Surveillance laws in IndiaDate: 17 November 2019 Tags: Bills & Laws
Many publications had reported that phones of several dozen Indian journalists, lawyers and human rights activists had been compromised using an invasive Israeli-developed malware called Pegasus.
In 1996, the Supreme Court noted that there was a lack of procedural safeguards in the Indian Telegraph Act. It laid down some guidelines that were later codified into rules in 2007.
There are legal routes to surveillance that can be conducted by the government. The laws governing this are the Indian Telegraph Act, 1885, which deals with interception of calls, and the Information Technology (IT) Act, 2000, which deals with interception of data.
Under both laws, only the government, under certain circumstances, is permitted to conduct surveillance, and not private actors.
Hacking is expressly prohibited under the IT Act. Section 43 and Section 66 of the IT Act cover the civil and criminal offences of data theft and hacking respectively. Section 66B covers punishment for dishonestly receiving stolen computer resource or communication.
The punishment includes imprisonment for a term which may extend to three years.
The rules state that only the competent authority can issue an order for the interception, monitoring or decryption of any information generated, transmitted, received or stored in any computer resource (mobile phones would count).
The competent authority is once again the Union Home Secretary or State Secretaries in charge of the Home Departments.
Right to Privacy
The Supreme Court in a landmark decision in August, 2017 (Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Others) unanimously upheld right to privacy as a fundamental right under Articles 14, 19 and 21 of the Constitution.
Data protection law
The government constituted a Data Protection Committee under retired Justice B.N. Srikrishna. It held public hearings across India and submitted a draft data protection law in 2018 which Parliament is yet to enact.