Just over a year ago, the world was treated to a rude awakening by a hitherto unknown Edward Snowden, when he made public thousands of classified documents that belonged to the United States' National Security Agency (NSA). Described as one of the most significant leaks in US history, the disclosed documents revealed that the US Government had been discreetly collecting unprecedented quantities of surveillance data on everyone from its own citizens to foreign Governments, ostensibly as part of its global war against terror.
While most of the rest of the world was foreseeably outraged by the contents of Snowden's revelations, the Indian Government's response to the matter was tepid at best, and the whole affair was shrugged off as a routine occurrence in international diplomacy. This stand was especially surprising since India, who has always boasted friendly ties with the US, was reportedly fifth in the overall list of countries spied on by the NSA programs. Why then was India rushing to the US' defense, with the then Minister for External Affairs going so far as to say that the US surveillance program "is not actually snooping"?
Digging a little deeper, one quickly begins to realize that the Indian Government's stoic tolerance of US surveillance might have been brought on by more than a mere desire to keep Indo-US relations from going sour. In line with the age-old adage against throwing stones in a glass house, the Indian Government's restraint might have stemmed - at least in part - from the fact that it was busy conducting some snooping of its own.
Multiple Indian legislations, including the Indian Telegraph Act and Rules, Information Technology Act and Rules and the Code of Criminal Procedure, contain explicit provisions that allow Central and State Governments to intercept and monitor the nation's communication networks on a wide variety of grounds. These grounds are often broadly worded, with generous helpings of terms such as 'security of the state' and 'public safety' that are never defined with any manner of precision, thereby granting the Government unsubstantiated access to India's telephone and Internet networks to retrieve their contents at will. Similarly, license agreements entered into between Indian communications service providers and the Department of Telecommunications contain clauses that mandate the installation of unspecified surveillance equipment into communication networks as and when required by the Government and its agents. Given that these license agreements are essentially what allow service providers to conduct business in India, all service providers operating in the country at any given point of time are bound to ensure that their networks are open to Government surveillance.
On the basis of these legal provisions, a number of surveillance initiatives are already in place all over the country. Lawful Interception and Monitoring (LIM) systems installed into India's telephone and Internet networks bare in real-time our phone calls, texts, e-mails and general Internet activity to Government inspection. 'LIM systems' being a generic term that alludes to any surveillance system sanctioned by law, the true nature and extent of capabilities of the specific systems employed by the Indian Government remain matters of intelligent speculation. On top of these, a slew of additional surveillance systems designed to significantly enhance the Government's existing capabilities are in the pipeline in varying stages of deployment. This includes as of current knowledge, the enigmatic Central Monitoring System (CMS), Network Traffic Analysis (NETRA), and National Intelligence Grid (NATGRID). Of these, the CMS is said to be an extension of the current framework of LIM systems, with elimination of manual components from the interception process being its prime focus. NETRA on the other hand, is a dedicated Internet surveillance system that will scour the nation's Internet traffic for certain key words and phrases such as 'bomb', 'blast', and 'kill', and alert Law Enforcement Agencies (LEAs) on their detection. Finally, NATGRID will reportedly collate and analyze data generated by 21 standalone databases belonging to various agencies and Ministries of the Indian Government, including tax and bank account details, credit card transactions, visa/immigration records and itineraries of rail and air travel.
While it is thus clear that the Indian Government is in possession of a virtual arsenal of surveillance technologies, their very existence is cause for great concern - especially in the Indian context - for a variety of reasons. For starters, the Executive arm of the Government exercises absolute dominion over India's surveillance regime, leaving no room for independent oversight - judicial or otherwise. There is also a complete lack of transparency at the Government's end when it comes to surveillance, with the effect that citizens are mostly left to resort to the rumor mills to piece together what information they can about the myriad ways in which they are being surveilled. Further, Indian citizens do not enjoy a constitutionally guaranteed right to privacy, which has been internationally recognized as a fundamental human right, especially in the digital age.
Despite these glaring pitfalls, an application filed by SFLC.in under the Right to Information Act revealed that on an average, around 7500 - 9000 telephone-interception orders are issued by the Central Government alone each month. Extrapolating this number to include all interception orders issued by the Central and State Governments combined, it becomes clear that Indian citizens are routinely and discreetly subjected to Government surveillance on a truly staggering scale - all the more so considering that we are, after all, a developing third-world nation that grapples with more fundamental issues of life such as starvation and disease.
In this series of blog-posts, SFLC.in delves into the unchartered wilderness that is India's surveillance landscape in a bid to demystify our surveillance practises. Over the coming weeks, we will take an in-depth look at various aspects of India's surveillance machinery, including enabling provisions of law, service provider obligations, current/planned surveillance mechanisms and so on. The idea is to bring India's reclusive regime of communications surveillance to public attention, and spread awareness about the true extent to which citizens' communications are routinely surveilled.