The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?

[This is in continuation of the previous article on the subject]

(P.S: These discussions are called the “Second Awakening” because though ITA 2000 came into existence on 17th October 2000, the stake holders and more particularly the IT industry never recognized that there was a law that required a closer look as part of their compliance requirements. It was only in April 2011 when the rules under Section 43A was notified, that the industry woke up to the existence of this law. This was the first awakening. Then everybody went to sleep once again. Today there is greater recognition of GDPR and the proposed PDPA than the currently prevailing ITA 2000/8. The current controversy which was politically motivated and arose out of a simple sub notification has suddenly created a flutter in the IT industry which I have called the Second Awakening.)

Background:

In the previous article, I referred to Section 69 of ITA 2000/8 which empowers a competent authority to authorize “Interception, Monitoring and Decryption” of electronic information through any computer source.

There was a notification of a rule titled “Information Technology (Procedure and
Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009″ on October 27, 2009.

A Controversy has now broken out after the Ministry of Home Affairs came up with a notification on 20th December 2018 stating that they are designating 10 agencies to carry out Interception, Monitoring and Decryption.

The notification has been wrongly interpreted by members in the political community as a move to create a Police State in India before the next general election and a challenge to Privacy. The controversy has gained traction because the professionals also were unaware of the law as it existed and what this notification actually meant and in their eagerness to support Privacy, the technical circles also went with the politicians in criticizing the MHA order as a draconian move to upstage the Puttaswamy judgement of Supreme Court on Privacy. Media as usual went with their TRP objective to create a fire where there was none. The legal activists are already preparing their petition to move the Supreme Court after the vacation to get the Section 69 of ITA 2000/8 squashed a-la Section 66A.

I completely disagree with the false narrative being created in this regard and tried to explain the legal position related to Section 69. The narrative has taken political over tones and most of the professionals are not comfortable in expressing their views if it opposes Rahul Gandhi’s Congress because they are afraid that if Congress comes to power ever, it could hold a grudge. On the other hand we know that Mr Modi and BJP is too soft and anything can be said against them.

Readers of this blog who think I am expressing political views may excuse me since it is difficult to remain silent when Rahul Gandhi, Asaduddin Owasi, Omar Abdulla, Anand Sharma or Gulam Nabhi Azad etc start interpreting Section 69 of ITA 2000 and the regulations there under to create a fake narrative for their political gain. Kindly leave the political comments and focus on what I would like to say on the law as it appears to me.

I pointed out in my previous article that  section 69 of ITA 2000/8 gave certain powers but they were within the exceptions under Article 21 of the Constitution, (Refer: Academike)

According to the Article 21, no person shall be deprived of his liberty “Except according to a procedure established by law”.

It is the duty of the Government to define what is the procedure to be followed if this exception has to be exercised. Not providing such procedure would tantamount to “Dereliction of Duty”.

Privacy is admittedly not an “Absolute Right” and is subject to reasonable restrictions .

Section 69 is an attempt to define the “Due Legal Process” and incorporates adherence to the reasonable restrictions principles.

Hence Section 69 is well within the powers of the Government (remember, it was passed by the UPA Government).

Having enacted Section 69 with effect from 27th October 2009, it was incumbent on the Government to expand the provisions of the section into a more detailed rules which was also promptly done by the UPA Government with its notification of October 27, 2009.

What does the Notification of 2009 contain?

This notification has 25 different clauses. The clause headings are reproduced below.

  1. Short title and Commencement
  2. Definitions
  3. Direction for interception or monitoring or decryption of any information
  4. Authorization of agency of Government
  5. Issue of decryption direction by competent authority
  6. Interception or monitoring or decryption of information by a state beyond its jurisdiction
  7. Contents for direction
  8. Competent authority to consider alternative means in acquiring information
  9. Direction of interception or monitoring or decryption of any specific information
  10. Direction to specify the name and designation of the officer to whom information to be disclosed
  11. Period within which the direction shall remain in force
  12. Authorized agency to designate nodal officer
  13. Intermediary to provide facilities, etc
  14. Intermediary to designate officers to receive and handle
  15. Acknowledgement of instruction
  16. Maintenance of records by designated officer
  17. Decryption key holder to disclose decryption key or provide decryption assistance
  18. Submission of the list of interception or monitoring or decryption of information
  19. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information
  20. Intermediary to ensure effective check in handling  matter of interception or monitoring or decryption of information
  21. Responsibility of Intermediary
  22. Review of directions of competent authority
  23. Destruction of records of interception or monitoring or decryption of information.
  24. Prohibition of interception or monitoring or decryption of information without authorization
  25. Prohibition of disclosure of intercepted or monitored, decrypted information.

Even without going into the details of these 25 clauses, I suppose the professional critics of the MHA notification will realize that this notification does address all the concerns that the critics have raised from the Privacy perspective.

The MHA order was made under rule (4) above which stated

 Authorisation of agency of Government.— The competent authority may
authorise an agency of the Government to intercept, monitor or decrypt information
generated, transmitted received or stored in any computer resource for the purpose
specified in sub-section (1) of section 69 of the Act.

So far no such agency had been designated and therefore the Competent authority had a wide power to designate any public or private body for the purpose of exercising its rights albeit the other restrictions.

By designating 10 agencies now, the Government has curtailed the powers of the Competent authority significantly.

Who is the Competent Authority?

According to rule 1(d), Competent authority means (i) the secretary in the Ministry of Home Affairs in case of the Central Government and (ii) the Secretary of the Home Department in case of the State Government or a Union Territory as the case may be.

The jurisdiction of the state authority lies within the State and where interception etc is required in a different state, the state authority has to work through the MHA.

Is there a proper Over view

The Competent authority has to issue a written order and name the person to whom the information has to be disclosed, containing the reason for the necessary action. This has to be forwarded also to a review committee within 7 days. The order itself lapses in 90 days unless extended and can be extended to a maximum of 6 months.

The Review committee is the Review Committee constituted under rule 419A of Indian Telegraph Rules 1951 and should meet once in two months.

The Review committee consists of  the Cabinet Secretary (Chairman) and the Secretary legal affairs and Department of Telecommunications in respect of the Central Government and the Chief Secretary (Chairman) and  the law secretary and another secretary other than the Home Secretary).

Under rule 24, any person who violates any of the provisions of this order is liable for punishment.

I interpret this as an authorization to not only launch Section 43 and 66 proceedings in case of “Unauthorized access or disclosure”.

This also provides for judicial overview in case there is any violation of the order.

Destruction of Records

Under Rule 16, the designated officer has to maintain proper records of compliance. But the monitored information need to be destroyed after 6 months according to the rule 23.

I have in the past indicated my view that if the information becomes an evidence of a crime, the record may be deemed as evidence and needs to be preserved.

The rule 25 prohibits disclosure of information monitored except as per the order.

Judicial Challenge is not even worth Admission

Thus we can see that there is enough checks and balances built into the rule to satisfy any legal requirements  and therefore if this order is challenges in the Court and if the Court is aware of the legal provisions, then the challenge should be not even admitted.

Misinterpretation that the Agencies have been given power

We need to recognize that the MHA order does not provide any powers to the agencies to conduct their own investigations. Such an impression if created is wrong.

The only authority that can order the interception is the Secretary Home. The agencies are those through which such information can be collected by the competent authority.

Any person including the agency itself if it requires monitoring, has to approach the Competent authority, get a written order and proceed.

There are of course certain emergency powers where monitoring can be started before the authority issues a written order and they are dealt with separately under Rule 3 as emergency powers.

I request all my professional friends to go through the above and let me know if any further doubts remain in their mind that the perception being circulated in the media is blatantly false and malicious.

Naavi

The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?
The Second Awakening… What is Section 69?
Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening
Agencies empowered under Sec 69. No Need to raise a false alarm

The MHA Notification
Section 69
Section 69 Rules of 2009

Articles on ITA 2008 written in 2008/9

This entry was posted in Cyber Law and tagged , , . Bookmark the permalink.

One Response to The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?

  1. Pingback: Allahabad High Court admits PIL against Section 69 notice …2 | Naavi.org

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.