New Delhi : SFLC.in released a report titled "India's Surveillance State".
The report delves into communications surveillance in India and takes an in-depth look at various aspects of India's surveillance machinery, including enabling provisions of law, service provider obligations, and known mechanisms. It examines compliance of India's legal provisions on surveillance with the International Principles on the Application of Human Rights to Communications Surveillance that were formulated after a global consultation with civil society groups, industry, and international experts in communications surveillance law, policy, and technology.
Some major points brought out in this report:
- An application under the Right to Information Act filed by SFLC.in revealed a list of 26 companies, including foreign companies, that had expressed interest in placing bids on a tender floated for Internet monitoring systems clearly evincing a large number of firms active in selling surveillance equipment in India. Several of these companies have incidentally been included in the list disclosed as part of the Spy Files project of Wikileaks.
- Another revelation was that on an average more than a lakh (100,000) of telephone interception orders are issued by the Central government alone every year. On adding the surveillance orders issued by the State Governments to this, it becomes clear that India routinely surveills her citizens’ communications on a truly staggering scale.
- State surveillance of citizens’ private communications is authorized by legislative enactments such as the Indian Telegraph Act and the Information Technology Act, which allow Indian law enforcement agencies to closely monitor phone calls, texts, e-mails and general Internet activity on a number of broadly worded grounds. They establish an opaque surveillance regime that is run solely by the Executive arm of the Government, and make no provisions for independent oversight of the surveillance process.
- An unknown number of Lawful Interception and Monitoring (LIM) systems tasked with the collection and analysis of citizens’ communications data and meta-data are already installed into India’s communication networks. On top of these, capability-enhancing technologies and databases such as the Central Monitoring System (CMS), Network Traffic Analysis (NETRA) and National Intelligence Grid (NATGRID) are in varying stages of deployment. The Government of India is also known to outsource surveillance initiatives to private third parties, some of which go so far as to infect target devices using malicious software in order to gain access to information stored within.
- It was revealed by a source that NETRA storage servers will be installed at more than 1000 locations across India, each with a storage capacity of 300 GB totalling to 300 TB of storage initially.
- Section 69 of the Information Technology Act, 2000 imposes an obligation by which Internet Service Providers are to provide all assistance to the government agencies to intercept any communication and a failure to comply with it may result in imprisonment for upto 7 years and fines.
- The Controller of Certifying Authorities uses Section 28 of the IT Act, an ambiguous provision, to collect user data from technology companies. An RTI request revealed that they have made 73 requests under this provision in 2011.
- Indian laws, policies and practices with respect to surveillance are not in conformity with International human rights law as evinced by the report of the UN High Commissioner on Human Rights released on June 30, 2014.
- Considering how all the above takes place in a framework that has yet to accord legislative recognition to the existence of a Right to Privacy, no concerns over undue State surveillance can be termed as unfounded.
A copy of the report can be downloaded here.
The supporting information received under the Right To Information Act can be found here. All the facts quoted in this report corresponds to the UPA government.