Sur­veil­lance state Is a re­al­ity now

FrontLine - - COVER STORY - BY V. VENKATESAN

A year after a Con­sti­tu­tion Bench of nine judges de­clared pri­vacy a fun­da­men­tal right, its fears of the emer­gence of a sur­veil­lance state

have come true.

“OUR GOV­ERN­MENT WAS SUC­CESS­FUL IN com­pelling Black­berry to give to it the abil­ity to in­ter­cept data sent over Black­berry de­vices. While such in­ter­cep­tion may be de­sir­able and per­mis­si­ble in or­der to en­sure na­tional se­cu­rity, it can­not be un­reg­u­lated.... Ge­orge Or­well cre­ated a fic­tional State in 1984. To­day, it can be a re­al­ity. The tech­no­log­i­cal de­vel­op­ment to­day can en­able not only the state, but also big cor­po­ra­tions and pri­vate en­ti­ties to be the ‘Big Brother’.”—jus­tice San­jay Kis­han Kaul in Jus­tice K.S. Put­taswamy (Retd) vs Union of In­dia, a unan­i­mous judg­ment declar­ing the right to pri­vacy as a fun­da­men­tal right, de­liv­ered by a nine-judge Con­sti­tu­tion Bench on Au­gust 24, 2017.

On De­cem­ber 20, 2018, by is­su­ing a terse Statu­tory Or­der (S.O.6227(E), the Union Home Sec­re­tary, Ra­jiv Gauba, vin­di­cated Jus­tice Kaul’s ap­pre­hen­sion in the land­mark judg­ment on pri­vacy, un­mind­ful of the or­der’s clear in­con­sis­tency with the Supreme Court’s pro­nounce­ment declar­ing the right to pri­vacy an in­trin­sic part of the right to life and per­sonal lib­erty

un­der Ar­ti­cle 21 and as a part of the free­doms guar­an­teed by Part III of the Con­sti­tu­tion.

The or­der drew its sus­te­nance from Sub­sec­tion (1) of Sec­tion 69 of the In­for­ma­tion Tech­nol­ogy (IT) Act, 2000, read with rule 4 of the In­for­ma­tion Tech­nol­ogy (Pro­ce­dure and Safe­guards for In­ter­cep­tion, Mon­i­tor­ing and De­cryp­tion of In­for­ma­tion) Rules, 2009. The or­der, is­sued by the com­pe­tent au­thor­ity, au­tho­rised 10 se­cu­rity and in­tel­li­gence agen­cies to in­ter­cept, mon­i­tor and de­crypt any in­for­ma­tion gen­er­ated, trans­mit­ted, re­ceived or stored in any com­puter re­source un­der the Act.

The agen­cies are the In­tel­li­gence Bureau (I.B.), the Nar­cotics Con­trol Bureau (NCB), the En­force­ment Di­rec­torate (E.D.), the Cen­tral Board of Di­rect Taxes (CBDT), the Di­rec­torate of Rev­enue In­tel­li­gence (DRI), the Cen­tral Bureau of In­ves­ti­ga­tion (CBI), the Na­tional In­ves­ti­ga­tion Agency (NIA), the Cab­i­net Sec­re­tariat (Re­search and Anal­y­sis Wing, or RAW), the Di­rec­torate of Sig­nal In­tel­li­gence (or DSI, for the ser­vice ar­eas of Jammu and Kash­mir, North-east and As­sam only), and the Com­mis­sioner of Po­lice, Delhi.

The “au­tho­ri­sa­tion” granted to these 10 or­gan­i­sa­tions has as­tounded ob­servers and dis­mayed civil so­ci­ety.

The word “any” be­fore the words “com­puter re­source” in the or­der sounded like “every”. Although the Supreme Court, in a re­cent case, held that “any” does not mean “every”, the im­pli­ca­tion, caused by a deep dis­trust of the state, was omi­nous.

The very men­tion of these 10 agen­cies in one or­der sug­gested that they had been hand­i­capped by the prob­lem of ac­cess­ing in­for­ma­tion stored in “any

re­source” to per­form their du­ties ef­fec­tively. The or­der gave no rea­sons as to why only these 10 agen­cies were au­tho­rised, leav­ing one to spec­u­late whether other agen­cies al­ready had that power and, there­fore, re­quired no au­tho­ri­sa­tion, or whether they did not re­quire this power, as per the Cen­tre’s rea­son­ing.

The term “com­puter re­source”, as de­fined by Sec­tion 2(k) of the IT Act also points to the pos­si­bil­ity of the or­der be­ing over­broad and there­fore amenable to mis­use by the au­thor­i­ties. Orig­i­nally, it meant com­puter, com­puter sys­tem, com­puter net­work, data, com­puter data­base or soft­ware; in 2008, the Act was amended in such a way that the term in­cluded any “com­mu­ni­ca­tion de­vice”, such as mo­bile phones, within the def­i­ni­tion.

THE OF­FI­CIAL JUS­TI­FI­CA­TION

Faced with civil so­ci­ety’s ou­trage against the or­der, the Home Min­istry sought to clar­ify the ra­tio­nale of the or­der through a press re­lease, which read: “No new pow­ers have been con­ferred to any of the se­cu­rity or law en­force­ment agen­cies by the S.O. dated 20.12.18. It has been is­sued in ac­cor­dance with rules framed in 2009 and in vogue since then. Each case of in­ter­cep­tion, mon­i­tor­ing, de­cryp­tion is to be ap­proved by the com­pe­tent au­thor­ity, that is, the Union Home Sec­re­tary. These pow­ers are also avail­able to the com­pe­tent au­thor­ity in the State gov­ern­ments as per IT (Pro­ce­dure and Safe­guards for In­ter­cep­tion, Mon­i­tor­ing and De­cryp­tion of In­for­ma­tion) Rules 2009.”

Ac­cord­ing to Sub­sec­tion (1) of Sec­tion 69 of the Act, as amended in 2008, where the Cen­tral gov­ern­ment or a State gov­ern­ment is sat­is­fied that it is nec­es­sary or ex­pe­di­ent to do so in the in­ter­est of the sovereignty or in­tegrity of In­dia, for the de­fence of In­dia, for en­sur­ing the se­cu­rity of the state and friendly re­la­tions with for­eign states, or in the in­ter­est of pub­lic or­der or to pre­vent in­cite­ment to the com­mis­sion of any cog­nis­able of­fence re­lat­ing to the above or for the in­ves­ti­ga­tion of any of­fence, it may, sub­ject to the pro­vi­sions of Sub­sec­tion (2) for rea­sons to be recorded in writ­ing, di­rect any of its agen­cies to in­ter­cept, mon­i­tor or de­crypt any in­for­ma­tion trans­mit­ted, re­ceived or stored through any com­puter re­source.

Sub­sec­tion (2) of Sec­tion 69 says that the pro­ce­dure and safe­guards sub­ject to which such in­ter­cep­tion or mon­i­tor­ing or de­cryp­tion may be car­ried out shall be such as may be pre­scribed. The pro­ce­dure and “safe­guards” en­vis­aged un­der this sub­sec­tion, it ap­pears, have not been suf­fi­ciently pre­scribed.

The only “safe­guard” en­vis­aged un­der rule 22 of the IT Rules, 2009, is that all such cases are to be placed be­fore a re­view com­mit­tee headed by the Cab­i­net Sec­re­tary, which shall meet at least once in two months to re­view such cases. In the case of State gov­ern­ments, a com­mit­tee headed by the Chief Sec­re­tary con­cerned will carry out the re­view.

The Home Min­istry’s press note claimed that the S.O. would help in these ways: Firstly, it would en­sure that any in­ter­cep­tion, mon­i­tor­ing or de­cryp­tion of any in­for­ma­tion through any com­puter re­source is done as per the due process of law. The note seemed to be a tacit ad­mis­sion that un­til now agen­cies had en­gaged in these acts with­out com­ply­ing with the due process of law.

Sec­ond, the or­der aims to pre­vent any unau­tho­rised use of these pow­ers by any agency, in­di­vid­ual or in­ter­me­di­ary. This could sug­gest that there have been in­stances of such unau­tho­rised use of these pow­ers by an agency, in­di­vid­ual or in­ter­me­di­ary, which led the gov­ern­ment to proac­tively is­sue such a no­ti­fi­ca­tion with­out re­ceiv­ing any com­plaint from an ag­grieved party.

As state sur­veil­lance takes place with­out the knowl­edge of the per­son be­ing watched, the ques­tion of re­ceiv­ing a com­plaint about any unau­tho­rised use of these pow­ers does not arise. Rather than in­ves­ti­gate and bring to book those guilty of such unau­tho­rised ex­er­cise of these pow­ers, the or­der ap­pears to pro­vide an ex post facto jus­ti­fi­ca­tion for them and guar­an­tee them le­gal pro­tec­tion from pros­e­cu­tion.

Third, the or­der would en­sure that the pro­vi­sions of law re­lat­ing to law­ful in­ter­cep­tion or mon­i­tor­ing of com­puter re­source are fol­lowed and if any in­ter­cep­tion, mon­i­tor­ing or de­cryp­tion is re­quired for the pur­poses spec­i­fied in Sec­tion 69 of the IT Act, the same is done as per the due process of law and with the ap­proval of com­pe­tent au­thor­ity, that is, the Union Home Sec­re­tary. It is clear that in the ab­sence of the or­der, the gov­ern­ment was find­ing it im­pos­si­ble to en­sure com­pli­ance with the law re­lat­ing to in­ter­cep­tion or mon­i­tor­ing of com­puter re­sources and that the ac­tiv­ity was be­ing re­sorted to with­out the due process of law or the ap­proval of the com­pe­tent au­thor­ity.

SIG­NIF­I­CANCE OF SAFE­GUARDS

The or­der states “in­ter­cep­tion, mon­i­tor­ing and de­cryp­tion” as its pur­pose. This im­plies that in­tel­li­gence gath­ered by these agen­cies may be used for any pur­pose what­so­ever so long as it sat­is­fies the mean­ing of “mon­i­tor­ing”. It is here that safe­guards as­sume sig­nif­i­cance. Ef­fec­tive safe­guards can only be guar­an­teed by an ex­clu­sive data pro­tec­tion law, which the Cen­tre is yet to en­act, de­spite a draft Bill hav­ing been rec­om­mended by an ex­pert com­mit­tee headed by the for­mer Supreme Court judge Jus­tice B.N. Srikr­ishna.

Col­lect­ing data be­yond the req­ui­site amount or pur­pose spec­i­fied and pro­fil­ing of in­di­vid­u­als or groups on the ba­sis of such in­ter­cep­tion are the risks await­ing

coun­try in the ab­sence of a data pro­tec­tion law. The ques­tion re­mains whether the gov­ern­ment will be the judge in its own case in de­cid­ing the ex­tent and scope of mon­i­tor­ing data, as the ex­ist­ing safe­guards do not pro­vide a sys­tem of checks and bal­ances.

The ab­sence of ef­fec­tive safe­guards against the mis­use of these pow­ers will likely make the Act’s pro­vi­sions more dra­co­nian than one may as­sume. Sub­sec­tion (3) of Sec­tion 69 re­quires the sub­scriber or in­ter­me­di­ary or any per­son in charge of the com­puter re­source to ex­tend all fa­cil­i­ties and tech­ni­cal as­sis­tance to the agency to (a) pro­vide ac­cess to or se­cure ac­cess to the com­puter re­source gen­er­at­ing, trans­mit­ting, re­ceiv­ing or stor­ing such in­for­ma­tion; or (b) in­ter­cept, mon­i­tor, or de­crypt the in­for­ma­tion, as the case may be; or (c) pro­vide in­for­ma­tion stored in the com­puter re­source. Sub­sec­tion (4) en­ables the au­thor­i­ties to pun­ish the sub­scriber or in­ter­me­di­ary or any per­son who fails to as­sist the agency re­ferred to in Sub­sec­tion (3) with im­pris­on­ment up to seven years and a fine.

EX­PE­RI­ENCE WITH THE TELE­GRAPH ACT

The roots of the gov­ern­ment’s ef­forts to snoop on dig­i­tal con­tent can be traced to Sec­tion 5(2) of the In­dian Tele­graph Act, 1885, whose con­sti­tu­tion­al­ity was tested by the Supreme Court in Peo­ple’s Union for Civil Lib­er­ties (PUCL) vs Union of In­dia in 1996. In this case, a bench of two Supreme Court judges dealt with tele­phone tap­ping. The pe­ti­tioner chal­lenged the con­sti­tu­tional va­lid­ity of Sec­tion 5(2) of the Tele­graph Act and urged that pro­ce­du­ral safe­guards against ar­bi­trary acts of tele­phone tap­ping be adopted.

Sec­tion 5(2) au­tho­rises the in­ter­cep­tion of mes­sages in trans­mis­sion in the fol­low­ing terms: “On the oc­cur­rence of any pub­lic emer­gency, or in the in­ter­est of the pub­lic safety, the Cen­tral gov­ern­ment or a State gov­ern­ment or any of­fi­cer spe­cially au­tho­rised in this be­half by the Cen­tral gov­ern­ment or a State gov­ern­ment may, if sat­is­fied that it is nec­es­sary or ex­pe­di­ent so to do in the in­ter­ests of the sovereignty and in­tegrity of In­dia, the se­cu­rity of the state, friendly re­la­tions with for­eign states or pub­lic or­der or for prevent­ing in­cite­ment to the com­mis­sion of an of­fence, for rea­sons to be recorded in writ­ing, by or­der, di­rect that any mes­sage or class of mes­sages to or from any per­son or class of per­sons, or re­lat­ing to any par­tic­u­lar sub­ject, brought for trans­mis­sion by or trans­mit­ted or re­ceived by any tele­graph, shall not be trans­mit­ted, or shall be in­ter­cepted or de­tained, or shall be dis­closed to the gov­ern­ment mak­ing the or­der or an of­fi­cer thereof men­tioned in the or­der.”

A pro­viso to this sec­tion reads that press mes­sages in­tended to be pub­lished in In­dia of cor­re­spon­dents ac­cred­ited by the Cen­tral gov­ern­ment or a State gov­ern­ment shall not be in­ter­cepted or de­tained un­less their trans­mis­sion has been pro­hib­ited un­der this sub­sec­tion.

The PUCL had ap­proached the Supreme Court in the wake of a re­port on the “tap­ping of politi­cians’ phones” by the CBI, which was pub­lished in the jour­nal Main­stream. In­ves­ti­ga­tion re­vealed se­ri­ous lapses on the part of Ma­hana­gar Tele­phone Nigam Lim­ited (MTNL). The Supreme Court found in this case that the files per­tain­ing to in­ter­cep­tion were not main­tained prop­erly.

The Supreme Court held in this case that tele­phone con­ver­sa­tions were con­strued to be an im­por­tant in­gre­di­ent of pri­vacy and the tap­ping of such con­ver­sa­tions would in­fringe upon Ar­ti­cle 21, un­less per­mit­ted by pro­ce­dure es­tab­lished by law. The court ruled that it would be nec­es­sary to lay down pro­ce­du­ral safe­guards for the pro­tec­tion of the right to pri­vacy of a per­son un­til Par­lia­ment in­ter­vened by fram­ing rules un­der Sec­tion 7 of the Tele­graph Act.

The court ac­cord­ingly framed guide­lines to be adopted in all cases in­volv­ing tele­phone tap­ping. The Supreme Court’s guide­lines in the PUCL case were for­mally in­cor­po­rated in the Tele­graph Rules with the in­ser­tion of Rule 419-A. But the new rule could not of­fer ef­fec­tive reme­dies against tele­phone tap­ping in the ab­sence of in­de­pen­dent over­sight of in­ter­cep­tions and par­lia­men­tary su­per­vi­sion or con­trol over agen­cies en­trusted with snoop­ing.

RADIA TAPES

In 2011, in the wake of the Ni­ira Radia tapes, the Cen­tre, through a press note, re­ferred to the Supreme Court’s rul­ing in the PUCL case on De­cem­ber 18, 1996, which held that Sec­tion 5(2) of the Act en­vis­ages “oc­cur­rence of any pub­lic emer­gency” or “in­ter­est of pub­lic safety”, which is a sine qua non for the ap­pli­ca­tion of this pro­vi­sion. “Nei­ther of these are se­cre­tive con­di­tions or sit­u­a­tions. Ei­ther of the sit­u­a­tions would be ap­par­ent to a rea­son­able per­son,” the Cen­tre ob­served in the note on April 25, 2011.

Ac­cord­ing to the note, “pub­lic emer­gency” means the pre­vail­ing of a sud­den con­di­tion or state of af­fairs af­fect­ing the peo­ple at large that calls for im­me­di­ate ac­tion. It is one which raises prob­lems con­cern­ing the in­ter­est of pub­lic safety, the sovereignty and in­tegrity of In­dia, the se­cu­rity of the state, friendly re­la­tions with sovereign states or pub­lic or­der or the pre­ven­tion of in­cite­ment to the com­mis­sion of an of­fence.

“Pub­lic safety” means the state of free­dom dan­ger or risk for the peo­ple at large.

When ei­ther of these two con­di­tions are not in ex­is­tence, the au­thor­i­ties can­not re­sort to tele­phone

Col­lect­ing data be­yond the req­ui­site amount and pro­fil­ing on the ba­sis of such in­ter­cep­tion are the risks await­ing In­dia.

tap­ping even though there is sat­is­fac­tion that it is nec­es­sary or ex­pe­di­ent to do so in the in­ter­ests of the sovereignty and in­tegrity of In­dia, se­cu­rity of the state, friendly re­la­tions with sovereign states, pub­lic or­der or for prevent­ing in­cite­ment to the com­mis­sion of an of­fence.

Con­trast this with the De­cem­ber 20 or­der is­sued by the Home Min­istry, which is silent on both pub­lic emer­gency and pub­lic safety. Nor does it cite any of the grounds men­tioned in Sec­tion 69(1) of the IT Act.

In 2011, the Cab­i­net Sec­re­tary, in re­sponse to a di­rec­tive from the Prime Min­is­ter, rec­om­mended that the gov­ern­ment ei­ther re­move the Cen­tral Board of Di­rect Taxes (CBDT) from the list of agen­cies au­tho­rised to in­ter­cept tele­phone calls—since in­come tax laws fall within civil ju­ris­dic­tion and do not al­ways im­pinge on pub­lic safety—or de­lin­eate the stip­u­la­tions for and the ex­tent of sur­veil­lance the agency is al­lowed, in­clud­ing the level at which re­quests were to be made for au­tho­ri­sa­tion by the Home Sec­re­tary.

The Cen­tre clar­i­fied in a press note that the law did not per­mit use of tele­phone tap­ping and mon­i­tor­ing of con­ver­sa­tions to merely de­tect tax eva­sion.

There are spe­cific laws and rules that con­tain pro­vi­sions for de­tec­tion of un­ac­counted wealth and eva­sion of taxes, and in­ter­cep­tion of tele­phone calls with­out “pub­lic emer­gency” or “pub­lic safety” be­ing at stake was not in ac­cor­dance with the law, as ex­haus­tively in­ter­preted by the Supreme Court, the note said.

The in­clu­sion of the CBDT among the 10 agen­cies au­tho­rised to snoop on dig­i­tal data in the De­cem­ber 20 or­der ex­poses the lie be­ing per­pe­trated by the cur­rent regime.

Jus­tice B.N. Srikr­ishna Com­mit­tee re­port on Data Pro­tec­tion, “A Free and Fair Dig­i­tal Econ­omy: Pro­tect­ing Pri­vacy, Em­pow­er­ing In­di­ans”, sub­mit­ted to the Cen­tre re­cently, ob­serves that there is no gen­eral law in In­dia to­day that au­tho­rises non-con­sen­sual ac­cess to per­sonal data or in­ter­cep­tion of per­sonal com­mu­ni­ca­tion for the pur­poses of in­tel­li­gence gath­er­ing or na­tional se­cu­rity.

If there are any en­ti­ties that are car­ry­ing out ac­tiv­i­ties of such a na­ture with­out statu­tory au­tho­ri­sa­tion (for ex­am­ple, solely through ex­ec­u­tive au­tho­ri­sa­tion), such ac­tiv­i­ties will be il­le­gal as per the Put­taswamy judg­ment as they would not be op­er­at­ing un­der law.

The In­tel­li­gence Ser­vices (Pow­ers and Reg­u­la­tion) Bill, 2011, was in­tro­duced to reg­u­late the func­tion­ing of In­dian in­tel­li­gence agen­cies and in­sti­tute an over­sight mech­a­nism. How­ever, the Bill lapsed in 2011 and a leg­isla­tive vac­uum re­mains.

The Srikr­ishna Com­mit­tee re­port took note of the ex­ist­ing le­gal frame­work in the form of Sec­tion 5 of Tele­graph Act and Sec­tions 69 and 69B of the IT Act. For each of these mech­a­nisms, the re­port said, over­sight was car­ried out through a re­view com­mit­tee set up un­der the Tele­graph Rules. This com­mit­tee re­views in­ter­cep­tion orders passed un­der the Tele­graph Act and Sec­tion 69B of the IT Act. It con­sists of the Cab­i­net Sec­re­tary, Sec­re­tary to the Gov­ern­ment of In­dia in charge of Le­gal Af­fairs, and the Sec­re­tary to the Gov­ern­ment of In­dia in charge of the De­part­ment of Telecom­mu­ni­ca­tions.

As per a re­cent right to in­for­ma­tion (RTI) ap­pli­ca­tion to the Home Min­istry, 7,500 to 9,000 such orders are passed by the Cen­tre every month. The re­view com­mit­tee, which meets once in two months, has the un­re­al­is­tic task of re­view­ing 15,000 to 18,000 in­ter­cep­tion orders in every meet­ing, the re­port said. (Com­ments in re­sponse to the White Pa­per sub­mit­ted by Kalyan Biswas, as­so­ciate vice pres­i­dent at In­ter­net and Mo­bile As­so­ci­a­tion of In­dia, on Jan­uary 31, 2018, are avail­able on file with the com­mit­tee.)

Ad­di­tion­ally, the com­mit­tee noted that sur­veil­lance prac­tices were also en­abled by the li­cence agree­ments en­tered into by tele­com ser­vice providers with the gov­ern­ment. For ex­am­ple, such agree­ments can man­date low en­cryp­tion stan­dards. This poses a threat to the safety and se­cu­rity of the per­sonal data of data prin­ci­pals, the per­son, com­pany or en­tity whose in­for­ma­tion is be­ing col­lected.

More im­por­tantly, the Srikr­ishna Com­mit­tee ob­served: “Sur­veil­lance should not be car­ried out with­out a de­gree of trans­parency that can pass the muster of the Put­taswamy test of ne­ces­sity, pro­por­tion­al­ity and due process. This can take var­i­ous forms, in­clud­ing in­for­ma­tion pro­vided to the pub­lic, leg­isla­tive over­sight, ex­ec­u­tive and ad­min­is­tra­tive over­sight and ju­di­cial over­sight. This would en­sure scru­tiny over the work­ing of such agen­cies and in­fuse pub­lic ac­count­abil­ity.”

The com­mit­tee pro­posed that the sur­veil­lance ar­chi­tec­ture em­bed sys­tem­atic risk man­age­ment

tech­niques within it­self. This would lead to the pri­ori­ti­sa­tion and nar­row­ing of its ac­tiv­i­ties by de­vot­ing re­sources to cred­i­ble risks, whether rep­u­ta­tional or or­gan­i­sa­tional.

For ex­am­ple, an as­sess­ment of whether a par­tic­u­lar mea­sure was the least in­tru­sive to achieve a stated aim may be re­quired. This will not only re­duce the costs in­curred by the state but will be con­sis­tent with civil rights pro­tec­tion.

“We has­ten that this rec­om­men­da­tion, al­beit not di­rectly made a part of the data pro­tec­tion statute, is im­por­tant for the data pro­tec­tion prin­ci­ples to be im­ple­mented ef­fec­tively and must be ur­gently con­sid­ered,” the com­mit­tee said in its re­port.

It said that the data pro­tec­tion law should re­quire the law en­force­ment agen­cies to en­sure that pro­cess­ing of per­sonal data was ac­tu­ally nec­es­sary and pro­por­tion­ate to their pur­pose. For ex­am­ple, the main­te­nance of a DNA data­base of all cit­i­zens, some of whom may be in­no­cent, to track crime, with­out le­gal sanc­tion, would be a dis­pro­por­tion­ate law en­force­ment mea­sure.

A sim­i­lar ex­er­cise was un­der­taken in the United King­dom, where the gov­ern­ment later had to delete the records of more than a mil­lion in­no­cent adults and chil­dren after the en­act­ment of the Pro­tec­tion of Free­doms Act, 2012, which in­ter alia reg­u­lates the col­lec­tion, re­ten­tion, de­struc­tion of bio­met­ric data, sur­veil­lance mech­a­nisms, etc.

Sec­tion 42 (1) of the Per­sonal Data Pro­tec­tion Bill, 2018, pro­posed by the com­mit­tee states that pro­cess­ing of per­sonal data in the in­ter­ests of the se­cu­rity of the state shall not be per­mit­ted un­less it is au­tho­rised pur­suant to a law and is in ac­cor­dance with the pro­ce­dure es­tab­lished by such law made by Par­lia­ment and is nec­es­sary for, and pro­por­tion­ate to, such in­ter­ests be­ing achieved.

NA­TIONAL SE­CU­RITY

Courts have tra­di­tion­ally de­ferred to the ex­ec­u­tive’s pre­rog­a­tive on na­tional se­cu­rity grounds. The moot ques­tion is how much ac­tual se­cu­rity such a mea­sure would pro­vide. Schol­ars such as Jen­nifer Chan­dler ar­gue that height­ened sur­veil­lance often leads to less rather than more se­cu­rity since these mea­sures have been known to dis­pro­por­tion­ately af­fect racial and re­li­gious mi­nori­ties, on the ba­sis of pro­fil­ing along those lines.

These mea­sures also seem to in­crease a feel­ing of se­cu­rity but do not trans­late into an ac­tual in­crease in phys­i­cal safety. This con­di­tion is called “se­cu­rity the­atre”, where the men­tal as­pect of “feel­ing se­cure” is given greater im­por­tance than ac­tual phys­i­cal safety. If na­tional se­cu­rity is the ob­jec­tive, it is un­clear why or­gan­i­sa­tions aim­ing to de­tect fi­nan­cial and nar­cotic­sre­lated of­fences have been em­pow­ered. The NCB and the CBDT pur­sue ob­jec­tives other than na­tional se­cu­rity.

Jus­tice Kaul dealt with pro­fil­ing in his con­cur­ring judg­ment in the Put­taswamy case (right to pri­vacy). He re­ferred to the Euro­pean Union reg­u­la­tion of 2016 on data pri­vacy, which de­fines pro­fil­ing as any form of au­to­mated pro­cess­ing of per­sonal data con­sist­ing of the use of per­sonal data to eval­u­ate cer­tain per­sonal as­pects re­lat­ing to a nat­u­ral per­son, in par­tic­u­lar to an­a­lyse or pre­dict as­pects con­cern­ing that nat­u­ral per­son’s per­for­mance at work, eco­nomic sit­u­a­tion, health, per­sonal pref­er­ences, in­ter­ests, re­li­a­bil­ity, be­hav­iour, lo­ca­tion or move­ments.

Such pro­fil­ing, Jus­tice Kaul said, could re­sult in dis­crim­i­na­tion based on re­li­gion, eth­nic­ity and caste. How­ever, he added, pro­fil­ing could be used to fur­ther the pub­lic in­ter­est and for the ben­e­fit of na­tional se­cu­rity.

The se­cu­rity en­vi­ron­ment, not only in In­dia but through­out the world, makes the safety of per­sons and the state a mat­ter to be bal­anced against the right to pri­vacy, he ob­served. But then he warned: “Knowl­edge about a per­son gives a power over that per­son. The per­sonal data col­lected is ca­pa­ble of ef­fect­ing rep­re­sen­ta­tions, in­flu­enc­ing de­ci­sion-mak­ing pro­cesses and shap­ing be­hav­iour. It can be used as a tool to ex­er­cise con­trol over us like the ‘Big Brother’ state ex­er­cised. This can have a stul­ti­fy­ing ef­fect on the ex­pres­sion of dis­sent and dif­fer­ence of opin­ion, which no democ­racy can af­ford.” Even as the Cen­tre seeks to ac­quire the power of sur­veil­lance in the name of na­tional se­cu­rity, it would do well to read what Jus­tice Kaul said in the Put­taswamy judg­ment on the right to pri­vacy with re­gard to the role of pri­vacy in prevent­ing awk­ward so­cial sit­u­a­tions and re­duc­ing so­cial fric­tion.

The De­cem­ber 20 or­der fails the test of pro­por­tion­al­ity as laid down by the Supreme Court in sev­eral cases.

GOOGLE, CON­NIE ZHOU/AP

IN­SIDE GOOGLE’S DATA CEN­TRE in The Dalles, Ore­gon. Google uses these data cen­tres to store email, pho­to­graphs, video, cal­en­dar en­tries and other in­for­ma­tion shared by its users.

UNION HOME MIN­IS­TER Ra­j­nath Singh.

THE TERM “com­puter re­source”, as de­fined by the IT Act also points to the pos­si­bil­ity of the or­der be­ing over­broad and there­fore amenable to mis­use by the au­thor­i­ties. In 2008, the Act was amended in such a way that the term in­cluded any “com­mu­ni­ca­tion de­vice”, such as mo­bile phones, within the def­i­ni­tion.

AT AN AAD­HAARregis­tra­tion cen­tre in New Delhi.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.