The Cyber and Information Security Division, Ministry of Home Affairs (MHA), India has recently issued a statutory order dated 20.12.2018 (Order) under Section 69 (1) of the Information Technology Act, 2000 as amended thereof (the Act) read with Rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 as amended thereof (the Rules).
The said Order authorizes the following security and intelligence agencies (Agencies) for the conduct of interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource under the said Act (Purpose):
Narcotics Control Bureau;
Central Board of Direct Taxes;
Directorate of Revenue Intelligence;
Central Bureau of Investigation;
National Investigation Agency;
Cabinet Secretariat (Research and Analysis Wing);
Directorate of Signal Intelligence (for service areas of Jammu and Kashmir, North-East and Assam only); and
Commissioner of Police, Delhi
As per the Act, the Agencies may call upon any subscriber or intermediary or any person in-charge of a computer resource which has generated, transmitted, received or stored some information and such subscriber or intermediary or person in-charge of the computer resource would have to extend all facilities and technical assistance to provide/secure access to the said computer resource to intercept/monitor/decrypt such information; or to provide information stored in such computer resource. Failing which, the subscriber or intermediary or person in-charge of such computer resource would be punished with a maximum 7 years of imprisonment and shall also be liable to fine.
The leaders of Opposition have reportedly opposed such an Order in the Parliament of India on 21.12.2018 on the ground that such a move would violate the fundamental rights of users of technology devices in India. The Supreme Court had earlier in Justice K S Puttaswamy (Retd.), and Anr vs. Union of India and Ors 2017, had held that right to privacy is a fundamental right under Article 21 of the Constitution of India 1950 as amended thereof.
Further, the technology and digital privacy experts have reportedly stated that although the Order issued is an extension of the law in force but the said Order has been issued without wide consultation by the Government of India. Also, that such an Order may instil fear in the minds of the users of technology devices in India that their activities would be monitored by the Government. Moreover, they have suggested that there should be penalties imposed on such Agencies if they act beyond their powers.
In response to the aforesaid oppositions, the MHA has issued a statement dated 21.12.2018 and stated that the said Order has been issued as per the provisions of the Act and the Rules in force. The Act and/or the Rules provide for safeguard measures including that the MHA is authorized to issue such an Order and to approve each case of interception, monitoring, decryption carried out by the Agencies. Further, the Order would ensure that the Agencies would conduct the interception, monitoring and decryption of information as per the procedure established by law.
Thus, the Government believes that the issue of Order would help to prevent any unauthorized use of power by any or all of the Agencies and that adequate safeguards are already provided under the Act.
Senior Legal Associate
The Indian Lawyer