India's Surveillance Order cannot stand Judicial Scrutiny
On December 20, 2018, India’s Ministry of Home Affairs, part of Prime Minister Narendra Modi’s government, issued a sweeping order authorizing several security, intelligence, and tax authorities to intercept, and analyse data from any computer in the country. The order makes it mandatory for any individual in-charge of a computer to provide every possible assistance to these agencies in their snooping activities, failing which, s.69(3) of the Act prescribes 7 years in prison. The order, issued under the aegis of a controversial Information Technology Act, has sent shock-waves through the country.
The Union Finance Minister, and a very senior member of the Cabinet, argued that the order was passed first in 2008, and has since been continued. But what he conveniently did not mention was that the 2008 order was passed under the cloud of India’s worst terror attack – 26/11 Mumbai attacks. Furthermore, the earlier notification was far more reserved in its scope. The most draconian aspect of the present notification is the manner in which blanket authorization has been given to several agencies, ranging from the Intelligence Bureau and tax authorities, to the Police Commissioner of the National Capital - Delhi, and the notorious CBI. This diffusion of surveillance authority is the most pervasive aspect of this ordinance. Interestingly, it has abolished a substantial check existing on the powers of the Intelligence Bureau – India’s domestic intelligence agency – by giving it powers of search and seizure, which in the past could only be done in collaboration with state-run, autonomous police departments.
The expansion of the notification, both in the scope of powers and the number of agencies, is unprecedented. This has come just weeks after substantial reversals in the ruling Bharatiya Janta Party’s electoral fortunes, and amidst an uncertain political landscape for the party in the May 2019 General Elections. Unsurprisingly therefore, it belies a dark, political purpose. It has also come amidst unconfirmed reports of Prime Minister Modi’s plans to use state powers of intelligence to gain an edge in the elections. Naturally therefore, it has caused a political stir in the country.
The notification permits the empowered agencies to intercept, decrypt, and seize, any information stored, transmitted, or received by any ‘computer resource’ in India. This means that as long as they are located on the territory of India, every smartphone, tablet, laptop, desktop or any other electronic device of that nature is subjected to the authority of these agencies. Individual ownership of these devices, and the contents therein loses all meaning if any of the said agencies require access to them. Resistance to the same by any individual would render him/her liable for seven years imprisonment.
The proliferation of networked and cloud computing, along with the ubiquitous nature of the internet, means that these agencies can carry out surveillance activities without any information to the individual concerned. They do not need to knock on doors and physically seize computers or smartphones. Instead, they can simply force service providers such as Reliance Jio Telecom, Airtel, Vodafone, among others, to part with the data they collect. Compounding the problem is the lack of transparency in India on the amount, and form of data collected by these companies from their users. Unlike Amazon and Facebook in the US, who have resisted requests for access from law enforcement authorities in courts, thereby bringing such issues to light, Indian telecom companies do not have an illustrious history of fighting for individual liberties and privacy. The relative lack of consumer activism in this regard makes the problem worse.
For now however, it can be safely assumed that to view the contents of your emails and messages sent using Whatsapp or other IM services like Facebook, the agencies will have to physically take the machine from your possession. This is because of the encryption enabled by services like Google and Facebook for private communications. However, phone calls, text messages, activity on social media, and even search patterns, are all vulnerable to be accessed without you ever coming to know about it, as services providers are made active collaborators in the surveillance.
But the notification is rife with legal lacunae and is certain to be challenged in the courts. At the risk of sounding complacent, it is important to account for the substantial changes that have taken place in landscape of individual liberties in India, since controversy surrounding Aadhar first began. The Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, under which the notification has been issued, read with s.69(1) of the Information Technology Act, 2008, have several safeguards against such arbitrary action.
First, Rule 7 requires that when a direction for decryption is issued, reasons for the same are to be provided. The notification provides no such reasons at all, it remains to be seen if the rules require the reasoning to be provided in general with the notification or with every instance of information access request placed. Nevertheless, in either case, there is substantial room for challenging the grounds on which that request has been made. Further, the notification has to be sent to a review committee within seven days that would have to gauge its validity. While this committee is a part of the Executive only, it does provide a layer of check on the notification, and an opportunity for the Executive itself to respond to public opinion. In any case, the notification can only remain in force for a period of 60 days, and will have to be renewed thereafter. It will have to, regardless of further renewal, cease to have force after 180 days of the first notification.
However, beyond all these imperfect safeguards are the courts. The Supreme Court in the case of Shreya Singhal v. Union of India, which struck down s.66A of this very act, considered the question of s.69(1) – under which the present notification has been issued. At the time, it ruled that the section had sufficient checks and balances and was therefore constitutional. However, it did point out that any notification – of the kind that has been issued now – could be challenged in High Courts under Article 226 of the Constitution. So, the door for judicial challenge remains open.
In 2017, the Supreme Court in the case of Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors. affirmed the Right to Privacy as a fundamental right under Art. 21 of the Indian Constitution. This means that on matters of privacy, all the safeguards in Part III of the Constitution of India shall apply. This includes the right to directly move the Supreme Court for writs to protect Fundamental Rights, provided under Article 32 of the Constitution. Thus, what the Supreme Court allowed in Shreya Singhal’s case, now stands expanded to litigate the Supreme Court directly, in light of the Puttaswamy judgement.
Once in the Supreme Court, the language of the act makes it sufficiently clear that the government has misused the authority in this case. Section 69(1) has been couched in terms that make its exceptional nature self-evident. It begins with the words,
“If the controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence…”
-s.69(1) of Information Technology Act, 2000 (No. 21 of 2000).
Further, the section requires that the reasons for arriving at the determination that such a situation has arisen, have to be recorded in writing. The notification has been issued without satisfying the requirement of why the government feels that any of the said grounds have been reached. Thus it does not even meet the statutory requirements for being legally valid, when the judicial standards for limiting fundamental rights are substantially higher. In addition to the technical lapse of failing to record the reasons, the court will look into the grounds on which the government has arrived at such a determination, which are unlikely to exist so as to justify the same.
The National Security Fallacy
In India, governments have time and again resorted to the national security argument to couch actual motivations, when shying away from scrutiny for its actions. Most recently, the argument for Deference to the Executive argument was used in the Supreme Court in a case alleging irregularities in defence acquisition of aircraft. The real reason why governments love to use this argument is because it’s a self-fulfilling fallacy, at most times – they use it to justify their actions and then can use it again to justify not explaining the factors endangering national security.
In this regard, perhaps its time for India to borrow a page from America’s legal process on national security and search and seizure. In the US, seizure of electronic communication is governed largely through the PATRIOT Act, as amended by the 2015 USA Freedom Act and the Foreign Intelligence Surveillance Act, 1978 (FISA). The PATRIOT Act was first enacted as a sweeping surveillance legislation in the wake of 9/11. It yielded massive authority to agencies like the CIA, NSA and FBI and provided the federal government with enormous powers over internet communication. But one of the most interesting aspects of American jurisprudence in this regard is the parallel judicial processes that run in approving and supervising these activities. Popularly known as FISA Courts – you are certain to have heard about them in shows like House of Cards – they provide a secret, ex-parte judicial check on the executive’s authority to carry out surveillance. While far from perfect, they atleast ensure a neutral, legally sound, supervision of every individual surveillance carried out by the United States government. This individual is a judge with the power to issue warrants and examine third party briefs as amici curiae, if required. All records are maintained, the government has to argue its case and the judge has to record reasons for accepting or denying each request, which can then be appealed if necessary.
The system is far from perfect. The existence of a secretive judicial process, devoid of the adversarial character can be questioned by many. But, it demonstrates a genuine willingness of the American state to ensure checks and balances in the functioning of the executive. On the contrary, under the Indian Telegraph Act, a British-era legislation, the Union Home Secretary – a civil servant dependent on the Home Minister for promotions and transfers – is authorized to approve surveillance requests. He/she is not a judge, and far from neutral in the scheme of things. Furthermore, an RTI filed a few years ago showed that every year cases in the hundreds of thousands were being approved for wire-tapping by the federal government alone. Given the burden of responsibilities on the Union Home Secretary, it is unlikely that one person is possibly making a proper determination of these cases on facts, before approving them.
The system of surveillance in India is dismal and belies every characteristic of a non-democratic state. For a country that prides itself on the strength of its democracy, it is important that we persevere for a system that has some semblance of rationality, impartiality and due process. As for this order, one can only hope that good sense will prevail, but the public outcry shows encouraging signs.
...We have a small favor to ask. Polemics and Pedantics is a non-profit educational venture whose writers work only because of their penchant for the art. If you like our work, please support us by sharing it on social media and helping us reach more people. Remember to subscribe and never miss an update by providing your email on the Contact Page. We don't sell ads, and won't spam you or share your details with anyone. Comments and suggestions are welcome at firstname.lastname@example.org.
This is a developing story so the contents may continuously be updated for most accurate explanations.
About the Author
Prashant Khurana is a student of Law at the Faculty of Law, Delhi University. He holds a Bachelor’s degree in History from Hansraj College, Delhi University. Prashant is an accomplished debater, and an active participant and organiser of Model United Nations Conferences and was recently offered the position of a Chairperson at the University of Kent, United Kingdom for their MUN conference. He has appeared as a guest panellist on Headlines Today (presently, India Today) News Channel and has also interviewed personalities such as Mr. Mani Shankar Aiyar, Dr. Sambit Patra, the Ambassador of Canada to India, among others.