Apple vs FBI: The newer forms of government surveillance and their legality in India

By Asheeta Regidi

The recently passed Aadhaar law and the ongoing Apple vs. FBI battle has put the focus on government surveillance again. The Apple vs. FBI battle has come to an end today, after FBI said that it was able to get the data from the encrypted iPhone on its own.

The FBI was, in effect, attempting to gain lawful access to every individual’s iPhone, using software as the means. Even in India, this reveals the possibility of using software in government surveillance in the future. All the government would have to do is get smartphone users to download an app, either by a mandate through the law, or in the name of convenience, and in this way gain access to every individual’s smartphone.

For example, consider if certain governmental subsidies were allowed, or mandated through a smartphone app. The public would be quick to install such an app. Attempts to force the cooperation of service providers abroad, like Twitter and Apple to provide data on the request of the government were made in India’s now withdrawn draft encryption policy. Such cooperation will no longer be required if the government acquires direct access to smartphones.

Controversial Government Surveillance Activities in India
The government isn’t always the enemy. Data requests are very essential for the purposes of investigation. For example, assume a person has been kidnapped, and during investigation the police finds the victim’s iPhone. Breaking into the iPhone would be crucial at this point, and will have to be done fast, so any information that can reveal the whereabouts of the victim can be retrieved. This is the reason why data retention laws are in force everywhere, including India. The CCTV surveillance cameras installed everywhere have played a huge role in increasing people’s feeling of security.

The problem is that Edward Snowden’s revelations regarding National Security Agency’s mass surveillance activities in the US have left the people with a deep mistrust of the government. In the US, there have been reports of Black Americans fearing that if the FBI would obtain the iPhone software it was requesting, it could be used to further anti-Black state surveillance activities which were said to be conducted. Similar fears of surveillance have arisen in India as well. Take for example the Snoopgate scandal, where surveillance activities such as telephone tapping were allegedly conducted against a woman by the state government.

India has its own share of controversial mass surveillance projects similar to those of the NSA. The Central Monitoring System gives complete access to every person’s calls, text messages, personal e-mails, web searches and also the mobile phone’s location. It was reported that the Central Monitoring System will become operational this year. Another controversial mass surveillance project is DRDO’s internet surveillance system called ‘NETRA’, which can identify words like “bomb”, “blast”, “attack” or “kill” from e-mails, chat messages and tweets available on the internet. This means that all such mails and messages, including communication on Voice-over-IP, will be under the scrutiny of this system.

Is Surveillance Legal under Indian Laws?
Surveillance activities are permitted under Indian laws. These laws authorise specific surveillance under certain circumstances. Interestingly, not one of these laws authorise mass surveillance activities, such as those described above.

Even the specific surveillance permitted is not without problems. For example, Section 69 of the Information Technology Act, 2000 permits the government to intercept, monitor or decrypt any information on a computer device, such as a personal computer or a smartphone. It lists the circumstances under which this can be done, such as for the protection of India’s security or sovereignty, or to prevent the commission of such an offence, or to investigate any offence. There is no clear outline as to what constitutes a ‘threat to India’s security’, or what ‘offences’ may be investigated under this clause.

Section 69B of the IT Act permits the monitoring and collection of information for the purposes of ‘cybersecurity’. This term is very vaguely defined as the protection of any information or computer from unauthorised access, use or disclosure. On a mere suspicion that a person has breached ‘cybersecurity’, he may be monitored under this section.

Telephone tapping is permitted under Section 5(2) of the Indian Telegraph Act, in circumstances of ‘public emergency’ or threat to ‘public safety’. In People's Union for Civil Liberties (PUCL) v. Union of India, ‘public emergency’ was defined as a sudden condition of affairs which affects a large number of people, and ‘public safety’ as the condition of freedom from danger to people at large. The Supreme Court in this case considered that these situations would be apparent to any reasonable person. Despite the precautions of the Supreme Court, it is clear that surveillance activities can still be performed in situations which are not ‘apparent to the reasonable man’, as evidenced by the Snoopgate scandal.

Invasion of our Right to Privacy by authorised surveillance activities is legal
Without a doubt, surveillance activities invade your right to privacy. The right to privacy has been guaranteed as a part of the right to life under Article 21 of the Constitution of India. In the PUCL case, the Supreme Court held that the right to hold a telephone conversation in the privacy of your phone is certainly a part of the right to privacy. However, for the purposes of surveillance, an interference with this right was permissible. The only safeguard was that the surveillance be authorised, following prescribed procedures.

An examination of the so-called procedural safeguards prescribed under the Indian surveillance laws described above, reveals that they are completely inadequate. The reasons for the surveillance are to be recorded, the directions to conduct surveillance are to be reviewed internally, and maximum periods for carrying out the surveillance activities are prescribed. The government is under no obligation to reveal its reasons for carrying out the surveillance activities. A person who feels there was an unwanted intrusion by the surveillance activities can only question if the surveillance was authorised. If it was not authorised, then the rules provide a remedy. If it was authorised, however, there will be no remedy whatsoever. The complete lack of outside scrutiny for the conduct of these activities, and the lack of accountability to the public make these activities completely opaque and unquestionable.

The thing that is missing in all surveillance activities is the right balance between concerns of national security and individual privacy. Achieving this, however, maybe easier than tackling the larger problem at hand, people’s absolute lack of trust in the government. The problem with FBI’s stance on the Apple vs. FBI issue was not that FBI was seeking access to just the one iPhone. While the importance of data retention and protecting national security is without question, governments will first have to tackle the bigger issue of regaining people’s trust.

Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to and hit the Subscribe button.

also see