By modern standards of civility governments snooping on citizens is considered abhorrent behaviour. The admission by the US government that it has been collecting billions of pieces of information world-wide, especially personal data and emails, has thus been greeted by shock and anger. Indian citizens, too, have been subjected to this sweep, carried out under the Foreign Intelligence Surveillance Act, or Fisa.
It is time the government of India stopped twiddling its thumbs and took strong measures such as enacting a Privacy Act to protect the rights of citizens.
An 8 June report by The Guardian suggests that 6.3 billion reports were collected from India. The investigation followed reports that the US has been monitoring communications between US and foreign nationals over the Internet for years under a project called “prism”. The Guardian said it has acquired classified documents about a data-mining tool called “boundless informant” that was used by the US National Security Agency that details and even maps by country the voluminous amount of information it collects from computer and telephone networks.
Reacting to earlier reports on the same issue, US director of national intelligence, James R. Clapper, issued a media release on 6 June, stating that The Guardian and The Washington Post articles “contain numerous inaccuracies”, but acknowledged that, “section 702 is a provision of Fisa that is designed to facilitate the acquisition of foreign intelligence information concerning non-US persons located outside the US...” The US government simultaneously clarified that the usage of such information or metadata (analytics of the humungous amounts of data intercepted) is used only after a due legal process.
Nevertheless, this assurance provides little comfort given that around 40 countries filter the Internet to varying degrees, including democratic and non-democratic governments. YouTube and Gmail (both from Google), BlackBerry maker Research In Motion Ltd, WikiLeaks, Skype (now a Microsoft product), Twitter and Facebook have all been censored, at different times, in China, Iran, Egypt and even India.
In April, the Union government began rolling out a central monitoring system, or CMS, which will enable it to monitor all phone and Internet communication in the country. Human Rights Watch in a 7 June media release described CMS as “chilling, given its reckless and irresponsible use of the sedition and Internet laws”.
Cybersecurity experts caution that while US and European Union citizens have recourse to law under their own domestic privacy policies, India has no such safeguard. The obvious agency to take a lead in the design, framing and enactment of such a law is, of course, the Union government. But it is hard to expect the government to take any initiative in the matter as—like any government—it would want to have the capabilities to intercept private communication of citizens. On 25 April 2011, the government in a media release admitted that provisions for authorization of interception are contained in section 5(2) of the Indian Telegraph Act, 1885, read with Rule 419 (A) of the Indian Telegraph Rules, 1951, as well as in section 69 of the Information Technology Act, 2000, read with the Information Technology (Directions for Interception or Monitoring or Decryption of Information) Rules, 2009.
The release also pointed out that the Supreme Court, in its order of 18 December 1996, had upheld the constitutional validity of interceptions and monitoring under section 5(2) of the Indian Telegraph Act, but added that telephone tapping would infringe the Right to Life and Right to Freedom of Speech and Expression enshrined in articles 21 and 19(1)(a), respectively, of the Constitution of India, unless permitted under the procedure established by law.
However, these guidelines are implemented more by way of an exception rather than as a rule.
The trouble here is that while the law is clear, it has multiple exceptions built into it that allow the government to do as it pleases. The safeguards thought of by the judiciary are not sufficient to protect the privacy of citizens. It is too much to hope that the government will adhere to privacy norms on its own. Three things need to happen in case India is ever to have a reasonable chance at a decent privacy law. One, citizen awareness and activism have to assume a much higher level than what prevails now. Two, public representatives—legislators, especially in Parliament—have to realize that privacy is a right that is at par with other rights and should not be trampled at will. Finally, at an appropriate juncture, the higher judiciary should take a look at the issue carefully once again. Continuous judicial scrutiny of the government is, for now, the only viable option to check abuses of privacy.
Does India need a privacy law? Tell us at firstname.lastname@example.org