Govt already had power to intercept, monitor: Officials
Officials say nothing new in order, it limits number of agencies that can exercise powers
NEW DELHI: The outrage over the statutory order (SO) issued by Union home secretary Rajiv Gauba on Thursday authorising 10 security and intelligence agencies to lawfully “intercept, monitor and decrypt” information through a “computer resource” seems misplaced simply because these agencies already had this power under the Information Technology (IT) Act and the rules framed under the act, according to current and former government officials.
Still, the order may violate aspects of the privacy judgment given by the Supreme Court on August 23 last year, one expert said. Opposition parties on Friday criticised the government over the move, describing it as “unconstitutional and an assault on fundamental rights”, alleging that country was being turned into a “police state”.
The 10 agencies are the Central Bureau of Investigation, the National Investigation Agency, the Research and Analysis Wing, Intelligence Bureau, Narcotics Control Bureau, Enforcement Directorate, the Central Board of Direct Taxes, Directorate of Revenue Intelligence, Directorate of Signal Intelligence (in service areas of J-K, North East and Assam) and the Commissioner, Delhi Police.
According to the officials, none of whom wished to be identified, the SO limits the number of agencies that can snoop on computer traffic. Before the order was issued, there was no bar on any agency, which could approach the competent authority, Union home secretary in their case, seeking interception or monitoring of computer traffic, the officials added. This included the Serious Fraud Investigation Office (SFIO) or Securities and Exchange Board of India (SEBI). Indeed, SEBI has been demanding powers to intercept phone calls and messages.
By listing out the agencies authorised to “intercept, monitor and decrypt” data, delays in sharing information with agencies by various service providers including applications such as Whatsapp will end, said a senior official who did not wish to be named. “Earlier, our requests were delayed or rejected because agencies weren’t expressly listed out,” he said. “Now if data isn’t shared, there is a possibility that the service providers can be prosecuted,” he added.
There are two main acts governing the legal provisions for surveillance in India: the Tele- graph Act of 1885 and the Information Technology Act of 2000.
The first allows for the interception of calls and messages while the second deals with provisions to intercept digital information including data stored on a computer, internet traffic and other data flows.
The power to intercept and monitor the computer traffic comes from section 69 (1) of the IT Act. The section states that the Centre or a state government or any of its officers specially authorised for the purpose can order or direct any government agency to “intercept, monitor or decrypt” any information “generated, transmitted, received or stored” in any computer resource if they are satisfied it is necessary to do so “in the interest of the sovereignty or integrity of India, defence of India, security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence”.
The government has further codified rules in this regard.
Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules of 2009 provides that ‘the competent authority (home secretary in case of the central government) may “authorise an agency” of the government to intercept, monitor or decrypt computer resource traffic.
“But since 2009, since the rules were framed, no agency was notified under rule 4 by the government. Now the anomaly has been rectified with by the SO issued on Thursday,” said a home ministry official.
Government officials and independent experts agree that the SO issued on Thursday doesn’t confer any new powers to any of the security or law enforcement agencies. “Notification has been issued to notify the Internet Service Providers, Telecommunication Service Providers, intermediaries etc. to codify the existing orders. The order has been issued to ensure that any interception, monitoring or decryption of any information through any computer resource is done as per due process of law. It will also prevent any unauthorised use of these powers by any agency, individual or intermediary,” said Bharat Bhushan Babu, the MHA spokesperson, adding that even with the SO, all cases of interception or monitoring or decryption will still require approval by the Union home secretary.
Law enforcement agencies were using powers to intercept or monitor computer traffic earlier also under the IT Act and Rules, with prior approval of home secretary N R WASAN, Ex-chief Bureau of Police Research and Development