The law often allows what honor forbids. This expression perfectly describes the new technology surveillance programme of the Indian government known as Centralized Monitoring System (“CMS”) envisaged by Telecom Enforcement, Resource and Monitoring and Centre for Development of Telemetics. CMS enables blanket surveillance of all private phone calls, messages, emails and other communications and empowers certain designated agencies like CBI, IB, NIA and SEBI to have access to content and non-content data without consent or intimation of the concerned person. The Government justifies such privacy invasion on the pretext of caution, the golden rule of criminal jurisprudence, without laying down any strong procedural and substantive law in this regard.

India lacks a comprehensive legislation regulating the activities of the surveillance programmes and presently all the programmes drive their powers from the Indian Telegraph Act, 1885 (“Telegraph Act”) and the Information Technology Act, 2000 (“IT Act”). Section 5(2) of the Telegraph Act, r/w Rule 419A of Indian Telegraph Rules, 1981 allow the government to intercept, monitor and decrypt any messages and makes provision for phone tapping. Besides this, Section 69 and 69B of the IT Act r/w Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 and Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009, respectively, further provide the government with the power to intercept, monitor and decrypt any information generated, transmitted, received and stored on any computer system; and to monitor and collect any traffic data, i.e. data identifying the person, computer system and its location. Such interception, monitoring, collection and decryption of information and data can only be done by the order of Secretary, Ministry of Home Affairs at the Centre and Secretary in charge of the Home Department at the State level.

It is imperative to note that the surveillance provisions of the Telegraph Act enacted by the British are to a far extent replicated in the IT Act and therefore suffer from similar despotic character. Both the legislations provide that the state can assume power to intercept or decrypt any message if the concerned Secretary is satisfied that it is necessary or expedient to do so in the interest of sovereignty and integrity; security of state; friendly relations with foreign states; public order; and for preventing incitement to the commission of an offence, without elaborating much on the procedure required to do so. However, the Telegraph Act provides that ‘public emergency’ and ‘public safety’ are sine qua non for the application of section 5(2) of the Telegraph Act whereas there is no such provision in the IT Act. This clearly shows the flexibility granted to the government to monitor, decrypt and collect the private data without establishing ‘public emergency’ and ‘public safety’ under the IT Act. Additionally, the extra-territorial jurisdiction of the IT Act, extending its application outside India, gives more teeth to its provisions.

Indian courts have time and again observed that ‘wherever law ends tyranny begins1’ and have therefore, attempted to fill in the gaps to rule out any kind of arbitrariness in exercise of sovereign power. The Supreme Court in landmark Maneka Gandhi v. Union of India2 case specifically underlined the importance of procedure which deals with the modalities of regulating, restricting or even rejecting a fundamental right under Article 21 of the Constitution, which includes right to privacy. While discussing the lack of procedural safeguards with respect to phone tapping in PUCL v. Union of India3, the Supreme Court laid down the guidelines for regulating phone tapping, which were later in 2007 inserted as Rule 419A of the Telegraph Rules. However, even then the regulatory framework was perceived insufficient for regulating phone tapping and consequently the arbitrariness surrounding the present process of phone tapping was discussed by Delhi High Court and the validity of section 5(2) of the Telegraph Act was challenged in the case of Dharambir Khattar v. Union of India4. While upholding the validity of section 5(2) of the Telegraph Act, the Delhi High Court observed that non-compliance or inadequate compliance with the provisions of the Telegraph Act does not affect admissibility per se, following the Supreme Court decision in R.M. Malkani v. State of aharashtra5. The High Court held that the phone recording shall be admissible even when there was no compliance with the procedure as Section 5(2) of Telegraph Act and Rule 419A of Telegraph Rules does not deal with any rule of evidence.

The Right to Privacy Bill, 2011 (“Privacy Bill”) to an extent seeks to counter the aforementioned issue by providing safeguards against misuse of personal information and unlawful surveillance. Moreover, the Privacy Bill also proposes to have overriding effect over the laws providing for government surveillance which portrays the present intention of the legislature of giving more importance to the individual privacy rights than to surveillance power of state. However, the same is objected by Department of Telecom stating that the Privacy Bill should not have overriding effect over the Telegraph Act as it may pose a risk to national security.

Further, the government’s lack of willingness in making details of CMS public has roused a lot of dissatisfaction from all quarters as nothing more diminishes democracy as secrecy. It is therefore, imperative to lay down clear guidelines for the working of CMS and provide it with enough accountability which justifies the encroachment over privacy. Besides this, it is essential that all surveillance programmes including CMS are regulated under a comprehensive legislation and is implemented only after the Privacy Bill is passed by the Parliament to ensure necessary balance between regulation and invasion.