Saturday, September 04, 2010

Don't trust the government with your privacy

Having brought Research In Motion aka BlackBerry to its knees, your government now intends to target your privacy in the name of protecting your liberty. They want to read your Gmail chats and listen in to your Skype calls. Of course, they already have the ability to read your emails and eavesdrop on telephone conversations. In making this unprecedented demand for an invasion into our privacy, the government usually cites national security. In a country scarred by terrorist attacks, the most violent being the one in Mumbai in November 2008 in which modern communications including VoIP were extensively used, such demands usually go unchallenged.
In the era of sophisticated terrorism, the government must possess the ability to surveil communications in all their forms. The question is its ability to balance the rights of the individual as against the larger security interests of the state. The issue is not so much about the morality or even the efficacy of tapping phones. It is about the trust people have in the government and its functionaries to do what they must do honestly and without malice.


While most Indians would defer to the governments in matters of national security, very few would characterise their workings as being fair, honest and reasonable. The average Indian citizen gets the short end of the stick whether it is in terms of corrupt public servants or the near criminal police. To what extent, then, can citizens expect that they will respect his or her right to privacy?
As it is, India has a long and dishonourable history of phone tapping, the most notorious being the Intelligence Bureau’s tap of the President of India’s phones using equipment stationed in the office of the Prime Minister in South Block. You should not think that those days are past. Our intelligence agencies remain unsupervised by any authority, save their own, and our politicians have become even more unscrupulous than they were.
It’s a bit trite to lay it out like this, but people-to-people communications vary from the mundane exchanges between friends, lovers, and relatives to business and work-place conversations. The communications of terrorists, their ilk, and assorted criminals, are a microscopic minority. For the first category of ordinary folk—celebrities excepted— having someone snoop on your messages will arouse embarrassment and annoyance. But the interception of work and business-related conversations can have consequences. Take a hypothetical example: Mukesh Ambani and his advisers use BlackBerries to discuss issues relating to the purchase of 14 per cent of Eastern India Hotels stock. The real-life transaction was revealed after the stock markets had closed on Monday. The next day, EIH shares rose more than `15 per share. A hypothetical rogue spook could have accessed that information in advance because he had BlackBerry’s encryption code. He could have bought shares that turned him a nice illegal profit.
While your BlackBerry and mine deal with boring and commonplace exchanges, there are people whose information can make a huge difference to someone’s pocketbook or open them to blackmail on a matter that has nothing to do with national security.
It should hardly be a surprise that the edifice of the government’s intrusive powers rests on colonial era statutes. Section 5 (2) of the Telegraph Act of 1885 permits interception or wiretapping—at the time it was telegrams, but later it included telephones. Buttressing this is the secrecy with which this is done, which is based on the Official Secrets Act of 1922 which makes it illegal to transmit any information to any “unauthorised” person.


Surprisingly, it was only in 1997 that the Union government and the Supreme Court discovered that the Telegraph Act provided no safeguards for the citizens. Based on a petition filed by the PUCL, the apex court concluded that the right to privacy, and for that matter telephonic conversation, was covered by Article 21 of the Constitution and that it could not be curtailed except through the due procedure established by law. The court said that to rule out the arbitrariness inherent in the powers under the Act, some safeguards were needed and so it issued a set of guidelines which it said would operate till the government notified specific rules. In 1999, the government notified new rules to the Telegraph Act which were based on the Supreme Court guidelines. Essentially they provided a framework in which telephone taps would be authorised by the Union and State Home Secretaries and outlined the parameters under which the tapping could be done.
Similar rules were then created for the Information Technology Act of 2000 and notified last year to authorise interception by intelligence agencies and the police of computer-based communications like emails, chats and the like. Here, too, the authorising authority were the Home Secretaries, but it expanded the list by including other officers if the “competent authority” was not available. Indeed, it allowed police officers of Inspector-General rank to authorise taps in case of emergencies or in remote areas.
The authorisation has to be communicated to a review committee, headed by the Union Cabinet Secretary which was to meet once in two months and decide whether each order complied with the Act.
The rules are very clear on the manner in which private companies dealing with communications have to comply with the demands of the government. Rule 17, for example, specifically notes that if a demand is made for a decryption key by the nodal officer of an organisation of SP or ASP rank that has got the authorisation, the key holder will have to disclose the key and provide decryption assistance. Clearly, BlackBerry then will have to agree to the government’s requests because that is the law.
But even while demanding information, the government itself remains opaque. It has refused to provide information on the functioning of the Review Committee on grounds that they are classified under the Official Secrets Act. Instead of sharing information about how the Review Committee functions and thus building public confidence, the government treats its activities as top secret. Clearly, the body is born more out of a need to show that the government is concerned about providing safeguards, rather than actually providing them.


In the US the Communications Assistance for Law Enforcement Act requires companies to engineer their systems to enable phone, VoIP and broadband tapping — in other words even monitor the internet realtime. But the surveillance must be authorised by a special court whose judges are appointed by the US Supreme Court Chief Justice. US agencies have used other means to snoop on citizens, leading to stiff legal challenges.
Given the real threats India confronts no one will argue that the government should not access private information, if it requires to do so. What we need are more credible guarantees that the information is not collected illegally and that it is not misused in any way. Recall that earlier this year it transpired that the National Technical Research Office had “inadvertently” tapped the phones of some leading politicians.
A guarantee of proper use can only come through the legal system, not the bureaucracy or the police which have been known to crawl, when merely asked to bend, by the government of the day. The functioning of the Central Bureau of Investigation is an obvious case in point.
There is no point in making these unprecedented demands on our privacy in the name of securing our liberties, when civil rights can be trampled
upon easily.
Mail Today September 2, 2010


theone said...

Are you saying Govt (of India particularly because several other governments already have the capability) should not have the ability to read mails (electronic or otherwise ) or hear telephone calls ?

manoj joshi said...

No, but they should have one which is supervised by a high-level court at every stage.