This article is written by Sudarshan Roy, from Heritage Law College, Calcutta University. This article deals with the current scenario of surveillance in India and the effects that it has on the right to privacy.
Table of Contents
Surveillance in common parlance means to have a close observation of someone or being in a state of observation. Throughout the world, different governments especially in developed countries use various mechanisms to conduct surveillance on their citizens. Governments take these kinds of steps to protect their country from external threats, to have a check on crime and criminals, for the purpose of investigation etc. Surveillance in this modern IT-backed era means surveillance over email, telephonic conversations, text messages, CCTV surveillance etc. Although governments cite various logically sound reasons for the conduction of surveillance activities it is undoubtedly a breach of privacy and personal data.
There already exists a lot of examples in the current world order of misuse of these personal data for many different reasons like; having a check on the people and organizations which are vocal and active against the misdeeds of the ruling political entity, collection and transfer of data for the benefit of a third party, etc. These incidents force us to understand the implication of these surveillance activities on our freedom of speech, privacy, and fundamental rights. We are pushed to do a deep study of the source of the power of the surveillance agencies, limits imposed by the legislature upon governments regarding surveillance, rights of ordinary citizens to secure their freedom of speech and fundamental rights etc.
After decades of IT revolution, the Indian Government is now equipped with the modern and up-to-date means and mechanisms to conduct surveillance on its citizens at different levels through various agencies. Different agencies and departments have been established and empowered by the government for surveillance and collection of data of its citizens like National Intelligence Grid, Central Monitoring System, etc. If we need to correctly understand the mechanisms and the systems of surveillance in India we need to have a read about different agencies and departments of the government that actually perform the functions of surveillance or are involved in some manner in the larger process.
There are different agencies under the control of the government of India to perform the function of surveillance or to participate in it. One such organization is the National Intelligence Grid. Now, this agency does not properly do the work of surveillance, meaning that it does not collect and store data into its servers rather it works as an intermediary between the servers and networks of different departments and agencies of the Government so that when there is a need every department if necessary can transact the information among them.
The Central Monitoring System (CMS) comes under the Intelligence Bureau (IB). It is vested with the responsibility to have a close look upon every bit of information like text messages, phone calls, activities on the internet including social media walls etc., when there is a necessity to do that. Evidently, CMS is undoubtedly one of the most powerful bodies in terms of mechanisms and powers provided by the government for the purpose of mass observation. Unique Identification Authority of India or UID is the agency that has provided us with the unique identification number called AADHAAR. To understand the extent of information this agency has with itself we need to remember the day when we provided our fingerprint and retina scans to the government for the purpose of making our AADHAAR cards.
There are many other agencies that are involved with the surveillance activity in various manners and other activities related to this, like: Indian Computer Emergency Response Team (CERT-in), Crime and Criminal Tracking Network System (CCTNS) which works as an information-sharing mediator between different police stations and police headquarters of this country, etc.
Laws that empower the agencies
There are majorly two statutes that give the government either be it in the center or in the state, the power to breach the privacy wall and have a close observation over any citizen of this country. These two legislatures are: The Indian Telegraph Act, 1885 and the Information Technology Act, 2000. The Indian Telegraph Act, 1885 in its sec. 5 provides for the central government or the state governments to intercept messages in two scenarios:
- When there is some kind of public emergency or public safety involved.
- If it is considered necessary or expedient to do so.
Apart from these two, there are several instances where governments can intercept messages, like when there is a threat to sovereignty and integrity of India, the security of the state, friendly relation with foreign states, public order, and prevention of incitement to the commission of an offence, etc.
In the Telegraph (Amendment) Rules, 2007, rule 419A provides for the power of the Secretary of Home affairs in case of the central government to authorize an agency for the purpose of interception. In the case of state governments, the power rests in the hands of the in-charge of the Home Department. This also provides that in case of unavoidable circumstances an officer not below the rank of joint secretary of the ministry of home affairs of the Government of India authorized by either the central government or the state government can issue an order of interception.
Section 69 of the Information Technology Act, 2000 allows the central and state governments to issue directions for the interception, monitoring, and decryption of any information transmitted, received, or stored into any computer resource. Compared to the Telegraph Act, 1885 the grounds provided under IT Act, 2000 is wider in scope. It includes all the scenarios under the Telegraph Act but does not rest there and extends further.
The Ministry of Home Affairs issued an order on 20th December 2018, exercising its powers under sec. 69(1) of IT Act r/w rule 4 of the IT Rules 2009 authorizing 10 agencies for the purpose of monitoring, interception, and decryption of any information generated, transmitted, received, or stored in any computer resource within the provisions of the Act. These agencies are: Central Bureau of Investigation, National Investigating Authority, Research and Analysis Wing, Narcotics Control Bureau, Enforcement Directorate, Central Board of Direct Taxes, Intelligence Bureau, Directorate of Revenue Intelligence, Directorate of Signal Intelligence (for Jammu and Kashmir, North-East and Assam) and Commissioner of Police, Delhi.
Right to privacy and lacuna in-laws
According to a report on Privacy Rights and Protection (here) by Forrester, an American market research company published in 2019, In India, the laws allowing the government to conduct surveillance activities over its citizens are clearly undermining the provisions providing security to the data privacy to the citizens. The absence of a statute monitoring these kinds of surveillance is another reason India has been placed alongside countries like China in this report.
In the celebrated case of K.S.Puttaswamy v. The Union of India in 2017, the Hon’ble Supreme Court of India held that the right to privacy is a fundamental right under Article 14,19 and 21 of the Constitution of India. But there is a lack of proper data protection law. In absence of this kind of data protection law, it’s just an executive order which can allow the agencies to intercept and monitor the information of citizens of this country. There is also no procedure of judicial scrutiny of these kinds of orders. Also, it’s an important aspect to note that people who are under surveillance most of the time are unaware that agencies are monitoring them. This might be one reason that the state can go for a close observation into the private lives of individuals.
At the request of the different law enforcement authorities, the home secretaries in the centre and state levels allow the order of surveillance. These home secretaries are chosen from the IAS officials, that’s why they are under no obligation to ensure the fundamental rights of the individual as there is no judicial observation.
According to rule 491A of the Indian Telegraph Rules, a review committee is to be constituted comprising the Secretary of The Government in charge of Legal Affairs, the Secretary of the Department of Telecommunications as members, and the Cabinet secretary as its chairman. The main task the committee is vested with is to review every order of interception and details of the request of interception are to be sent to the committee within seven days of the order being issued. But the important aspect of the whole procedure is that if an officer fails to comply with the requirements of the law for the purpose of interception then he cannot be in any way held liable for that. Meaning that no adverse action can be taken against these officials.
The powers of the committee are only limited to revoking the order of interception and ordering of destruction of the data collected. So, if any government official or agency conducts the activity of surveillance without any valid ground enshrined in the provisions no adverse action can be taken against him. Moreover, it is pertinent to note that in such a case the fundamental right of privacy is legally infringed for sixty days till the committee meets for the reviewing of the order.
Furthermore, the law enforcement authorities state the reasons of national security, smuggling of currency notes or arms, reasons of the possible huge loss of public exchequer, internal security threat etc., as the reasoning behind the need for interception and monitoring. It’s obvious that no government official would disallow such an application and avoid the following liability. No penalties or penal provisions have been provided under any statute for any order of interception to the law enforcement agencies although such interception may be proven to be unfruitful.
The right to privacy is not absolute
Now in this context one question arises in a very common manner, that is, if the right to privacy is absolute or not. In 2019 The hon’ble apex court in the judgment of Ritesh Sinha v. the State of Uttar Pradesh and Anr. held that though the right to privacy is a fundamental right it is not an absolute one. Just like other fundamental rights, it is subject to restrictions. Thus, this judgment upheld the previous Puttaswamy judgment. The three-judge bench comprising the then CJI Ranjan Gogoi along with Justice Deepak Gupta and Justice Sanjay Khanna held unambiguously and unanimously that “the right to privacy is not absolute and must bow down to compelling public interest”.
The problem is that the court although recognized the right to privacy as not being absolute but it did not specify the compelling public interests. Neither the court laid down any particular test to find out if the right to privacy is absolute in a given case or not. There is still a need for a number of judicial pronouncements in respect to determining how the right to privacy will operate on a practical scenario or a case-by-case basis.
Test of proportionality
Since there is a lack of availability of judicial pronouncements regarding the test to be applied to determine whether the right to privacy is absolute or not in a practical situation we are left with no choice but to rely on the age-old german principle of “test of proportionality”. With the passage of time, this principle has evolved within the sphere of the jurisprudence of different countries like European countries, Canada, and many commonwealth nations including India.
This test is widely used by different jurisdictions for the determination of conflict where there are contesting rights. In our country too, the Hon’ble Supreme Court has used this principle in various situations where there was a need to have a balance between rights and limitations. The fundamental idea of this test is that the rights and limitations should be interpreted harmoniously to facilitate coexistence. The Hon’ble supreme court has applied this principle in the determination of different matters such as Chintaman Rao v. State of Madhya Pradesh, State of Madras v. V.G. Row, Anuradha Bhasin and Ors. v. Union of India (UOI), Justice K.S. Puttaswamy and Ors. v. Union of India (UOI) etc. In this test there are four stages to determine the proportional balance of rights and limitations. These four stages are:
- Legitimate goal stage: In this stage, it is to be established that the measure restricting a right must have a legitimate goal.
- Suitability or rational connection stage: In this stage, it is to be established that there are suitable means to furthering this legitimate goal.
- Necessity stage: There must not be any alternative that is less restrictive but equally effective.
- Balancing stage: It is to be found out that the measure must not have any disproportionate impact on the right holder.
But this test can only be into effect when there is some dispute before the court or in other words when a matter comes under the cognizance of the court. But it doesn’t help us to get a protective shield against any misuse of the surveillance mechanism of the state by the authorities in our day-to-day life.
What is the way ahead?
There are no specific laws to govern surveillance in India. There is a need for specific statutes to regulate the government agencies regarding the process of surveillance and deciding their powers, rights, and liabilities. In the case of other countries like the USA or UK, they have very stringent and defined laws or provisions for the administration of surveillance mechanisms and authorities, like the UK has Regulation of Investigatory Powers Act, 2000. Also, there is a need to formulate statutes to provide a rational mechanism for the protection of individual’s freedom of speech and right to privacy.
There is no legislation that protects the data of individuals and considers the right to privacy as a fundamental right. The Indian government is currently in the process of introducing a legislature for the purpose of personal data of citizens. There is an urgent need to include the provisions of the right to privacy as a fundamental right and specify the boundaries of the right to privacy to provide a defining mechanism for the purpose of strengthening the right of citizens to feel secure and seek a remedy in case of violation.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: