Ministry of Home Affairs (MHA) on 20 December 2018, has notified agencies in exercise of the powers conferred by sub-section (1) of Section 69 of the Information Technology Act, 2000, read with Rule 4 of Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.
It states the Competent Authority hereby authorizes the following Security and Intelligence Agencies for the purpose of interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource under the Information Technology Act, namely:
- Intelligence Bureau;
- Narcotics Control Bureau;
- Enforcement Directorate;
- Central Board of Direct Taxes;
- Directorate of Revenue Intelligence;
- Central Bureau of Investigation;
- National Investigation Agency;
- Cabinet Secretary;
- Directorate of Signal Intelligence (For J&K, North East & Assam only)
- Commissioner of Police, Delhi.
Though, section 5 of the Indian Telegraph Act already had similar position as to interception of Telephone Communication, but the same was challenged as unconstitutional and violation of Right to Privacy and Hon’ble Supreme Court laid down proper procedural guidelines and also formed a committee to looked into previous interception matters in 1997.
Similarly, Section 69 of Information Technology Act 2000, read with Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 provided for interception of information through any computer resource, that includes Internet. Accordingly in terms of these provisions, the interception has been authorized by the Government on 20 December 2018, whereby it has appointed few high level agencies for the purpose in accordance with the Law.
Though any such interception is a violation of Privacy but can help some investigating agencies in taking preemptive action for example, say against big bank defaulters, who may be planning to leave India or CBDT can track Tax Defaulters. But it is open to misuse as well and we will see some PIL (Public Interest Litigation) against the same in days to come. And that would result in more guidelines as were laid down under telegraphs Act in the matter of People’s Union for Civil Liberties v. Union of India [(1997) 1 SCC 318], in addition to the clarifications issued by MHA.
In any case, any such interception, can be challenged in the court of Law, if it is not done either in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence. Similar provisions were already included under Telegraphs Act as well.
Section 69 of Information Technology Act, also requires any Intermediary or in-charge of Computer resource to provide proper assistance in investigation, that will put more pressure on ISPs, hosting companies, etc. Though they have already been asked to codify these orders, so that users are aware of the same. They would be required to update their Legal Pages.
In 1997 matter, it was laid down that Telephone-Tapping is a serious invasion of an individual’s privacy. With the growth of highly sophisticated communication technology, the right to hold telephone conversation, in the privacy of one’s home or office without interference, is increasingly susceptible to abuse. It is no doubt correct that every Government, howsoever democratic, exercises some degree of subrosa operation as a part of its intelligence out-fit but at the same time citizen’s right to privacy has to be protected from being abused by the authorities of the day. Therefore, some balance and proper safeguards need to be laid down against its misuse !
Clarifications issued by Ministry of Home Affairs on 21 December 2018:
Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 provides that ‘the competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub-section (1) of Section 69 of the Act’.
- The Statutory order (S.O.) dated 20.12.2018 has been issued in accordance with rules framed in year 2009 and in vogue since then.
- No new powers have been conferred to any of the security or law enforcement agencies by the S.O dated 20.12.2018.
- Notification has been issued to notify the ISPs, TSPs, Intermediaries etc. to codify the existing orders.
- Each case of interception, monitoring, decryption is to be approved by the competent authority i.e. Union Home secretary. These powers are also available to the competent authority in the State governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009.
- As per rule 22 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009,all such cases of interception or monitoring or decryption are to be placed before the review committee headed by Cabinet Secretary, which shall meet at least once in two months to review such cases. In case of State governments, such cases are reviewed by a committee headed by the Chief Secretary concerned.
S.O dated 20.12.2018 will help in following ways:
I.To ensure that any interception, monitoring or decryption of any information through any computer resource is done as per due process of law.
II.Notification about the agencies authorized to exercise these powers and preventing any unauthorized use of these powers by any agency, individual or intermediary.
III.The above notification will ensure that provisions of law relating to lawful interception or monitoring of computer resource are followed and if any, interception, monitoring or decryption is required for purposes specified in Section 69 of the IT Act, the same is done as per due process of law and approval of competent authority i.e. Union Home Secretary.
This notification does not confer any new powers. Adequate safeguards are provided in the IT Act 2000.
Similar provisions and procedures already exist in the Telegraph Act along with identical safeguards. The present notification is analogous to the authorization issued under the Telegraph Act. The entire process is also subject to a robust review mechanism as in case of Telegraph Act.
Every individual case will continue to require prior approval of Home ministry or state government. MHA has not delegated its powers to any law enforcement or security agency.
Quoted in Article dated 21 December 2018: