Milind Deora, a former minister in the United Progressive Alliance government, has cautioned against the possible misuse of a new and more sophisticated system of surveillance conceptualised by his government and now reportedly put on the fast track by the Narendra Modi government. Called the Central Monitoring System, it allows government agencies to bypass phone and internet service providers to directly intercept communications. In an interview to Scroll.in, Deora said that he realised the system could lead to "technically lawful but malicious" interception in the absence of a privacy law.
Currently, in India, the sanction of the union home secretary is required before an agency can tap phones or intercept communications. According to an official reply under a query under the Right to Information Act, the home secretary clears nearly 300 phone tap applications every day. This information led to a seminal study by the New Delhi-based Software Freedom Law Centre which found there was very little transparency about what the government is doing with so much of data that it collects through these 100,000 phone taps every year.
Ideally, any phone tap can lead to only one of two results. It can ether lead to conclusively establish that the person whose communications are being intercepted is guilty, as was suspected. Or, it can reveal that the suspicions were not founded and the person is not indulging in any criminal activity.
If the interception shows that the person is indeed guilty as suspected, then the person should be charged under the relevant laws and prosecuted in the courts. If the person is proved to be innocent after the lawful interception has been conducted, there is no guarantee that the material collected during the period when their phones were being tapped has been destroyed. None of the 10 authorised agencies under law has published a transparency report and even when asked for metadata about whether the law is being followed, they have withheld information.
For over two years, I have been petitioning the government to share metadata on whether it is following the law on for intercepting private communications. On every occasion the government has denied the information on the grounds that even revealing such information would be prejudicial to the interests and security of the state.
Privacy safeguards
A monitoring committee was set up after a 1996 judgment of the Supreme Court (PUCL vs. Union of India) to ensure that there was some modicum of safeguard in the current surveillance structure. It comprised of the cabinet secretary as the chairperson with the law and telecom secretaries as the other members. As per law, it must review any phone tapping order in detail and see if it is useful before allowing it to continue for an extended period.
To understand if the law on phone tapping is being followed or not, I filed an RTI application with the Cabinet Secretariat, asking them:
a. How many times has the monitoring committee for lawful interception met
b. Whether the committee has found any unlawful phone tapping case
c. Which are the agencies that they found were conducting the unlawful tapping
d. What action was taken to penalise such agencies/persons etc.
After my application failed to get a response from the information officer in the cabinet secretariat, it landed with Nipun Vinayak, the director in the secretariat who was designated as the appellate authority. In his order, Vinayak refused to answer most of my queries. His reasoning was that even revealing whether any unlawful orders for phone tapping had been discovered by the monitoring committee could be a great threat to national security. How can metadata on whether the law is being followed be prejudicial to national security?
The period I sought the data for was also the time when the phones of corporate lobbyist Niira Radia were put under lawful surveillance. As per the law, phone tapping is allowed for only 60 days before it is sent to the monitoring committee for a review. In this case, the committee’s review found the tapping useful and it was continued for nearly 180 days. And yet, when the case was finally heard, the Central Bureau of Investigation stated in court that there was no criminal act found in any of the tapes. If that was the case, why did the committee allow such a long period of surveillance?
The surveillance carried out by the British spy agency GCHQ was challenged in the courts by Privacy International on these very grounds. The British surveillance tribunal ruled in their favour and declared that the GCHQ spying was patently was illegal.
Poor outcomes, real risks
Government surveillance is often accepted by citizens on grounds that it helps keep them safe. But in the United States, as the leaks by National Security Agency contractor Edward Snowden revealed that only a measly 1.2 % of the massive surveillance programme yielded any actionable intelligence.
While the outcomes from surveillance remain uncertain, the risks to citizens are clear. As Milind Deora, former Minister of State for Communications and Information Technology admits, in the absence of transparency and privacy laws, the Central Monitoring System could be misused by the government of the day.
Under opaque conditions, the Central Monitoring System will only put the rights of Indian citizens under great peril. The state is empowered by citizens to act on their behalf in a careful balance which is clearly in favour of the citizen. The government’s ability to deploy surveillance tips that balance precariously. If the state starts to spy on its citizens using opaque methods like the Central Monitoring System, what is there to prevent its misuse by a political entity with dictatorial ambitions?
A Central Monitoring System will only empower such elements who can then use secret but legal interception to manipulate individuals and organisations and put our democratic rights in severe jeopardy. Unless citizens speak up now, their power over the state will be lost forever.
Saikat Datta is a senior fellow with the National Law University, Delhi.
This is the second in a two-part series about the concerns over the Central Monitoring System. The first part is available here.
Why Indians must resist the Modi government's planned surveillance system
Currently, in India, the sanction of the union home secretary is required before an agency can tap phones or intercept communications. According to an official reply under a query under the Right to Information Act, the home secretary clears nearly 300 phone tap applications every day. This information led to a seminal study by the New Delhi-based Software Freedom Law Centre which found there was very little transparency about what the government is doing with so much of data that it collects through these 100,000 phone taps every year.
Ideally, any phone tap can lead to only one of two results. It can ether lead to conclusively establish that the person whose communications are being intercepted is guilty, as was suspected. Or, it can reveal that the suspicions were not founded and the person is not indulging in any criminal activity.
If the interception shows that the person is indeed guilty as suspected, then the person should be charged under the relevant laws and prosecuted in the courts. If the person is proved to be innocent after the lawful interception has been conducted, there is no guarantee that the material collected during the period when their phones were being tapped has been destroyed. None of the 10 authorised agencies under law has published a transparency report and even when asked for metadata about whether the law is being followed, they have withheld information.
For over two years, I have been petitioning the government to share metadata on whether it is following the law on for intercepting private communications. On every occasion the government has denied the information on the grounds that even revealing such information would be prejudicial to the interests and security of the state.
Privacy safeguards
A monitoring committee was set up after a 1996 judgment of the Supreme Court (PUCL vs. Union of India) to ensure that there was some modicum of safeguard in the current surveillance structure. It comprised of the cabinet secretary as the chairperson with the law and telecom secretaries as the other members. As per law, it must review any phone tapping order in detail and see if it is useful before allowing it to continue for an extended period.
To understand if the law on phone tapping is being followed or not, I filed an RTI application with the Cabinet Secretariat, asking them:
a. How many times has the monitoring committee for lawful interception met
b. Whether the committee has found any unlawful phone tapping case
c. Which are the agencies that they found were conducting the unlawful tapping
d. What action was taken to penalise such agencies/persons etc.
After my application failed to get a response from the information officer in the cabinet secretariat, it landed with Nipun Vinayak, the director in the secretariat who was designated as the appellate authority. In his order, Vinayak refused to answer most of my queries. His reasoning was that even revealing whether any unlawful orders for phone tapping had been discovered by the monitoring committee could be a great threat to national security. How can metadata on whether the law is being followed be prejudicial to national security?
The period I sought the data for was also the time when the phones of corporate lobbyist Niira Radia were put under lawful surveillance. As per the law, phone tapping is allowed for only 60 days before it is sent to the monitoring committee for a review. In this case, the committee’s review found the tapping useful and it was continued for nearly 180 days. And yet, when the case was finally heard, the Central Bureau of Investigation stated in court that there was no criminal act found in any of the tapes. If that was the case, why did the committee allow such a long period of surveillance?
The surveillance carried out by the British spy agency GCHQ was challenged in the courts by Privacy International on these very grounds. The British surveillance tribunal ruled in their favour and declared that the GCHQ spying was patently was illegal.
Poor outcomes, real risks
Government surveillance is often accepted by citizens on grounds that it helps keep them safe. But in the United States, as the leaks by National Security Agency contractor Edward Snowden revealed that only a measly 1.2 % of the massive surveillance programme yielded any actionable intelligence.
While the outcomes from surveillance remain uncertain, the risks to citizens are clear. As Milind Deora, former Minister of State for Communications and Information Technology admits, in the absence of transparency and privacy laws, the Central Monitoring System could be misused by the government of the day.
Under opaque conditions, the Central Monitoring System will only put the rights of Indian citizens under great peril. The state is empowered by citizens to act on their behalf in a careful balance which is clearly in favour of the citizen. The government’s ability to deploy surveillance tips that balance precariously. If the state starts to spy on its citizens using opaque methods like the Central Monitoring System, what is there to prevent its misuse by a political entity with dictatorial ambitions?
A Central Monitoring System will only empower such elements who can then use secret but legal interception to manipulate individuals and organisations and put our democratic rights in severe jeopardy. Unless citizens speak up now, their power over the state will be lost forever.
Saikat Datta is a senior fellow with the National Law University, Delhi.
This is the second in a two-part series about the concerns over the Central Monitoring System. The first part is available here.
Why Indians must resist the Modi government's planned surveillance system