Menu

The complexity between National Security and Individual Privacy: Legal challenges over Mass Surveillance

Publications, Research paper

Abstract

In this digital world, it is easy to access any information about anyone. Tracking anyone and anything is easily possible without the awareness to the one who is being tracked. Government as well as private companies can easily watch and get one’s personal data which poses serious privacy threats for individuals. There exists a very thin line which separates national security from the right to privacy which is often very difficult to identify. The paper delves into the legality of mass surveillance and the challenges it faces due to privacy concerns. The surveillance practice with its foundation in the colonial era has significantly evolved particularly with technological innovations. Surveillance is governed by the key legal frameworks like Information Technology Act, 2000 and Telegraph Act, 1885. With developed digital technologies like CCTV cameras and face recognition, surveillance has significantly increased. Aadhaar biometric program is another crucial factor which has led to an increased surveillance along with greater privacy threats for individuals. With the help of case studies and analysis of landmark judgements, the on-going tension between security and privacy has been highlighted. Further the Pegasus Spyware controversy has been discussed to highlight the importance of privacy and protection of private information. The Digital Personal Data Protection (DPDP) Act, 2023 has also been discussed to reflect upon the actions taken to protect the private data of individuals in this digital era. The intent of this paper is to give the readers an in-depth study of the methods the legal system has adopted to overcome the obstacles in mass surveillance alongside the measures to preserve individual privacy.

Keywords

Mass Surveillance, National Security, Individual Privacy, Colonial Era, Digital world

Introduction

We are being tracked at every step. It is quite known to most of the people that advertisers can record every link that one clicks and every place one visits. What must be shocking is that we don’t realise that the government can buy this data too and can even take the data by force if they can’t buy it. The 20th century constitution is being utilised against the 21st century innovations and technologies. With a geofence warrant, companies are forced to hand over our location data not for one person, but everyone, every single user in a geographic area, be it a single room or an entire city. It is, no doubt, technology which makes tracking possible but it is the laws which give it force. Government often justifies Mass Surveillance as an essential instrument to keep a tab on any anti-nationalist activity happening in the country. But what about a person’s Right to Privacy? If a person or his phone is being spied upon it will infringe his right to privacy as his personal information is in somebody’s hand. A person’s personal information can be used to manipulate his actions in the name of national security. It is a rather complicated issue to bring about a balance between the two, that is, individual privacy and national security and this paper explores the legal challenges surrounding Mass Surveillance. The main aim is to offer an extensive study of how legal systems overcome these obstacles while preserving the individual rights.

Research Methodology

This paper is descriptive in nature and it employs a qualitative research method. The research is largely based on secondary sources to critically analyse the challenges around mass surveillance. Secondary sources of information like newspapers, journals, academic articles, legal cases and websites are used to examine the delicate balance between national security and individual liberty.

Review of Literature

The controversy around mass surveillance encompasses the concerns about national security, civil liberty and privacy. The implementation of Aadhaar biometrics is among the most debated topics. Aadhaar has generated discussions about privacy invasion and possible susceptibilities to mass monitoring and data breaches, despite its intended aims of better allocation of welfare schemes and to enhance security. Authorities can monitor internet and telecommunications traffic through the Central Monitoring System (CMS), supposedly to protect against security risks. However, there are concerns about openness and protections againstabuse.

In addition, India has seen repeated internet outages amid political turmoil in areas like Jammu and Kashmir, which raises concerns about how to bring a balance between right to privacy and security needs. With its historic judgement in Puttaswamy v. Union of India, Supreme Court established a precedent for judicial challenges to intrusive surveillance methods by recognizing that right to privacy is a fundamental right. These problems highlight how difficult it is to regulate surveillance in a country with a varied population and a large population, like India, where security concerns and technical improvements must be weighed against human liberties and constitutional rights.

Historical Context of Mass Surveillance in India

It is not surprising that mass surveillance has its roots in the British era. Surveillance methods were created during that time to discourage crimes. It was particularly developed to keep an eye on repeat offenders. Senior officers would closely investigate past offences to locate those who need to be tracked. They recorded the data on sheets called “bad character rolls” which served as crucial instruments for surveillance. After the revolt of 1857, the British policing system became more strict. Surveillance became a necessary tool to have control over the public with the scarce police resources. Today’s mass surveillance has been largely shaped by the Colonial era who used surveillance to prevent crimes as well as to prevent anti-British activities.

Independent India continued to develop its surveillance system to cater its needs with the British surveillance system as a foundation. Further the rise of digital innovations has drastically boosted the extent of surveillance creating a widespread use of tracking.

Laws governing Surveillance in India

  1. Telegraph Act, 1885

“This act is one of the principal laws allowing surveillance of electronic communication in modern India”. It basically deals with surveillance when it comes to interception of calls.

Section 5 of the act granted the Governor General or Local Government wide powers over telegraph communications. It empowered them to temporarily confiscate any telegraph that has a permit. This implies that the government had full authority over telegraphs. They were even empowered to hinder or monitor any telegraphic communications. This comprised haltering, interrupting or reading any exchange of messages. Further they had the authority to stop the message to be received by the receiver and even to publicise them if considered necessary.

Section 5(2) imposed certain limitations and restrictions on this authority. It basically says that these powers “could be exercised during a public emergency or if it was in the interest of public safety.” It was upon the Secretary to the Government to decide if the situation qualified. It says it is legitimate for the government to intercept calls if it comes on 1) the sovereignty and integrity of India, 2) the security of the state, 3) friendly relations with foreign states or public order and 4) for preventing incitement to the commission of an offence. It also provided that these powers can’t be exercised against journalists.

The act has significantly infringed the privacy rights of individuals as it gave the government the access to private and confidential information of individuals that too without any judicial order or review. The words public emergency and public interest are vague and are prone to be misused by the government which can infringe individual privacy.

  1. Information Technology Act, 2000

This is the second act under which legitimate surveillance can take place. It includes surveillance of all electronic communication. “Section 69 and 69B of the Act empowered the government to intercept, monitor, and decrypt digital information for the investigation of an offence”. The Information Technology (Procedure for Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 was enacted to further the legal framework for electronic surveillance.

This Act takes into account not only telephonic surveillance but any digital surveillance. All electronic transmission of data can be intercepted through this act. The act in itself is a big threat to the right to privacy.

Surveillance Technology

The massive adoption of CCTV cameras, facial recognition technologies and Aadhaar biometric system led to a substantial growth in surveillance. Though these technologies are aimed at enhancing security, they pose considerable privacy infringement concerns.

  1. CCTV Cameras

With the advancement in technology, a large number of CCTV cameras have been installed particularly in cities. “According to Comparitech report (2020), Hyderabad was one of the top most surveilled 20 cities globally, one of the only two non-Chinese cities in the list, with 29.99 CCTV cameras per 1000 people at that time”. “The number of CCTV cameras has only risen since then, with the most recent data available as of June 2023 putting Hyderabad (83.32 cameras/1000 people), Indore (60 cameras/1000 people), and Delhi (19.96 cameras/1000 people) among the world’s most surveilled cities”. CCTV camera is a mass surveillance technology which contribute to public safety and public order but it poses inherent privacy concerns.

  1. Facial Recognition

“Police forces in India have been using Facial Recognition software to identify history-sheeters, miscreants, solve missing person cases, with the Delhi police even using it to identify protestors during the 2019 anti-CAA protests and even in the farmer protests”.,  “Police forces like the Telangana police run facial recognition systems along with their extensive CCTV surveillance network to feed live data into facial recognition algorithms”. “In 2017, the Chennai Police installed a facial recognition system running on real time CCTV footage from areas of T Nagar, a popular shopping street in the city, to detect any criminals stored in their database, similar systems have been deployed by the Punjab Police as Punjab Artificial Intelligence System (PAIS), and by the Surat Police using NEC’s NeoFace technology”.

  1. Aadhaar Biometric

Aadhaar is a 12 digit identification record or document which can be acquired by any inhabitant of India. It was introduced in 2009 by the Government of India  with an objective of improved and better well-being of the citizens of the country. The process by which one can get Aadhaar mandates the submission of biometric data in form of fingerprints, and an iris scan. Surveillance and privacy related concerns have been raised from the beginning itself as an individual’s data is collected and stored in a centralised database. Aadhaar represents a population of over 1.1 billion people as the world’s largest such database which becomes an issue for people as their personal information is not anymore personal. Aadhaar has increasingly become a prerequisite overtime to access basic state services, an essential document for KYC verification to even purchase a mobile SIM card, get loans, open a bank account, admissions in school and college and scholarships, and has even been linked with other identification documents like the Voter ID and PAN card. Privacy advocates have pointed out that this level of Aadhaar integration allows the state to track all aspects of an individual’s everyday life as there is no lawful limitation on the amount of data the government can access from this database, creating the necessary infrastructure for mass surveillance., The Aadhaar Act, 2016 tried to make Aadhaar mandatory for many public services including all welfare benefits and even allowed private companies to collect Aadhaar data, however the Supreme Court struck down these provisions of the act while upholding the validity of the act itself. However despite this verdict many organisations have continued claiming Aadhaar as a mandatory requirement.

Centre’s Surveillance Projects

  1. Centralised Monitoring System: CMS is a particular department under which lawful surveillance can be taken place by the sanction of the government.
  2. Network Traffic Analysis: It is also known as NETRA. It looks for suspicious words that repeat itself. It is also open to interpretation through messages.
  3. National Intelligence Grid: It was conceived in 2009 and is also known as NATGRID. It served as a digital database for various intelligence agencies to have a look into the details of immigration, entrance or exit, and the suspicious banking and telephonic details.

Right to Privacy

It is also known as the right to be let alone. This right is not an explicitly recognized fundamental right by the Constitution. The landmark judgement K.S. Puttaswamy v. UoI (2017) established the right to privacy as an intrinsic part of Article 21, right to life and liberty. This judgement posed a significant legal challenge to Mass Surveillance as it underscored the importance of constitutional safeguard for individual privacy.

Case Studies

  • Public Union for Civil Liberties v. UoI (1996): In this case the Supreme Court pointed out lack of procedural safeguards in the provision of the Telegraph Act. It stated that tapping is a serious invasion of an individual’s privacy. It formed the basis of introducing Rule 419A in the Telegraph Rules in 2007 and later in the rules prescribed under the IT Act. Rule 419A of the Telegraph Act: It has been stated that the Secretary to the Ministry of Home Affairs will be the one to authorise tapping of phones under Telegraph Act. Similarly, the Secretary to the Home Department of the State will be responsible for the respective state if the law needs to be invoked.
  • K.S. Puttaswamy v. UoI (2017): Along with establishing right to privacy a fundamental right under Article 21, this judgement imposed constraints on the Aadhaar Act. The restrictions included prohibition on the compulsory requirement for services except subsidies and welfare schemes. The court stated that the collection and usage of the biometric data must be subject to strict privacy protections.
  • Pegasus Spyware Project: It revealed that approximately 300 Indians were being spied with the help of spyware Pegasus. The spyware company by the name of Pegasus is an Israeli based company which was developed in 2016 and in the year 2021 it was all over the news. This spyware means that if you get a Whatsapp call from an unknown number and even if you do not pick up the call the spyware Pegasus will be able to download itself in your system and it will spy on you with the help of turning on the microphones and the cameras. Many companies had employed this spyware in order to keep a tab on the information of many individuals. The opposition alleged that the government was the one involved in this surveillance process. Significant privacy protection concerns were raised against the government’s surveillance practices and in response the Supreme Court constituted a committee to look into the matter. The court stressed upon the better transparency and government accountability in the surveillance practices.

Digital Personal Data Protection Act, 2023

This act is a step to fill the gap in laws which are affecting individual privacy. It governs the collection, usage and storage of personal data in India. The main aim of the act is to preserve the private data of an individual while authorising the legitimate use of it. It provides for the ideas of consent, minimised data collection, data accuracy and purpose limitation but it also grants wide exceptions for the government. National security is one of the exceptions and is surrounded by debates of misuse.

Suggestions 

The debate over mass surveillance versus individual privacy is an intricate and multifaceted issue that requires a nuanced approach. While national security is undoubtedly a paramount concern, it cannot come at the expense of constitutional rights and civil liberties. A balanced and judicious approach is needed to address this complex challenge.

One of the primary suggestions is to strengthen the legal framework governing surveillance activities. The existing laws, such as Information Technology Act of 2000 and Telegraph Act of 1885, are outdated and inadequate to address the challenges posed by modern technologies. A comprehensive and robust legislation that clearly defines the limits, procedures, and oversight mechanisms for surveillance is imperative. This legislation should incorporate stringent safeguards against misuse, ensure transparency, and provide effective remedies in case of violations. Another crucial aspect is the establishment of an independent and impartial oversight body. This body should be empowered to scrutinise surveillance requests, monitor compliance with legal procedures, and investigate any alleged abuses. It should comprise members from various backgrounds, including legal experts, privacy advocates, and representatives from civil society organisations, to ensure a balanced and unbiased approach.

Furthermore, the government should adopt a policy of data minimization, ensuring that private information collected through surveillance is restricted to something which is strictly mandatory and relevant for the stated purpose. Robust data protection steps, including but nor limited to encryption and secure storage, should be enforced to prevent unauthorised access, misuse, or data breaches. Public awareness and education campaigns are also essential to ensure that individuals understand their rights and the implications of surveillance practices. Citizens should be informed about the legal provisions, their rights to privacy, and the available channels for seeking redress in case of violations. Additionally, the government should foster a culture of transparency and accountability. Regular reporting and public disclosures regarding the extent, scope, and justification for surveillance activities should be mandated. This will not only enhance public trust but also serve as a deterrent against potential abuses. Lastly, international cooperation and adherence to global standards and best practices in the realm of privacy and surveillance are crucial. India should actively engage with other nations and international organisations to learn from their experiences and align its policies with universally accepted norms and principles.

Conclusion

In conclusion, the challenge of balancing national security and individual privacy is a complicated and ever-evolving affair. It requires a multi-pronged process that includes legislative reform, robust oversight mechanisms, data protection measures, public awareness, transparency, and international cooperation. By addressing these aspects, India can safeguard its security interests while upholding the fundamental rights and liberties enshrined in its Constitution. Striking this delicate balance is not only a legal imperative but also a moral obligation in a democratic society.

Anchal Pansari

O.P. Jindal Global University