Data interception order sparks row, govt cites 2009 UPA rules

NEW DELHI: The Centre's notification designating 10 intelligence, tax and law enforcement agencies to intercept and decrypt information in computers kicked off a political storm on Friday with the opposition accusing the government of snooping and the latter clarifying that the rules actually tightened loopholes in the law. The opposition alleged that the agencies had been armed with powers to monitor any computer.

The government soon launched a counter offensive, arguing that the notification was derived from rules framed under the UPA in 2009 and, contrary to charges, the Centre had made the interception regime more precise and less vulnerable to abuse by specifying the agencies which could do so.

It also said every case of interception would continue to require permission from the home secretary and review by a panel headed by the cabinet secretary. It added that while seeking permission, the agency concerned would have to specify one of the five grounds on which they could decrypt messages on electronic devices.

The five grounds laid down in the IT Act, 2000, are - "in the interest of sovereignty and integrity of the country; defence of India; security of the state; friendly relations with foreign states; public order or for preventing incitement to the commission of any cognisable offence relating to above".

However, opposition parties led by Congress remained unconvinced and persisted with their attack that agencies had been given "sweeping powers" to access private data, breaching the right to privacy. "Converting India into a police state will not solve your problems Modiji... it will prove what an insecure dictator you are," Congress president Rahul Gandhi tweeted while BJP chief Amit Shah responded by saying that India had seen only "two insecure dictators" in Indira Gandhi and Rajiv Gandhi (who backed the postal interception bill).

Apart from the heated politics, before the home ministry order notified on Thursday, every request for interception of information on a computer - emails, chat messages and even drafts on smartphones, tablets and laptops - had to be handled and authorised by the home secretary or state-level competent authority.

Now, the order will allow only the designated agencies - IB, Narcotics Control Bureau, ED, CBDT, DRI, CBI, Cabinet Secretariat (RAW), NIA, Directorate of Signal Intelligence and Delhi Police commissioner - to carry out interception, monitoring and decryption of any information generated, transmitted, received or stored in a computer resource under the Information Technology Act, 2000.

It is only in emergent situations that a designated agency can directly approach a service provider and seek access, but it will need to notify the home secretary in three days. In case there is no post-facto approval in seven days, the interception will have to stop.

Each interception request relating to computers will require prior approval of the home secretary/state government. By passing the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, the UPA government said only authorised agencies should carry out surveillance but did not notify these agencies.

"The December 20, 2018, notification will prevent unauthorised use of these powers by any agency, individual or intermediary. It will ensure that provisions of law relating to lawful interception and monitoring of computer resources and the due process are followed with approval of the competent authority," a home ministry officer said.

An intelligence functionary said the 10 authorised agencies will be able to follow up each lawful interception request more diligently. "Until now, internet service providers were using the excuse of the agencies not being empowered under IT Act/Rules to deny information. The December 20 notification is a codification of the standard operating procedures issued by MHA on May 19, 2011," the official said.