MHA says 'snooping order' based on UPA-era IT rules, no new powers conferred on any security agencies

The Ministry of Home Affairs on Friday clarified that its recent order authorising 10 agencies to snoop on any computer in the country in the interest of national security is based on the UPA-era IT Act and the IT Rules 2009 that allow for surveillance by a competent authority and said all cases of surveillance will be placed before a review committee headed by the cabinet secretary.

The MHA said that the 20 December order doesn't confer any new powers to any of the security or law enforcement agencies, and that the notification was issued to notify the internet service providers (ISPs), tekecom service providers (TSPs) and intermediaries, etc, to codify the existing orders. Contrary to the accusations, the MHA said that the order in fact, ensures that due law is followed during any interception, monitoring or decryption of information throught any computer resource.

The order, the MHA said, has been passed in accordance with Section 69 of the Information Technology Act, 2000, read in accordance with rule 4 the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009. It said that "no new powers have been conferred to any of the security or law enforcement agencies by the order".

The MHA said "each case of interception, monitoring, decryption is to be approved by the competent authority, ie, the Union Home Secretary". It said that these powers are also available to the competent authority in the state governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009.

"As per rule 22 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, all such cases of interception or monitoring or decryption are to be placed before the review committee headed by Cabinet Secretary, which shall meet at least once in two months to review such cases. In the case of State governments, such cases are reviewed by a committee headed by the Chief Secretary concerned," the MHA added.

"The order authorises 10 central agencies, including the Intelligence Bureau, Central Bureau of Investigation and the Enforcement Directorate to intercept, monitor, and decrypt "any information generated, transmitted, received or stored in any computer".

The other agencies which have been authorised to "intercept, monitor and decrypt information" lawfully also includes the Narcotics Control Bureau (NCB), Central Board of Direct Taxes (CBDT), Directorate of Revenue Intelligence (DRI), National Investigation Agency (NIA), Cabinet Secretariat (RAW), Commissioner of Police, Delhi and the Directorate of Signal Intelligence. The DSI has been authorised to carry out surveillance only in service areas of Jammu and Kashmir, the North East and Assam, the source added.

 MHA says snooping order based on UPA-era IT rules, no new powers conferred on any security agencies

Representational image. AFP

According to official sources, the above notification will ensure that provisions of law relating to lawful interception or monitoring of computer resource are followed and if any, interception, monitoring or decryption is required for the purpose of national security, the same is done as per the due process of law and approval of competent authority, ie, the Union Home Secretary.

The recent government order will also allow the government to prevent unauthorised use of these powers, better compliance of existing provisions of law and rules as well as take action against miscreants posting unlawful material on social media platforms, sources said.

In recent times, several cases of posting of unlawful material have emerged on social media platforms to incite violence, crimes and even threats to senior functionaries, including Chief Justice of India.

The order, issued by the MHA, however, attracted criticism from Opposition leaders as well as the right to privacy activists, who have termed the order "unconstitutional, undemocratic and an assault on fundamental rights".

The Internet Freedom Foundation, which has been fighting to safeguard people's privacy, tweeted that "this order is unconstitutional and in breach of the telephone tapping guidelines, the Privacy Judgement and the Aadhaar judgment".

How the rules work

While Section 69 of the IT Act 2000, provides that Central Government or a State Government or any of its officers can direct any agency to intercept or decrypt any information for the purpose of national security, the IT Rules 2009, which was introduced by the UPA government, define the procedure and safeguards for such interception. While the IT Rules 2009 says that ‘no person shall carry out the interception or decryption of any information except by an order issued by the competent authority’. This competent authority, the rule says, "may authorise an agency of the Government to intercept or decrypt information".

So, while the UPA Government in 2009 made it compulsory that only authorised agencies can carry out surveillance, it did not give a list of the select authorised agencies. This left enough scope for unlawful and illegal surveillance.

"As per rule 22 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, all such cases of interception or monitoring or decryption are to be placed before the review committee headed by Cabinet Secretary, which shall meet at least once in two months to review such cases. In the case of State governments, such cases are reviewed by a committee headed by the Chief Secretary concerned," the MHA added.

With inputs from agencies

Updated Date: Dec 21, 2018 16:54:34 IST