Why in the news?
- In response to the finding by a global collaborative investigative project that Israeli spyware Pegasus was used to target at least 300 individuals in India, the government has claimed that all interception in India takes place lawfully.
What are the laws covering surveillance in India?
- Communication surveillance in India takes place primarily under two laws — the Telegraph Act, 1885 and the Information Technology Act, 2000.
- While the Telegraph Act deals with interception of calls, the Information Technology Act, 2000 was enacted to deal with surveillance of all electronic communication, following the Supreme Court’s intervention in 1996.
- A comprehensive data protection law to address the gaps in existing frameworks for surveillance is yet to be enacted.
Telegraph Act, 1885
- Under this law, the government can intercept calls only in certain situations –
- The interests of the sovereignty and integrity of India
- the security of the state
- friendly relations with foreign states or public order, or
- for preventing incitement to the commission of an offence.
These are the same restrictions imposed on free speech under Article 19(2) of the Constitution.
- Significantly, even these restrictions can be imposed only when there is a condition precedent – the occurrence of any public emergency, or in the interest of public safety.
- Additionally, a provision in Section 5(2) states that even this lawful interception cannot take place against journalists.
Supreme Court intervention
- In Public Union for Civil Liberties v Union of India (1996), the Supreme Court pointed out lack of procedural safeguards in the provisions of the Telegraph Act and laid down certain guidelines for interceptions.
- The court noted that authorities engaging in interception were not even maintaining adequate records and logs on interception.
- Among the guidelines issued by the court were setting up a review committee that can look into authorisations made under Section 5(2) of the Telegraph Act.
- The Supreme Court’s guidelines formed the basis of introducing Rule 419A in the Telegraph Rules in 2007 and later in the rules prescribed under the IT Act in 2009.
Information Technology Act, 2000
- Section 69 of the Information Technology Act and the Information Technology (Procedure for Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 were enacted to further the legal framework for electronic surveillance.
- Under the IT Act, all electronic transmission of data can be intercepted.
- So, for a Pegasus-like spyware to be used lawfully, the government would have to invoke both the IT Act and the Telegraph Act.
- Apart from the restrictions provided in Section 5(2) of the Telegraph Act and Article 19(2) of the Constitution, Section 69 the IT Act adds another aspect that makes it broader — interception, monitoring and decryption of digital information “for the investigation of an offence”.