said that the IT Act has broadened the horizons of surveillance as compared to the previous act i.e., The Telegraph Act, 1885. To understand this, we need to first look at the provision. According to Section 69 of the Information Technology Act, “Power to issue directions for interception or monitoring or decryption of any information through any computer resource”. This provision vests authority in either the central or the state governments “to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource”. Provided, if such information is required:
- In the interests of India’s sovereignty and integrity,
- Defence of India,
- State’s security,
- To maintain friendly relations with other nations, or
- To maintain public order, or
- for preventing incitement to the commission of any cognizable offence relating to above, or
- For investigation purposes.
Section 69 of the IT Act is more extensive in this regard, as it grants the government broad powers to intercept information because section 69 broadens up the categories of conditions that need to be fulfilled by the government before the interception of any information. Surveillance can now be carried out by the appropriate authority even for the investigation of any offence. It is important to emphasize here that there is no reasonable nexus to draw as to what types of offences are subject to government surveillance. Furthermore, section 69 of the IT Act exempts the obligation of “public emergency” and “in the interest of the public safety” as specified by section 5 of the Telegraph Act. Henceforth, section 69 has broadened the scope of surveillance by the government.
Lastly, in addition to the Indian Telegraph Act and the Information Technology Act, the Information Technology Rules are also in place in India for the procedural governance of surveillance. The IT (Procedures and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, majorly deals with the procedural requirements. The IT Rule, 2009 specifies the comprehensive method and safeguards for the interception of information, including safeguards such as recording the grounds for interception and the directives for the interception shall not exceed beyond the period of 60 days, it can be further extended up to 180 days, not beyond that, destruction of information or record so obtained through interception within 6 months, etc.
Recently, in the year 2018 government has ordered under Rule 4 provides that “the competent authority may authorize an agency of the Government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub-section (1) of Section 69 of the Act”. This step was taken up by the government to improve transparency and accountability and to handle crime and terrorism.
Apart from the legislative wing, the Indian judiciary also time and again set up the guidelines through precedents for the interception of the information or record by the government.
The right to privacy is not a fundamental right before the judgement given by the nine-judge bench of the Supreme Court of India in the case of Justice K.S. Puttaswamy and Ors. v. Union of India (UOI) and Ors. After this ruling right to privacy was included under the ambit of Article 21 of the Constitution of India. The judgement overruled the rulings of M.P. Sharma v. Satish Chandra, District Magistrate, Delhi, and partially overruled the judgement of Kharak Singh v. State of Uttar Pradesh as both the judgements say that the right to privacy is not guaranteed under the Constitution of India.
In this ruling Justice D.Y. Chandrachud believes that, a person has to live with dignity and privacy is one of the necessities for any human being for the fulfillment of dignity and also an important aspect for achieving the goal which protection of life and liberty intended to achieve. He is also of the opinion that if a law encroaches upon the privacy of an individual then that law must be in accordance with the fundamental rights given in the Constitution of India. If there is an invasion of privacy it should be justified under Article 21 on the basis that a law that allows such infringement must establish a procedure that is just, fair and reasonable. He stated a three-fold test for any law which establishes a procedure for infringement of privacy. After passing this three-fold test such law can be held valid. The three requirements are –
- Legality which postulates the existence of law.
- Need, defined in terms of a legitimate state aim.
- Proportionality ensures a rational nexus between the objects and the means adopted to achieve them.
He further goes on to say that “Informational privacy was a facet of the right to privacy. The dangers to privacy in an age of information can originate not only from the state but from non-state actors as well. Present Court commend to the Union Government the need to examine and put into place a robust regime for data protection. The creation of such a regime requires a careful and sensitive balance between individual interests and legitimate concerns of the state. The legitimate aims of the state would include for instance protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits. These were matters of policy to be considered by the Union government while designing a carefully structured regime for the protection of the data.” Therefore, if the government had to do surveillance on someone then that surveillance should justify the three-fold test and also the balance need to be maintained between state interests and individual interests. Justice Jasti Chelameswar further added further reasoning to it that only where their compelling state interest and there is very urgent need to get into the privacy of someone then only right to privacy can be infringed of any person.
Another fundamental right that is affected by surveillance is freedom of speech and expression which is guaranteed under Article 19(1)(a) of the Indian Constitution. In the judgment of People’s Union for Civil Liberties v. Union of India, the Supreme Court of India held that telephone tapping of any person infringes the right of free speech and expression which is guaranteed under Article 19(1)(a). Court also held that if there are no rules which can be used to avoid improper and unwanted interception or disclosure of messages, there is always a risk of infringement of fundamental rights under article 19(1)(a) and article 19(2).
There is always been a grey area between surveillance and privacy concerns, and it is not only common in India but in the entire world, the question remained unanswered. At the same time, in India, privacy right is a constitutionally protected right and hence for unnecessary invasion, the government can be held accountable. In current Indian laws, surveillance is declared to be illegal but some exceptions are provided to the government for security purposes where surveillance is permissible. However, sometimes the language of the law is not so clear and they are interpreted or there are many possible interpretations of one term which just broadens up the surveillance power of the government. Henceforth, technology laws that misconstrue the main objective of the law should be amended or revoked.
In the period of digitalization, private and public players are coming up with advanced technologies and some of them are invasive beyond reasonable limits for instance Pegasus spyware. It’s spyware developed in Israel, which is used to tap phones, encrypted messages, audio, etc. this surveillance tool was developed to help the governments to monitor crimes. Now, many questions have been raised on the objective of Pegasus spyware, when the wire, reported that this surveillance tool was used by the Indian government to spy on hundreds of people like Indian journalists, political leaders, constitutional heads, dissidents, activists, and private individuals. Which has shaken the foundation of the Indian democracy as opined by Mr. Kapil Sibal, “it is an assault on privacy, human dignity & value of our republic” during the course of proceedings. The question now is to what degree the government can violate an individual’s right to privacy in the interest of national security. The answer to this question lies in our democratic setup itself. In the ongoing case over the use of Pegasus spyware centre contended that for national security purposes only the virus will be used. Supreme Court has yet to give the final verdict.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: