This article has been written by Kazi Ashique Azfar, pursuing the Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho.

Introduction

With the onset of COVID-19 and the extended lockdown all over the world, work from home and everything possible from home became the norm. Everyone had to rely on technology to be connected and communicate with each other. Technology ensured that schools and workplaces could still function even in these unprecedented times. Applications like Zoom, GoogleMeets, Webex, and other applications suddenly became the centre of productivity. 

However, every coin has two sides, and as much as technology and these applications have helped us, they are also prone to attacks and have enabled privacy infringements. In 2019, analysts found over 15,000 potentially accessible webcams readily available to the general public with an internet connection. It did not even require hacking or manipulation by someone to make these webcams accessible but was simply because the owners did not know. Similarly, Apple had to disable the Walkie Talkie app due to a vulnerability that could allow a person to listen to another customer’s iPhone without consent.

For the vast majority of the world, people do not fully understand the technology they are using and their potential vulnerabilities. Features like but a simple notification letting the people know that their webcam, microphone or any other sensors are being accessed will go a long way to enable the person to realise if their privacy is being infringed.

Surveillance and privacy

According to many, the Orwellian dystopian future of mass surveillance has already arrived. There have been multiple reports of hackers and malicious apps being able to spy on people through their devices. And over time, companies have rectified the situation through software updates or deleting the apps from the devices but it happened only after the damage had been done. 

People have come to realise the importance of their personal data and privacy worldwide; therefore, more and more countries are establishing laws to protect the same. However, India is yet to join the bandwagon, although deliberation is going on, and a bill has been tabled in 2019. Therefore, the question arises can the infringement of privacy through these apps and devices be penalised under Indian laws.

Legality of surveillance 

Surveillance can be conducted by the government legally subject to regulations. The laws governing surveillance are the Indian Telegraph Act, 1885, dealing with the interception of calls, and the Information Technology (IT) Act, 2000, dealing with data interception. However, these only allow the government to conduct surveillance on the basis of reasonable cause and not private entities. Further, hacking is expressly prohibited under the IT Act. Although there has been no reported case of private surveillance that has been tried in court in India, it has ruled on state surveillance. 

In the case of People’s Union for Civil Liberties (PUCL) v. Union of India, the Supreme Court of India heard public interest litigation against phone tapping by the police. The court’s notable decision still influences surveillance laws in India. It dotted the evolution of the right to privacy till then and expanded over it to hold that the fundamental right to privacy includes the right to have telephone conversation without inference within one’s home or office. It referred to cases like Kharak Singh v. State of U.P., Gobind v. State of M.P., R. Rajagopal v. State of Tamil Nadu and how the concept of the right to privacy evolved through each of them. It was limited to the physical realm of the house in Kharak Singh where it defined the right as to “be free from restrictions or encroachments on his person”. 

The right to privacy was expanded in R. Rajagopal. In this case, Auto Shankar, a convict for six murders, had written an autobiography stating the nexus that he had with high-profile state officials. The publication of the autobiography was stopped fearing what the scandal would lead to. The court accepted that it was an issue of the right to privacy of the officials as their reputation was on the line. If PUCL were to be decided today, then it would have certainly included contemporary means of communication from being interfered with by the state or private entity. While PUCL had provided guidelines to exercise the states surveillance powers it was done with the time and circumstance of its time but that has become the norm for Indian administration and is still followed. 

While these laws regulate state surveillance and have provision for civil and criminal charges against private individuals and entities in case of a breach, there is no law to prevent them. The right to privacy has been recognised as a fundamental right permeating the entirety of Part III of the Constitution. 

The Puttaswamy judgment has put both a negative and positive onus on the government. Meaning that not only does it hinders state surveillance, it also puts the onus on the government to make laws to prevent others from infringing on the privacy of the citizens. And unlike previous judgements, it has put the individual at the centre. The right to privacy is attached to the individual and not someplace, relation or institution. The Personal Data Protection Bill, 2019 is an acknowledgement of the onus of the government to protect the privacy of individuals from others. 

While the PDP Bill does provide for provision to regulate the collection of data by companies, it will not be able to control hackers or malicious applications. Further, the consensual regime of data collection makes a presumption of informed choice, which is hard to implement in India. The reason being the penetration of smartphones and the internet being much higher than internet literacy. Most users do not understand the risks associated or care to read before consenting to terms and conditions.  However, a simple notification letting the users know when their devices camera, microphone or any other sensors are being activated would be a simple way to inform them of any intrusion or malfeasance that may take place. 

Technology already present

The technology to enable notification upon the activation of the sensor are already present in smartphones. Apple, a company that has made privacy it’s USP in its latest update on iOS 14, has made sure when “any app is using your Camera or Microphone, you’ll notice a small orange dot on the top right of your iPhone or iPad”. Further, “it will show you which app is using your Camera or Microphone”. A similar feature is also enabled by third-party applications on Google android and is reported to have been included in the next iteration of the Google operating system. 

Conclusion

With technological advancement and the inclusion of smart devices in every home, the risk of illegal intrusion and surveillance is at an all-time high. There is yet to be a law that specifically protects the right to privacy of Indian but it has been acknowledged as a fundamental right by a nine-judge bench of the Supreme Court. Which puts the onus on the government to make sure that the citizens are protected from any kind of intrusion into their privacy.

There have been cases of hacking and taking over of cameras and microphones by third parties and malicious application but there is no remedy available. Therefore, it should be mandated by law to make the usage of a camera, microphone or any other sensor be made noticeable to the user through some notification. Major smartphones companies like Apple and Google are already implementing the idea, which should be adopted as guidelines for the protection of privacy of the people.  

References 

• camfecting – https://www.unilab.eu/articles/coffee-break/camfecting/
• https://www.wizcase.co m/blog/webcam-security-research/ 
• https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-
• eavesdropping/
• Chaitanya Ramachandran, Why India’s Surveillance Law Must be Redesigned available atE90FA90F-0328-49F2-B03F-B9FBA473964F.pdf (manupatra.in).
• https://www.gizbot.com/mobile/news/is-android-12-inspired-by-ios-14-android-12-new-features-072611.html

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: