Two unrelated developments in the last month of 2018 have added fuel to the fiery debate over the Right to Privacy of Indian citizens, as established by the Supreme Court, and the surveillance measures enacted by the government in the interests of what it describes as national security. In the past few weeks, the government has made official what has long been an open secret. The ministry of home affairs authorised 10 security and intelligence agencies to intercept, monitor and decrypt "any information generated, transmitted, received or stored in any computer resource". Critics warned that the notification was draconian and authoritarian in scope, that the use of "any" gave the agencies in question blanket rights to access people's information. Veteran human rights lawyer Indira Jaising, for instance, described the notification as a "gross violation of Supreme Court judgments".

In August 2017, a nine-judge Supreme Court bench declared that privacy was "the constitutional core of human dignity". Calling privacy a fundamental right, the Supreme Court was responding to lawsuits alleging that the massive Aadhaar scheme was a violation of citizens' privacy. While reserving judgment on Aadhaar, the court acknowledged that there was a need for a "robust regime" with regard to information technology and data protection. MHA officials, speaking anonymously, have told reporters that the notification is not new and that such powers were already available to the agencies in question, including the Intelligence Bureau, the Enforcement Directorate, tax authorities, the Central Bureau of Investigation and the commissioner of police, Delhi, among others. These officials claim the powers were outlined under the Congress-led UPA government in 2009 and that the current MHA notification just makes clear for telecom companies which agencies are allowed such access. On social media, the Congress party responded to the notification by claiming that the BJP government was "desperate for information" and that the Modi sarkar was now a "stalker sarkar".

Meanwhile, the CBI asked various social media platforms to use Microsoft-owned software PhotoDNA to assist in criminal investigations. Internationally, the technology has been used solely for investigations into child sex abuse and exploitation. In Europe, proposed privacy regulation specifically seeks to limit use of this technology, sparking controversy over the handicapping of technology companies in their bid to eliminate such content from their platforms. In India, while there is no law preventing the use of the technology in regular criminal investigations, observers describe the surveillance as a violation of personal privacy.

"If one has to match the DNA of a photograph with those available in social media platforms, the first step will be to create a database of the DNAs of these photographs. This will mean access to all the photographs uploaded on these platforms. This is certainly a violation of right to privacy," says cyber security expert Subimal Bhattacharjee. To put it in the context of the CBI notice, this will give the agency access to all photographs uploaded by the users because finding a match for a suspected criminal will warrant scanning the entire database.

Bhattacharjee argues that the government must use Article 19(2) of the Constitution, on the reasonable restrictions of free speech, as a guide to the implementation of such intrusive technology. "Its use must not be rampant," he says, "but only, as provisioned by Article 19(2), in the interests of the sovereignty and security of India, friendly relations with foreign countries and public order." Can the use of PhotoDNA in ordinary criminal investigations, Bhattacharjee asks, be justified on such grounds?

There is still no clarity on how the CBI expects the social media companies to use the software. The agency has been tight-lipped, refusing to answer questions from journalists. But what is clear is such technology is sweeping, enabling investigating authorities to search entire databases of images without necessarily having specific suspects in mind. This appears to be not only a violation of the Supreme Court's ruling that individuals have a right to privacy, but also of the specific intent that PhotoDNA be used only as a tool to eliminate the sharing and propagation of images related to the exploitation of children. With the government also proposing changes to the Information Technology Act to curb fake news, and child pornography, among other things, critics remain wary of the government's intentions: cyber security or surveillance.