A notification issued by the Union Ministry of Home Affairs on Thursday enabling 10 agencies to intercept, monitor and decrypt any information generated from any computer caused a political storm on Friday. Opposition parties, including the Congress, vociferously criticised the notification in Parliament, forcing adjournments.

Former Union Home Minister P Chidambaram said the order would destroy the structure of a free society. Communist Party of India (Marxist) general secretary Sitaram Yechury said the notifiation was a blatant violation of the constitutional right to privacy upheld by the Supreme Court.

However, the notification merely lists powers already available to the authorities in the Information Technology Act, 2000. Section 69 (1) of the Act provides the framework for such authorisation. The provision reads:

“Where the Central Government or a State Government or any of its officers specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may, subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.”  

This section was included in the Act through an amendment in 2008 brought in by the Congress-led United Progressive Alliance government. The Left parties were constituents of the alliance.

Thursday’s notification lists the agencies authorised to intercept, monitor and decrypt computer data. The Act provides a jail term of seven years for anyone who refuses to cooperate with the agencies.

The notification does not mean that the agencies can take over computers without basis. A separate authorisation by the competent authority, in this case the Union Home Ministry, may be essential for any attempt to access a computer in a particular case.

The subsequent provision of the Act in 69 (2) says that the procedure and safeguards for the manner in which such interception and monitoring can be done “shall be as such may be prescribed”. This was framed in October 2009 and is available on the website of the Ministry of Electronics and Information Technology.

According to these rules, if direct authorisation from the competent authority is not possible in a particular situation, an officer not below the rank of joint secretary enabled by the authority can provide orders for surveillance. There are exceptions provided for extraordinary circumstances in remote areas, where other officers can authorise.

This is what Union Finance Minister Arun Jaitley pointed to on Friday, when he said that the Opposition was making a mountain out of a molehill. The question, however, is whether a notification listing the 10 agencies has been issued earlier, as has been claimed by the Centre. Officials of the Delhi police said this seemed to be a fresh order formalising the use of the IT Act provisions. Asked if this meant the agencies need not ask for authorisation in every case since a blanket order has been issued, the officer said that this needs clarification.

It is also relevant to remember that India still does not have a data protection law to regulate the processing of information relating to individuals and to prohibit the disclosure or misuse of such information. However, a draft law framed by the Justice Srikrishna Commission in July provided extraordinary powers to the state and has waived consent for certain types of data processing by the state.