jason dent JFk0dVyvdvw unsplash 1
Legal

Surveillance And Privacy Vis-À-Vis Section 69 Of The Information Technology Act

Kaviya Kannan_JudicateMe

________________________________________________________________________________

This Blog is written by Kaviya Kannan from Kasturba Gandhi Degree College, Osmania UniversityEdited by Naina Agarwal.

________________________________________________________________________________

INTRODUCTION

The internet is a powerful example of free speech and expression in action. Although this might be true, people feel threatened sometimes even when they haven’t committed any crimes as a result of surveillance. Surveillance simply means close observation of a suspicious person or groups. Presently, various types of surveillance techniques are being used in order to prevent any kind of cybercrime from happening in the country. Although this is being done for the security of the citizens, it is also leading to serious violation of one’s fundamental right to speech and free profession. This might also lead to a feeling of insecurity and confusion among citizens as people cannot freely communicate with others when they are being watched. Although India is the world’s largest democracy, and accordingly protects free speech and expression through its constitution, still freedom of speech and expression is not absolute to the citizens and privacy in the online sphere is being restricted for many reasons. There are several reasons for which speech and expression are being restricted. Some of them include; defamation, cybercrime, maintenance of national security and communal harmony. Presently several mechanisms including restrictive laws and technical means are being used to check the freedom of speech and expression in the name national security, which has certainly undermined the position of India on world forum.

SIGNIFICANCE

Surveillance and privacy are like the two sides of a coin. For instance, when a terrorist attack takes place, people tend to favour more surveillance by the government for the sake of protection, but at other times people tend to be concerned about their privacy and protecting their civil liberties. New information about digital technologies have captured and sold a wide array of data about individual’s habits, preferences, tastes and personalities have alerted people to the amount of data they have provided, either willingly or unwillingly, to the data brokers.

The case of Mukul Rohatgi, was brought to the Supreme Court after the claim in 2015, who was the then Attorney General, stated that there is no constitutionally guaranteed right to privacy in India. This claim was denied by the nine-judge bench of the court and said that the constitution does guarantee a right to privacy. The constitution of India guarantees a fundamental right to privacy and was verified by the nine-judge constitutional bench of the Supreme Court in August, 2017. More importantly, the case strikes down M.P Sharma (1954) and Kharak Singh (1962), to the extent that the 2017 judgement holds that Indian Constitution does uphold a right to privacy.

In the judgment of the Supreme Court, the right to privacy has been read under two articles of the constitution: Article 21 which guarantees Right to life and liberty, and Part III (Chapter on Fundamental Rights) of the Constitution. This means that any limitation on the right in the form of reasonable restrictions must not only satisfy the tests evolved under Article 21 but where the loss of privacy leads to infringement on other rights, such as chilling effects of surveillance on free speech, a constitutional framework now exists for these cases to be heard within [[1]].

IMPACT

An American market research and advisory company, Forrester Researcher said in a report that India is among the list of countries where government surveillance has become a major concern from a data privacy perspective. According to the 2019 Forrester Global Map of Privacy Rights and Regulations: “Regulations that allow governments to access personal data of citizens are still undermining the overall privacy protections that certain countries offer their citizens.”

India is one of the countries that has minimal restrictions in terms of data privacy and protection where government surveillance is a matter of caution alongside countries with high-level of government surveillance, such as China. “Government surveillance is a worldwide phenomenon that cuts across geographies, economic development, societal well-being, and institutional design, with alarming levels of government surveillance in countries such as Austria, Colombia, India, Kuwait and the UK,” the report said. Lack of provisions in the constitution, enabled the monitoring of individual activity, could be one of the key reasons for the high level of government surveillance in India, industry experts say. “The Personal Data Protection Bill has a couple of provisions that deal with the issue of government surveillance. But a lot of regulations and procedures need to be built into it on how these procedures are to be followed,” the report said [[2]].

Especially when the cybersecurity infrastructure of India is nowhere close to that of the western countries, we are amidst security breach any time of the year. We have already witnessed the case of Aadhar in September, 2018, where there was an enormous amount of data breach (around 1 billion Indians) despite UIDAI’s claim that the servers are secure. In any case, UIDAI has denied the allegation probably because there were neither any sort of public reaction nor was a debate in the Parliament after the breach of the data [[3]]. In 2018, the Defence Ministry’s website, Ministry of Home Affairs and the website of Supreme Court of India were hacked. While the Defence Ministry website was claimed to be hacked by the Chinese, the Supreme Court’s website was hacked by a Brazilian Hack team [[4]]. This shows how privacy in the country is vulnerable.

SECTION 69 OF THE INFORMATION TECHNOLOGY ACT, 2000

Section 69 of the Information Technology Act, 2000 has the power to issue directions for the interception, monitoring or decryption of any information through any computer resource.

1. Where the Central Government or a State Government or any of its officers specially authorised by the Central Government or the State Government, as the case may be, in this behalf may if satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity, defence, the security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of any recognizable offence relating to the above or for investigation of any offence, subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted, monitored or decrypted any information generated, transmitted, received, sent or stored in any computer resource.

2. The procedure and safeguards subject to which such interception or monitoring or decryption may be carried out shall be such as prescribed.

3. The subscriber or any person-in-charge of the computer resource shall when called upon by any agency referred to in sub-section (1), extend all the facilities and technical assistance to –

  • provide access to or secure access to the computer resource generating, transmitting, receiving or storing such information; or
  • intercept, monitor, or decrypt the information online, as the case may be; or
  • provides information stored in computer resource.

4. The subscriber or any person who fails to assist the agency referred to in sub-section (3) shall be punished with imprisonment for a term which might be extended to seven years and shall also be liable to fine.

Section 69B: This provision deals with the surveillance of Internet metadata as compared to Internet data. Metadata is any kind of data that gives information about other data. For example, if person A sends a message to person B, then the content of the message will be data and the data such as, time and date of sending and receiving the message, information about the devices from which the message was sent and received, profile information, etc. would be the metadata, which can be acquired by the government.

Section 69 (the provision for interception) requires the interception, monitoring and decryption of information generated, transmitted, received or stored through a computer resource. On the other hand, Section 69B specifically provides a mechanism for all the metadata through a computer resource for combating cybercrime threats. Directions under Section 69 shall be issued by the Secretary to the Ministry of Home Affairs, whereas the directions under Section 69B shall be issued by the Secretary of the Department of Information Technology under Union Ministry of Communications and Information Technology [[5]].

ANALYSIS

There will always be friction betwixt national security of the country for the sake of public interest and privacy rights of the citizens. In every democratic state, the idea of giving up certain liberties and freedom in return for social security of an individual has always existed from the beginning. One will definitely agree with the fact that the reduction of any sort of security threat on a nation is superior to the privacy of an individual. However, national security must not be used as a political contrivance to extract information from individuals in the name of security and given to private players who will reap the benefits out of it. Such kind of risks should be alleviated, and it is the responsibility of the central government to ensure confidentiality as well as the security of private information of the citizens of the country. Any government which fails to do this will be liable to its citizens who trusted and elected them; should ultimately be responsible and face the judiciary.

CONCLUSION

The history of surveillance in any society is the story of the interplay between two tendencies: a positive conception of surveillance as a necessary means of social control, prevention against cybercrime, protection of national security and negative conception of it as a tool used to curtail liberty and privacy of the individuals. Earlier this year, the union government is said to be in the final stages of creating an Aadhar-based National Social Registry to deliver government welfare schemes to the citizens, according to a media report [[6]]. The registry will integrate an individual’s data, such as religion, caste, income, property, education, marital status and employment along with their Aadhaar number. While this might be beneficial for the purpose of welfare schemes, on the other hand, all the details of an individual claiming the scheme will be under the severe loss of his/her private details. Although the government might say the scheme shall be lucrative, the government must also consider the privacy rights of an individual. The Supreme Court must formulate strong laws in order to protect the privacy rights of individuals. What India needs is a strong cyberinfrastructure and proper privacy rights where the citizens can feel a sense of safety and security even if they are being watched.

REFERENCES

[[1]] Ashish Yechury. 2017 Meet the 9 Judges Who Declared Privacy as a Fundamental Right in India. Retrieved from https://www.news18.com/news/india/right-to-privacy-fundamental-right-supreme-court-constitution-bench-judges-1499851.html

[[2]] Hemani Sheth. 2019. Government Surveillance at alarming levels. Retrieved from https://www.thehindubusinessline.com/info-tech/government-surveillance-at-alarming-levels/article28138407.ece

[[3]] Rachna Khaira. 2018 UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm. Retrieved from https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472/

[[4]] Nitya Tirumalai. 2018. Supreme Court website hacked; Brazilian team suspected to be behind attack. Retrieved from https://www.news18.com/news/india/supreme-court-website-hacked-brazilian-team-suspected-to-be-behind-attack-1723095.html

[[5]] Power to issue directions for interception or monitoring or decryption of any information through any computer resource. Retrieved from https://www.indiacode.nic.in/show-data?actid=AC_CEN_45_76_00001_200021_1517807324077&orderno=88#:~:text=(4)%20The%20subscriber%20or%20intermediary,also%20be%20liable%20to%20fine.

[[6]] National Social Registry can be a tool of surveillance. 2020. Retrieved from https://www.newsclick.in/national-social-registry-can-be-tool-surveillance

Leave a Comment