On December 20, 2018, the Ministry of Home Affairs issued a statutory order authorizing 10 agencies to intercept, monitor and decrypt communications of citizens. The order may be read, here - bit.ly/2rYlx0z #Surveillance

The agencies authorized by MHA include - Intelligence Bureau, National Investigating Agency and Commissioner of Police, Delhi. The order was issued under existing powers given to the MHA as per Section 69 of the IT Act, 2000 and corresponding rules. #Surveillance

Section 69 empowers the govt. to issue directions for surveillance of communications. The corresponding rules empower the MHA to notify other govt. agencies which can perform such surveillance. Thus, these agencies have been notified under existing rules under the IT Act.

This statutory order does not per se enhance the existing surveillance powers of the government, but enables these 10 agencies to seek clearance from the MHA to perform legal surveillance on citizens communications and devices. #Surveillance

In 2014, we had published a comprehensive report on India's surveillance laws (the report can be downloaded here - bit.ly/2EZgpAK). Unfortunately, despite a committee on data protection, not much has changed in India's surveillance landscape since then. #Surveillance

This fresh order of the MHA has reignited the debate on much needed surveillance reform in India and before the closing of the year, we bring you few key findings from our report to highlight India's surveillance activities which have been further exacerbated by this order.

Multiple Indian laws, including the Indian Telegraph Act and Rules, IT Act and Rules and the Code of Criminal Procedure, contain explicit provisions that allow Central and State Governments to intercept and monitor the nation's communication networks on several grounds.

An RTI application (bit.ly/2BSq74O) filed by us on 19/03/2014 revealed that around 7,500 – 9,000 telephone interception orders are issued by the central govt. each month (bit.ly/2EWBr3W).

Adding state govts. to this, it becomes clear that Indian citizens are routinely subjected to govt. surveillance on a mass scale. #Surveillance

In India, the Telegraph Act, 1885 (and rules) allow for telephonic interception and the IT Act, 2000 (and rules) apply to electronic (including the internet) interception. #Surveillance

Section 69 of the IT Act, draws heavily from the Telegraph Act. Though, the ambit of Section 69 is wider in effect, as it even enables interception for grounds such as - 'investigation of any offence' and the 'defense of India' - which are not mentioned in the Telegraph Act.

Apart from the IT Act, Section 91 of the CrPC allows any court or officer in charge of a police station the production of any document or 'other thing' if it is considered necessary for the purposes of an investigation, inquiry, trial or any other proceeding under the CrPC.

Since this is the legislation which the police authorities are familiar with, it is often found that requisitions sent to intermediaries directly by the police often ask for information based on Section 91 of the CrPC.

In addition to these laws, the licenses issued by the DoT to various service providers contain enabling clauses for performing surveillance. Then there are surveillance systems such as - Centralized Monitoring System, Network Traffic Analysis and the National Intelligence Grid.

Thankfully what has changed from 2014 is the Supreme Court's landmark decision in Puttaswamy, wherein the court upheld the right to privacy as a fundamental right and recognized the principles of necessity and proportionality as a pre-condition to inroads in citizen's privacy.

Considering India's vastly enabling surveillance architecture, it has become imperative for the country to have a comprehensive surveillance reform law. Unfortunately, the newly drafted Personal Data Protection Bill does not contain any surveillance protecting clauses.

Though, the Sri Krishna Committee Report recognizes the importance of surveillance reform in India and states that the current surveillance regime might be potentially unconstitutional considering the conditions laid down in the Puttaswamy (right to privacy) judgment.

Whether the previous or the current government, we have seen a lack of initiative and commitment by parliament and policy makers towards a comprehensive surveillance reform law in India. With advancements in communication technology, this is the need of the hour. #Surveillance

The recent proposed changes to the Intermediaries Guidelines Rules is another step towards monitoring and content filtering, which erodes the promise of privacy respecting laws in India. The Draft Amendment Rules may be read, here - bit.ly/2GJTdJv

We conduct Digital Security Trainings (security.sflc.in) for lawyers, teachers, students and other professionals to familiarize them to methods of keeping our digital lives safe and secure in this world of data breaches and constant surveillance.