Delhi HC directs MHA to clarify its position on maintenance of e-surveillance data

tl;dr

We have been pursuing information relating to the scope and scale of e-surveillance conducted by the Ministry of Home Affairs (‘MHA’) since December 2018. The information was, at first, denied on the grounds of national security. Thereafter, on appeal, the information was denied on a new ground that minimal data was maintained and records pertaining to the information sought were destroyed from time to time. When we, further, appealed against this order before the Chief Information Commissioner (‘CIC’), the CIC accepted another new ground - that the information on e-surveillance orders was not maintained at all by the public information officer at the MHA! We have challenged this order of the CIC before the Delhi High Court, which was heard on 05.04.2022. The Court directed the counsel for the public information officers and the MHA to seek instructions on maintenance of records.

Why should you care?

Section 69 of the Information Technology Act, 2000 (‘IT Act’) allows the central government to issue orders for interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource. This means that the central government has the power to conduct an all round e-surveillance of citizens through the information stored in their computers. The central government can even order decryption of the encrypted data saved in your devices, which you may believe was safe.

To have an informed debate about the legal e-surveillance regime and practices in India, we should know how many surveillance orders are issued by the government. We filed six RTI Applications seeking statistical information about the total number of e-surveillance orders issued under Section 69 of the IT Act in 2018. We have not received this information till date, but we will continue to pursue it.

Background

We have gone from pillar to post in order to get information on e-surveillance from the MHA. Here is the quick summary of the back-and-forth we have faced:

Date

Particular

28.12.2018

Six RTIs were filed seeking statistical information about e-surveillance orders issued under Section 69 of the IT Act.

29.01.2019

The Central Public Information Officer (‘CPIO’) rejected the Six RTIs on national security grounds.

15.02.2019

We filed first appeals challenging the rejection of the 6 RTIs.

29.03.2019

The First Appellate Authority (‘FAA’) rejected the first appeals stating that there was no reason to intervene. 

06.05.2019

We filed second appeals before the CIC against rejection of the first appeals.

18.05.2021

CIC found that the national security exception was not applicable, and directed the FAA to re-examine the issues. Note, the CIC only listed the appeals after two years! 

30.07.2021

FAA issued a revised order now stating that information sought by the Petitioner was not available with the CPIO, and so cannot be provided.

23.08.2021

We filed another second appeal challenging FAA’s  revised order.

28.01.2022

CIC admonished the CPIO for belatedly changing its stance, but still held that the MHA is not the custodian of the information sought by us. CIC also sought an affidavit from the MHA confirming that it did not maintain the data in question. (‘CIC Order’)

17.02.2022

The CPIO, MHA filed an affidavit parroting the CIC’s order stating “MHA does not maintain any statistical data; desired information is not available” 

Proceedings before the Delhi High Court

We filed a writ petition against the CIC Order on 28.03.2022 where we raised three broad grounds of challenge: (i) MHA is the custodian of the information sought by us, (ii) MHA/its officers have taken contradictory stance during various stages of the proceedings (from saying that the information cannot be provided on national security grounds, to saying that minimal data is maintained, to now saying that no data is maintained), (iii) MHA cannot destroy information sought by us during the pendency of the RTI proceedings, and (iv) similar information has been provided by the MHA on previously in response to similar RTI queries.

The matter was listed for the first time on April 5, 2022 before Justice Yashwant Varma of the Delhi High Court. Senior Advocate Trideep Pais appeared on our behalf and informed the court about the legal regime under Section 69 of the IT Act and the 2009 Interception Rules, and the law on destruction of interception related records. He also pointed to a Standard Operating Procedure issued by the MHA (‘SOP’) which prescribes the procedure for storage and destruction of records relating to issuing of e-surveillance orders. The counsels for the respondents i.e. the CPIO, FAA and MHA were not present at the hearing.

The Court was pleased to direct the counsel for the respondents to seek instructions on specific paragraphs of the SOP which relate to maintenance of records of e-surveillance.

We are thankful to Sr. Adv. Trideep Pais for leading us in the matter. He was briefed by Vrinda Bhandari, Abhinav Sekhri, Tanmay Singh, Anandita Mishra, Krishnesh Bapat, Amala Dasarathi, and Natasha Maheshwari.

The matter is listed on April 28, 2022. With your support, we will continue to work on this issue of lack of transparency around issuance of e-surveillance orders.

  1. Writ Petition in Apar Gupta v CPIO, MHA & Ors. (link)
  2. Order of the Delhi High Court dated 05.04.2022 (link)
  3. Previous blogpost titled “CIC admonishes the MHA and seeks confirmation on affidavit of destruction of surveillance data” (link)