Why India needs a Snowden of its own

Big Brother is watching, across cyberspace and international borders. Meanwhile, the Indian government has few safeguards in theory and fewer in practice. There’s no telling how prevalent or extensive Indian surveillance really is.

Since the ‘Snowden revelations’, which uncovered the United States government’s massive global surveillance through the PRISM program, there have been reactions aplenty to their impact.

The Snowden revelations highlighted the issue of human rights in the context of the existing cross-border and jurisdictional nightmare: the data of foreign citizens surveilled and harvested by agencies such as the National Security Agency through programs such as PRISM are not subject to protection found in the laws of the country. Thus, the US government has the right to access and use the data, but has no responsibility in terms of how the data will be used or respecting the rights of the people from whom the data was harvested.

The Snowden revelations demonstrated that the biggest global surveillance efforts are now being conducted by democratically elected governments – institutions of the people, by the people, for the people – that are increasingly becoming suspicious of all people.

Adding irony to this worrying trend, Snowden sought asylum from many of the most repressive regimes: this dynamic speaks to the state of society today. The Snowden revelations also demonstrate how government surveillance is shifting from targeted surveillance, warranted for a specific reason and towards a specified individual, to blanket surveillance where security agencies monitor and filter massive amounts of information.

This is happening with few checks and balances for cross-border and domestic surveillance in place, and even fewer forms of redress for the individual. This is true for many governments, including India.

India’s reaction

After the first news of the Snowden revelations, the Indian Supreme Court agreed to hear a Public Interest Litigation requesting that foreign companies that shared the information with US security agencies be held accountable for the disclosure. In response to the PIL, the Supreme Court stated it did not have jurisdiction over the US government.

The response of the Supreme Court of India demonstrates the potency of jurisdiction in today’s global information economy in the context of governmental surveillance. Despite being upset at the actions of America’s National Security Agency (NSA), there is little direct legal action that any government or individual can take against the US government or companies incorporated there.

In the PIL, the demand that companies be held responsible is interesting and representative of a global debate, as it implies that in the context of governmental surveillance, companies have a responsibility to actively evaluate and reject or accept governmental surveillance requests. Although I do not disagree with this as a principle, in reality, this evaluation is a difficult step for companies to take.

For example, in India, under Section 69 of the Information Technology Act, 2000, service providers are penalized with up to seven years in prison for non-compliance with a governmental request for surveillance. The incentives for companies to actually reject governmental requests are minimal, but one factor that could possibly push companies to become more pronounced in their resistance to installing backdoors for the government and complying with governmental surveillance requests is market pressure from consumers.

To a certain extent, this has already started to happen. Companies such as Facebook, Yahoo and Google have created ‘transparency reports’ that provide – at different granularities – information about governmental requests and the company’s compliance or rejection of the same.

In India, P. Rajeev, Member of Parliament from Kerala, has started a petition asking that the companies disclose information on Indian data given to US security agencies. Although transparency by complying companies does not translate directly into regulation of surveillance, it allows the customer to make informed choices and decide whether a company’s level of compliance with governmental requests will impact his/her use of that service.

The PIL also called for the establishment of Indian servers to protect the privacy of Indian data. This solution has been voiced by many, including government officials. Though the creation of domestic servers would ensure that the US government does not have direct and unfettered access to Indian data, as it would require that foreign governments access Indian information through a formal Mutual Legal Assistance Treaty process, it does not necessarily enhance the privacy of Indian data.

As a note, India has MLAT treaties with 34 countries. If domestic servers were established, the information would be subject to Indian laws and regulations.

Snooping

The Snowden Revelations are not the first instance to spark a discussion on domestic servers by the Government of India.

For example, in the back-and-forth between the Indian government and the Canadian company RIM, now BlackBerry, the company eventually set up servers in Mumbai and provided a lawful interception solution that satisfied the Indian government. The Indian government made similar demands from Skype and Google. In these instances, the domestic servers were meant to facilitate greater surveillance by Indian law enforcement agencies.

Currently in India there are a number of ways in which the government can legally track data online and offline. For example, the interception of telephonic communications is regulated by the Indian Telegraph Act, 1885, and relies on an order from the Secretary to the Ministry of Home Affairs. Interception, decryption, and monitoring of digital communications are governed by Section 69 of the Information Technology Act, 2000 and again rely on the order of the executive.

The collection and monitoring of traffic data is governed by Section 69B of the Information Technology Act and relies on the order of the Secretary to the government of India in the Department of Information Technology. Access to stored data, on the other hand, is regulated by Section 91 of the Code of Criminal Procedure and permits access on the authorization of an officer in charge of a police station.

The gaps in the Indian surveillance regime are many and begin with a lack of enforcement and harmonization of existing safeguards and protocols. Presently, India is in the process of realizing a privacy legislation.

In 2012, a committee chaired by Justice AP Shah (of which the Center for Internet and Society was a member) wrote The Report of the Group of Experts on Privacy, which laid out nine national privacy principles meant to be applied to different legislation and sectors – including Indian provisions on surveillance.

The creation of domestic servers is just one example of how the Indian government has been seeking greater access to information flowing within its borders. New requirements for Indian service providers and the creation of projects that go beyond the legal limits of governmental surveillance in India enable greater access to details about an individual on a real-time and blanket basis.

For example, telecoms in India are now required to include user location data as part of the ‘call detail record’ and be able to provide the same to law enforcement agencies on request under provisions in the Unified Access Service and Internet Service Provider Licenses.

At the same time, the Government of India is in the process of putting in place a Central Monitoring System that would provide Indian security agencies the ability to directly intercept communications, bypassing the service provider.

Even if the Central Monitoring System were to adhere to the legal safeguards and procedures defined under the Indian Telegraph Act and Information Technology Act, the system can only do so partially, as both provisions create a clear chain of custody that the government and service providers must follow – that is, the service provider was included as an integral component of the interception process.

If the Indian government implements the Central Monitoring System, it could remove governmental surveillance completely from the public eye. Bypassing the service provider allows the government to fully determine how much the public knows about surveillance. It also removes the market and any pressure that consumers could exert from insight provided by companies on the surveillance requests that they are facing.

Though the Indian government could (and should) be transparent about the amount and type of surveillance it is undertaking, currently there is no legal requirement for the government of India to disclose this information, and security agencies are exempt from the Right to Information Act. Thus, unless India has a Snowden somewhere in the apparatus, the Indian public cannot hope to get an idea of how prevalent or extensive Indian surveillance really is.

Policy vacuum

For any government, the surveillance of its citizens, to some degree, might be necessary. But the Snowden revelations demonstrate that there is a vacuum when it comes to surveillance policy and practices. This vacuum has permitted draconian measures of surveillance to take place and created an environment of mistrust between citizens and governments across the globe.

When governments undertake surveillance, it is critical that the purpose, necessity and legality of monitoring, and the use of the material collected are built into the regime to ensure it does not violate the human rights of the people surveilled, foreign or domestic.

In 2013, the International Principles on the Application of Human Rights to Communications Surveillance were drafted, in part, to address this vacuum. The principles seek to explain how international human rights law applies to surveillance of communications in the current digital and technological environment. They define safeguards to ensure that human rights are protected and upheld when governments undertake surveillance of communications.

When the Indian surveillance regime is measured against these principles, it appears to miss a number of them, and does not fully meet several others. In the context of surveillance projects like the Central Monitoring System, and in order to avoid an Indian version of the PRISM program, India should take into consideration the safeguards defined in the principles and strengthen its surveillance regime to ensure not only the protection of human rights in the context of surveillance, but to also establish trust in its surveillance regime and practices with other countries.

Elonnai Hickok is the Program Manager for Internet Governance at the Centre for Internet and Society, and leads its research on privacy.

Matches

MORE TOP STORIES TODAY

Bangalore's arsenal blazes to victory

Bangalore's arsenal blazes to victory

Yuvraj Singh was back to his best in his first match for Royal Challengers Bangalore. More »

Time for Chennai to enter familiar cocoon

Time for Chennai to enter familiar cocoon

Chennai have been able to purchase batting replacements for the loss of Michael Hussey and spin reinforcements in the form of Samuel Badree. They appear… More »

Evenly matched Rajasthan and Hyderabad face-off

Evenly matched Rajasthan and Hyderabad face-off

A quality that defines Rajasthan and Hyderabad is consistency. Rajasthan was one among two teams to enjoy complete dominance at home last season. Hyderabad… More »

BCCI to meet before next court hearing

BCCI to meet before next court hearing

The BCCI will hold an emergent working committee meeting on April 20 to discuss the future course of action with regard to the Supreme Court hearing concerning… More »

Kallis, Narine star in Knight Riders’ crushing win

Kallis, Narine star in Knight Riders’ crushing win

An all-round display saw Knight Riders thump Mumbai Indians by 41 runs in the IPL-7 opener. More »

Gavaskar wants a clean IPL

Gavaskar wants a clean IPL

"Integrity is non-negotiable..." says the BCCI's interim chief ahead of Season 7 of the tainted league. More »

'Yak' Kallis still on top of his game

'Yak' Kallis still on top of his game

The 38-year-old South African veteran turned it on for Kolkata Knight RIders in the opening match of IPL-7. More »

Srinivasan named in fixing report: SC

Srinivasan named in fixing report: SC

The court emphasised that the tainted administrator can no longer work for the BCCI. More »

Yuvraj happy to play for RCB: Kohli

Yuvraj happy to play for RCB: Kohli

New-look RCB will play their first game of IPL-7 on Thursday. More »

Shane Watson issues moral warning

Shane Watson issues moral warning

'Everyone knows what is right and what is wrong and if you do the wrong thing it will be found out' More »

Why I'm not looking forward to the IPL

Why I'm not looking forward to the IPL

Welcome to another season of a league that many watch but few trust. More »

IPL: News Line

IPL: News Line

A round-up of all the news from this season of the IPL. More »

Johnson may quit T20s for Tests

Johnson may quit T20s for Tests

Australia's Mitchell Johnson may quit limited-overs cricket to prolong his test career with an eye on the 2015 Ashes series in England, the fast bowler… More »

Nepal players call off boycott

Nepal players call off boycott

Thaw in relations after formation of an advisory committee that would work in tandem with the Cricket Association of Nepal. More »

There's a lot going on: Fleming

There's a lot going on: Fleming

He experienced anxious moments in the lead-up to the tournament as the courts decided on whether to suspend the franchise, he said, but stressed that the… More »

Latif couldn’t work with tainted players

Latif couldn’t work with tainted players

Former Pakistan cricket captain Rashid Latif said Tuesday he turned down the job of national chief selector because he could not work with ex-players tainted… More »

We are not over-confident: Bailey

We are not over-confident: Bailey

Indian Premier League — George Bailey-led Kings XI Punjab will face Chennai Super Kings on Friday. More »

Big runs expected, with bat and ball

Big runs expected, with bat and ball

Royal Challengers Bangalore: Their main concern, once again, is the fast bowling More »

Taxing issue — BCCI hits roadblock

Taxing issue — BCCI hits roadblock

MoU between BCCI & its units to avoid double taxation delayed after a few decline to share details. More »

Black Caps pick rookie duo for West Indies

Black Caps pick rookie duo for West Indies

New Zealand selectors included two new caps in a 15-man Test squad named Tuesday to tour the West Indies, with injury-hit spinner Dan Vettori's future… More »

The stage is set for IPL-7 to start

The stage is set for IPL-7 to start

The Preview — Defending champions Mumbai Indians take on Kolkata Knight Riders More »

Srinivasan appeals to court to allow BCCI comeback

Srinivasan appeals to court to allow BCCI comeback

He was aggrieved by the allegations against him during the hearing. More »

India: cricket's Brazil

India: cricket's Brazil

They are tough to beat with a big talent base exposed to good facilities. (CYCSPL) More »

Delhi Daredevils say no to gifts

Delhi Daredevils say no to gifts

Franchises are doing their bit to refurbish the image of the tainted league. More »