New Delhi: The latest Home Ministry order
The discretionary power that rested with the Home Secretary has now been delegated to these agencies without ensuring proportionality of action. It’s debatable whether the parent IT Act, 2000 and the subsequent rules permit this delegation of discretion.
It has been argued that the IT Act, 2000 and the relevant rules of 2009 have always existed and were framed under the UPA era. However, prior to the latest order of the NDA government, each central agency had to seek permission on a case-to-case basis from the Home Secretary and the detailed reasons had to be recorded in writing.
The Home Secretary may permit or deny the request based on merits of each case to any agency. This ensured minimal and proportionate state interference on individual privacy. Even the actions of the Home Secretary had to be forwarded to a ‘Review Committee’, comprising the Cabinet Secretary, Law Secretary and Secretary of the Department of Telecommunications. The review committee maintained an oversight over the decisions of surveillance so that state interference remains in permissible limits.
It’s important to note the language employed under the Information Technology (Rules for procedure & safeguard for Interception, monitoring and Decryption of Information), 2009. The language of Rule 4 says that the Home Secretary “may authorise” the agency to intercept information.
At all points, under the 2009 rules, the authority lies solely with the Home Secretary who is called the ‘competent authority’. The Home Secretary does not have broad scope to give an omnibus permission and notify all agencies which have unfettered discretion to intercept information.
The move to grant an unfettered discretion is also against the spirit of the 2009 rules, which say that interception should be last resort to extract information.
The order is issued under Section 69 of the Information Technology Act, 2000 which invokes the “national interests” requirement under which data from any computer may be intercepted. Further, the Information Technology (Rules for procedure & safeguard for Interception, monitoring and Decryption of Information), 2009 lay down the process as to which agency may intercept information through what process.
These IT rules of 2009 authorise the ‘competent authority’ which means the Home Secretary at the Centre or state level to authorise monitoring and surveillance of individuals by central agencies upon request.
The order is not just bad in principle but also bad in law. The present carte-blanche order of the government poses serious questions on privacy and data protection, and is arguably an excessive delegation of powers to these 10 agencies.