On 20 December, 2018, the Ministry of Home Affairs in India issued an office order authorising a plethora of security and intelligence agencies to intercept, monitory and decrypt all personal data on computers and networks in India. The carte blanche nature of this authorisation raises significant concerns for the protection of the right to privacy in India. Particularly, in a country rattled by arbitrary internet shutdowns, targeted attacks on activists and an influential authoritarian political movement, the order may be the demolition of the last lines of defence of the rights to privacy and freedom of expression.
The Order is issued under Rule 4 of the Information Technology Act Interception Rules 2009, which gives the Home Ministry the prerogative to delegate its powers of interception, monitoring and decryption to an “agency of the Government”. The 2009 Rules institute several safeguards to constrain this power. The December order grants these powers to 10 security and intelligence agencies, which is the bulk of the Indian state’s law enforcement machinery. Arguably, this expansion transforms the nature of interception and surveillance in India from an emergency protocol in the hands of a single functionary to a widely-used tool of law enforcement. Consequently, it is concerning that an antiquated surveillance framework is being deployed by the Government at this scale. This violates core principles of Indian privacy jurisprudence.
Surveillance by law enforcement agencies has been at the heart of Indian privacy-rights jurisprudence. The early landmark cases of M.P. Sharma, Kharak Singh and Gobind were all concerned with physical surveillance by local police, and a synthesised reading of these cases establishes narrowly tailored surveillance and the need for a compelling state interest as foundational principles of Indian privacy jurisprudence. The PUCL judgment, given in the context of emergency telephone tapping, held that judicial oversight was not a necessary precondition of constitutional surveillance, despite upholding the conditions of compelling state interest and narrowly tailored surveillance. These guidelines were institutionalised in the form of the IT Act Interception Rules 2009, which provide safeguards against surveillance, and which are being claimed by the Ministry of Home Affairs as providing legal validity to this order.
However, the Ministry of Home Affairs has failed to take developments in India’s privacy jurisprudence into account. India’s privacy jurisprudence has advanced tremendously since the passing of the IT Act Interception Rules 2009 as the threshold for a constitutional privacy intrusion was increased in the Puttaswamy and Aadhar judgments of the Indian Supreme Court. Two insights from these judgments demonstrate the antiquity of India’s surveillance framework.
First, the right to privacy is now a constitutionally recognised right. In its earlier judgments, the Court was concerned with an individual’s liberty interest under Article 21 of the Constitution, which is much narrower than the current conceptualisation of the right to privacy. Consequently, safeguards which were evolved to be consistent with liberty interests are not necessarily consistent with a broader right to privacy. For example, recently recognised aspects of privacy which provide protection for the “inner domain of consciousness”, informational self-determination and decisional autonomy are violated by a surveillance regime that lacks judicial oversight or adequate transparency mechanisms. This was recognised by the Supreme Court in its 2018 Aadhar judgment, where the Court mandated judicial oversight for information sharing requests for Aadhar data, analysing the State’s imperative to access information against the parameters of the new, broad right to privacy. In doing so, the Court ruled that judicial oversight is a necessary pre-condition for limitation of privacy interests. Instead of statutorily reforming the pre-Puttaswamy Interception Rules 2009 into a constitutionally-sound surveillance framework with higher thresholds, the Government has granted its security agencies the power to operate freely within this antiquated framework.
Secondly, in both Puttaswamy and Aadhar, the Supreme Court has recognised the deeply pervasive role of the internet and computers over the last few years. People’s lives are deeply interconnected with technology, and a vast amount of personal, financial and sensitive data passes through today’s computers, at a scale incomparable to the context in which the PUCL guidelines were formulated. Further, the nature of technological interactions today allows for very precise inferences to be drawn about people on the basis of their activity on the internet. This presents serious dangers for freedom of expression, dissent and activism on the internet, especially with all of India’s law enforcement watching. Consequently, it appears unwise to deploy a framework developed in the telephone-era to modern surveillance.
Modern day technology has diminished the spaces between private and public spheres. This very modern technology of 21st century provides government organizations with enormous ability to acquire private information of individuals. The mass surveillance program is in this sense an incorrect departure from surveillance for the purpose of security. It is because the state can very easily distinguish between suspicious activities and rightful conduct. Yet, often this authority of the state is applied by the ruling elite in snooping, intruding and entering into the private lives of individuals as a compulsive coercion to adhere to government policies as any form of dissent or revolt against the same would lead to an irreparable loss of power. Policies framed and laws made under such an atmosphere forces the citizens to adhere to them involuntarily and surrender their rights to the ruling elite. This amounts to autocracy under the garb of democracy, and when this happens the Apex Court is forced to intervene in the domain of the state to set the matters straight, as in the case of K.V. Puttaswamy where the Apex Court held one for all that right to privacy is a fundamental right in the same manner as right to life and liberty. It is now left to the wisdom and sense of fine judgment of the state to draw conclusion from this verdict and arrive at a fair trade off on the extent of information that is adequate for the purpose of security of the nation or to keep a trail of economic offenders, which in any case is quite restricted and not all encompassing.