The Legality of State Surveillance In India
October 2, 2021
A grey expanse of notoriety and debate shadows the legal framework around the Right to Privacy in modern India today. This issue was brought back into our contemporary foray with the Pegasus scandal hitting the Indian news radar during the summer of 2021.
A Dangerous Spyware
Pegasus, also known as Q Suite, was developed by ex-members of Israeli intelligence agencies, marketed under a banner called NSO Group. The group claims to sell exclusively to National governments. Pegasus, an advanced cyber software, enables the government and intelligence agencies to “remotely and covertly extract data from virtually any mobile devices”. Pegasus can be installed with a zero-click (zero user interface) which can be innocuously transmitted to the targeted phone over-the-air disguised as a push message. It can be modified to intercept messages, record screenshots, extract browser history and contacts from a device.
In July 2021, the Pegasus Project, an international guild of media outlets and Amnesty International, revealed that a list of 50,000 phone numbers was targeted by the spyware, which included Indian political leaders, journalists, activists and students. This revelation resulted in a host of petitions in the Supreme Court of India against the State for undue and unchecked state surveillance. The trial of Manohar Lal Sharma vs The Prime Minister2 in the Supreme Court is the ongoing judicial probe into the Pegasus spyware and the legality of state surveillance in India.
The State’s Defence
Under section 5(2) of the Telegraph Act 18853, the government is permitted to intercept calls in situations that involve the sovereignty and integrity of India, security of the state, to maintain public order, friendly relations with foreign actors, and to prevent incitement of an offence. In 1996, the People‟s Union for Civil Liberties (PUCL)4 filed a Public Interest Litigation (PIL) against the rules of the Telegraph Act, arguing that the Act alone cannot constitute the whole skeletal of protection of an individual‟s right to privacy. They argued for the maintenance of time logs and records of all surveillance conducted by the state. This culminated into the IT Act (2000)5 which mandates the government to formalise in writing why an individual was chosen for surveillance and permission for the same was to be granted solely by the Union Home Secretary.
Additionally, under section 69 of IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 20096 electronic surveillance is permitted for investigation purposes of an offence. Rule 4 of this Act provides that the state can intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource.
Thus, in July 2021 the Union I.T. Minister Ashwini Vaishnaw, in response to the fiery outcry in the Parliament over the Pegasus scandal, vehemently justified the use of government surveillance citing sufficient checks and balances, and legality under the ambit of the Telegraph Act, 1885, IT Act, 2000 and IT Rules, 20097. The Government, however, denied any use of the Pegasus malware to spy on its citizens.
Arguments Against State Surveillance
In the 1996 PUCL PIL case, spurred by the CBI report on the “Tapping of politicians‟ phones”, the Supreme Court expressed that the government indeed has the right to exercise Subrosa operation as part of its intelligence, but that should not come at a cost of state intrusion into an individual‟s private life. It held the citizen‟s Right to Privacy as paramount and urged for its protection. These recommendations eventually became part of the Rule 419A of the Telegraph Rules, 20078 and the IT Act, 2009. (Rule 419A of the Telegraph Rules states that such orders can only be authorised by an officer not below the rank of Joint Secretary.)
Similarly, in 2012, a commission under Justice A.P. Shah9 was set up to understand the loopholes in the surveillance framework of India. Findings proved that different interceptions are sanctioned in different acts, such that the Telegraph Act and the IT Act will allow for different types of intrusions. Therefore, it was concluded that the correct applicability and interpretations of the right law is not always standardised in every situation.
The Proportionality Test
In August 2017, a nine-judge bench of the Supreme Court in the Puttaswamy Case10 gave legitimacy to the ‘Right to Privacy’. It established the Right to Privacy as a fundamental right for Indian citizens under the Constitution of India (mostly under Article 21 and Part III rights). This meant that no legislation passed by the government could violate this right. The Court adopted the three-pronged test or the three necessary conditions required for the subversion of any rights under Article 21. They were (i) Legality or through an existing law(ii) Necessity or to fulfill a legitimate state objective and (iii) Proportionality or a rational balance between the objective and means to achieve the objective.
With a history of violation of citizen‟s privacy rights, phone tapping controversies and hundreds of petitions on undue state surveillance, it is evident that the state does not accurately apply the three-prong proportionality test when violating Article 21 of the Constitution. In the absence of data protection rights for citizens and ambiguous application of national security laws, there is no guarantee of safeguarding an individual‟s right to privacy. Moreover, critics of the government of the day are left extremely disadvantaged and vulnerable with such unchecked surveillance. This has the potential to severely erode the democratic fabric of India.
The State’s Amends
Presently, in the 2021 case of Manohar Lal vs The Prime Minister, the Solicitor General of India on behalf of the Union government in the Court offered an affidavit11 that promises to set up a Court-monitored committee of independent experts to investigate the Pegasus matter and to check whether due procedures and regulations were followed if any such authorised surveillance occurred. He also reiterated that the identity of the software used to intercept information can not be revealed as that would compromise the government‟s ability to hack into its „enemies‟ communication systems. The government, although, is willing to share this sensitive information with the committee in confidence, who will then present it to the Court.
However, the prosecution team is unhappy with that offer and has pointed to the fact that the government cannot be trusted to set up the committee if it has indeed used Pegasus. Additionally, they also clarified that the petitioners were not seeking sensitive information affecting national security but rather wanted to inquire if Pegasus or similar malwares was used by the state against its citizens.
Meanwhile, as the case develops further, the people of India are left hanging in doubt, distrust and trepidation about their true extent of freedom and privacy in the world‟s largest democracy.