No escaping the surveillance state?

Indians are routinely subjected to government surveillance on a staggering scale -7500 to 9000 telephone interception orders by the Central Government each month!
Excerpt from a report by SOFTWARE FREEDOM LAW CENTRE, INDIA

While most of the rest of the world was foreseeably outraged by the contents of Snowden's revelations, the then Indian Government's response to the matter was tepid at best, and the whole affair was shrugged off as a routine occurrence in international diplomacy. This stand was especially surprising since India, who has always boasted friendly ties with the US, was reportedly fifth in the overall list of countries spied on by the NSA programs. Why then was India rushing to the US' defense, with the then Minister for External Affairs going so far as to say that the US surveillance programs are "not actually snooping"?


On closer inspection, one quickly begins to realize that the Government of India's (GoI) tolerance of US surveillance might have been brought on by more than a mere desire to keep Indo-US relations from going sour. In line with the age-old adage against throwing stones in a glass house, the Government's remarkable restraint might have stemmed – at least in part – from the fact that it was busy with some "snooping" of its own. While we note with great satisfaction the earnest words of the current Minister of External Affairs, Ms. Sushma Swaraj on issues of US surveillance and hope the matter will get the attention it deserves, the need to understand India's domestic surveillance practices is not obliterated.

Multiple Indian legislations, including the Indian Telegraph Act and Rules, Information Technology Act and Rules and the Code of Criminal Procedure, contain explicit provisions that allow Central and State Governments to intercept and monitor the nation's communication networks on several grounds. These grounds are often broadly worded, with generous helpings of terms such as 'security of the state' and 'public safety' that are never defined with any manner of precision. This effectively grants the Government unsubstantiated access to India's telephone and Internet networks to retrieve their contents at will.

Similarly, license agreements entered into between Indian communications service providers and the Department of Telecommunications contain clauses that mandate inter alia, the installation of unspecified surveillance equipment into communication networks as and when required by the Government and its agents. All service providers operating within the country at any given point of time are therefore bound to ensure that their networks are open to Government surveillance.

Legalising surveillance

Under the authority of the afore- mentioned provisions of law, a number of Lawful Interception and Monitoring (LIM) systems have been installed into India's telephone and Internet networks. These bare in real-time our phone calls, texts, e- mails and general Internet activity to Government surveillance. 'LIM systems' being a generic term that alludes to any surveillance system sanctioned by law, the true nature and extent of capabilities of the specific systems employed by the Indian Government remain matters of intelligent speculation. Aside from these pre-existing LIM systems, a slew of additional surveillance systems designed to significantly enhance the Govern- ment's existing capabilities are also in the pipeline in varying stages of deployment. This includes as of current knowledge, the Central Monitoring System (CMS), Network Traffic Analysis (NETRA), and National Intelligence Grid (NATGRID) – all of which will be examined in detail in the course of this report.

Staggering scale of surveillance

An application filed by SFLC.in under the Right to Information Act revealed that on an average, around 7500 – 9000 telephone- interception orders are issued by the Central Government alone each month. Extrapolating this number to include all interception orders issued by the Central and State Governments combined, it becomes clear that Indian citizens are routinely and discreetly subjected to Government surveillance on a truly staggering scale.

In this report, SFLC.in delves into the unchartered wilderness that is India's surveillance landscape in a pragmatically pessimistic bid to demystify our surveil- lance practices.

Conclusion

Over the course of this report, we have seen that the GoI and its agents are authorized under various statutes and license agreements to surveil India's telephone and Internet networks on a large number of broadly worded grounds ranging from protection of national security to preventing the spread of computer viruses.

Pursuant to authority so derived, several state surveillance programs already keep a close tab on our communication networks, and far more potent surveillance technologies are in the pipeline in varying stages of deployment. While the Government swears that it limits itself to targeted surveillance and does not indulge in mass surveillance of any kind, the large scale data-mining and profiling capabilities of upcoming surveillance systems such as the CMS and NATGRID are reason enough to be skeptical of this stance.

Also causing concern among citizens is the fact that communications surveillance continues to be the exclusive domain of the Executive arm of the Government, which insists on keeping the public in the dark. There are no provisions for public or judicial oversight of the surveillance process and in such a scenario, one cannot help but be wary of abuse of power. To top it all off, a legislatively recognized right to privacy is conspicuously absent from Indian legal canons. Protection accorded by law to the citizens' right to privacy ends with a judicial interpretation of the right as an implicit content of right to life as guaranteed by the Constitution of India.

In the wake of the global uproar caused by Edward Snowden's revelations on US surveillance, and the sudden spike in interest around the topic of surveillance and privacy, the time has come for a comprehensive review of Indian legislat- ive provisions that sanction and regulate our surveillance process.

In this regard, the language of the law needs to be considerably narrowed down to specify objectively verifiable situations under which surveillance may be legitimately undertaken. The procedure to be followed while surveilling communications must be clearly spelled out in its entirety, and any opportunity for misuse of authority must be done away with by holding the concerned agents of intercepting agencies to the highest standards of accountability.

Provision for independent oversight of the surveillance process is an immediate necessity, and the regime of blanket denial of surveillance-related information requests made by the public must be done away with.

The surveillance regime in its current state needs to be made more transparent, and public trust in this regard must be rebuilt, which will not happen without a greater degree of public participation.

Finally, citizens must have a legislatively recognized right to privacy, the violation of which will entitle them to constitutional remedies.

All of the above remedies are easily envisioned, but their implementation will undoubtedly present several challenges – both foreseen and unforeseen. Nothing short of a collective, concentrated effort on the part of all stakeholders in the surveillance regime, including but not limited to the Government, industry, civil society and the general public, will serve to transform India's surveillance state from its current state of opacity to one of transparency, trust and efficiency.

(SFLC.IN is a donor supported legal services organization that brings together lawyers, policy analysts, technologists, and students to protect freedom in the digital world)