Both UPA and NDA built infrastructure, amended rules to legalise snooping: Timeline of events that led to 20 December MHA order

A look at the events which led to the 20 December MHA order on computer surveillance shows both the UPA and NDA governments have been on the same page when it comes to internet surveillance.

FP Staff December 21, 2018 22:00:17 IST
Both UPA and NDA built infrastructure, amended rules to legalise snooping: Timeline of events that led to 20 December MHA order

Surveillance of the public for the benefit of the government is not new in India. There have been numerous examples, before and after Independence, when governments used central investigative agencies for that purpose. Subhash Chandra Bose, the 1991 Rajiv Gandhi snooping case, the Amar Singh tapes, the Niira Radia tapes, and most recently in 2015, the alleged snooping of Rahul Gandhi are just a few examples. But these were localised cases.

Both UPA and NDA built infrastructure amended rules to legalise snooping Timeline of events that led to 20 December MHA order

Representational image

The 20 December MHA order naming 10 investigative authorised to "intercept, encrypt and decrypt" any computer in the country, has created fear among the public that the government is giving a free hand to these agencies to carry out mass surveillance in the name of national security. Though the MHA later clarified on Friday that all requests for interception will be reviewed and that the order only further ensures due process of law as laid down in the sub-section 69 of the IT ACT 2000 (passed when the NDA was in power) and read with Rule 4 the IT Rules 2009 (cleared by the UPA).

A look at some crucial events in chronological order up to the 20 December order show that both the UPA and NDA are not only on the same page when it comes to snooping, they actively built the infrastructure to enable mass surveillance in India.

1885: The Indian Telegraph Act formulated by the British. Section 5 of the Act gives the central government and the state government the freedom to monitor private conversations in the occurrence of any "public emergency" or in the interest of "public safety", and if it is considered necessary or expedient to do so, in addition to the following instances: in the interests of the sovereignty and integrity of India; the security of the State; friendly relations with foreign states; public order; and for the prevention of incitement to the commission of an offense.

18 December 1996: In the People's Union for Civil Liberties (PUCL) versus The Union of India judgment, the Supreme Court sets guidelines for tapping phones and monitoring communication.

June 2000: The president gives assent to the Information Technology Act 2000. Section 69 of the act empowers the Controller of Certifying authority to direct a subscriber to extend facilities to decrypt information stored or transmitted through any computer resource. The conditions for interception are much in the lines of Section 5 of The Indian Telegraph Act, 1885, but the IT Act does not contain the overarching condition that interception can only occur in the case of public emergency or in the interest of public safety as mentioned in the Telegraph Act.

Also, while the Telegraph Act provides certain protection to journalists restricting interception of press messages intended to be published in India of correspondents accredited to the Central Government or a State Government, not such protection is provided in the IT Act 2000.

2005-2006: According to an Outlook investigative report, India began purchasing the off-the-air GSM/CDMA monitoring systems in 2005-2006.

2006: CDs containing tapped conversations of then Samajwadi leader Amar Singh with actresses, then Uttar Pradesh chief minister Mulayam Singh Yadav and several other politicians and industrialists reach newspaper offices.

7 January 2006: The first interception of a mobile phone conversation using the system was carried out by the National Technical Research Organisation (NTRO), a technical intelligence agency under the national security advisor in the Prime Minister's Office.

7 February 2006: Government of India notifies safeguards for monitoring internet traffic entitled “Instructions for ensuring the privacy of communications”. According to The Hindu, the notification mandated "all ISPs to have 'designated nodal officers' for communicating and receiving the 'intimations for interceptions'". These nodal officers, as per the safeguards, were required to hold meetings with the government to 'seek confirmation regarding their (interception orders) authenticity every 15 days'. The safeguards also included a procedure for monitoring traffic during 'exceptions in emergent cases'".

2007: Rule 419A was added to the Indian Telegraph Rules (1951) framed under the Indian Telegraph Act stating interception of communications must be issued by the Secretary in the Ministry of Home Affairs in the case of the central government and the Secretary to the state government in-charge of the home department in the case of a state government. The Rules also allow an officer, not below the rank of a joint secretary to the Government of India, who has been authorised by the Union home secretary or the state home secretary, to issue such interception in unavoidable circumstances.

December 2008: Government amends Section 69 of the IT Act 2000 expanding its power to order interception for "investigation of any offence".

2009: Government of India announces its plan to establish Central Monitoring System (CMS), a wide-ranging surveillance programme that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament.

October 2009: The government issues notification for the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, based on the IT Amendment Act 2008. According to the rules, only a competent authority:  Secretary in the Ministry of Home Affairs, in case of the central government, or, the secretary in charge of the home department, in case of a state government or Union territory: can authorise interception, monitoring and decryption requests.

However, certain exceptions are allowed, wherein the head or the second senior most officer of the security and law enforcement agency at the central level and the officer authorised in this behalf, not below the rank of the inspector general of police or an officer of equivalent rank, at the state or Union territory level can approve a request for interception. In either case, the MHA has to be informed in writing.

2011: The Government of India approves National Intelligence Grid (NATGRID), an integrated facility which links databases of 21 departments and ministries to counter terror threats.

June 2011: India approves the plan to build CMS.

2013: The Hindu report claims Centre for Development of Telematics (C-DoT) using Lawful Intercept and Monitoring (LIM) systems at international gateways of a handful of large ISPs to monitor Internet traffic, emails, web-browsing, Skype and any other internet activity of Indian users.

Reports also emerge of the government working on NETRA, a software system that will be capable of detecting words like 'attack', 'bomb', 'blast' or 'kill' in a matter of seconds from reams of tweets, status updates, emails, instant messaging transcripts, internet calls, blogs and forum.

April 2013: Government starts rolling out CMS. A Reuters report says nine government agencies will be authorised to make intercept requests, including CBI, IB and the Income Tax Department.

May 2013: National Cyber Coordination Centre (NCCC) receives in-principle approval from the cabinet committee of security, as per a Hindustan Times report. To cost around Rs 1,000 crore, the NCCC will provide “real-time assessment of cyber security threats” and “generate actionable reports/alerts for proactive actions” by law enforcement agencies.

"The NCCC will collect, integrate and scan [Internet] traffic data from different gateway routers of major ISPs at a centralised location for analysis, international gateway traffic and domestic traffic will be aggregated separately... The NCCC will facilitate real-time assessment of cyber security threats in the country and generate actionable reports/alerts for proactive actions by the concerned agencies,” says a June 2013 report published in The Hindu, citing a secret government note.

January 2014: Government releases a fresh set of do's and don'ts for telecom companies for lawful interception bringing internet telephony VoIP, SMS and MMS under Indian Telegraph Act. According to The Hindu, the norms stated that "authorised security agencies can seek information under Section 92 of the Criminal Procedure Code (CrPC) of call records (CDRs), home and roaming network, CDR by tower location and by calling/called number, location details of target number within home or roaming network, and so on".

The circular, issued by the Department of Telecommunications, said that requests with overwriting and cutting and the ones received through telephone or fax should not be accepted under any circumstances. Apart from the nine Central agencies — IB, NCB, DE, CBDT, DRI, CBI, NIA, RAW and the Defence Ministry — state director-generals of police and the Delhi police commissioner, are authorised to request intercept, the report added.

November 2014: Indian and US intelligence agencies are working together to neutralise misuse of social media platforms in the virtual world by terror groups, claims a report in The New Indian Express.

December 2015: Minister for Communications and IT, Ravi Shankar Prasad tells the Rajya Sabha that the CMS is expected to be launched by end of March 2016.

May 2016: In a written reply to the Lok Sabha, Prasad says the government is planning to introduce CMS, which automates the process of lawful interception and monitoring of mobile phones, landlines and the internet, in a phased manner.

Medianama claims CMS is already live in Mumbai and Delhi.

August 2017: Telecom minister Manoj Sinha says that technology development and pilot trials for CMS have been completed. He also says that 20 Regional Monitoring Centres (RMC) out of 21 RMC and a Centralised Monitoring Centre (CMC) have been technically commissioned. The remaining one RMC and the Disaster Recovery Centre for CMC are scheduled to be commissioned by end of 2017.

20 December 2018: Ministry of Home Affairs issues an order to telecom service providers, internet service providers and intermediaries, naming 10 agencies, who can snoop into a citizen's personal computer in the name of national security.

21 December 2018: MHA clarifies on the order, saying, no new powers have been granted to any of the 10 agencies named in its 20 December order. Says the order will ensure due process of law is followed during a request for an interception. Each process will go through the approval of competent authority, ie, the Union home secretary.

Updated Date:

also read

Duststorms, PM2.5: How Delhi kids are gasping for breathe amid heat waves

Duststorms, PM2.5: How Delhi kids are gasping for breathe amid heat waves

Children under six years are most vulnerable to poor air quality, as their lungs are still developing and susceptible to particulate matter

'Azadi Ka Amrit Mahotsav' celebration: Centre to release special category prisoners in three phases

'Azadi Ka Amrit Mahotsav' celebration: Centre to release special category prisoners in three phases

The Ministry of Home Affairs has proposed to give special remission to certain categories of prisoners and release them in three phases -- 15 August (Independence Day) this year, 26 January, 2023 (Republic Day) and again on 15 August, 2023

Surveillance department team raids Bihar Drugs Inspector residence, pile of cash seized

Surveillance department team raids Bihar Drugs Inspector residence, pile of cash seized

In the video, the officials were seen counting the bundles of notes of all denominations between Rs 100 and Rs 2,000 piled up on the table and bed