New Delhi: The government is in a dilemma as it grapples with the expanded scope of India’s proposed privacy law: Should it scrap all existing provisions on lawful interceptions and fold them under the new legislation, or strengthen the various laws under different ministries so their turfs remain undisturbed?
The right to privacy Bill aims to uphold the right of all Indians against any misuse of their personal information, interception of personal communication, unlawful surveillance and unwanted commercial communication.
But its scope has been expanded beyond data protection to include provisions on lawful interception, surveillance and illegal commercial communication.
GE Vahanvati. File photo
Several of these additions are governed by different ministries. For instance, the Indian Telegraph Act, the Wireless Act, the Information Technology Act, the Prevention of Terrorism Act and provisions of the Code of Criminal Procedure all contain sections on lawful interception. The IT Act is controlled by the department of information technology, and the Telegraph Act and the Wireless Act by the department of telecom as lawful interception requires technological expertise.
The department of personal and training, mandated with framing the law, has come out with a draft legislation that lays out its own provisions on lawful interception, some of these similar to existing laws.
Mint has reviewed a copy of the draft Bill and minutes of various meetings on the issue. According to one such document, Attorney General G.E. Vahanvati is of the view that “provisions about the authorization of interception of communications (Web/IT-based) should be so drafted that it may have overriding effect over similar provisions in Telegraph Act, IT Act or any other Act”.
That could trigger an inter-departmental conflict. “That is the question which is still bothering us and we need to find a fix to the problem,” said a government official, who has been involved in the talks. Some of the existing provisions under various ministries, he says, are either obsolete or inadequate. The Telegraph Act of 1885 talks of interception of telegrams.
“There was no satellite communication or Internet then. Even the IT Act of 2000 permits interception which is of Internet-based communication. We need one legislation which is for the current scenario as the ambit of these provisions is so small,” said the official, requesting anonymity because of the sensitivity of the matter.
Another official with a security establishment, who is also involved in the talks, said provisions in the Bill should not disturb the existing regime of lawful interception that’s critical to intelligence gathering. “The draft privacy Bill is positive in that direction. But it should be stated in categorical terms,” the official said, on condition of anonymity.
Under present laws, central agencies require the Union home secretary’s permission to intercept phone calls and emails. In states, the permission is granted by the state home secretaries. On an average, central agencies intercept 6,500 phone numbers daily.
Former Union home secretary G.K. Pillai says a comprehensive regime on lawful interception will not create operational hindrances in the functioning of law enforcement agencies. “Otherwise also the existing laws like Telegraph Act need some modification,” he said.
The first official said the overlaps in the draft Bill are only on lawful interceptions as India does not have laws governing surveillance and commercial communication. The Telecom Regulatory Authority of India recently came out with guidelines on spam text messages, but these are not law.
The privacy Act was originally mooted to ensure that data collected by the government under the Unique Identification project, or Aadhaar, is not misused. Aadhaar, as part of providing unique digital identities to all Indian residents, collects various personal information, including biometric data and iris scans.
But recent incidents such as the tapping of phone conversations involving lobbyist Niira Radia prompted the government to relook the privacy law. “It exposed the weakness in the country’s privacy regime and it was felt that a law just on data protection won’t be enough,” said the first official. “It has to be comprehensive enough to address at least the basic privacy requirements.”
Sahil Makkar and Appu Esthose Suresh contributed to this story.
• • •