The judiciary should determine the scope of monitoring private information.
Numerous civil society organisations across the world recently called on governments to ensure that their surveillance activities did not infringe on the rights of citizens, including the right to privacy. To this end, they have suggested that 13 ‘principles’ be followed while such activities are undertaken, including those of proportionality, transparency and public oversight.
More than 250 organisations, including some from India, endorsed these principles in Geneva recently at a side event during the 24th session of the Human Rights Council. The event was hosted by Austria, Germany, Liechtenstein, Norway, Switzerland and Hungary — countries that favour the adoption of effective safeguards to uphold the right to privacy.
The issue figured in a speech made by Navi Pillay, United Nations High Commissioner for Human Rights at the Council session, where she had said referring to the scope of the surveillance regimes of countries including United States and the United Kingdom, “Laws and policies must be adopted to address the potential for dramatic intrusion on individuals’ privacy which have been made possible by modern communications technology. While national security concerns may justify the exceptional and narrowly-tailored use of surveillance, I would urge all States to ensure that adequate safeguards are in place against security agency overreach and to protect the right to privacy and other human rights.”
The principles provide a benchmark that people around the world could use to evaluate and push for changes in their own surveillance laws, said the US-based Electronic Frontier Foundation.
Asked how the ‘principles’ could be seen in the Indian context, Elonnai Hickok, programme manager, Centre for Internet and Society, said creating a comprehensive legislation from scratch would help streamline surveillance provisions in India but that might prove a ‘large’ task. The Bangalore-based Centre was among the organisations that had endorsed these principles. At least the Indian provisions should be updated “across the board” to take into consideration many of the safeguards defined by the principles.
The Indian surveillance regime did not encompass many of these principles like user notification, transparency, integrity of communications and systems, public oversight, and competent judicial authority, said Ms. Hickok. A number of other important principles like proportionality, due process, adequacy, and necessity should be strengthened. These weaknesses were seen in Indian legislation regulating interception — the Telegraph Act (Rules and Licenses) and the Information Technology Act (Rules).
The preamble to the principles highlighted the centrality of privacy “to the maintenance of democratic societies. It is essential to human dignity and it reinforces other rights, such as freedom of expression and information, and freedom of association, and is recognised under international human rights law.”
Sensitive information could be collected not only from the primary content of communication but also other kinds of 'non-content' data that could reveal more about the individual than the content itself, like a person’s identity, behaviour, associations, physical or medical conditions, race, colour, sexual orientation, national origins, or viewpoints. It could also “enable the mapping of the person’s location, movements or interactions over time, or of all people in a given location, including around a public demonstration or other political event.” Such information should be legally protected.
One of the principles suggested was necessity: surveillance should be limited to “that which is strictly and demonstrably necessary to achieve a legitimate aim.” A competent judicial authority that is impartial and independent should be involved in the process of determination. Individuals should be informed of the decision and be given the opportunity to appeal against it.
The application of the principle of proportionality meant the judicial authority should, among other things, determine whether “there is a high degree of probability that a serious crime has been or will be committed” and other “less-invasive” means have been exhausted before authorising surveillance. Any “excess” information should be destroyed or returned and it should be ensured that it is “accessed only by the specified authority and used for the purpose for which authorisation was given.”
To ensure transparency the State should publish “aggregate information on the number of requests approved and rejected, a disaggregation of the requests by service provider and by investigation type and purpose.” Service providers should be able to publish the procedures they apply when dealing with State communications surveillance.
Oversight mechanisms should be established to assess whether the surveillance is within lawful bounds and that transparency is being ensured. An independent oversight mechanism should be established in addition to any oversight by a government branch.
Legislation should be enacted to criminalise illegal communications surveillance by public or private players. It should protect whistle blowers and provide redress mechanisms to affected individuals.