Are India’s laws on surveillance a threat to privacy?

We need to move towards a new legal framework for surveillance

Over the past decade, we have been witness to many legal, juridical and executive interventions that comprise the highly contentious terrain of surveillance in digital times — from the amendment to Section 69 of the IT Act in 2008 that expanded the government’s powers of interception, to the recent Supreme Court order directing the Central government to frame guidelines for social media intermediaries to address sexually abusive content.

The Centre’s most recent proposal to amend the Intermediary Rules, 2011, has been justified as necessary to trace the “originator” of “unlawful” information, in the wake of a fake news epidemic. The Government of India has claimed that social media has brought new challenges for law enforcement agencies, including inducement for recruitment of terrorists, circulation of obscene content, spread of disharmony, and incitement to violence.

Powers of the state
The regime’s moral panic is not all unfounded. It is partly explained by the fact that communication arenas in the digital age are mostly controlled by transnational corporations. Over the last few months, there have been several cases where the police have expressed their inability to trace offenders because intermediaries have refused to cooperate.

Trends in surveillance point to an obvious tension that the scale of communication activity and its private architecture represent for state agencies. To bring justice to victims of online gender-based violence, the police must obviously do what may be necessary to marshal evidence and trace the offender. However, as critics have held, the overly broad contours of the proposed amendment to the Intermediary Rules confer unchecked powers on the executive, reminiscent of the arbitrariness that led to the famous Shreya Singhal case (2015). In the absence of judicial or legislative oversight, such powers result not only in a disproportionate restriction on individual fundamental right to privacy, but also have far-reaching consequences for other freedoms — a chilling effect on the freedom of speech and association and democratic participation. Also, cybersecurity experts caution that it’s not possible to create a “back door” decryption to target one individual, and that tampering with encryption can compromise security for all.

Hence, the digital environment requires a rethink on the rule of law, the very basis upon which the logical connection between constitutional principles, legal norms and procedural rules is tied together. We need not debate the whether or why of surveillance, but the how, when, and what kind of surveillance, moving towards a new legal framework for surveillance.

Test of proportionality
All measures within such a framework must pass the test of proportionality specified by the right to privacy judgment. They must also account for how digital technologies are implicated in the problems of opacity, arbitrariness and impunity that characterise the rules and current practices of surveillance. Intermediaries must be mandated to locate servers in India. The oversight of algorithms, employed by state agencies and corporations, is an important aspect. Rules for digital evidence collection must be specific to technological applications. The U.S. Supreme Court has held that law enforcement officials can make requests for such information only after obtaining a warrant, which requires them to demonstrate probable cause.

The Centre’s attempt to tinker with the Intermediary Rules seems to suggest a cart-before-horse approach, with little thinking on how its social and technological fallouts will impede the rights that make a robust democracy.

This article was first published in The Hindu.

Focus Areas
What We Do
Resource Type