Written by Anupriya Nair
A report from the Reuter’s Institute found that at least 55% of English-language news readers in India are afraid of expressing their political views on the internet. They reported that it could “get them into trouble with the authorities”, which alludes to the elephant in a room full of pre-election jingoism: what is the tradeoff between national security and individual privacy?
On 20th December 2018, the Ministry of Home Affairs (MHA) equipped 10 specific Central government agencies with the authority to access — by intercepting, monitoring and/or decrypting — information on any computer in the country. Against the backdrop of the 2019 General Elections and the Reuter’s Institute report, this notification is especially worrisome due to its implications on individual privacy. Can this order be constructive in enhancing national security, or can it be misused to undermine the privacy of the citizen?
The 2018 notification did not alter anything with reference to the legality of surveillance in India. It, however, brought a sense of clarity to the general public by authorising specific state-organisations the power to exercise surveillance. The purpose of this article is not to question the legality of the current surveillance. Rather, it examines the impracticality and the absence of effective legal checks and balances to prevent the misuse of state-surveillance in the country. This newfound concern was further instigated by the notification which reinforced the existing legal protocol that was previously established under Section 69 of the Information Technology Act, 2000 (ITA-2000), a whopping 18 years past the current era of surveillance.
Questioning the Feasibility of the Current Protocol
Inefficiencies notwithstanding, there exists a heavy air of ambiguity that surrounds the legal protocol and Constitutionality of surveillance laws in India. A prime case is the current process, wherein interception orders are reviewed by a Review Committee (RC). The RC is a three-member-body that is mandated to meet once every two months to assess interception orders.
If the RC met once every 2 months (as it is statutorily mandated to), then the 3 members would have to dispose between 15000-18000 interception orders every meeting. If it convened every day, it would have to examine approximately 290-345 orders.
It seems fair to say that the existing protocol is impractical; there is a clear mismatch between the size of the committee and the large numbers of orders that are to be reviewed by them.
It is worrying that the RC consists of members of the executive and not the judiciary. Akriti Bopanna, a Policy Officer at The Centre for Internet and Society, India, tells us that including judicial review within the RC could critically ensure a more trustworthy process. In this case, the legislative and executive branches could join the supervision process. Judicial review has the potential to promote interdependence between various organs that govern surveillance (within the RC) while upholding crucial democratic virtues.
Yet, realising this process of judicial review is highly improbable. It can be safely assumed that deliberation followed by voting on roughly 18000 interception orders per month will not do any favours to the already slow-paced process. Instead, deploying a transparent appointment procedure for a larger committee of specialised bureaucrats may be a more efficient option to consider.
Beyond the 2018 notification, we must question the general lack of sufficient legal checks and balances to ensure that state-surveillance is justified and not used inappropriately.
Unheard Concerns: Probing the Legal Framework of Surveillance in India
Even when the ITA-2000 was first released, there was a noticeable lack of debate surrounding section 69. The BN Srikrishna Committee report released last year only acknowledged the existence of those laws which govern data protection and their knock-on effects. There appears to be a link between the Centre’s eerie silence on surveillance and the rampant infringement of privacy arising from conveniently lacklustre data protection measures. This link is best seen in light of contestations over citizens’ data collected under Aadhaar.
When the constitutionality of the Aadhaar Act was questioned, an inquiry to test its constitutionality was laid down in a three-part test. K.S. Puttaswamy v. Union of India found that it was not only difficult to draw out consistent legal principles to apply to the various tests, but that the “proportionality” condition within the test was not being met, as shown in the infographic above. Further, the court was reluctant to address the criticisms put forth by the lone dissenting judge, Justice Chandrachud. Justice Chandrachud expressed his concern surrounding the topics of profiling, the possible misuse of the Aadhaar system, as well as the potential for exclusion of those not enrolled under Aadhaar.
Security when Surveilled
There needs to be a balanced approach with regard to India’s tryst with digital surveillance. Because a national surveillance system is consistently dealing with sensitive information, it is impossible to view it as a ‘good’ or ‘bad’ thing in itself. This grey area is especially relevant for ordinary civilians who may not recognize how India’s surveillance laws actually make an attempt to address national security concerns (For eg.military surveillance practices). It is imperative that discourse on the matter of the pros and cons of national security is initiated since there is some ambiguity surrounding the constituents of a national security concern. A balanced approach that informs citizens of the protective, as well as sinister aspects of surveillance will foster more nuanced understandings of the practice of surveillance itself.
The MHA notification has simply woken up the sleeping giant that is surveillance. Being watched by the government can threaten the democratic ethos of citizenship; while privacy issues have been relatively muted since Independence, there is a newfound impetus with records being digitized and a landmark General Elections underway. The bureaucratic silence surrounding data protection threatens individual privacy and indirectly restricting our right to freely express, watch or engage. Therefore, we must strive to develop policies to balance the overarching rivalry between state-surveillance and individual privacy in the context of national security.
Looking beyond the legality of state surveillance in India, the practical implementation of the existing framework — the MHA notification — does not cater to creating a proportionate ratio of data protection to surveillance. Instead, it forms an environment parallel to surveillance without accountability. A recent example of such disproportionality was experienced by hospitality start-up OYO Hotels & Homes. The company has plans to devise a digital record system to facilitate the sharing of consumer data with state government and law enforcement authorities.
Without improving upon the existing structural deficiencies that hinder the practical implementation of established surveillance regulations that exist within the legal sphere, there is no scope of ensuring the smooth functioning of surveillance protocols in India.