Introduction
The Information Technology Act, 2000 (‘IT Act, 2000’) was enacted to provide legal recognition to electronic communications. It is the primary statute that regulates electronic transactions and communications. Section 69 of the IT Act, 2000[i] gives the Central/State Government the power to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource in specified circumstances. The procedural aspects of the actions that may be initiated under the section are governed by the Information Technology (Procedure and safeguards for interception, monitoring and decryption of information) Rules, 2009[ii] (‘IT Rules’).
The powers conferred to the state under Section 69 has often brought questions regarding the right to privacy of Indian citizens. Right to privacy has not only been recognised as an essential part of Article 21 of the Constitution of India (i.e fundamental right to protection of life and personal liberty), it has also been recognised as a natural right by the Supreme Court in the case of Justice K.S Puttaswamy v. Union of India ('Puttaswamy Judgement') [iii].
In this article, we shall deeply delve upon the provisions of section 69, the concerns surrounding it and the way forward.
Understanding Section 69 of the IT Act, 2000
Section 69 (1) of the IT Act reads as follows:
(1) Where the Central Government or a State Government or any of its officers specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may, subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.
From the above extract, we may derive that the following factors should be mandatorily present for enforcement of Section 69 of the IT Act:
Enforcement by State/Central Government: Order for intercepting or monitoring or decrypting can be given only under an order of the competent government. It is noteworthy that though only the competent authority can order for the necessary actions, the same may be executed by an agency of the state, which has been authorised as such by the competent government. In this regard, 10 agencies which may carry out such interception or monitoring upon orders from the competent government, have been notified by the Ministry of Home Affairs vide their notification dated 20th December, 2018[v].
Cases in which the section may be invoked: It is important that the powers conferred under the IT Act, 2000 are exercised only in exceptional circumstances, to protect the integrity and sovereignty of the state and cannot be used in any other case. The apex court in the case of Facebook Inc vs Union of India[vii] (‘Facebook Case’) stated that de-encryption, if available easily, could defeat the fundamental right of privacy and de-encryption of messages may be done under special circumstances but it must be ensured that the privacy of an individual is not invaded. However, at the same time, the sovereignty of the State and the dignity and reputation of an individual are required to be protected.
Reasons have to be recorded in writing: As discussed, the powers are to be used only under exceptional circumstances. The prescription ensures that the power conferred upon the Government is balanced with adequate checks.
Now that we have understood section 69 of the IT Act, we shall delve into the pressing issues that the legal prescriptions bring along with.
Concerns with Section 69 of the IT Act
“Right to privacy” was accorded the status of a fundamental right pursuant to the Supreme Courts’ judgement in the Puttaswamy Judgement. Along with this, the scope of right to privacy was also discussed in the said case. The following were clarified w.r.t right to privacy as a right:
Privacy is a “natural right”, as it pertains to one's personality and is inalienable. Right to privacy is an essential right, as it is necessary to enjoy any other of the rights conferred by the Constitution of India. It is a right which is not granted by the Constitution, but a right we get by the virtue of being human. Accordingly, no staute can takeaway the right from the citizens;
Privacy may be categorised in the following categories:
Privacy with respect to the individual’s physical body;
Informational privacy i.e an individual has the right to control information about him/her that is disseminated to the world at large and his/her image that is being portrayed to the public;
Privacy of choice;
One of the very important elements of privacy is informational privacy, as enunciated hereinabove.
In a democracy, non-interference of the state in a person’s right to live, including his/her right to privacy is of utmost importance.
However, there is a second side to the coin as well. In this age of rapidly evolving technology, wherein the flow of information is seamless, there is also a probability that non-state actors have access to or exchange some vital information. The Supreme Court in the Puttaswamy Judgement highlighted the need for having an appropriate data protection law, which balances and maintains equilibrium between an individuals’ right to privacy and the interest of the state. While an individuals’ right should not be infringed, the interest of public at large should be paramount. Thus, the right to privacy is not absolute. It was specified that the right to privacy has to subside to a "just, fair and reasonable law which is not fanciful, oppressive or arbitary". Thus, the power to interfere should be used fairly, in a manner that the exercise does not violate or hamper enjoyment of such rights by any other person. As it was rightly mentioned:
The sanctity of privacy lies in its functional relationship with dignity.
A similar provision can be seen under the Indian Telegraph Act, 1885[viii] (‘Telegraph Act’). Section 5 of the Telegraph Act, empowers Central Government or State Government to transmit or intercept any telegraphic message, in case the government is of the opinion that such communication is a threat to the sovereignty or integrity of India or in case of a public emergency. While the powers conferred by the Telegraph Act are limited to transmissions through a telegraph, the powers conferred under the IT Act covers communications and information in computer systems. It is noteworthy that under both statutes, similar safeguards have been laid down against the abuse of powers conferred upon the Government.
The Supreme Court in R. M. Malkani vs State Of Maharashtra (1972)[ix] and State Of Maharashtra vs Bharat Shanti Lal Shah & Ors (2008)[x] specified that telephonic conversations are of an intimate nature, and phone-tapping would tantamount to infringement of a citizens’ right to privacy.
In People’s Union for Civil Liberties v. Union of India (1996)[xi], the Supreme Court laid down the guidelines to be followed for surveillance and interception of telephonic lines. The same principles are followed for interception and monitoring of computer systems, and are incorporated in the IT Rules with suitable modifications. The broad principles laid down by the Apex Court are as follows:
The powers under the Telegraph Act may be enforced only in case of an emergency. Per se, it has been specified that emergency should be a public emergency only i.e an emergency which brings a threat to public safety or sovereignty or integrity of India. The same is distinguished with economic emergency;
The exercise of power should be fair and reasonable;
The Road Ahead
The Puttaswamy Judgement highlighted the need for a well-established law regulating the area. The law put in place for the purpose, should touch upon the following cornerstones:
Legality: The actions carried out under the act must be lawful;
Need/Purpose: The law formulated should be made for a legitimate and bonafide purpose.
Proportionality: The law put in place to regulate sharing or access to any information should follow the principle of “proportionality” i.e only reasonable restrictions on the rights of citizens should be imposed by such law, which are adequate to satisfy the purpose of law.
Conclusion
The data protection and information technology laws in India are continuously evolving. However, technology and information systems are evolving at a faster pace. There is a pressing need to bring the technology law framework in line with the dynamic technological environment. As the Apex Court in the Facebook case specified, there are various creases which need to be ironed out. However, in bridging this legal gap, we need to consider one of the most important aspects - that we abide with the constitutional spirit as right to privacy is a natural right and a fundamental right. India, being the largest democracy, has to balance the thin line that lies between a citizens’ fundamental right and welfare of the public, at large.
Definitions and References
Competent Government- Secretary of Home Affairs in case of Central Government and Secretary in Charge of Home Department in case of State/Union Territory[iv]
[i] https://indiankanoon.org/doc/1439440/ [ii] https://www.meity.gov.in/writereaddata/files/Information%20Technology%20%28Procedure%20and%20Safeguards%20for%20Interception%2C%20Monitoring%20and%20Decryption%20of%20Information%29%20Rules%2C%202009.pdf [iii] https://indiankanoon.org/doc/127517806/ [iv] However, the same is subject to exceptions under Rule 3 of the IT Rules. [v] https://egazette.nic.in/WriteReadData/2018/194066.pdf [vi] https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 [vii] https://main.sci.gov.in/supremecourt/2019/27178/27178_2019_13_24_17064_Order_24-Sep-2019.pdf [viii] https://dot.gov.in/sites/default/files/the_indian_telegraph_act_1985_pdf.pdf [ix] https://indiankanoon.org/doc/1179783/ [x] https://indiankanoon.org/doc/698472/ [xi] https://indiankanoon.org/doc/31276692/
Comments