Opinion » Lead

Updated: June 22, 2013 00:08 IST

Lethal surveillance versus privacy

Shalini Singh
Comment (15)   ·   print   ·   T  T  

There has been no public debate on the level of watch citizens can be put through, and on what the red lines should be while using intrusive mechanisms

The tussle between government agencies’ need for a better, faster and real-time interception, surveillance and monitoring mechanism through the Central Monitoring System (CMS), on the one hand, and demands by privacy, civil rights and free speech activists, for ensuring higher privacy for citizens in view of CMS, on the other, is gaining ground. India today has nearly 900 million mobile subscribers, 160 million Internet users and close to 85 million citizens on social media. Internet and social media users are expected to double by 2015.

The discussions have been coloured by the startling revelation relating to the PRISM project which, if true, may have meant that the privacy of millions of Indian Internet users could have been compromised, in varying degrees.

Meanwhile, closer home, the CMS project, aimed at improving the capability of security agencies to protect national security and fight crime, including terrorism, has also raised serious privacy issues.

Shrouded in secrecy

First, very little real information is available about the CMS working procedure, technical capabilities and privacy safeguards in the public domain. While governments worldwide remain reluctant to share information about their surveillance and monitoring systems, successive governments in India have fared no better.

Key unanswered issues include the uncontrolled use of technical capability and intrusive technologies, which are capable of “instant, real time and deep search” surveillance. There has been no debate in Parliament or outside about the level of surveillance citizens should be put through or whether there should be red lines when using intrusive surveillance mechanisms, even when technology presents an option.

Further, there is no information about whether there are additional safeguards against interception by political authorities, of potential “targets” carrying out sensitive assignments such as judges, opposition leaders, editors, regulators, advocates, vigilance officials, corporate CEOs, etc. Should there be? How far should the spy agencies take lethal technological capability against their own citizens? Can all technological prowesses be used against any category of citizen, regardless of the level of security clearance they are entitled to? Who decides the correctness and propriety of such authorisations, especially since these are approved by bureaucrats who, in turn, report to political authorities?

The U.N. Special Rapporteur on Promotion and Protection of Right to Freedom, in his report of April 17, 2013, has concluded that apart from increasing public awareness of threats to privacy, States must “regulate the commercialization of surveillance technology”.

Legal infirmities

Secondly, while the existing law primarily relates to interception of calls, CMS expands surveillance across Meta-Data which includes CDRs and SDRs. Access, transfer and retention of CDRs is weakly defined under the existing laws. Provisions for authorisation of interception are contained in Section 5(2) of the Indian Telegraph Act 1885, Rule 419(A) of the Indian Telegraph Rules 1951, as well as Section 69 of the Information Technology Act 2000, read with Information Technology (Directions for Interception or Monitoring or Decryption of Information) Rules 2009.

“The Right to Privacy,” on the other hand, is protected under Article 21—– Right to Life — and Article 19(1)(a) — Right to Freedom of Speech and Expression — under the Constitution of India, “unless it is permitted under procedure established by law.” While the Supreme Court has upheld the constitutional validity of interceptions, and monitoring under Section 5(2) of the Act through its order dated December 18, 1996, it subsequently laid down guidelines narrowing the scope of interception down to five instances — “national sovereignty and integrity, state security, friendly relations with foreign states, public order or for preventing incitement to the commission of an offence”.

With CMS, questions about the mismatch between the privacy legislation and the lethal forensic surveillance capabilities arise. These border on what is now recognised as a human rights issue. Are “public order” or “preventing incitement to the commission of an offence” sufficiently vague or broad for the security agencies to practically put through any authorisation request for interception, however weak, under these two heads? Can prevention of crime leave the door open to any agency, getting permission to monitor any citizen without adequate burden of proof? Since the authorities giving approval are not judges, will they have the judicial expertise to make legally valid decisions? Worse still — if the surveillance is extra-judicial, how will it be uncovered?

Further, interception under CMS can be done instantly and, since existing laws allow government agencies to intercept any phone conversation without the Home Secretary’s mandatory permission, for seven days, should this procedure be reviewed under CMS? Should a lower level officer’s approval be sufficient to begin surveillance? The law also says “the directions for interception shall remain in force, unless revoked earlier, for a period not exceeding 60 days, after issue, and may be renewed, but same shall not remain in force beyond a total period of 180 days”. In effect, monitoring can continue for half the year. Is this period too long, without a periodic review? If there is a review, is it sufficiently independent and robust?

Here again, the U.N. Rapporteur in the recent report on surveillance, recommended that surveillance must occur under, “the most exceptional circumstances and exclusively under the supervision of an independent judicial authority”. Further that “surveillance techniques and practices that are applied outside the rule of law must be brought under legislative control”.

Meanwhile, there is no consensus on the opposing views between DoPT, the Home Ministry and civil rights activists, two-and-a-half years after a ‘privacy’ group was set up under Secretary, DoPT, and seven months after the Justice A.P. Shah Committee submitted its Report on ‘Privacy,’ suggesting a privacy legislation which was “technologically neutral, inter-operable with international standards, protected multi-dimensional privacy, ensured horizontal applicability and conformity with privacy principles in a co-regulatory enforcement regime”. Ironically, the latest draft of the privacy legislation itself remains a mystery.

Lastly, bureaucrats authorise interception without any need to pass judicial muster by securing a prior valid court order. The surveillance is not subject to any ongoing bipartisan Parliamentary oversight either.

Before CMS, the mobile operator who gave access to the target’s phone calls for interception was required to ensure that the interception order received had been duly authorised by the persons identified under the Act. This is no longer the case. The government has justified CMS in Parliament, by arguing that CMS, to avoid the recordings from being leaked, circumvents manual intervention by mobile operators, and is therefore more secure, allowing instant access. However, this means that the checks-and-balance system provided by the nodal officers in mobile networks — which discovered the illegal request for BJP leader Arun Jaitley’s CDRs, leading to the arrest of three persons including a Delhi police constable — will no longer exist. Is there a new safeguard?

Potential misuse

Under CMS, one government official will authorise interception. This will be reviewed and executed by other fellow officers in different agencies — but all within the government. What is the guarantee that such permission will be subject to the rigorous due diligence that it deserves? Will every government officer follow the laid down procedure, especially if he knows that all authorisations are covered under absolute secrecy with no chance of public disclosure or scrutiny? What happens if the procedure is violated? Will violations, when discovered, be acted upon since everything remains secret within the government? The identity of targets or duration of monitoring cannot be revealed publicly, even under the RTI, as it falls under specific exemptions granted in Section 8 of the RTI Act. How will mistakes be corrected and misuse prevented?

There are other questions that remain unanswered in law. Who all within the government can have access to the Intercept Related Information (IRI), Call Content (CC) and CDRs? How long can intercept information be kept with the government and what is the procedure for its safe keeping — especially given a track record of leaked tapes — without a single official being found guilty in such instances? Are there any circumstances under which “targets”, especially when found innocent, will be informed that they were under surveillance?

The privacy issues are sufficiently serious — both outside India and within. Hopefully, the government can present the Privacy Bill early for Parliament to debate it. Equally it may be time for the Supreme Court to review its guidelines which were written at a time when there were less than a million mobile subscribers and no Internet users.

More In: Lead | Opinion

To ensure that the motives stay correct and appropriate as mentioned in
law, an independent body for all such surveillance is neccesary and
sufficient. It must not directly report to the Government but take in
requests, process them, and send reports regarding necessary facts,
without jeopardizing the privacy of any individual.
The only threat that privacy faces is from misuse of surveillance power
by the government. The above method would eliminate this, atleast by a
significant margin.

from:  Ashish Gupta
Posted on: Jun 23, 2013 at 17:49 IST

The people of Ekachakra did not have a strong person to protect them from their enemies and predators. So they approached Bakasura who promised them protection. His fee was a bullock-cart load of food, the bullocks and its young and tender driver every day. Since the need for security was paramount and the chances of the driver being from one's own household was remote (bad things never happen to us), the people agreed. Cut to free India and Durga Mata in 1975 who invoked the security mantra. We Indians meekly went along, and it was only the great unwashed in the villages who could not spell security who dissented. Left to us educated people, Sanjay Gandhi would have been ruling India now. We are still not improved in any way, supporting dictators, plunder in the name of development, murders by uniformed protectors (we call them "extra-judicial killings"), because we need "protection" and as in Ekachakra, our turn may never come. A people get the government they deserve.

from:  Jayadevan
Posted on: Jun 22, 2013 at 20:52 IST

The freedom of thought and expression is something that I would not like compromised. This is the main difference between democracy and communism. In a democracy the people elect the government and the government has to be transparent with checks and balances. We cannot have a government that thinks that they know what is best for you and me. Proper oversight with accountability is what the government has to put in place to avoid abuse and misuse. Trading freedom for security is absurd.

from:  Sundar
Posted on: Jun 22, 2013 at 19:25 IST

The above mentioned facts are true and withstand as per the present scenario & the information. Some following major alteration can peal out few hurdles.
1. An independent agency(independent of govt.) to take up CMS working as govt has always influenced working of such bodies.
2. No direct access to IRI by govt. Rather a report(conclusion/summary type) will be given to govt.
3. To testify the working, access to Social site accounts be only permitted. This would give a glimpse of possible type of hurdles.
4. Later if things work smoothly the permission to access mobile connection can be granted.

If this initiative is just for security, especially to terrorism related, it must be under the eye of only anti-terrorist independent body. Why govt be brought in?

from:  Apurv
Posted on: Jun 22, 2013 at 18:59 IST

Everything comes at a cost, now its upon us to decide that,whether NATION comes first or our so called privacy, if we are not doing anything wrong, first.
IPL scandal was not what they were searching but these phone calls led to unearth this huge corruption, so in one way deep inspection is needed indeed in the best interest of our NATION.

from:  vikas
Posted on: Jun 22, 2013 at 15:52 IST

This is a welcome move and we as commoners must embrace it with open arms. With rampant chaos and deregulations , something like this is inevitable.
On the flip side, government misuse should be under tab. Vigilance by third party, an independent one, may help both sides.

from:  Yashika
Posted on: Jun 22, 2013 at 15:00 IST

The cavelier attitude with which Indian public will hand over their rights of free speech and privacy is just mind boggling!. Is it why India was enslaved for centuries.

We have seen how the government of the day has been misusing the CBI and the intelligence agencies to down protests. We have also seen how the talk of terrorism has been used to slowly erode human rights in our country. I suggest reading Orwell's 1984 book.

We have also seen that irrespective of party any tool that they have in their disposal for corrupt ends. Radiia tapes and all the scams

Inspite of all kind of tools and the friendly US, they have not prevented Mumbai, Delhi, Pune, Bangalore, Hydrabad, Kolkata american center terrorist atttacks. See Hindu article: "defenders of nsa surveillance omit most of Mumbai Plotters Story"

Terrorists know better so who is the target of this BLANKET criminal surveilance? 125 crores of Indians & businesses. PURE EVIL=CMS is not hyperbole

from:  Bhadury
Posted on: Jun 22, 2013 at 14:51 IST

Security measures must be tightened..The national interests must override the interests of the individuals but at the same time? It must be ensured that these techniques are not misused As a law student feel that judiciary must be the independent body authorising these 'snoopings'.

from:  Sreejith S
Posted on: Jun 22, 2013 at 14:25 IST

Though the information are available on the right and left click of our mouse, but I am still in chaos that "RTI is benevolent or malevolent to our next generation"

from:  Rajib
Posted on: Jun 22, 2013 at 13:57 IST

It's time for us to accept the truth that we cannot have full proof security and secrecy simultaneously. The move is inevitable amid growing security threats. The only danger is of politicization of the classified information.

from:  Shailendra
Posted on: Jun 22, 2013 at 11:24 IST

The issue boils down to "privacy" of the citizens versus the "authority"
of the government. The question is how "authorized" the government
really is and to what "extent" this authority can go to..? While it is
the prerogative of the government to "protect" the nation from threats,
it is also its duty to protect the privacy of its citizens. Judicial
sanction is a must before any "monitoring" can take place.

from:  R. Parthasarathy
Posted on: Jun 22, 2013 at 11:19 IST

At a time when India is facing security threat both external and internal one cannot have full proof security and secrecy simultaneously. The move is laudable provided it would not become politicised in near future.

from:  Shailendra
Posted on: Jun 22, 2013 at 11:19 IST

I personally feel it is a good move. It can also be used to serve as a weapon against people who exploit women via various means and secondly no longer we will have to beg for records from agencies like skype and google. Why beg for our national interest? I think citizens must cooperate.

from:  Krishna
Posted on: Jun 22, 2013 at 07:21 IST

nothing would satisfy people..all they want is freebies and blame everything on the government. when finally govt does something, there is huge hue and cry about individual freedom and what not. the author is concerned that the govt has not told her how she will be monitored,by using which technologies etc. if someone is going to monitor you, will they disclose when and how it will be done?? some concerns might be genuine,but don't be a rabblerouser picking up on anything and everything ..

from:  Deepak
Posted on: Jun 22, 2013 at 07:06 IST

No one can question that there have to be ample safeguards in place so
as to ensure that these snooping systems don't become political
weapons. That said, I think we as citizens should ask one question -
What is more important to us - A distant scenario that someone might
be reading our email or an steadfast assurance that security of this
country can be vastly improved using such systems. Americans who crib
about privacy should not forget that they have been extremely
fortunate to have been victim of just one terrorist attack in the last
decade. Desperate situations require desperate measures, when
government takes one, we only complain.

from:  Abhishek
Posted on: Jun 22, 2013 at 05:09 IST
Show all comments
This article is closed for comments.
Please Email the Editor



Recent Article in Lead

Prime Minister Narendra Modi

Decisive but to what avail?

Surprisingly for a nationalist party-led government, national security and defence have occupied scant space while showcasing its achievements. »