Hours after a late night government order on Thursday giving open ended powers to ten security and intelligence agencies for ''interception, monitoring and decryption'' of data in a computer device ran into controversy, the Union home ministry issued a clarification saying no new powers have been conferred to any of the security or law enforcement agencies. Importantly, the MHA clarified that each case of interception, monitoring, and decryption is to be approved by the competent authority i.e. the Union home secretary.
Meanwhile, home ministry sources said since existing provisions in the IT and Telegraph Act did not have explicit provisions to deal with ''stored data'' in devices such as computer, thumb drive, CD or handset memory, the fresh order was an attempt to streamline the process.
The latest order is in line with the IT rules, and the notification has been issued to notify the internet service providers (ISP), telecommunications service providers (TSP), and intermediaries to codify the existing orders.
"As per rule 22 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, all cases of interception or monitoring or decryption are to be placed before the review committee headed by cabinet secretary, which shall meet at least once in two months to review such cases. In case of state governments, such cases are reviewed by a committee headed by the chief secretary concerned,'' said the MHA.
''These powers are also available to the competent authority in the state governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules ,'' it said.
According to rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, “The competent authority may authorise an agency of the government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource.”
Home ministry officials said the fresh order makes it clear which agencies can approach the Centre and state governments for permission, and it will also ensure that any interception, monitoring or decryption of any information ''through any computer resource'' is done as per due process of law.
- Privacy scare: Apple halts Siri response grading programme
- Apple contractors regularly listen to your recorded Siri conversations
- US slaps $5 bn fine on Facebook for privacy violations
- Is Google, Facebook keeping a tab on your porn-viewing habits?
- Is FaceApp really spying on you? No more than Facebook, says researcher
''The notification clarifies the agencies authorised to exercise these powers and preventing any unauthorised use of these powers by any agency, individual or intermediary. It will also ensure that provisions of law relating to lawful interception or monitoring of computer resource are followed and if any interception, monitoring or decryption is required for purposes specified in Section 69 of the IT Act, the same is done as per due process of law and approval of competent authority i.e. Union home secretary, ''said the MHA spokesperson.
Government officials said with increasing cyber crimes and terror agencies using the digital medium to further unlawful activities, the Union home ministry felt the need to streamline the powers to Central law enforcement agencies as well as the intelligence agencies like Intelligence Bureau and Research and Analysis Wing to access the data in the digital form.
The fresh government order has been generating huge speculation whether the government was doing away with the powers of the home secretary who alone can authorise interception at the Central level. This clearance by home secretary then goes to another level—a committee headed by cabinet secretary and comprising of telecom secretary and secretary legal affairs which reviews orders for tapping issued by the home secretary.
In cases of tapping without prior permission in emergency situations, the agency concerned needs to bring it for approval within 72 hours. If the request is declined, the agency has to delete the recorded data.
Much debate and discussion has been triggered on the impact of the government order on citizens and their right to privacy. Incidentally, the order has also come close on the heels of a recent phone tapping episode that raised heckles in the security establishment as the alleged surveillance involved three top intelligence agencies—RAW, CBI and ED. During its probe into the bribery allegation against CBI special director Rakesh Asthana, the CBI had stumbled across conversations of a top RAW officer and Asthana when the anti-corruption bureau sleuths were “listening” to some secret conversations. Earlier, the same RAW officer in question had been linked to a report generated against an ED officer. The episode had caused many a red face within the agencies as questions were raised on the due process of authorisation of surveillance.
With the government clarifying that all ten agencies need to follow the procedures listed for surveillance, it remains to be seen if it solves some problems. The agencies that are allowed interception and monitoring of data are: ED, CBI, RAW, IB, Narcotics Control Bureau, Central Board of Direct Taxes, DRI, NIA, Directorate of Signal Intelligence (for service areas of Jammu and Kashmir and Northeast) and the Delhi police commissioner.