Privacy VS. The State’s Requirements For Security - Messaging platform WhatsApp, has reported that 121 individuals were targeted in India alone. 

Background information

  • On October 30, many publications reported that phones of several dozen Indian journalists, lawyers and human rights activists had been compromised using an invasive Israeli-developed malware called Pegasus.
  • A lawsuit was filed against Israeli cyber intelligence firm NSO by WhatSapp and its parent company Facebook in a U.S. court, accusing it of using their messaging platform to dispatch Pegasus for surveillance to approximately 1,400 mobile phones and devices worldwide. 
  • The NSO claims that it only sells the software to governments but the Indian government has denied purchasing it and has asked WhatSapp to explain the security breach.

About Pegasus

  • Pegasus software can be installed on devices as "exploit links". 
  • It has the ability to collect intimate data from a target device.
  • The owner of Pegasus, Israel-based NSO Group, limits the sale of the spyware to state intelligence agencies and others.
  • The Indian government has denied purchasing or plans to buy Pegasus software from NSO Group

Legal framework for surveillance in India: 

The laws governing surveillance in India are 

  • The Indian Telegraph Act, 1885, which deals with interception of calls, and
  • The Information Technology (IT) Act, 2000, which deals with interception of data. Also, under the IT Act, hacking is exclusively prohibited.

Under both laws, only the government, under certain circumstances, is permitted to conduct surveillance, and not private actors.

  • Section 43 and Section 66 of the IT Act cover the civil and criminal offences of data theft and hacking respectively.
  • Section 66B covers punishment for dishonestly receiving stolen computer resource or communication. The punishment includes imprisonment for a term which may extend to three years.

Supreme Court Guidelines regarding Surveillance laws

  • Simultaneously, in 1996, the Supreme Court noted that there was a lack of procedural safeguards in the Indian Telegraph Act.
  •  It laid down some guidelines that orders on interceptions of communication should only be issued by the Secretary in the Ministry of Home Affairs which were later codified into rules in 2007.
  • Also, these rules were partly reflected in the IT (Procedures and Safeguards for Interception, Monitoring and Decryption of Information) Rules framed in 2009 under the IT Act.
  • These guidelines has strengthened the Accountability mechanism for surveillance in India. For example In December 2018, when the Central government authorised 10 Central agencies to conduct surveillance it created a public out roar. The 2018 action of the Union government has been challenged in the Supreme Court.

Concerns over burgeoning surveillance states

  • In October 2019, the U.K.-based security firm Comparitech did a survey of 47 countries to see where governments are failing to protect privacy or are creating surveillance states.
  • They found that only five countries had “adequate safeguards” and most are actively conducting surveillance on citizens and sharing information about them.
  • China and Russia featured as the top two worst offenders on the list.
  •  India ranks number three on the list because the data protection Bill is yet to take effect and due to absence of data protection authority in place.

The Dilemma: Privacy VS.  The state’s requirements for security.

  • The Supreme Court in a landmark decision in August, 2017 (Justice K. S. Puttaswamy (Retd.) and Anr. vs. Union of India and Others) unanimously upheld right to privacy as a fundamental right under Articles 14, 19 and 21 of the Constitution.
  • In the same year, the government also constituted a Data Protection Committee under retired Justice B.N. Srikrishna that has submitted a draft data protection law in 2018 which Parliament is yet to enact.

Though adequate safeguards remains to protect Privacy, Yet a grey area remains between privacy and the state’s requirements for security.

Global References with respect to Surveillance vs. Privacy:

The case of U.S.A

  • After the 9/11 attacks in 2001, the USA PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act was passed.
  • Under certain provisions in this Act, the U.S. government used phone companies to collect information on millions of citizens and these were part of revelations made by the whistleblower Edward Snowden in 2013.
  • Many aspects of the PATRIOT Act, particularly those involving surveillance, were to lapse after a certain time period but they were re-authorised by Congress.
  • After re-authorisation, several rights groups argue that the Act violates the Constitution. There upon it is evident that the U.S. still struggles to find the balance between State Surveillance vs. Privacy.