The Indian government has authorized 10 central agencies to intercept, monitor, and decrypt data on any computer, sending a shock wave through citizens and privacy watchdogs.
Narendra Modi’s government late Thursday broadened the scope of Section 69 of the nation’s IT Act, 2000 to require a subscriber, service provider, or any person in charge of a computer to “extend all facilities and technical assistance to the agencies.” Failure to comply with the agencies could result in seven years of imprisonment and an unspecified fine.
In a clarification posted today, the Ministry of Home Affairs said each case of interception, monitoring, and decryption is to be approved by the competent authority, which is the Union Home Secretary.
The agencies that have been authorized with this new power are the Intelligence Bureau, Narcotics Control Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Central Bureau of Investigation, National Investigation Agency, Research and Analysis Wing, Directorate of Signal Intelligence (in service areas of J-K, North East, and Assam), and Delhi Police.
Explaining the rationale behind the order, India’s IT minister, Ravi Shankar Prasad, said the measure was undertaken in the interests of national security. He added that some form of “tapping” has already been going on in the country for a number of years and that the new order would help bring structure to that process. “Always remember one thing,” he said in a televised interview. “Even in the case of a particular individual, the interception order shall not be effective unless affirmed by the Home Secretary.”
Apprehension among citizens
The Internet Freedom Foundation, a nonprofit organization that protects the online rights of citizens in India, cautioned that the order goes beyond telephone tapping. It includes looking at content streams and might even involve breaking encryption in some cases. “Imagine your search queries on Google over [a number of] years being demanded — mixed with your WhatsApp metadata, who you talk to, when, and how much [and add] layers of data streams from emails + Facebook,” the group said.
“To us, this order is unconstitutional and in breach of the telephone tapping guidelines, the Privacy Judgement, and the Aadhaar Judgement,” it asserted, adding that it was working with volunteers and lawyers to further scrutinize the order.
Opposition political parties also expressed concern about the order. “From Modi sarkar [Hindi for government] to stalker sarkar, clearly the string of losses has left the BJP government desperate for information,” the Congress political party said. Senior Congress leader P Chidambaram added, “If anybody is going to monitor the computer, including your computer, that is the Orwellian state. George Orwell is around the corner. It is condemnable.”
This is overbroad, has a chilling effect and is liable to be struck down in toto: still amazing how many government actions on online regulation have been straight up, ex-facie unconstitutional. https://t.co/nOhI8vA2Tx
— Karuna Nundy (@karunanundy) December 21, 2018
IT Minister Prasad lashed out at the opposition, asking whether they believe the government should not do anything to halt the proliferation of terrorist activities, which he alleged are being conducted on the internet. (Prasad and other ministers have used similar arguments in coercing Facebook to break WhatsApp’s encryption in India.)
VentureBeat has reached out to Apple, Google, Facebook, and Amazon for comment and will update if we hear back. Microsoft declined to comment.
This move by the Indian government comes days after the Australian government, in a global first, took a stricter approach to the way communications service are handled within its borders. Earlier this month, the Australian parliament passed laws giving police and security agencies in the nation the power to access messages on encrypted platforms. The government said it is taking this step in an effort to combat terrorism and other crime.