
tl;dr
We have been pursuing information relating to the scope and scale of e-surveillance conducted by the Ministry of Home Affairs (‘MHA’) since December 2018. The information was, at first, denied on the grounds of national security. Thereafter, on appeal, the information was denied on a new ground that minimal data was maintained and records pertaining to the information sought were destroyed from time to time. When we, further, appealed against this order before the Chief Information Commissioner (‘CIC’), the CIC accepted another new ground - that the information on e-surveillance orders was not maintained at all by the public information officer at the MHA! We have challenged this order of the CIC before the Delhi High Court, which was heard on 05.04.2022. The Court directed the counsel for the public information officers and the MHA to seek instructions on maintenance of records.
Why should you care?
Section 69 of the Information Technology Act, 2000 (‘IT Act’) allows the central government to issue orders for interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource. This means that the central government has the power to conduct an all round e-surveillance of citizens through the information stored in their computers. The central government can even order decryption of the encrypted data saved in your devices, which you may believe was safe.
To have an informed debate about the legal e-surveillance regime and practices in India, we should know how many surveillance orders are issued by the government. We filed six RTI Applications seeking statistical information about the total number of e-surveillance orders issued under Section 69 of the IT Act in 2018. We have not received this information till date, but we will continue to pursue it.
Background
We have gone from pillar to post in order to get information on e-surveillance from the MHA. Here is the quick summary of the back-and-forth we have faced:
Proceedings before the Delhi High Court
We filed a writ petition against the CIC Order on 28.03.2022 where we raised three broad grounds of challenge: (i) MHA is the custodian of the information sought by us, (ii) MHA/its officers have taken contradictory stance during various stages of the proceedings (from saying that the information cannot be provided on national security grounds, to saying that minimal data is maintained, to now saying that no data is maintained), (iii) MHA cannot destroy information sought by us during the pendency of the RTI proceedings, and (iv) similar information has been provided by the MHA on previously in response to similar RTI queries.
The matter was listed for the first time on April 5, 2022 before Justice Yashwant Varma of the Delhi High Court. Senior Advocate Trideep Pais appeared on our behalf and informed the court about the legal regime under Section 69 of the IT Act and the 2009 Interception Rules, and the law on destruction of interception related records. He also pointed to a Standard Operating Procedure issued by the MHA (‘SOP’) which prescribes the procedure for storage and destruction of records relating to issuing of e-surveillance orders. The counsels for the respondents i.e. the CPIO, FAA and MHA were not present at the hearing.
The Court was pleased to direct the counsel for the respondents to seek instructions on specific paragraphs of the SOP which relate to maintenance of records of e-surveillance.
We are thankful to Sr. Adv. Trideep Pais for leading us in the matter. He was briefed by Vrinda Bhandari, Abhinav Sekhri, Tanmay Singh, Anandita Mishra, Krishnesh Bapat, Amala Dasarathi, and Natasha Maheshwari.
The matter is listed on April 28, 2022. With your support, we will continue to work on this issue of lack of transparency around issuance of e-surveillance orders.
Important Links
- Writ Petition in Apar Gupta v CPIO, MHA & Ors. (link)
- Order of the Delhi High Court dated 05.04.2022 (link)
- Previous blogpost titled “CIC admonishes the MHA and seeks confirmation on affidavit of destruction of surveillance data” (link)