The officials were in a mood to show off their new gadgets and requested Narayanan to place a call from his personal cell phone. As soon as he called his office, machines tucked away in a car parked at a distance started recording the call and the transcript of the conversation was played back to the NSA within hours. This was NTRO’s first demonstration of what an off-the-air GSM monitoring unit could do. Known across the world as ‘Stingrays’, these machines could intercept calls at will, provided they had the algorithms to decrypt codes that secured mobile communication.
Stunned, Narayanan told the officials to be careful with the new machine. Few among the officials present that day gave a thought to the fact that the new surveillance tools had consigned India’s archaic laws of surveillance to irretrievable state of redundancy.
As political temperatures rise over the alleged “snooping” on Congress Vice President Rahul Gandhi, it is a good time to review how vulnerable Indian citizens are to the dangers of surveillance by the state. As far back as the 4th century B.C Kautiliya’s Arthashastra built a case for surveillance of citizens as an essential tool of governance. By the 19th century, Imperial Great Britain had already given surveillance statutory status by passing the Indian Telegraphy Act of 1885 and the Indian Post Office Act of 1898 giving it adequate powers to intercept messages at will.
The Archaic Laws of Surveillance
Today, section 5(2) of the Indian Telegraph Act and section 69 (1) of the Information Technology Act virtually read the same, both giving the government enormous powers to monitor communications with minimal safeguards. Both mandate that surveillance can be ordered “…in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence…” The only rudimentary protection is accorded to “accredited” press correspondents and their phones can not be tapped: “Provided that press messages intended to be published in India of correspondents accredited to the Central Government or a State Government shall not be intercepted or detained…”
But surveillance in India and across the world has ensured that every facet of a citizen’s life can be tapped into by dipping into meta-data (data about data) and connecting the dots to form a complete picture where nothing remains private anymore. Citizens are willingly putting out enough data on social networks and sharing sensitive data with private corporations that can be easily accessed by governments legitimately.
A few weeks ago, a senior official in the Indian intelligence community told me how newly created units in the R&AW and IB are now monitoring social media networks regularly. While most citizens put out tweets and Facebook posts willingly, mining that data by the IB is now a routine matter. While the stated purpose to mine that data is to counter-terrorism, the parameters fed into online searches using special software occasionally reflect political considerations as well.
The special teams from the IB and R&AW worked with Indian software companies to create data management and mining tools that are being deployed regularly. If there was anything keeping them back, it is not the intent or the laws, but capabilities. Nearly a decade ago, a Bengaluru-based Indian IT company created a internet-monitoring software that was used by intelligence agencies like NTRO. By then DRDO had already started work on creating an indigenous system that could effectively monitor online data traffic in India and came up with NETRA, a rudimentary tool that gave the agencies some capacity for online surveillance. Unfortunately, NETRA had limited capacity and could process only 750 MB of data at a time. This forced agencies like the IB to break up the data into less than 1 GB, considerably slowing down the process to effectively monitor communications in real time.
The fact that this monitoring does take place is now known when two reports of the IB were leaked to The Indian Express last year. Reports that NGOs were under the surveillance of the Indian government created a major stir across the country. What went unnoticed in the leaked IB reports was a paragraph that stated that “online filters” at the “gateways” were in place to monitor the work of the NGOs under the scanner. This was the first publicly-available evidence that the IB had “filters” in place at the internet gateways to monitor what citizens were up to on a routine basis. Not only was this mass surveillance, it is also not clear if the agency had followed the established laws enshrined in section 69 (1) of the IT Act for setting up these “filters”.
The Radia Tapes
Ironically, the few cases of surveillance that have come to light, have always occurred through illegal leaks by insiders. The most famous case is of the Radia Tapes, when consultant Ms Niira Radia was put under surveillance for several months at the insistence of the Income Tax department. Starting some time in November 2008, nearly 18 phones were put under surveillance for two months. This continued well into 2009 and was only suspended when the general elections took place in April/May 2009. This was suspended, I was told, because the officials were worried that her dealings with several political leaders before the elections could be cause for trouble and therefore decided to suspend the interception of her phones for that period.
But between May and June, when the surveillance was re-started, it captured an array of fascinating conversations, some pertaining to the formation of the union cabinet, that sparked off a major debate in the aftermath of the 2G spectrum allocation scam. What most people missed was the fact that Ms. Radia was lobbying with leaders, corporates and journalists to ensure that Mr. A Raja of the DMK was re-appointed as union telecom minister much after the 2G spectrum had been allocated under questionable circumstances in late 2007. The same beneficiaries of the 2G spectrum were now keen to ensure that Mr. Raja was back in the saddle in the ministry of telecommunications and Information Technology.
The Radia Tapes, as they came to be known, threw up several questions about surveillance in India. Laws allow for 60 days of interception, which can be extended up to 180 days, provided a monitoring committee chaired by the union cabinet secretary reviews the orders and the material. he fact that the monitoring committee was convinced that the interception of Ms. Radia’s phones could continue on the grounds of “…preventing incitement to the commission of an offence”. However, the first raids on Ms Radia took place in December 2010, after Outlook and Open magazines published leaked excerpts of the intercepted calls.
So why were the authorities sitting on the over 8000 phone calls that were intercepted by the Income Tax authorities in 2008?
Why did the government state in the Supreme Court that they had not found any criminality in the near 8000 calls that they had intercepted between 2008 and 2009?
If there was no criminality, then why did the monitoring committee allow the phone calls to be intercepted for such a long time?
The absence of answers to these disturbing questions has only created doubts of the state’s intentions to be more transparent about the surveillance regime in India. In 2014, I filed a series of queries under the Right To Information Act seeking data about the efficacy of the monitoring committee. All I sought was some evidence that the monitoring committee was doing its job and ensuring that unnecessary phone taps and email interceptions were not being allowed. Even though I was only seeking meta-data about the workings of the committee to understand if it was following the law, the information was denied by Nipun Vinayak, an IAS officer posted in the Cabinet Secretariat. According to his order, even revealing whether the monitoring committee was following the law could jeopardise the safety and integrity of India!
Government Opaque, Citizens Transparent
So far, the government has ensured that citizens become more transparent while the state become more opaque. Post the Mumbai attack by Pakistani terrorists on 26/11, the government introduced a slew of measures to increase surveillance and collection of data. It brought in the NATGRID (National Intelligence Grid) that would connect 22 databases that collect citizen’s data. Within a year of starting the NATGRID project, the government added it it to the list of agencies exempt from revealing any information under the Right To Information Act. Similarly, other passive firms of surveillance like the unique identification project (AADHAR) continues despite the lack of a law and hostile observations by a standing committee of Parliament and the Supreme Court. The data collected under the unique identification (AADHAR) will be made available to intelligence agencies regularly.
The lack of any transparency, of either the laws or the current mechanism has ensured that citizens in India have no worthwhile safeguards against an intrusive government. This is further complicated by the lack of a Privacy Act, which could have ensured some protections to citizens. Unfortunately, last year, intelligence agencies met with officials of the Department of Personnel & Training and nixed any clause that could have curtailed their surveillance powers.
Ironically, while the Congress is crying hoarse over the alleged “surveillance” by the BJP-led NDA on its vice president Rahul Gandhi, it actually gave birth to some of the most opaque surveillance regimes in its 10-year rule at the centre. In July 2011, stung by the fall out of the Radia Tapes, the cabinet committee on security cleared a proposal to create a new surveillance regime called the Central Monitoring System (CMS) that would ensure greater opacity in in the monitoring of communications.
On August 23, 2013, then minister of state for telecom, Mr. Milind Deora informed the 229th session of the Rajya Sabha that the “CMS has been planned to automate the process of interception and monitoring for quick provisioning, maintaining better secrecy of targets and enhanced data analytical capabilities”. This meant that the government would now have sole access to all the intercepted communications. The minimal checks that the Telecom Service Providers could provide would also be kept out of the purview and only the government would know who was under surveillance. In one fell swoop, the government sanctioned a regime that will ensure that there is no third-party verification of the requests or the legality of the surveillance orders coming in on a routine basis. Added to this is the fact that agencies that are empowered to conduct surveillance (IB, R&AW, CBI etc) are either beyond any Parliamentary oversight or beyond the RTI Act, or both.
India & the Global Surveillance Regime
Across the world, surveillance regimes have become more sophisticated, trying to keep pace with new technologies of communication erupting out of labs every day. As standards of encryption and speed of data transfers improved, so did the surveillance technologies that came up. Post 9/11 when the Al Qaeda attacked the U.S, surveillance capabilities have grown in quantum leaps. Much of what is possible today has been revealed by Edward Snowden, a person who worked for the National Security Agency (NSA), the premier technical intelligence agency of the U.S.
The Snowden revelations have shown that the global surveillance regime is led by the U.S with four key allies – U.K., Canada, Australia and New Zealand – collectively known as the “Five Eyes’. Together, they dip into every available means of communication, at times working closely with global corporations to access data or develop technologies that will help them improve surveillance capabilities. The Snowden revelations have shown how India was the fifth-most targeted country for the NSA ad even its then principal opposition party, the BJP, was not spared. Interestingly, even after the BJP came to power in May 2014, it remained muted in its protests against the spying by the U.S.
However, an underbelly of the global surveillance regime that is rarely discussed is the role played by multi national corporations. As the work of investigative journalists like James Bamford has revealed, several corporations like U.S telecom major, AT&T have played a leading role in furthering global surveillance regimes. Leaks by AT&Y insider max Klein in 2006 led the American NGO, Electronic Frontier Foundation (EFF) to file a class action suit against some of these corporations. A year later, with the courts threatening to pass strictures, the George W Bush administration passed a law with retroactive effect to ensure that the corporations that had worked with the NSA closely were now protected from law suits. In India, AT&T’s role and relations with the Indian government was revealed last year.
Interestingly, the relationship between surveillance and intelligence agencies go a lot deeper. As Bamford’s work has revealed, members of the secret Israeli army outfit, Unit 8200 frequently start private companies that develop surveillance tools. Kobi Alexander, one such member of Unit 8200, founded two major companies that are leading providers of surveillance tools across the globe. One of their Indian entities, Verint Systems (India) Ltd. is a leading producer of surveillance systems in the country today with several central and state law enforcement agencies as its preferred clients.
Clearly, surveillance, though a necessary tool in these troubled times, can fundamentally change the relationship between the state and the citizen. Most western democracies have recognised this danger and ensured legislative and statutory safeguards to protect their citizens. Even the UK, from where India’s legal and statutory framework emerged, has moved on to creating such safeguards. In 1989 it passed the Security Service Act to reign in the powers of MI5. In 1994 it passed the Intelligence Services Act and the Regulation of Investigatory Powers Act in 2000.