Logo

Defender of your Digital Freedom

Home > All > Look Who’s Watching

Look Who’s Watching

Mar 05,2012 | 01:45 am

Do you think someone is looking over your shoulder as you type an email, buy grocery or fill a simple raffle for that fair you visited with your child? As you give information to medical health providers or banks or airlines, do you get the feeling you are being monitored? Sounds like the conspiracy theory to beat all urban legends. Read on…

In India the right to privacy debate on monitoring of communications was addressed by the Hon’ble Supreme Court of India in the PUCL case. This case dealt with the issues of telephone tapping and guidelines were prescribed on the procedure for issuing telephone tapping orders. These guidelines were adhered to while substituting Rule 419 A of the Indian Telegraph Rules, 1951 in March 2007. Thereafter, these guidelines were incorporated by the Government in the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 that prescribed the procedure to be followed while issuing orders for monitoring information on the Internet.

However, we see attempts being made by the Government to bye-pass these safeguards by means of a loop-hole in the Information Technology Act, 2000 (IT Act) and the rules notified in 2011 under the IT Act. To unravel this Gordian knot we need to refer to Section 28 of the IT Act. Under this section, the Controller of Certifying Authority (CCA) is empowered to investigate contraventions of the provisions of the IT Act. This power becomes potent when seen in the light of the Information Technology (Reasonable security practises and procedures and sensitive personal data or information) Rules 2011. When Section 28 is read with the proviso of Rule 6 of the aforementioned Rules: it essentially translates into the CCA having the power to obtain information, including sensitive personal information, from any company or body corporate, albeit at the request of government agencies. This power to obtain information from intermediaries is again explicitly provided under sub-rule (7) of Rule 3 of the the Information Technology (Intermediaries guidelines) Rules, 2011.

A reasonable reading of the title of Chapter VI of the IT Act (under which the subject of the Regulation of the CCA is dealt with ) seems to convey that this is an authority that deals with the Licensing of Certifying authorities that grant Electronic Signature Certificates. Until, of course, you read Section 28. Even then it does not amount to much until you dig further into the various rules that have been passed under the IT Act. So the question that comes up is: how can the government seek to deprive us of our right to privacy as simply as this. We have been asking this over and over again. These rules are made by the executive. They are made to help in the smoother functioning of any act of the parliament. However, at least, in the case of the IT Act they definitively override the mandate provided by the legislature. And so today the government agencies can seek any information regarding any person from a body corporate by sending a request to the CCA . The body has to oblige the CCA or face a stiff penalty. This incidentally is in violation of the law laid down by the Supreme Court of India on the right to privacy. It means any data belonging to you and me can be accessed by the CCA and in turn the government agencies.

So what happens if the body corporates refuse? Under Section 44 ( A) of the IT Act they can be slapped with asteep fine just as Yahoo India was. At the time of writing this blog, the case is sub-judice and hence it will be difficult to comment, but we at sflc.in wanted to find out more.

On January 10 2012 we sent an RTI to the Office of the Controller of Certifying Authority. We specifically requested for the following information:

  1. Number of requests received in the last three years, by the CCA from government agencies like the Intelligence Bureau , Ministry Of Home Affairs etc.
  2. Number of notices issued by the CCA under Section 28 of the IT Act in the last 3 years.
  3. Names of the recipients of notices under Section 28.
  4. Names of body corporates on whom a fine under Section 44 (A) has been imposed.
  5. Information on the methodology of scrutiny of requests from government agencies. Any rules or guidelines regarding the same.

We received areply to this RTI vide a letter dated February 8, 2012. We were told in this reply that as far as questions 1, 2 and 3 were concerned the CCA needed permission from the concerned government agencies to disclose this information . Further the response of the government agencies concerned was awaited. In response to question no. 4 we have been informed that only Yahoo India has been fined under Section 44 (A) of the IT Act. Question no.5 has elicited the response that matter concerning our query is in a confidential file and hence cannot be disclosed.

Further on March 2, 2012we received another reply to our RTI application whereby we were informed that as the CCA had sought approval from the concerned agency they could give us further information. This reply revealed that 73 ( seventy three ) notices were issued by the CCA under section 28 of the I.T. Act, in the last three years. This reply also informed us that notices have been issued to Yahoo India, Google, AOL, Facebook, Orkut and Hotmail.

While we at sflc.in shall follow the procedures provided by the Right to Information Act to find out more and dig a little deeper, it does surprise us that the CCA does not think that it is bound even by the Right to Information Act to disclose or refuse disclosure of information. Either that or our questions have made them uncomfortable and they have replied in the vaguest possible manner.

But if names like Yahoo, Google, Facebook, Orkut , Hotmail or AOL sounds familiar then we suggest you reread what is said above.

When Copyright Tramples on the Right to Freedom of Expression

Vimeo, Pastebin, Piratebay and many other sites were blocked for over a month in India. There was lot of clamour ...

Vimeo Block Not Ordered by DOT

Many websites like Vimeo.com, pastebin.com and thepiratebay.se have been blocked in India for nearly a month now. The message shown ...

Curtailing the Right to Information

Freedom to have access to information, as a right, is essential for the functioning of a transparent and accountable democracy. ...

Unravelling NATGRID

National Intelligence Grid(NATGRID), established under Ministry of Home Affairs of the Government of India, aims to consolidate data gathered by ...

The Caravan Injunction And How the New IT Rules Could Make It Easier for the Arindams of the World

The Caravan magazine issued a press release yesterday on the defamation suit filed by Indian Institute of Planning & Management(IIPM) ...

Censored by the Intermediary

The Indian Express, during the time of emergency, published its newspaper with a blank editorial page to protest against the ...

The BlackBerry Emergency

According to the Government of India, private service providers like AirTel and Vodafone are failing in their legal obligations under ...

Government Refuses To Reveal Phone Interception Procedure

On 10th January 2014, several Indian national newspapers ran reports on a fresh set of procedures for interception of telephones ...

RTI reveals expenditure/organizational details of the 3rd Annual IGF Meeting held at Hyderabad

The Tunis Agenda envisaged convening the Internet Governance Forum (IGF) as a multi-stakeholder platform to discuss public policy issues related ...

DEITY provides list of sites blocked in 2013, but withholds orders!

Sri.Kapil Sibal, Hon'ble Minister of Communications & Information Technology informed the Lok Sabha on Dec 11, 2013 that the Government ...