Even as the controversy over the Government of India allegedly deploying Pegasus spyware to snoop on top politicians, journalists, activists etc refuses to die down, the Ministry of Home Affairs has sprung a surprise saying it maintains no data of lawful interceptions made by authorised intelligence/law–enforcing agencies.
In a written submission before the Central Information Commission, the MHA explained its inability to provide information called for by an applicant on the details of phone tapping by 10 agencies during a certain period saying it does not maintain any statistical information/data related to lawful interception and monitoring and that the desired information is not available.
The Union Ministry made it clear that such records were weeded out every six months in compliance with the provisions under Section 5(2) of the Telegraph Act, 1885, and Section 69 of the Information Technology Act, 2000. The subject matter being highly classified information, minimal records were maintained and statistical data was not compiled.
The MHA in its affidavit to the CIC said records pertaining to directions for interception and of the intercepted messages were destroyed every six months unless such data was required for functional requirement. Explaining the power of interception in larger national interest in preventing terrorism, drug trafficking and busting of narcotic drugs racket, it placed reliance on a list of cases where major cases were detected/cracked by the use of the laid down procedure of interception.
The case arises out of a petition calling for the number of lawful interceptions made by the 10 agencies between January 1, 2016 and December 27, 2018. The MHA’s Public Information Officer and the First Appellate Authority declined the information sought by claiming exemption under Section 8(1)(a), (g) and (h) of the RTI Act, 2005.
However, the CIC in its May 2021 order made it clear that the information called for by the petitioner was not exempted under Section 8 or 9 of the Act since it was mere disclosure of statistical information. “Since the Appellant has not sought any personally identifiable information in respect of any individual, or even the locations in which the orders under Section 69 of the IT Act were passed, there is no question of endangering the life or physical safety of any person. The information sought by the Appellant does not seek disclosure of any assistance given in confidence for law enforcement and security purposes either,” Chief Information Commissioner Y.K. Sinha wrote and remanded the case back to the FAA, Joint Secretary, Cyber & Information Security, MHA, to revisit the matter and pass orders.
Complying with the CIC order, the FAA passed an order a couple of months later, this time not claiming exemption under the Act from disclosure of information called for by the petitioner, but on the grounds that the information was destroyed and hence not available. The FAA also contended that “on the surface, any statistical data may seem benign, but when data is aggregated, analysed and interpreted with respect to context, its sensitivity escalates. Therefore, deniability of statistical information should be seen in the wider context of totality of fact and circumstances of the case and not in isolation”.
Highly classified information
Justifying the non–availability of information sought by the petitioner, the FAA said lawful interception & monitoring was governed by Section 5(2) of the Telegraph Act, 1885, and Section 69 of the Information Technology Act, 2000. “These are highly classified information and therefore minimal records are maintained…Since information sought is not available as on date, the same cannot be provided.”
Aggrieved by the second decision of the FAA, the petitioner moved the CIC challenging it. After hearing both sides, Mr. Sinha ruled on January 28, 2022 that the information sought in the case, though not exempted under Section 8 or 9 of the RTI Act, was not held by or under the control of the public authority.
Such information falls within the exclusive jurisdiction of the specified 10 agencies empowered to utilise and exercise the powers under Section 69 of the Information Technology Act, 2000, subject to approval of the competent authority as per the provisions of law, rules and Standard Operating Procedure. Therefore, the MHA could not be considered as the actual custodian of information nor responsible for dissemination of the information under the purview of the RTI Act.
The CIC directed the PIO to submit an affidavit affirming that the MHA does not maintain any statistical information/data, related to lawful interception & monitoring and that the desired information was not available as on date and hence the same cannot be provided to the petitioner.
