The NDA-II government’s December 20, 2018 decision to give powers to 10 central agencies to snoop on “any” computer they want, had created widespread furore – for it had some key differences from the order issued by the then UPA government in 2009.
In a decision with wide ramifications — and widespread criticism from opposition parties, the Home Ministry had allowed 10 intelligence and investigating agencies and the Delhi Police to intercept, monitor and decrypt “any information” generated, transmitted, received or stored in “any computer”.
It vested the authority on the agencies under Section 69 of the Information Technology Act, 2000 and Rule 4 of the Information Technology Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.
The 10 agencies are the Intelligence Bureau, the Narcotics Control Bureau, the Enforcement Directorate, the Central Board of Direct Taxes, the Directorate of Revenue Intelligence, the Central Bureau of Investigation, the National Investigation Agency, the Cabinet Secretariat (RAW), the Directorate of Signal Intelligence (for service areas of Jammu and Kashmir, and northeast only), and the Commissioner of Police, Delhi.
This means not just calls or emails, but any data found on a computer can be intercepted, said the report, adding the agencies will also have powers to seize the devices.
Earlier, the IB had no power to seize devices but now, it can.
The notification made it clear that any subscriber or service provider person in charge of any computer resource is bound to extend all facilities and technical assistance to these agencies.
In case any person or entity refuses to cooperate, they can “will face seven years in jail and a fine”.
The major difference with the UPA era order was on the authorisation, which the agencies needed for such action.
“No person shall carry out the interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub-section (2) of section 69 of the Act, except by an order issued by the competent authority.
“Provided that in an unavoidable circumstance, such order may be issued by an officer, not below the rank of the Joint Secretary to the Government of India, who has been duly authorised by the competent authority,” said the 2009 order under then Home Minister P. Chidambaram.
“The interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource may be carried out with the prior approval of the head or the second senior most officer of the security and law enforcement agency (hereinafter referred to as the said security agency) at the Central level and the officer authorised in this behalf, not below the rank of the Inspector General of Police or an officer of equivalent rank, at the state or Union Territory level,” it had said.
Thus, the earlier order had not allowed the agencies a free hand.
The 2018 Home Ministry order also doesn’t hold that there is going to be any real-time monitoring of an inordinate amount of computer users, or networks. Yet, after the order came out, the impression had gone out that the government will now have all the details of what one does on their phone and computer.
In India, major intelligence agencies like the IB and the RAW operate without legislative or parliamentary oversight. The system as a whole churns out tens of thousands of tapping orders every month, and in states like Uttar Pradesh, local police resort to thumbing through thousands of call data records to track minor crimes.
Soon after the notification was issued in December 2018, Chidambaram said that the authorisation of electronic snooping would destroy the “structure of a free society”.
Communist Party of India-Marxist leader Sitaram Yechury called it a “blatant violation” of the Supreme Court’s recent judgement granting the constitutional right to privacy to all Indians.
But the fact is that the underlying legislation – amendments made to the Information Technology Act, 2000 – was passed 10 years ago by a Congress-led government that was supported by the CPI-M.
These amendments were passed in parliament without debate, or any major protest from then opposition parties like the BJP.
In India, the Central and state governments can snoop on citizens in a targeted manner and intercept information using two different legal mechanisms.
The first is through the Indian Telegraph Act – specifically Section 5(2) and Rule 419A of the Indian Telegraph (Amendment) Rules, 2007.
The second was through amendments made to the Information Technology Act in 2008 and 2009, which was changed in 2018. The two relevant parts are Section 69 and Rule 4 of the Information Technology (Procedure and Safeguard for Monitoring and Collecting Traffic Data or Information) Rules.
Each legislation allows different types of information to be intercepted, collected, monitored, or decrypted – and enables snooping in different manners in different conditions.
Broadly speaking, the Telegraph Act deals with traditional phone calls and associated communication, while the IT Act deals with electronic information. With recent leaps in technology, however, the points of difference between both sets of regulation are quite fuzzy.
Under the Telegraph Act, even authorised agencies like the IB or the ED need approval or an order from the Union Home Secretary, or in the case of a state, the Secretary, Home Department. All tapping orders are examined by a review committee after the fact, although the efficacy of this process has been criticised.
The Modi government insisted that the same process applies to electronic snooping under the IT Act, and therefore applies to the agencies that were notified in the circular on December 2018.