India: Data Rights And The Surveillance State

0
LISTEN
Voiced by Amazon Polly

“The sacred rights of mankind are not to be rummaged for among old parchments of musty records. They are written, as with a sunbeam, in the whole volume of human nature, by the hand of Divinity itself, and can never be erased or obscured by mortal power.” – Alexander Hamilton – The farmer Refuted, 1775, AEt. 18.

Every technological leap brings opportunities as well as challenges for mankind. The last Industrial revolution brought machine age to mankind, the Fourth Industrial Revolution which is underway will change how we function as a society with an exponential rise in the volume of data that would be a gold mine with augmentation of Artificial Intelligence which could be effectively used to mine it. The world is on the cusp of this digital revolution and the arrival of 5G technology will essentially catapult this to a whole new level.

This will no doubt present a host of opportunities to mankind yet it will also bring about the challenges like surveillance state, manning of internet and social media to curb dissent, alternative views in the name of national security and maintaining law & order. We discussed at length in our 2016 book “The New Global Order”, how NSA’s PRISM as exposed by Edward Snowden is virtually an Orwellian form of surveillance by American intelligence and security establishment which included spying on its domestic subjects as well as foreigners with the help of technology giants such as Facebook, Twitter, Google, YouTube, Outlook etc all being part of this project.

Just like America, India has also been contemplating a surveillance system to keep a check on terrorism, financial frauds, terror financing, cyber-crimes, and anti-social elements to achieve goals of National Security. India’s surveillance mechanism is broadly known as Centralized Monitoring System (CMS) which was announced to be set up by the Government of India on 26th November 2009 i.e. one year from date of horrific 26/11 terror attacks on Mumbai. CMS was conceived by the Telecom Enforcement, Resource and Monitoring (TREM) and by the Centre for Development of Telematics (C-DoT) and is being run by the Intelligence Bureau. The Information Technology Act, 2008 enables e-surveillance and creation of national and regional level databases for law enforcement agencies for monitoring and interception.

Built at a cost of 4 Billion Rupees, CMS will be connected with Telephone Call Interception System (TCIS) which can monitor voice calls, SMS & MMS, fax communications on landlines, CDMA, video calls, GSM & 3G networks, as well as 160 million internet users on a real-time basis. CMS will have unfettered access to existing Lawful Interception System (LIS) which is installed on fixed, mobile operator, ISP and international long-distance operators.

The New Global Order Book

Under Section 69(1) of Information Technology Act, 2000 as amended in 2008, the Government of India or any government of the state or any of its authorized officers may in the interest of Sovereignty & National Integrity of India, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, subject to prescribed procedure of recording the reasons in writing may direct any agency of the government to intercept, monitor or decrypt any data or information so stored in any computer resource.

Further under Rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, framed under Section 69(2) of the IT Act, 2000 the Government of India has notified nearly 10 security agencies which are authorized to intercept, monitor, decrypt any information received, stored or transmitted on any computer resource. The said agencies are Intelligence Bureau, Research & Analysis Wing (RAW), NIA, CBI, ED, CBDT, NCB, Commissioner Delhi Police, Director of Signal Intelligence for J&K, North East and Assam as per the latest notification of December 2018. These agencies so authorized work with the CMS to intercept, monitor or decrypt any data as so collected by the Centralized Monitoring System.

The Department of Telecommunications in a written reply to a query in Rajya Sabha has stated that it plans to monitor the internet using the CSM by integrating Internet Monitoring System with it. CMS has a central hub in Delhi while having 21 regional monitoring centres across 22 telecom circles. To further supplement the creation of CMS, India has also launched NATGRID which was conceived as a tool for collection & collation of all intelligence reports, intercepted data & information in the year 2009 in response to the Mumbai terror attacks of 26/11.

The NATGRID (National Intelligence Grid) is not yet fully functional and is still at the nascent stage as the previous government failed to operationalize despite sanctioning of a budget and appointment of officers. NATGRID is an intelligence grid that stores record and databases of government entities to collect data, decipher trends & provide real-time, predictive analysis of data gathered across by the law enforcement, espionage and military agencies.

NATGRID envisages providing real-time access of 21 citizen data resources to 10 security agencies. Citizen data resources are like bank account details, telephone records, passport data, vehicle registration details, National Population Register (NPR), Immigration, Visa & Foreign Registration System.

As per a recent report, the Government of India plans to fully operationalize NATGRID by early 2020. There is another proposal before NATGRID to link Social Media accounts with Aadhaar ID apart from Ministry of Home Affairs proposal to draw up NPR Card which will connect all data of citizens to one card i.e. Aadhaar ID, Passport, Driving License, PAN Card, Mobile Number, Voter ID details among other demographic details to be collected during drive that would be launched nationwide soon.

NPR will use Bio-metric details of citizens from Aadhaar as part of an authentication procedure while collecting the said data. Needless to say that NPR data that would be collected including Aadhaar number will be part of NATGRID database which will be accessible for the 10 security agencies so authorized under IT Act 2000 & the rules therein.

In addition to NATGRID, there is already Aadhaar database with UIDAI which collect a vast amount of data for every citizen. However, the Supreme Court of India had struck down certain provisions of Aadhaar Act in the year 2018 as unreasonable like the National Security exception under Section 33(2) or Section 47 which barred any individual from filing complaints or suing UIDAI for breach or misappropriation of Aadhaar data so collected. Supreme Court also struck down Section 57 which allowed private entities to use Aadhaar as identification document and use its database for authentication of the same.

“IN THE GLOBALIZED WORLD, THE SURVEILLANCE STATE IS HERE TO STAY, AS GREATER CONNECTIVITY IN THE SMARTPHONE AGE ONLY MEANS GREATER ACCESS”

The New Global Order (2016) by Asian Warrior, Page 382.

Government of India through Aadhaar Amendment Act, 2019 has reinstated some provisions while making it clear that you can not be denied services like a bank account or a sim card for not providing Aadhaar ID. Thus now even Aadhaar ID with host set of other data will be part of NPR which will be ultimately part of NATGRID database wherein the 10 security agencies so authorized can in real-time scan these data sets on metadata tags to scan and create a profile of any citizen.

Apart from NATGRID, another project that’s been launched is Project INSIGHT under which Central Board of Direct Taxes i.e. CBDT who will oversee the use of Big Data Analytics of all taxpayers from Income Tax to GST, getting a 360-degree view of all the transactions of individual taxpayers and mining the same. The designated pool of officials in IT or even the GST would be able to use this tool to collect information and even scan social media profiles of tax assesses.

Project INSIGHT also includes nudging the taxpayers through SMS, emails and reminders to get better compliance done and this has been justified in lieu of FAACTA IGA (Foreign Account Tax Compliance Act Intra governmental agreement) & Common Reporting Standard. Project INSIGHT is operational since 1st April 2019 and though the CBDT chairman has categorically allayed concerns that social media profiles of tax assesses will not be profiled however he also states that agency i.e. CBDT can get data sets for the same from nodal agencies on transactions of taxpayers, expenditures etc. CBDT is also in talks with other agencies to make seamless volume of data sets from different departments like flight records with Civil aviation also to be available for taxpayer profiling.

The launch of the Centralized Monitoring System allows real-time monitoring and interception of data and information over the internet, social media, ISPs, voice calls, 3G networks by security agencies. This will be ably augmented by about to be launched NATGRID which collects, collates and mines data of all citizens from NPR to Aadhaar to Demographic profile virtually giving a carte blanche to the security agencies to study data & patterns and create a profile of every citizen.

This is like Orwellian nightmare coming to reality. While surveillance could be considered an outright infringement of Fundamental Right to Privacy as declared by the Supreme Court of India in a landmark judgement in 2019, yet every right is subject to reasonable restriction. The government can curtail these rights & impose reasonable restrictions but that action has to satisfy the test of 1) Due Process of Law, 2) Arbitrariness and 3) Reasonableness of action. The Right to Privacy can be restricted by due process of law which must not be arbitrary and demonstrate the reasonableness of the restrictions qua the aims and objectives of any such action.

Thus in the land of Reasonable Restrictions it can be said that on the grounds of National Security, Territorial Integrity, Sovereignty, Acts of Terrorism or its abetment, Economic Offences like Money Laundering, Frauds, Cyber Thefts, use of illegitimate money like Cryptocurrencies, any person charged with committing a crime, public safety, maintaining law & order could be legitimate exceptions where the government can by operation of law/rules & regulations restrict the application of Right to Privacy as Fundamental Right under Article 21.

Since Right to Privacy was read into as Fundamental Right under Article 21 of Constitution of India by the Supreme Court of India it would be imperative for the Government to recognize this right by way of law as well and carve out the legitimate exceptions for the same. It must, however, be stated that surveillance in any form without due process of law and not satisfying the test of reasonableness would be arbitrary can could be judicially challenged before a court of law and held illegal. Thus, an act of law, rules & regulation is a necessary cloak for any such surveillance that justifies these reasonable means.

In this context it is essential to point out that while American laws like FISA do allow domestic surveillance on American citizens yet it mandates that federal agency must take a warrant of surveillance on an American citizen from a FISA court thus giving not only legal protection to security agencies but also giving a remedy to citizens in case they feel violated or intruded before a court of law. A judicial warrant of surveillance would remove the arbitrariness and discretion of bureaucrats like cabinet secretary or undersecretary who are currently mandated to authorize such interception and monitoring in India under the IT Act of 2000 and the IT Rules of 2009.

The government should also as part of the Data Security & Sharing Law provide grievance redressal methods to citizens who wish to challenge any such surveillance, interception or monitoring so authorized before a court of law following the due process of law. This would inspire a world of confidence in government action of surveillance as a just tool & not meant for christening a Big Brother state surreptitiously.

The European Union Regulations of 2016 i.e. General Data Protection Regulation (GDPR) clearly enunciates what profiling of citizens on their actions, activities & choices could mean as violating the basic of Right of Privacy and to what extent can this profiling of citizens be allowed stating out the legitimate exceptions to it. The same rationale has been alluded and agreed upon by the Supreme Court of India in Right to Privacy Judgement.

The proposed Data Security & Sharing Law will also need to address Data Localization issue which is hot potato especially between Government of India & US corporations. A middle way to solve the impasse could be on segregation of data on Critical & Non-Critical means wherein the critical data must be stored within India while non-critical data could be located offshore. However, to further iron clad this, India should also bilaterally enter in Data Sharing Agreements with all key countries.

The Data Security and Sharing law to be framed thereafter should mandate that in case of any person/entity who is on terror listing or an economic offender or security risk or is charged with any criminal offence before a court of law, then those multi-national corporations and technological giants would be mandated to share such information about individuals or entities with the Indian agencies. The proposed law should also provide a remedy to citizens of India to sue these corporations within Indian jurisdictions for any breach of their data.

While honoring privacy and data protection to its citizens would be sine qua non in a functioning democracy like India, it must be stated that Surveillance has now become a daily part of the ever-digitized world. With the advent of Artificial Intelligence, Big Data Analytics and Facial Recognition the world is about to take a giant leap as we leapfrog from 4G to 5G Technology, Internet of Things, Automated Cars, Robotics, Digital currency.

Screenshot 1: The New Global Order (2016) by Asian Warrior, Page 432.

The coming of automation would provide a significant challenge to all democracies in the world who would have to deal with the exponential volume of data that will be generated and thus there will be a marked trend to enact laws to mandate surveillance as geopolitical boundaries will blur in the seamless flow of data in a digital world. We had predicted this in our 2016 book “The New Global Order” (Refer screenshot 1).

To conclude as we have stated before that “Data Rights are Human Rights. A country has the sovereign duty to lend this critical protection to its citizens”. Data is the new gold, it is imperative to set a gold standard in India for honoring some of the basic fundamental rights like Privacy & Right to live with Human Dignity without any fear of persecution by the state. As a country that holds 1/6 of global humanity must show the way forward, how Data Rights are balanced qua necessary surveillance.

Hon’ble Justice Sanjay Kishan Kaul had observed in Right to Privacy judgement by Supreme Court of India, “George Orwell created a fictional State in ‘Nineteen Eighty-Four.’ Today, it can be a reality. The technological development today can enable not only the state, but also big corporations and private entities to be the ‘big brother’..”. Thus we must harness & leverage this data of 1.2 billion people to our best while underscoring the fact that humans are not mere blips on the computer screens which can be erased by the click of a button.

Notes:

  • Centralised System to Monitor Communicaitons https://pib.gov.in/newsite/PrintRelease.aspx?relid=54679
  • Govt considering internet monitoring through centralised system https://economictimes.indiatimes.com/tech/internet/govt-considering-internet-monitoring-through-centralised-system/articleshow/70075339.cms?from=mdr
  • National Intelligence Grid to be ready by early 2020 https://www.indiatoday.in/india/story/national-intelligence-grid-to-be-ready-by-early-2020-1601949-2019-09-22
  • NATGRID wants to link social media accounts to central database https://www.thehindu.com/news/national/natgrid-wants-to-link-social-media-accounts-to-central-database/article29402252.ece
  • Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009 https://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009
  • Income tax department plans deep dive into big data this year https://www.livemint.com/news/india/income-tax-department-to-use-big-data-in-full-blast-from-fy20-1554262557273.html
  • Right to Privacy judgement by Supreme Court of India https://sci.gov.in/pdf/LU/ALL%20WP(C)%20No.494%20of%202012%20Right%20to%20Privacy.pdf
  • The Design & Technology behind India’s Surveillance Programmes https://cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes#_ftn16
  • What is Project Insight initiated by the Income-tax Dept.? https://www.taxmann.com/blogpost/2000001803/what-is-project-insight-initiated-by-the-income-tax-dept.aspx
  • Misconception to think taxman snoops on social media posts: CBDT boss https://economictimes.indiatimes.com/news/economy/policy/misconception-to-think-taxman-snoops-on-social-media-posts-cbdt-boss/articleshow/70214522.cms
  • Surveillance state is a reality now https://frontline.thehindu.com/cover-story/article25878387.ece

Leave a Reply