Intelligence Gathering Is Not Above Right To Privacy In India

Right to privacy in India is a constitutional right. Efforts are in the process to make it a statutory right as well. A dedicated statutory right to privacy in India is in pipeline in the form of right to privacy bill of India 2011. The proposed Bill must protect human rights in cyberspace to be valid and constitutional and it must respect the privacy rights of Indians in the information age. The proposed draft right to privacy bill 2011 of India may confer some form of privacy rights to Indians. However, its true scope is yet to be made public.

Privacy laws in India and privacy rights in India have always been ignored. We have no national privacy policy in India as well. Data protection laws in India are missing and so are data privacy laws in India. Privacy, data protection and India seems to be separable and unrelated concepts.

Indian government launched projects like Aadhar, National Intelligence Grid (Natgrid), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc. None of them are governed by any Legal Framework and none of them are under parliamentary scrutiny.

Further, there are some very crucial issues that are posing constitutional problems for the intelligence and security agencies of India. For instance, intelligence gathering in India is unconstitutional. Similarly, counter terrorism capabilities of India are not sufficient and Indian counter terrorism capabilities needs rejuvenation. Finally, parliamentary oversight and constitutional safeguards are missing in the functions of these agencies.

India does not have a constitutionally sound lawful interception law. Phone tapping in India is still done in an unconstitutional manner and at times by private individuals as well. Further surveillance of Internet traffic in India is now openly acknowledged by Indian government.

The intelligence infrastructure of India has become synonymous for non accountability and mess. There is neither any parliamentary oversight nor and transparency and accountability of the working of intelligence agencies of India. Intelligence infrastructure of India needs rejuvenation keeping in mind the constitutional obligations.

The draft Intelligence Services (Powers and Regulation) Bill, 2011 has failed to take the shape of a law in India and it has been announced that law on intelligence agencies would be formulated soon. Even the Draft Central Bureau of Investigation Act, 2010 has failed to become an applicable law.

E-surveillance in India, websites blocking in India, Internet censorship in India, etc are also not done a strictly constitutional manner. Till now Indian courts have not tested the acts of intelligence agencies. Recently Indian research and analysis wing (RAW) was granted e-surveillance powers without any legal framework. Now the home ministry of India is demanding that intelligence and law enforcement agencies must be kept out of the purview of the proposed Privacy law, and should be allowed to continue monitoring the activities and carry out electronic surveillance of citizens.

Home ministry is suggesting that the way intelligence and investigation agencies are exempted under schedule 2 of the Right to Information (RTI) Act, they should be kept out of the proposed privacy Bill in view of national security.

Under schedule 2 of the RTI Act, citizens are restricted from seeking information from agencies such as the Intelligence Bureau (IB), the Research and Analysis Wing, the Central Bureau of Investigation, the National Investigation Agency, the National Intelligence Grid and the National Technical Research Organisation.

Home ministry do not wants the privacy Bill to interfere with intelligence gathering activities even if means accommodating more safeguards in line with the sprit of the privacy Bill.

This seems to be an unreasonable demand as we must now stress upon great parliamentary scrutiny of intelligence agencies and law enforcement agencies. On the contrary we are diluting the constitutional freedoms and procedural safeguards. It is high time for parliament of India to interfere and enact constitutionally sound laws in this regard.

Constitutional Phone Tapping Law In India Is Needed

Phone tapping in India is regulated by outdated and ancient law known as Indian Telegraph Act 1885 and corresponding rules there under. As per section 5 of the telegraph act, the central government or state government is empowered to order interception of messages. Rule 419 and 419A sets out the procedure of interception and monitoring of telephone messages.

As per Rule 428 of the India telegraphic rules, no person without the sanction of the telegraph authority, use any telephone or cause or suffer it to be used, purposes other than the establishment of local or trunk calls.

However, in practice whatever little safeguards provided by the act are seldom followed. Phone tapping by private individuals in India is rampant and even governmental phone tapping is unaccountable. We have no constitutionally sound lawful interception law in India. Even the Home Ministry of India is considering enactment of a lawful Interception Law in India.

It is suffice to say that this unconstitutional phone tapping in India and illegal e-surveillance in India is a “constitutional failure of India”. India urgently needs a valid phone tapping law. The central monitoring system project of India (CMS Project of India) is also not supported by any legal framework.

This is the real problem for the CMS Project of India. We have no dedicated privacy laws in India, data security laws in India and data protection laws in India. Further, the CMS Project of India is also beyond the “parliamentary scrutiny”.

Further, we have no e-surveillance policy in India. Even phone tapping in India is done in an “unconstitutional manner” and even by private individuals with or without governmental approval.

Recently even the Supreme Court of India took a serious note of the growing and blatant incidences of privacy violation in India by Indian government and private individuals/companies supported by it. Supreme Court went upto the extent of saying that no person living in India is safe from privacy violations and omnipresent forgeries prevalent in India.

The present practice of Indian government regarding phone tapping, e-surveillance and e-interceptions is far from being legal and constitutional. India urgently needs a constitutionally sound lawful interception law. Let us hope the Supreme Court would bring some order in the otherwise chaosed banana republic of India.

Privacy Rights And Laws In India

Privacy laws in India are virtually missing and Indian government seems to be in no rush to have suitable privacy and data protection laws in India. Even the national privacy policy of India is missing. However, recent developments pertaining to cyberspace and ICT, has forced Indian government to think about privacy issues in India.

Indian government has been launching projects without proper procedural safeguards and parliamentary scrutiny. These projects and authorities are openly violating the human rights in cyberspace but Indian government is not deterred by this issues.

It is only after the United Nations has declared that access to Internet is a human right that Indian government is thinking about civil liberty issues in cyberspace. In order to confer legitimacy to projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc, they must be supported by a techno legal framework. Presently, none of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.

While lack of privacy law has already stalled Natgrid yet other projects like unique identification project of India or Aadhar project of India are simply unconstitutional by their very existence and being violative of privacy rights as conferred under Indian constitution.

For some strange reasons, Indian government has been ignoring enactment of good techno legal privacy laws in India. Various governmental ministries have started the exercise of enacting the privacy law for India time to time but ultimately none of them materialised. These exercises proved to be futile and till now we are still waiting for the enactment of sufficient and strong privacy laws in India.

National Privacy Policy Of India

Right to privacy bill of India 2011 has been suggested for many times in the year 2011. However, till now we do not have any conclusive draft in this regard that can be introduced in that parliament of India. In fact, we are still waiting for a final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the parliament.

Privacy rights in India in the information age are too important to be ignored. Surprisingly, Indian government is deliberately keeping privacy protection at distance even if the constitution of India protects privacy rights of Indian citizens/persons.

For instance, India has launched Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.

Lack of privacy law has already stalled Natgrid whereas other projects like unique identification project of India or Aadhar project of India are simply unconstitutional by their very existence and being violative of privacy rights as conferred under Indian constitution.

Right to privacy bill of India 2011, along with a dedicated data protection law in India is needed. We already have an anti consumer telemarketing policy of India that openly allows violation of consumers privacy and peace.

In short, the unwritten, but widely followed, national privacy policy of India is not only negative in nature but is also violative of various provisions of Indian constitution. Time has come to enact a good techno legal national privacy policy of India.

Regulatory Framework For Cloud Computing In India

The proposal to use of cloud computing in India has raised many regulatory and security concerns. Without meeting these regulatory and security concerns, software as a service (SaaS) and cloud computing should not be used in India. In fact, cloud computing in India must be techno legal in nature and till it meets the techno legal requirements, it should not be used in India.

Before using cloud computing in India we must ask few questions to ourselves. These include what are the regulatory frameworks required for successful cloud computing, how the security concerns need to be addressed, what are the legal frameworks for multi jurisdictional cooperation, and what are the quality of service (QoS) parameters for effective cloud service.

Besides regulatory framework for cloud computing in India we must also ensure high availability levels, appropriate data erasing mechanisms, data privacy at the service provider’s level, export restrictions upon data, data handling monitoring mechanisms, jurisdictional issues, cloud computing security issues, licensing issues for cloud computing, etc.

Till now we have no cloud computing policy of India. There is no cyber security in India and even cyber security policy of India is missing. There is no privacy law in India. There is no data protection law in India. And there is no data security law in and cyber security law in India. In short, there is no legal framework for cloud computing in India at all.

Fortunately, stakeholders have openly supported the need of regulatory framework for cloud computing in India. With an increasing pressure the Indian government may consider formulating a legal framework for cloud computing in India. The sooner it is done the better it would for all the stakeholders concerned.

Legal Framework For E-Governance In India

Electronic governance in India (e-governance in India) is still at its infancy stage. Most of the e-governance projects of India under the national e-governance plan (NEGP) are still in the pipeline despite the deadline being passed long before. This is despite the fact that thousand of crores of public money has already been utilised for e-governance projects of India but without any constructive and practical results.

Meanwhile, the World Bank has once again issued $ 150 million loan to India. It has been issued under the category of e-delivery of public services development policy loan of India. The purpose of the loan is to ensure e-services delivery policy in India that is presently missing.

However, what is more alarming is the fact that in India we have no legal framework for e-governance that can ensure mandatory e-governance services in India. Although the information technology act 2000 carries provisions pertaining to e-governance services in India yet they are “non mandatory” in nature. This has resulted in a poor e-governance services delivery in India. Till now we have no legal framework that mandates that citizens and organisations can claim e-governance as a matter of right.

Further, the scope of NEGP is very wide covering almost all aspects of governance - right from delivery of services and provision of information to business process re-engineering within the different levels of government and its institutions. It is essential that NGP is implemented, monitored and regulated through a legal framework so that it is no more just a plan but reality.

In fact, while implementing the NEGP, various structural and institutional issues have already arisen which clearly call for a statutory mandate for their resolution. The purpose would be to give statutory mandate to the institutional entities, setting up of a separate fund, defining responsibilities and providing for time frames and oversight mechanisms. Thus, this legislation may, inter alia, contain provisions regarding the following:

(a) Definition of e-governance in the Indian context, its objectives and role,

(b) Coordination and oversight mechanisms, support structures at various levels, their functions and responsibilities,

(c) Role, functions and responsibilities of government organisations at various levels,

(d) Mechanism for financial arrangements including public-private partnership,

(e) Specifying the requirements of a strategic control framework for e-government projects dealing with statutory and sovereign functions of the government,

(f) Responsibility for selection and adoption of standards and inter-operability framework,

(g) Framework for cyber security, privacy protection, data security and data protection etc,

(h) Parliamentary oversight mechanism, and

(i) Mechanism for co-ordination between government organisations at Union and State levels.

Legal Framework For Cloud Computing In India

Cloud computing is a commercial project that most of the IT vendors of the world would love to launch in India. This is so because India has a large market for cloud computing business. However, the crucial question is whether India is ready for cloud computing? In short, we have to check whether cloud computing is viable for India especially when techno legal experts of India have answered in negative.

There are many hurdles for the successful implementation of cloud computing framework in India. The biggest among them is absence of legal framework for cloud computing in India. Further, allied legal frameworks are also missing that makes use of cloud computing in India non feasible and prone to numerous legal challenges.

For instance we have no dedicated privacy laws in India, data security laws in India and data protection laws in India. Further, India is fast becoming an endemic e-surveillance society in the absence of proper laws and constitutional procedural safeguards.

For instance, the central monitoring system project of India (CMS project of India) would have absolute control over telecommunications and Internet communications that also without any legal framework and parliamentary oversight. Further, companies like Research in Motion (RIM) have openly declared their support for e-surveillance activities of Indian intelligence agencies by extending cloud computing based e-surveillance model for its Blackberry messenger services.

Further, India is also the only country of the world where phone tapping and e-surveillance is done without a court warrant and beyond the judicial scrutiny. The executive branch of Indian constitution is neither accountable to the parliament of India nor to the judiciary in this regard.

All a police officer or governmental officer has to do is to approach the concerned cloud computing service provider, and it would hand over all your sensitive data and information to him without your knowledge. Further, even if the data is not physically handed over, access to the same can be given to such officer without anybody knowing of such access.

Privacy violations would definitely arise in cases of use of cloud computing in India. The only fact is that you may not be aware that your privacy rights have been violated and your sensitive and personal data is no more a secret.

Indian government must not use software as a service (SAAS) or cloud computing for governmental and public services delivery till suitable procedural safeguards against violation of civil liberties in general and privacy rights in particular are at place. Even industrial players like Infosys and CII have endorsed this viewpoint. Time has come to enact a constitutionally sound legal framework for cloud computing in India.

Central Monitoring System Project Of India

Central Monitoring System Project of India (CMS Project of India) is a very crucial project to safeguard Information and Communication Technology (ICT) related security and e-surveillance issues in India. It is mooted by the Central Ministry of Communication and Information Technology (MCIT).

The aim of CMS Project of India is to have a “Centralised Mechanism” where Telecommunications and Internet Communications can be analysed by the MCIT, Indian Government and its Agencies. Some have called this mechanism as the Internet Kill Switch of India where Internet Communications all over India can be suspended through this mechanism.

Recently, the United Nations declared “Right to Access” to Internet as Human Right. This would have a positive impact upon many Human Rights in Cyberspace. For instance, Right to Speech and Expression, Right to Privacy, Right to Know, etc cannot be violated by the CMS Project of India. United Nations must expand Human Rights Protection to many more issues.

This is the real problem for the CMS Project of India. We have no dedicated Privacy Laws in India, Data Security Laws in India and Data Protection Laws in India. Further, the CMS Project of India is also beyond the “Parliamentary Scrutiny”. The Cyber Law of India, incorporated in the Information Technology Act 2000 (IT Act 2000), was drastically amended through the Information Technology Amendment Act 2008 (IT Act 2008).

The IT Act 2008 incorporated various “Unconstitutional Provisions” in the Cyber Law of India that clearly violates the Human Rights in Cyberspace. For instance, provisions regarding Internet Censorship, Website Blocking, Encryption and Decryption, etc have no inbuilt “Procedural Safeguards” as mandated by the Constitution of India. This is the reason why the Cyber Law of India needs to be repealed.

Further, we have no E-Surveillance Policy in India. Even Phone Tapping in India is done in an “Unconstitutional Manner” and even by private individuals with or without Governmental approval.

If CMS Project of India has to be “Legal and Constitutional” it must be subject to “Parliamentary Oversight”. Further, the IT Act 2000 must be repealed as soon as possible as it is clearly not in conformity with the Constitution of India and Civil Liberties Protection in Cyberspace.

Of course, if India Government persists in this “Unconstitutional Approach”, taking recourse of “Self Defence Measures” is not a bad option. Rather that remains the “Sole Option” when our Parliament, Executive and Judiciary fail to protect Fundamental Rights enshrined in the Constitution of India and the Human Rights Charter of United Nations.

Cell Site Location Based E-Surveillance In India

While it came as a respite for the encryption service providers in India when they received the news that their services may not be banned in India yet local telecom service providers in India may not be that lucky. The new telecom equipment policy of India mandates the telecom service providers of India have to ensure location based services accuracy (LBSA) upto 50 meters.

The constitutionality and feasibility of this directive is yet to be analysed. For instance we have no cell site data location laws in India. In fact, we have no privacy laws, data protection laws, data security laws, anti telemarketing laws, anti spam laws, etc. On the contrary, the cyber law of India, incorporated in the information technology act 2000 (IT Act 2000), facilitates e-surveillance, Internet censorship, etc that also without any sort of procedural safeguards. Thus, neither a constitutional nor a statutory legal framework is at place to justify this action on the part of Indian government.

Even if we do a cost analysis this directive may require a heavy investment that telecom operators of India may not be wiling to invest. Telecom industry of India is seriously concerned with the burden shifting practice of Indian government. They believe that governmental security requirements must be managed by government funds alone and should not be passed upon industry players. The new equipment security agreement of India is not addressing either the legal or cost issues.

Technical problems have also been cited as a reason for non feasibility of the terms of Indian equipment security agreement. Based on, the technical standards for accuracy levels as defined by the Indian government, the scale of implementation, the execution of the project and the complexities involved, there is no solution at present that meets the agreement’s mandate. The costs to implement such a system have been estimated at approximately $5 billion.

The Indian equipment security agreement is also weak on the front of privacy protection and data protection. There are no clear policy guidelines in this regard. This is because the new equipment security agreement of India requires telecom operators to maintain location information up to accuracy of 50 meters for customers specified by security agencies of India commencing 1st June 2012, and on all customers, irrespective of whether they are the subject of legal intercept or not from June 2014.

Of course, LBS have many benefits for mobile consumers as well but these befits are far lesser as compared to privacy losses, telemarketing vices, spam communications and information misuses. We need a good and effective national telecom policy of India 2011 that can incorporate all these issue.

Cell Site Data Location Laws In India And Privacy Issues

Cell Site Data Location is not a very positive term. It has been in controversies for breaching Privacy Rights of the person whose Cell Site Data was acquired. Cell Site Data tells about the “Location” of a person who is carrying a cell phone, without his consent. This raises many “Privacy Issues” and “Legal issues” as it amounts to E-Surveillance and “Search without a Warrant”.

In the Indian context we have no Cell Site Data Laws. In fact, we have no Privacy Laws, Data Protection Laws, Data Security Laws, Anti Telemarketing Laws, Anti Spam Laws, etc. On the contrary, the Cyber Law of India, incorporated in the Information Technology Act 2000 (IT Act 2000), facilitates E-Surveillance, Internet Censorship, etc “Without any Procedural Safeguards”.

The Constitution of India provides that no Search or Warrant should be conducted without a “Procedure Established by Law”. The Supreme Court of India has given the expression Procedure Established by Law a wider meaning and this has made it a “Due Process of Law”. Now the Indian Government or its Agencies and Instrumentalities cannot “Infringe” upon any Fundamental Right of an Indian Citizen of Person without Due Process of Law.

The Due Process mandates that the Law in question must not be any Law made as a Façade or Formality but must be “Just, Reasonable and Fair”. If we analyse the IT Act 2000, especially after the Information Technology Amendment Act 2008 (IT Act 2008), its “Fails to Satisfy’ the Due Process Clause of Indian Constitution. In short, the Cyber Law of India carries many “Unconstitutional Provisions” and either the Law itself must be Repealed or those Unconstitutional Provisions must be Struck Down by Supreme Court of India.

India needs to formulate separate and dedicated laws for Cyber Law, Cyber Security, Cyber Forensics, Privacy Protection, Data Protection, Data Security, etc. Presently India has no such Laws as even the Cyber Law of India is not good, effective, strong and most importantly “Constitutional”.

As a matter of fact, with the active use of Technology by Indian Government and its Agencies and Instrumentalities, Constitutional Provisions are “Most Frequently Violated” in India. I hope the Supreme Court of India would take note of this “Downsizing” of Indian Constitution that has become a “Regular Feature” these days.

Encryption Service Providers Would Not Be Banned In India

Encryption related issues have always posed problem for our intelligence agencies and law enforcement agencies. Unable to deal with the encrypted services, the intelligence and law enforcement agencies of India tried to adopt the next possible approach. They decided to take the easier route of eavesdropping and e-surveillance instead of developing the cyber skills.

Naturally, the threats to ban encryption service providers like research in motion’s (RIM) Blackberry, Gmail, Skye, etc was the measure of last resort for our central home ministry. However, home ministry of India did not realise the effect of this decision and now this decision seems to be haste one.

A government panel set up to examine security threats regarding 15 forms of communications that cannot be tracked by law enforcement agencies here, has recommended that no service be banned purely on the grounds that it cannot be monitored.

It has recommended that in the short term, India should force operators who offer such services to either locate servers in the country or share encryption keys with security agencies and assist security agencies here in monitoring these services.

As a long-term solution, the committee has recommended that the upcoming Central Monitoring System (CMS) be made capable of intercepting any form of communication service offered within the country.

It has also endorsed the telecom ministry's stance that the ultimate solution should involve intelligence agencies building up capabilities indigenously to monitor and intercept these technologies. The panel has also added that security agencies must avail the help of companies to build such capabilities.

The committee has said that security agencies must first check whether monitoring solutions are available in other counties before threatening to ban any specific communication service.

Before banning or blocking of encrypted communication impact on business and industry, e-commerce, e-governance, e-medicine, e-health, passport services etc should be taken into consideration. Further, banning or blocking services without providing an alternative may have international reactions and could affect other Indian industries such as BPO and IT outsourcing.

The government panel, with members from different ministries, including telecoms and IT, has also recommended that India raise its encryption levels from the present 40 bits to 256 bits, which is the standard in Europe and the US. Most western countries do not allow financial transactions on the internet through computers and mobile handsets, if the encryption level is less than 128 bits. India on the other hand does not legally allow encryptions beyond the 40-bit on the grounds that its security agencies lacked the technological capabilities to monitor data transfers on the internet when the coding is beyond this limit.

However, the Home Ministry and Intelligence Bureau (IB) whose members were part of the panel, have not signed these recommendations and have given their dissent note. The IB has said the recommendations by the panel shift the onus on encryption and decryption from mobile phone companies to the 'designated agency' (CMS) authorised by the home ministry, when 'current experience was that government agencies were unable to track such services'. It has also pointed out that it may be impossible to persuade foreign players to locate servers in India or share encryption keys with security agencies here as recommended by the panel.

India needs to upgrade its intelligence infrastructure that is in real mess. Intelligence agencies need to develop intelligence gathering and analysis skills so that situations like the present one can be taken care of.

Finally, there are no legal frameworks for intelligence agencies, law enforcement agencies, data protection, privacy protection and data security. These legal frameworks must be at place so that legal and constitutional intelligence gathering can be taken place. India has to cover a long gap before all these requirements and capabilities are developed.

Fake UID Card Make Aadhar Project More Vulnerable

Unique identification project of India Aadhar project of India is a very controversial project. It has been portrayed as one thing and is actually a totally different thing. The truth is that Aadhar project is a project that deserves immediate repeal.

Aadhar project is devoid of any physical and cyber security. Aadhar project is not supported by any legal framework. Aadhar project is also not supported by any data security and data protection laws. Even the privacy laws in India are missing. Aadhar project is also launched without adequate project study, planning and management. The sole purpose of Aadhar project is to strengthen the e-surveillance capabilities of Indian government and its agencies.

Recently, biometric data of about 200 registrants stored on laptop(s) were stolen. Now it has been reported that the Madhya Pradesh Police have seized from a SIMI activist an Aadhaar card with a 12-digit unique identity number bearing someone else’s name.

During a search at Zakir’s rented place in Ratlam, the police recovered an Aadhaar card, a driving licence and fake marksheets. The UID card made in Nanded town of Maharashtra had Zakir’s photograph but bore a different name, Sadique Khan. Apparently, Zakir had married a local woman under a false name and showed her home as his residential address.

This shows how simple it is to get a fake Aadhar number through various sorts of manipulations. However, this would be acceptable to Indian government as it is not interested in the “identity” of the concerned person but in his “biometric details” that can help in the e-surveillance activities.

Irrespective of what name or identity a person holds, his biometric details would always remain the same and Indian government is targeting this aspect.

CCS Did Not Approve Natgrid Project Absolutely

National Intelligence Grid (NATGRID) Project of India is still in troubled waters as lack of Privacy Laws and Data Protection Laws has put it in doldrums. Media reports are full of rumours that the Cabinet Committee on Security (CCS) has cleared the NATGRID Project. However, this is not true as CCS has just granted the “in principle approval” to NATGRID Project and nothing more.

In the past as well in principle approval was given to NATGRID Project but it was not able to proceed as it lacks the basic Planning, Management and Legal Framework. Even today and after the in principle approval of CCS, NATGRID Project is still without any Legal Framework and Parliamentary Oversight.

Further, the CCS has granted its approval to NATGRID Project for “Limited Purposes” only. CCS has allowed NATGRID to operate for “Limited Phases” only that also where the same can operate within the limits of present Legal Framework. For subsequent stages, NATGRID has “not been approved” till “Suitable Amendments” are made in the Laws of India.

Experts in India have been saying that NATGRID Project of India must comply with Civil Liberties in order to be Legal and Constitutional. Fortunately, the CCS has also “Endorsed” this view and this is the reason why it did not give permission for subsequent and “Final Phases” of NATGRID Project. The CCS has just cleared first two “non-controversial phases” and it is still holding back nod for later phases that require Legal Alterations

The real problem with India is that it is not respecting Human Rights in Cyberspace. We have no E-Surveillance Policy in India and Lawful Interception Law in India is missing. Phone Tapping in India is not done in a Constitutional manner and Laws like Information Technology Act 2000, Official Secrets Act, Indian Telegraph Act 1885, etc are “no more constitutional” and deserve to be repealed.

It is only now that India has started paying attention towards issues like Privacy Laws but even these efforts lack Protection of Civil Liberties in Cyberspace and Protection of Privacy Rights in the Information Era.

NATGRID Project of India would not be finished before Five Years in these circumstances. This is despite the claims of Home Minister P. Chidambaram. If NATGIRD Project is finished before that time period and within the present Legal Framework it means only two things. Either the CCS has “forsaken” the Civil Liberties of India Citizens or Home Ministry is operating the NATGIRD Project “Illegally and Unconstitutionally” and without the knowledge of CCS.

Privacy Rights In India In The Information Age

We have no Dedicated Privacy Laws in India and Data Protection Laws in India. In fact, when it comes to respecting Privacy of Indian Citizens, Government of India tries its level best to avoid the same.

For instance, India has launched Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.

Further, India is the only country of the World where Phone Tapping and Interceptions are done without a Court Warrant and by Executive Branch of the Constitution of India. Phone Tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” for Phone Tappings and Lawful Interceptions. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more.

Phone Tapping in India has been in controversies for long. Whether it is Illegal Phone Tapping by Private Individuals or Unaccountable Phone Tapping by Indian Government and its Agencies, Phone Tapping in India has never been smooth.

There is a blessing in disguise in Ratan Tata’s Petition before Supreme Court of India. This is a golden chance for the Supreme Court of India to analyse the “Implementation” of its decision in the PUCL case (Phone Tapping Case). The Supreme Court must “Widen” the scope of Privacy Rights in India not only in the context of Phone Tapping but in an “Overall Manner”. The Supreme Court must formulate and lay down the widest possible “Guidelines” regarding Privacy Protection in India as it has done in the Vishaka’s Case (Guidelines against Sexual Harassment). The Supreme Court has even said that with the Technological Advancement, Privacy is virtually disappearing.

On the front of Legal Framework as well we have no Dedicated and Constitutionally Sound Lawful Interception Law in India. The Indian Telegraph Act, 1885 and other similar Laws are not in “Conformity” with the Constitution of India, especially Fundamental Rights of Indians. Even the Home Ministry of India is considering enactment of a Lawful Interception Law in India.

However, what is more surprising is the fact that the Law Enforcement Agencies and the Intelligence Agencies that indulge in Unconstitutional E-Surveillance and Phone Tapping are themselves Governed by No Law. It is no surprise that the Central Bureau of India (CBI) is also not governed by any Law and it is operating in India Without any Law. It is only now that the Central Bureau of investigation act 2010 was drafted. Till now it is a mere draft and has not become an enforceable law. Even the Constitutional Validity of the National Investigation Agency Act 2008 is doubtful. Even the Draft Intelligence Services (Powers and Regulations) Bill, 2011 has been recently circulated in the Parliament of India. India must urgently formulate E-Surveillance Policy so that the E-Surveillance conducted by Intelligence Agencies and Law Enforcement Agencies of India can be regulated.

Surprisingly, India has no E-Surveillance Policy and Legal Framework. This is despite the fact that many Indian Projects are so S-surveillance Oriented that they cannot pass the scrutiny provisions of Indian Constitution. Of all these E-Surveillance Projects Aadhar Project of India or Unique Identification Project of India (UID Project of India) is the most “Dangerous Project” that should not be there at the very first place. It is based upon Deceit and Deception and both Indian Government and Unique Identification Authority of India (UIDAI) are Hiding Truth from Indians. There is no Legal Framework, no defined Policies and Guidelines and most importantly no Procedural and Civil Liberty Safeguards.

If this was not enough the sole Cyber Law of India (Information Technology Act 2000) was amended through the Information Technology Amendment Act 2008. The IT Act 2008 made the Cyber Law of India an “Unregulated and Unaccountable” piece of E-Surveillance Legislation. It is now wide open to misuses by Indian Government and its Agencies. Further, the IT Act 2008 also violated various provisions of Indian Constitution and hence is “Unconstitutional” as well. Ideally Cyber law Of India must be repealed as soon as possible.

If Parliament of India has abdicated its duties and Indian Judiciary is watching as a moot spectator, it becomes of paramount importance for Cabinet Committee on Security (CCS), Union Cabinet and Prime Minister’s Office (PMO) to “Disallow” all such Projects till proper Civil Liberty Safeguards and Legal Frameworks are at place.