The story so far: Amid several Opposition leaders moving a privilege motion against Union Minister for Information Technology and Telecom Ashwini Vaishnaw over the Pegasus row, the government has continued to maintain that no ‘unauthorised snooping’ was done and that the time-tested processes in the country are well-established to ensure that unauthorised surveillance does not occur.
What is the Pegasus issue?
The controversy broke out in July last year when a group of news publications reported that the Israeli firm NSO Group’s software was being used to snoop on journalists, politicians and activists in several countries, including India. When the issue was raised by the Opposition in Lok Sabha, Mr. Vaishnaw said the “time-tested procedures of our country are well-established to ensure that unauthorised surveillance cannot occur”, and that the company whose technology was allegedly used had denied the claims.
Explained | Pegasus and the laws on surveillance in India
What’s the Central government’s stand?
In August 2021, the Ministry of Defence informed the Parliament that it did not have any transaction with the NSO Group. When the matter came before the Supreme Court, in its six-page affidavit, the same month, the Ministry of Electronics and Information Technology denied the allegations of unauthorised snooping. However, it did not address the question whether India had bought the software.
Pegasus row | No unauthorised snooping was done, insists Centre
What are the legal provisions that authorise interception and monitoring?
Under Section 5(2) of the Indian Telegraph Act, read with Rule 419-A of the Indian Telegraph Rules, lawful interception and monitoring is allowed by authorised law enforcement agencies with the approval of the competent authority, in the interest of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence.
Section 69 of the Information Technology Act empowers the Central/State government to intercept, monitor or decrypt or get intercepted, monitored or decrypted, any information generated, transmitted, received or stored in any computer resource.
Again, such actions are to be taken in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any associated cognisable offence or for investigation of any offence.
What are the procedures followed?
Rule 419-A provides that directions for interception of any message or class of messages under Section 5 (2) of the Indian Telegraph Act have to be approved by Union Home Secretary at the Centre and Home Secretary in States. In unavoidable circumstances, such an order may be made by an officer not below the rank of a Joint Secretary to the Indian government, duly authorised by the Union Home Secretary, or the State Home Secretary, as the case may be.
In remote areas where getting a prior approval is not feasible, or for operational reasons, where obtaining of prior directions is not feasible, the interception can be carried out with the approval of the head or the second senior most officer of the authorised security agency at the Central level and the officers authorised in this behalf, not below the rank of Inspector General of Police at the State level.
In such cases, the competent authority has to be informed of such interceptions by the approving authority within three working days and such interceptions have to be confirmed by the competent authority concerned within seven working days. If the confirmation is not received within the stipulated time period, the interception has to cease.
The directions for interception remain in force for a period not exceeding 60 days from the date of issue and may be renewed, but cannot remain in force beyond 180 days.
Which agencies are authorised by the competent authority in the Central government?
The Intelligence Bureau, the Narcotics Control Bureau, the Enforcement Directorate, the Central Board of Direct Taxes, the Directorate of Revenue Intelligence, the Central Bureau of Investigation, the National Investigation Agency, the Cabinet Secretariat (R&AW), the Directorate of Signal Intelligence (for service areas of Jammu & Kashmir, North East and Assam only) and the Delhi Police Commissioner are authorised under the Information Technology Act. The Indian Telegraph Act empowers the above nine Central agencies, apart from Director General of Police, of concerned State/Commissioner of Police, Delhi for Delhi Metro City Service Area.
What are the safeguards against unauthorised interception?
Unlawful or unauthorised interception is a punishable offence under Sections 25 and 26 of the Indian Telegraph Act, with imprisonment for a term that may extend up to three years, or with fine, or with both.
Any interception, monitoring or decryption of information from a computer resource can be done only by the authorised agencies and subject to the safeguards provided in Rule 419-A and Rule 22 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, besides the relevant Standard Operating Procedure.
Rule 419-A makes a provision for review committees headed by Cabinet Secretary at the Centre and Chief Secretary in States. The review committee determines if the directions for interception are in accordance with Section 5(2) of the Act. In case it finds that the orders are not legal, it has the power to set aside the directions and order for the destruction of the copies of intercepted message (s).
As per Rule 22, all cases of interception, monitoring or decryption of information through computer resource are also to be placed before the review committee.
