India: New Monitoring System Threatens Rights
By Haman Rights Watch
10 July, 2013
Hrw.org
The Indian government should enact clear laws to ensure that increased surveillance of phones and the Internet does not undermine rights to privacy and free expression, Human Rights Watch said.
In April 2013, the Indian government began rolling out the Central Monitoring System (CMS), which will enable the government to monitor all phone and Internet communications in the country. The CMS will provide centralized access to the country’s telecommunications network and facilitate direct monitoring of phone calls, text messages, and Internet use by government agencies, bypassing service providers.
“The Indian government’s centralized monitoring is chilling, given its reckless and irresponsible use of the sedition and Internet laws,” said Cynthia Wong, senior Internet researcher. “New surveillance capabilities have been used around the world to target critics, journalists, and human rights activists.”
The Ministry of Communications and Information Technology announced in January 2011 that, “[s]teps will be taken to establish the Central Monitoring System, which will facilitate and prevent misuse of lawful interception facility.” However, the government has released very little information about what agencies will have access to the system, who may authorize surveillance, and what legal standards must be met to intercept various kinds of data or communications. India does not have a privacy law to protect against arbitrary intrusions on privacy, which might have addressed some of these issues.
Two laws address interception or access to communication data. The Information Technology (Amendment) Act, 2008, allows the government to “intercept, monitor, or decrypt” any information “generated, transmitted, received, or stored in any computer resource” in the interest of “sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States, or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence.” The colonial Indian Telegraph Act, 1885, also allows wire-tapping in conformity with guidelines that are supposed to act as a check on indiscriminate interception by the law enforcement agencies.
An expert group chaired by retired Justice A.P. Shah was created by the Planning Commission to set out principles for an Indian privacy law. In its report in October 2012, it concluded that the two laws were inconsistent on the“permitted grounds for surveillance, the type of interception that is permitted to be undertaken (monitoring, tracking, intercepting etc.), the type and granularity of information that can be intercepted, the degree of assistance that authorized agencies can demand from service providers, and the destruction and retention requirements of intercepted material.” These differences, it concluded,“have created an unclear regulatory regime that is nontransparent, prone to misuse, and that does not provide remedy for aggrieved individuals.”
Because the CMS was created without parliamentary approval, the government should convene a full public debate about the intended use of the system before proceeding.
The right to privacy is guaranteed under the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights, to which India is a state party. Article 17 of the covenant provides that, “(1) no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home, or correspondence, nor to unlawful attacks on his honour and reputation; (2) everyone has the right to the protection of the law against such interference or attacks.”
The term “correspondence” has been broadly recognized to cover all forms of communication, including via the Internet. The right to private correspondence thus gives rise to a comprehensive obligation on the part of the government to ensure that text messages, emails, and other forms of electronic communication are actually delivered to the desired recipient without arbitrary or unlawful interference or inspection by the government or by third parties.
In his report to the UN Human Rights Council in April, the special rapporteur on the promotion and protection of the right to freedom of opinion and expression underscored the importance of the role of governments in fully guaranteeing the right to privacy of all individuals, saying that without such guarantees, the right to freedom of opinion and expression cannot be fully enjoyed. In December 2009, the UN special rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism also emphasized that, “[s]urveillance systems require effective oversight to minimize harm and abuses,” including by requiring a warrant issued by a judge on a case-by-case basis.
“Surveillance tools are often used by governments and bureaucrats for political reasons instead of security purposes, and often in a covert way that violates human rights,” Wong said. “If India doesn’t want to look like an authoritarian regime, it needs to be transparent about who will be authorized to collect data, what data will be collected, how it will be used, and how the right to privacy will be protected.”
Indian activists have raised concerns that the CMS will inhibit them from expressing their opinions and sharing information. India has a poor record of protecting free expression on the Internet. In recent years, authorities have repeatedly used the Information Technology Act to arrest people for posting comments on social media that are critical of the government, put pressure on websites such as Facebook and Google to filter or block content, and impose liability on private intermediaries to filter and remove content from users.
Section 66A of the Information Technology Act – which deals with information that is “grossly offensive” or “has menacing character,” or causes annoyance or inconvenience – has been used repeatedly to arrest critics of the government. The law allows for up to three years in prison under this section. The Department of Information Technology promulgated vague implementing rules in 2011 that further required online service providers to restrict a range of information, including content that is “grossly harmful,” “disparaging,” “harm[ful to] minors in any way,” or that “threatens the unity, integrity, defence, security, or sovereignty of India.”
In April 2012, a university professor was arrested in West Bengal for circulating an email with pictures that poked fun at the state’s chief minister. In September, police in Mumbai arrested a political cartoonist, Aseem Trivedi, for his work focusing on political corruption. In October, police in Puducherry arrested a businessman for posting messages on Twitter questioning the wealth amassed by the son of the country’s finance minister.
In November, two girls were arrested in Maharashtra for a post on Facebook questioning the shutdown of their city following the death of a powerful political leader. Following the girls’ arrest, the central government issued an advisory to all state governments requiring prior approval from senior police officers for all arrests under section 66A. In May 2013, the Supreme Court directed all states to carry out the government’s advisory, making it mandatory for police to seek clearance from high-ranking officials.
In March 2013, a parliamentary standing committee on the 2011 Information Technology rules also noted how vague and ambiguous language such as “grossly harmful,” “defamatory,” and “obscene” could lead to harassment. It recommended defining terms in the rules to ensure that no new categories of crimes or offenses were created. It also noted that ambiguity in the rules regarding the liability of intermediaries, such as online service providers, encourages them to take down any content that could run afoul of vaguely worded prohibitions to avoid legal penalties. The standing committee expressed concern that this ambiguity could lead to censorship without due process.
“The authorities should amend the existing Information Technology Act and rules to protect free speech and expression, and be fully transparent about any surveillance system that might chill people’s willingness to share opinions and information,” Wong said.
Comments are moderated