Why India needs surveillance reform30 Dec 2018
On 20th December, the Union home secretary issued a statutory order authorising 10 security and intelligence agencies to lawfully “intercept, monitor and decrypt” information that is “generated, transmitted, received or stored in any computer resource”.
If you read this notification in isolation (as a lot of people did), it may appear that India turned into a surveillance state overnight—that the government got new powers to snoop into your computers, access documents stored in your laptop, read your emails, among other things.
That’s not what happened: the government did not get any new power. The notification was merely a formality and should have been issued long ago.
But debating the issue at hand—India’s surveillance regime—is crucial. India has an urgent need for surveillance reform, privacy activists say, especially after the 2017 Supreme Court judgement that held privacy as a fundamental right.
As I was browsing the comment section on news sites, I observed that the bulk of the readers were not concerned about the powers that the government enjoys. If the objective is national security, what’s the fuss about? So before diving into details of the Indian law, here is a quick background to set the context.
1. What is surveillance and why is it controversial
Governments around the world ideally want stronger provisions for surveillance—the ability and tools to keep an eye on citizens, their actions, conversations and everything else. The argument offered is national security: security agencies need legal provisions to monitor people to prevent crimes and terrorist attacks.
Security vs privacy: However, surveillance is in tension with an individual’s right to privacy—now a fundamental right in India. The powers that the State enjoys, privacy activists say, could be used to suppress dissent or agitations against the government.
People don’t care? Anecdotal evidence sugggests that most citizens across the world do not care about privacy. The most common refrain is that only those who have done “something wrong” are concerned. “What do I have to hide?” they say. It is only for elites, goes another argument. I don’t buy that. I explored the debate in this article for the Hindustan Times. Read it here.
Orwellian reminder: One of the main lessons of George Orwell’s book, 1984, is that when a society shrinks privacy to zero, people can’t even have unconventional thoughts. That’s the way you get to a totalitarian society. By accepting high degrees of government intrusion and omnipresent technology that tracks our movements and our records, who we call, who we email—we are shrinking our freedom.
More importantly, it is “nobody’s case that privacy is absolute”, lawyer Gautam Bhatia wrote in The Hindu:
The staunchest civil rights advocates will not deny that an individual reasonably suspected of planning a terrorist attack should be placed under surveillance. The debate, therefore, is not about ‘whether surveillance at all’, but about ‘how, when, and what kind of surveillance’.
Yes, note that: the debate is about ‘how, when, and what kind of surveillance’.
Snowden revelations about NSA spying: The world woke up to the dangers of surveillance after Edward Snowden showed how the National Security Agency (NSA)—US Intelligence Agency—was collecting data on millions of ordinary Americans (not just terrorist suspects). The NSA was storing that data, with little or no oversight about how the data was being used. There wasn’t much of an infrastructure for keeping that data out of the wrong hands.
To understand more about privacy, surveillance and Snowden revelations, watch this excellent episode on the John Oliver show.
2. Surveillance laws in India
There are two main acts governing the legal provisions for surveillance in India.
First, the Telegraph Act, 1885: it allows for the interception of calls and messages.
Second, the Information Technology Act, 2000: it concerns with provisions to intercept digital information including data stored on a computer, internet traffic and other data flows.
The current controversy is about the IT Act.
There is one key difference between the two acts: The grounds under the IT act are wider and lack some of the safeguards under the Telegraph Act.
Under the telegraph act, there should be a condition of a “public emergency” or “interest of public safety” for intercepting information.
There is no such requirement under the IT Act which makes it more powerful: the government can intercept information without any stated pre-conditions as in the telegraph act.
3. The new notification
The Ministry of Home Affairs (MHA) notification that sparked controversy merely lists the agencies who have the power for interception under the IT Act—meaning the government did not get any additional powers with the notification. By explicitly stating the name of agencies, the government specified who has the power to request for interception. That’s it.
The ten agencies that were given the authority to intercept digital information had the power of telephone surveillance for decades.
It is unfortunate that this turned into a BJP vs Congress debate. The Congress alleged that the Modi government had begun snooping on citizens. Haha. The amendment to the IT Act that gave surveillance powers to the state was introduced in 2008/09, when the Congress-led UPA was in power. The amendments were passed in the Parliament—where BJP was in the opposition—without any debate.
What does this mean? That this is not about party A or party B. It is about state vs citizens.
4. Concerns with India’s surveillance laws
The notification has brought to light a long-standing debate regarding surveillance provisions in India. Privacy activists say that intelligence and law enforcement agencies have massive powers to gather information about citizens without adequate legal and procedural safeguards to protect individual rights.
Do we have enough checks and balances to ensure state power is not misused?
The government says yes: Officials say that there are processes in place to check misuse of the power.
“All such cases of interception are reviewed by a committee headed by the cabinet secretary. The committee meets at least once in every two months. In states, the chief secretary holds the power to review the cases,” said the home ministry spokesman. (Hindustan Times
However, there are three issues:
First, decisions about surveillance are taken by the executive branch. There is no parliamentary or judicial supervision.
Second, if you are under surveillance, you will almost never know. Which means if the government is snooping on, say, a dissenter—and not a terror suspect—one won’t know and can’t even challenge that decision before the court.
Third, the regime is opaque.
There is almost no information available about the bases on which surveillance decisions are taken, and how the legal standards are applied. Indeed, evidence seems to suggest that there are none: a 2014 RTI request revealed that, on an average, 250 surveillance requests are approved every day. It stands to reason that in a situation like this, approval resembles a rubber stamp more than an independent application of mind. (The Hindu)
Why you should care: Journalist Saikat Datta posted an excellent Twitter thread explaining the controversy. Here is a snippet from his tweets:
So you may want to ask where is all this surveillance material going? And who is using it? And for what? The common answer to all this is the Government. Whoever is in power uses this massive surveillance machinery to spy on us, the citizens. And this won’t change unless we realise how dangerous this is and what surveillance does to a democracy. It gives power to a very few people to control the rest of us. And we don’t even realise it. That’s what surveillance does.