Central Monitoring System - A legal viewpoint
The last few weeks have seen intense debate in the public domain pertaining to the Central Monitoring System (CMS) or a wide-ranging surveillance programme that will give its “security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament”.
We need to appreciate that monitoring of electronic communications is an integral part of sovereign functions of a sovereign nation, and nations across the world utilise the same for the purposes of protecting and preserving their sovereignty, integrity and security.
In the year 2000, the Indian cyberlaw had only provided for electronic interception under Section 69 of the Information Technology Act, 2000. However, the Act was amended pursuant to the 26/11 Mumbai terror attacks in 2008i. These amendments have given unprecedented powers of interception, monitoring, decryption and blocking to the governments, both Central and State, in respect of all electronic information generated, transmitted, received or stored in any computer resource.
As per law, the Central Government or State Government shall monitor any electronic communication passing through any computer resource. Sections 69 and 69B of the amended Information Technology Act, 2000 has stipulated the various grounds for electronic monitoring.
It states that when the Central Government or State Government, is of the opinion that it is so necessary or expedient to do so in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may direct electronic monitoring of any electronic communication passing through any computer resource in India.
Further, the Government of India also, came up with the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.
The said Rules 2009 clearly shows that for the purposes of monitoring, appropriate prior approval of the competent authority needs to be obtained. The competent authority in the case of Central Government means the Secretary in the Ministry of Home Affairs and in the case of State Government, means the Secretary in charge of the Home Department.
There are large number of legal, policy and regulatory issues concerning Central Monitoring System.† First and foremost, doing monitoring at a mass level requires enabling legal framework.† At a time when Sections 69 & 69B of the Information Technology Act, 2000 have been drafted, keeping in mind specific instances of monitoring, the provisions of the Information Technology Act, 2000 would not really help in a mass scale monitoring phenomenon.†
Further, at the time of writing, there is no enabling Act passed by Parliament authorising such mass scale monitoring and as such, such an exercise could run foul with Article 21 of the Constitution of India.† The right to privacy, which is the integral part of the right to life, can only be deprived in accordance with procedures established by law. It remains to be seen how Central Monitoring System is a procedure established by law, given the intrinsic deficiencies of Sections 69 & 69B of the Information Technology Act, 2000.†
There are going to be certain fundamental issues and challenges such as, how the government is going to be transparent, who will be authorised to collect data, what data will be collected, how it will be used, and how the right to privacy will be protected.
One of the biggest challenges of Central Monitoring System could be that it could be amenable to potential abuse and misuse. No rules have been stipulated by the Government which details various steps to be taken so as to ensure that the potentiality of abuse under CMS gets reduced to the barest minimum possible. Further, the propagation of Central Monitoring System is likely to introduce a fear psychosis in the minds of the people, where omnipotent state peeps through all valuable private space of individuals on the ground of national security and national interest.
As time passes by, it will be important to appreciate that while surveillance would be essential for sovereign functions, it will have to be balanced with the need for protection and preservation of civil rights and liberties. Further, effective checks and balances need to be put in place to ensure that surveillance mechanisms should not be misused or abused.
*† The Central Monitoring
System (CMS) was announced in 2011 but there has been no public debate and the government has said little about how it will work or how it will ensure that the system is not abused.
*† The government started to quietly roll the system out state by state in April this year, according to government officials. Eventually it will be able to target any of India's 900 million landline and mobile phone subscribers and 120 million Internet users.
* Telecommunications ministry, which will oversee CMS, said making details of the project public would limit its effectiveness as a clandestine intelligence-gathering tool.
(The writer is a Supreme Court advocate and President of cyberlaws.net)