Indian Law Permits Govt To Spy On Citizen's Devices Says Minister, And Why It's Bad News
The Indian parliament is currently in its winter session, where we¡¯ll hopefully hear more about a Personal Data Protection Bill. It doesn¡¯t look very promising given recent comments, including one essentially encouraging the police to spy on you.
The Indian parliament is currently in its winter session, where we'll hopefully hear more about a Personal Data Protection Bill.
It doesn't look very promising given recent comments however, including one essentially encouraging the police to actively spy on you.
Images courtesy: Reuters
A minister in parliament said on Tuesday that the government is "empowered" to intercept any citizen's communications, and even monitor and decrypt any digital communications "generated, transmitted, received, or stored" on a device in the country. All in the interest of national security or foreign relations of course.
The comment came from Minister of State for Home Affairs G Kishan Reddy, in response to questions regarding whether the government indeed snooped on citizens' WhatsApp and Messenger calls and messages, as well as communications through other VoIP apps. In case you don't remember, that's an incident that came to light last week, that the Indian government may have been using Israeli-developed spyware to snoop on all of us.
Reddy cited Section 69 of the Information Technology Act, 2000, and section 5 of the Telegraph Act, 1885, to back his stand. He said the law empowers both national and state governments to "intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource in the interest of the sovereignty or integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence."
Allow yourself a moment to take that in. Just absorb it for a moment. That is a representative of our elected government saying none of us have any right to our privacy, that they can peek into our private conversations any time they choose, and that the law is in support of every piece of this.
So, what was the Indian government doing with this spyware? Was it hunting for domestic terrorists? Investigating mafia leaders? Perhaps cracking down on crime syndicates in the country? Nope.
As it turns out, based on how WhatsApp notified the affected users, around 20 of the Indians being spied on were activists, journalists, politicians, and privacy advocates. It's almost exactly what happens in Saudi Arabia and China, among other places, and with the same Pegasus malware too. And here's Mr Reddy saying that's all kosher in the name of "India's sovereignty".
Reddy did say that each case of this sort of investigation has to be approved by the Union Home Secretary or Home Secretary (for a state government request). Sadly, all of this puts the state of the impending privacy bill in a scary new light. For one thing, it makes sense then why there's been absolutely no talk of the Bill including a provision to protect a citizen's privacy from abuse by law enforcement and the government. But there's more.
This also calls into question one of the first demands of the Indian government, that user data from local and internationally-headed apps be stored in our country. Ideally, you're probably thinking that's a great idea because it ensures your data isn't being transferred against your will out of the country. But on second thoughts, there's quite a big loophole there isn't there?
Mandating that a company like Facebook for instance stores all Indian customer data locally is the face of the demand. But what could end up happening under the surface is that the Indian government also mandate where and how this data is stored. And perhaps it just ends up flowing through government-controlled nodes. That's what's happening in Russia now, ever since they've routed all Internet traffic through the Kremlin.
So in the guise of protecting your data from everyone else, your country's organisations can take a peek at it whenever they want.
Let me clarify though, all that's happened so far is that the government has decided to take up the privacy bill this session, followed by yesterday's comments by Minister G Kishan Reddy. Everything else beyond that here is pure speculation. The problem is, I wish this was the sort of speculation that could be easily dismissed. There's no evidence whatsoever to back it up yet of course, but then again it's far too likely a possibility to ignore.
Heck, don't listen to me. Listen to experts like those at the Software Law and Freedom Centre (SFLC) in New Delhi. They can easily break down for you all the legal backing India has to spy on its own citizens. This is codified into law already. So is it so hard to imagine that lawmakers would try to sneak more of this into a supposed privacy bill?
Another thing to consider is that there's already a provision in the constitution that guarantees citizens a fundamental right to privacy. That's something the Supreme Court itself stated back in August 2017, when delivering a verdict related to the compulsary Aadhaar card issue. However, later in 2018, the government flew in the face of that once again, when the Home Ministry granted 10 central agencies the right to track, monitor, and intercept data on any computer in the country. In fact, you can even face seven years in prison for stopping someone from one of these authorities harvesting data on your computer.
In fact, some experts say India is only surpassed in its surveillance of its citizens by China and Russia. Yeah, we're one of the city-states George Orwell was envisioning. Stew in that for a second.