[This is in continuation of the previous article on the subject]
(P.S: These discussions are called the “Second Awakening” because though ITA 2000 came into existence on 17th October 2000, the stake holders and more particularly the IT industry never recognized that there was a law that required a closer look as part of their compliance requirements. It was only in April 2011 when the rules under Section 43A was notified, that the industry woke up to the existence of this law. This was the first awakening. Then everybody went to sleep once again. Today there is greater recognition of GDPR and the proposed PDPA than the currently prevailing ITA 2000/8. The current controversy which was politically motivated and arose out of a simple sub notification has suddenly created a flutter in the IT industry which I have called the Second Awakening.)
Background:
In the previous article, I referred to Section 69 of ITA 2000/8 which empowers a competent authority to authorize “Interception, Monitoring and Decryption” of electronic information through any computer source.
There was a notification of a rule titled “Information Technology (Procedure and
Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009″ on October 27, 2009.
A Controversy has now broken out after the Ministry of Home Affairs came up with a notification on 20th December 2018 stating that they are designating 10 agencies to carry out Interception, Monitoring and Decryption.
The notification has been wrongly interpreted by members in the political community as a move to create a Police State in India before the next general election and a challenge to Privacy. The controversy has gained traction because the professionals also were unaware of the law as it existed and what this notification actually meant and in their eagerness to support Privacy, the technical circles also went with the politicians in criticizing the MHA order as a draconian move to upstage the Puttaswamy judgement of Supreme Court on Privacy. Media as usual went with their TRP objective to create a fire where there was none. The legal activists are already preparing their petition to move the Supreme Court after the vacation to get the Section 69 of ITA 2000/8 squashed a-la Section 66A.
I completely disagree with the false narrative being created in this regard and tried to explain the legal position related to Section 69. The narrative has taken political over tones and most of the professionals are not comfortable in expressing their views if it opposes Rahul Gandhi’s Congress because they are afraid that if Congress comes to power ever, it could hold a grudge. On the other hand we know that Mr Modi and BJP is too soft and anything can be said against them.
Readers of this blog who think I am expressing political views may excuse me since it is difficult to remain silent when Rahul Gandhi, Asaduddin Owasi, Omar Abdulla, Anand Sharma or Gulam Nabhi Azad etc start interpreting Section 69 of ITA 2000 and the regulations there under to create a fake narrative for their political gain. Kindly leave the political comments and focus on what I would like to say on the law as it appears to me.
I pointed out in my previous article that section 69 of ITA 2000/8 gave certain powers but they were within the exceptions under Article 21 of the Constitution, (Refer: Academike)
According to the Article 21, no person shall be deprived of his liberty “Except according to a procedure established by law”.
It is the duty of the Government to define what is the procedure to be followed if this exception has to be exercised. Not providing such procedure would tantamount to “Dereliction of Duty”.
Privacy is admittedly not an “Absolute Right” and is subject to reasonable restrictions .
Section 69 is an attempt to define the “Due Legal Process” and incorporates adherence to the reasonable restrictions principles.
Hence Section 69 is well within the powers of the Government (remember, it was passed by the UPA Government).
Having enacted Section 69 with effect from 27th October 2009, it was incumbent on the Government to expand the provisions of the section into a more detailed rules which was also promptly done by the UPA Government with its notification of October 27, 2009.
What does the Notification of 2009 contain?
This notification has 25 different clauses. The clause headings are reproduced below.
- Short title and Commencement
- Definitions
- Direction for interception or monitoring or decryption of any information
- Authorization of agency of Government
- Issue of decryption direction by competent authority
- Interception or monitoring or decryption of information by a state beyond its jurisdiction
- Contents for direction
- Competent authority to consider alternative means in acquiring information
- Direction of interception or monitoring or decryption of any specific information
- Direction to specify the name and designation of the officer to whom information to be disclosed
- Period within which the direction shall remain in force
- Authorized agency to designate nodal officer
- Intermediary to provide facilities, etc
- Intermediary to designate officers to receive and handle
- Acknowledgement of instruction
- Maintenance of records by designated officer
- Decryption key holder to disclose decryption key or provide decryption assistance
- Submission of the list of interception or monitoring or decryption of information
- Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information
- Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information
- Responsibility of Intermediary
- Review of directions of competent authority
- Destruction of records of interception or monitoring or decryption of information.
- Prohibition of interception or monitoring or decryption of information without authorization
- Prohibition of disclosure of intercepted or monitored, decrypted information.
Even without going into the details of these 25 clauses, I suppose the professional critics of the MHA notification will realize that this notification does address all the concerns that the critics have raised from the Privacy perspective.
The MHA order was made under rule (4) above which stated
Authorisation of agency of Government.— The competent authority may
authorise an agency of the Government to intercept, monitor or decrypt information
generated, transmitted received or stored in any computer resource for the purpose
specified in sub-section (1) of section 69 of the Act.
So far no such agency had been designated and therefore the Competent authority had a wide power to designate any public or private body for the purpose of exercising its rights albeit the other restrictions.
By designating 10 agencies now, the Government has curtailed the powers of the Competent authority significantly.
Who is the Competent Authority?
According to rule 1(d), Competent authority means (i) the secretary in the Ministry of Home Affairs in case of the Central Government and (ii) the Secretary of the Home Department in case of the State Government or a Union Territory as the case may be.
The jurisdiction of the state authority lies within the State and where interception etc is required in a different state, the state authority has to work through the MHA.
Is there a proper Over view
The Competent authority has to issue a written order and name the person to whom the information has to be disclosed, containing the reason for the necessary action. This has to be forwarded also to a review committee within 7 days. The order itself lapses in 90 days unless extended and can be extended to a maximum of 6 months.
The Review committee is the Review Committee constituted under rule 419A of Indian Telegraph Rules 1951 and should meet once in two months.
The Review committee consists of the Cabinet Secretary (Chairman) and the Secretary legal affairs and Department of Telecommunications in respect of the Central Government and the Chief Secretary (Chairman) and the law secretary and another secretary other than the Home Secretary).
Under rule 24, any person who violates any of the provisions of this order is liable for punishment.
I interpret this as an authorization to not only launch Section 43 and 66 proceedings in case of “Unauthorized access or disclosure”.
This also provides for judicial overview in case there is any violation of the order.
Destruction of Records
Under Rule 16, the designated officer has to maintain proper records of compliance. But the monitored information need to be destroyed after 6 months according to the rule 23.
I have in the past indicated my view that if the information becomes an evidence of a crime, the record may be deemed as evidence and needs to be preserved.
The rule 25 prohibits disclosure of information monitored except as per the order.
Judicial Challenge is not even worth Admission
Thus we can see that there is enough checks and balances built into the rule to satisfy any legal requirements and therefore if this order is challenges in the Court and if the Court is aware of the legal provisions, then the challenge should be not even admitted.
Misinterpretation that the Agencies have been given power
We need to recognize that the MHA order does not provide any powers to the agencies to conduct their own investigations. Such an impression if created is wrong.
The only authority that can order the interception is the Secretary Home. The agencies are those through which such information can be collected by the competent authority.
Any person including the agency itself if it requires monitoring, has to approach the Competent authority, get a written order and proceed.
There are of course certain emergency powers where monitoring can be started before the authority issues a written order and they are dealt with separately under Rule 3 as emergency powers.
I request all my professional friends to go through the above and let me know if any further doubts remain in their mind that the perception being circulated in the media is blatantly false and malicious.
Naavi
The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?
The Second Awakening… What is Section 69?
Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening
Agencies empowered under Sec 69. No Need to raise a false alarm
Pingback: Allahabad High Court admits PIL against Section 69 notice …2 | Naavi.org