The Union Home Secretary, last week, promulgated an order authorising 10 Central agencies to monitor, intercept and decrypt information which is transmitted, generated, stored in or received by any computer. Under the order, an individual who fails to assist these government agencies with technical assistance or extend all facilities can face up to seven years of imprisonment or be liable to be fined. The notification was reportedly issued in pursuance of powers stipulated in Section 69 of the Information Technology Act, 2000, which enables government agencies to intercept personal information of citizens under certain conditions. The Ministry, in response to flak from the Opposition, has issued a clarification that the authorisation is in conformity with the process stipulated in the IT Rules, 2009.
What is missed out The clarification assumes the legitimacy of Section 69 of the IT Act, the basis on which the IT Rules were framed. The IT Rules in turn form the source of power behind the Ministry of Home Affairs (MHA) notification. On the basis of this assumption, the clarification justifies the notification without examining the validity of its source. All that the MHA clarifies is that since the notification conforms with the IT Rules, there is no reason for eyebrows to be raised. This, argument, however, is fallacious since it fails to take a step back and peruse Section 69 of the IT Act, which after K.S. Puttaswamy v. Union of India — ‘the right to privacy case’, in 2017 — seems to fail the litmus test of constitutionality. Let us explain how. Why is Section 69 unconstitutional after K.S. Puttaswamy ? The nine-judge bench in K.S. Puttaswamy declared that there is a fundamental right to privacy flowing from inter alia Articles 19 and 21 of the Constitution.
In order for a restriction such as Section 69 allowing for interception of personal data on a computer to be constitutionally valid, it would not only have to pursue a legitimate state aim (say, for instance, national security) but also be proportionate, so that there is a rational nexus between the means adopted (i.e., authorisation of interception) and the aim. Section 69 of the IT Act is so broadly worded that it could enable mass surveillance to achieve relatively far less serious aims such as preventing the incitement of the commission of a cognisable offence.
Such surveillance could be justified to achieve relatively far less serious objectives such as a Facebook post expressing dissent against government policy which, in the state’s opinion, is offensive. The state, through the powers under Section 69, can therefore justify authorising surveillance, purporting this to be a grave concern. The language of Section 69, therefore, speaks abundantly of doublespeak, allowing for disproportionate state action, antithetical to the right to privacy. Implications for free speech Under Section 69, the government can intercept personal information under any of the following conditions: when it is necessary in the interest of Indian sovereignty or integrity; security of the state; friendly relations with foreign states; public order; and for preventing incitement to the commission of any cognisable offence related to these.
While the first four feature in Article 19(2) of the Constitution, the last, namely preventing incitement to commission of cognisable offences, is not an enumerated restriction. A restriction in the form of authorised surveillance would not be justified unless it is in order to maintain public order, a reasonable restriction under Article 19(2). The Supreme Court has repeatedly accepted a hierarchisation between “public order” and law and order; it explains this through concentric circles where law and order represents the larger circle within which the next circle, public order, lies, which in turn contains the smallest circle representing the security of the state — the most grave concern. While public order is characterised by public peace and tranquillity, law and order requires preventing the incitement of an offence.