Was Pranab Mukherjee's Office Bugged For E-Surveillance?

Last September, finance minister Pranab Mukherjee complained that his office was bugged. Mukherjee requested the PM to order a secret inquiry into the "serious breach of security in his office" in the form of "planted adhesives" in 16 locations in a possible surveillance attempt. Though no live microphone devices were found, he had reported it to the PM. Realising the seriousness of the issue, Intelligence Bureau (IB) immediately swept into action.

However, IB found nothing wrong at Mukherjee’s office and no surveillance equipment was found. To be on the safer side, IB increased the frequency of its “technical sweeping” in high offices.

Technical sweeping is a more advanced form of surveillance detection than the ordinary surveillance detection technique. Now instead of occasional anti-bugging exercise inside finance ministry, the IB has now included this ministry in North Block as part of its regular “technical sweeping” work like what it does for its own premises and offices of the PM in South Block and home minister in North Block.

E-surveillance has become a nuisance for not only Indian citizens but also for the government itself. Private individuals have been doing e-surveillance and phone tapping in India with or without governmental orders. We have no constitutionally sound e-surveillance and phone tapping law in India. Further, even the e-surveillance policy of India is missing. We urgently need a lawful interception law in India.

There is no provision for “judicial scrutiny” of e-surveillance and “phone tapping orders in India and this is giving lots of room for private individuals and those who have no authority of law to indulge in illegal e-surveillance and phone tapping.

Indian government must urgently do something about this serious problem that has already taken a gigantic shape. A system devised by Indian government is itself proving a nuisance for it. Time has come for the Indian government to clean the mess created by itself.

Blackberry, G Mail And Skype May Not Be Banned In India

Blackberry, Gmail and Skype have been asked to provide encryption free services in India. When these companies conveyed their inability to do so, Indian government warned them of banning their services in India. Subsequently, India issued directions to telecom service providers forcing them to drop Blackberry’s services if Blackberry does not provide free and unencrypted access to its services in India.

This episode has happened because we have no lawful interception law in India, no encryption policy in India, no effective telecom policy in India, a draconian and ineffective cyber law of India that needs urgent repeal and many more such factors.

According to Praveen Dalal, managing partner of New Delhi base law firm Perry4Law and leading techno legal expert of India, India is the only country of the World where Phone Tapping and Interceptions are done without a Court Warrant and by Executive Branch of the Constitution of India. Phone Tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” for Phone Tappings and Lawful Interceptions. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more, informs Dalal.

While none can doubt about the National Security and Law Enforcement Requirements yet they must be “Reconciled” with Fundamental Rights of Indians, says Dalal. Further, Intelligence Infrastructure of India also needs urgent rejuvenation, suggests Dalal. Recently the Home Ministry of India asked the Departments of Telecommunication (DoT) and Department of Information Technology (DIT) to examine the existing legal framework and recommend appropriate amendments of the laws to ensure smooth access to services like BlackBerry and Skype.

DoT has now clarified its stand in this regard and it is against the proposal of discontinuing about 14 communication services that intelligence agencies cannot track currently. Further, DoT is also not in favour of imposing responsibility upon mobile phone companies to provide assistance to decrypt all the services they provide.

Keeping in mind this latest development, it can be assumed that services of Blackberry, Gmail, Skype, etc would not be banned in India for some more time.

However, Indian intelligence agencies and law enforcement agencies must concentrate upon skills development in India. Further, one thing that Indian intelligence agencies must develop on priority basis is techno legal Intelligence gathering skills development. Encrypted services in India are going to stay and law enforcement and intelligence agencies must develop skills to deal with the same in future.

The Data Protection Authority Of India

Data protection in India has assumed tremendous importance in the recent past. We have no dedicated data protection law in India. Despite numerous talks and declarations, India is decade away from a sound and effective data protection law.

In this background, Indian government has proposed draft right to privacy bill 2011 of India. It has also been declared that a data protection authority of India would also be constituted that would look into the matters of data protection in India and punishing the violations of the same. Only time would tell how effective these declarations would be.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of India, we have no “Dedicated” Data Protection Law in India. Even India does not have a Data Security Law and Privacy Law. This makes the sensitive information and personal details of Indian Citizens “Highly Vulnerable” to misuse, informs Dalal.

With the proposed use of Cloud Computing, Software as a Service (SaaS) and M-Governance by Indian Government, more “Privacy Violations”, “Cyber Security” and many more “Regulatory Issues” would arise in future. These “Initiatives” cannot succeed in India in the absence of adequate and strong laws in this regard, informs Dalal.Another closely related issue pertains to absence of lawful interception law in India. Lawful Interception Law of India is urgently required, suggests Dalal. India is the only country of the World where phone tapping is done without a Court Warrant and by Executive Branch of the Constitution of India. Phone tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” in this regard. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more, informs Dalal.

The importance of data protection authority of India cannot be undermined in these circumstances. However, equally gruesome would be the challenges that the Authority would face in future. For the time being, India stands nowhere and the Authority may be just another rumour as has been heard in the past.

Data Protection Authority of India

India has no dedicated data protection law in India. Further, we also do not have any data security laws in India. Even privacy laws in India are also missing. It is surprising how India ignored these much needed requirements for decades.

Indian government has announced from time to time about enactment of relevant laws to ensure effective privacy laws and data protection laws. However, till now no such laws have been enacted by Indian government. Rumours are spreading again that Indian government is planning to set up a three-member Data Protection Authority of India (DPAI). Among other things, the DPAI would monitor and enforcing compliance of the any future proposed data protection laws and to investigate any data security breach.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of India, we have no “Dedicated” Data Protection Law in India. Even India does not have a Data Security Law and Privacy Law. This makes the sensitive information and personal details of Indian Citizens “Highly Vulnerable” to misuse, informs Dalal.

With the proposed use of Cloud Computing, Software as a Service (SaaS) and M-Governance by Indian Government, more “Privacy Violations”, “Cyber Security” and many more “Regulatory Issues” would arise in future. These “Initiatives” cannot succeed in India in the absence of adequate and strong laws in this regard, informs Dalal.

Another closely related issue pertains to absence of lawful interception law in India. Lawful Interception Law of India is urgently required, suggests Dalal. India is the only country of the World where phone tapping is done without a Court Warrant and by Executive Branch of the Constitution of India. Phone tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” in this regard. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more, informs Dalal.

The issues are not as simple as the Indian government is presuming. In fact, very complicated and constitutional issues are involved that must be addressed by enacting suitable laws in India as soon as possible.

CBDT Phone Tapping Powers Under Fire

Phone tapping is a very controversial and serious issue. If phone tapping is not supported by a constitutionally sound law, it amount to gross violation of basic human rights. A very common requirement for engaging in phone tapping is taking the prior permission form a court in this regard.

Although we have laws for phone tapping and e-surveillance in India yet according to techno legal experts of India none of them are constitutionally sound. Similarly, we have no constitutionally sound lawful interception law in India.

In the past the phone tapping powers have been abused in India by both Indian Government and private individuals alike. Even the contents obtained from such phone taps have been circulated in public with great disregard to the privacy rights of various individuals. The matter has been pending before the Supreme Court of India. The Supreme Court has even admitted that with the technological advancement, privacy is virtually disappearing.

There is an urgent need to formulate effective and constitutional lawful interception law in India. Lawful Interception is a process that “Reconciles” the Law Enforcement requirements and Civil Liberties of a Nation. In the Indian context, we have no Lawful Interception Law in India. By Lawful Interception Law I mean a “Constitutionally Sound” Lawful Interception Law and not the present “Self Serving Laws” of India, says Praveen Dalal, managing partner of New Delhi based Law Firm Perry4Law and leading cyber law expert of India.

The Home Ministry of India is mulling a law on lawful interception in India. Even the Telecom Policy of India 2011 may have some provisions regarding the same. In a recent development in this regard, the Prime Minister’s Office (PMO) has authorised the Home Ministry to take the final call on the contentious issue of withdrawing the CBDT’s powers of phone-tapping.

A committee headed by the Cabinet Secretary, with Secretaries of ministries concerned as members, had unanimously recommended that the CBDT be taken off the list of agencies which can file phone-tapping requests. The committee had then sent its recommendations to the PMO, which recently finalised them and routed them to the Home Ministry, the nodal ministry for authorising telephone interception.

However, these initiatives of Home Ministry may not be sufficient. India is the only country of the World where phone tapping is done without a Court Warrant and by Executive Branch of the Constitution of India, says Praveen Dalal. Phone tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” in this regard. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more, informs Dalal.

It is clear that without a constitutionally sound lawful interception law of India, things are not going to improve in India. The earlier it is done the better it would be for the national interest of India.

Home Ministry Mulls Lawful Interception Law Of India

Lawful Interception is a process that “Reconciles” the National Security requirements and Civil Liberties of a Nation. In the Indian context, we have no Lawful Interception Law in India. By Lawful Interception Law I mean a “Constitutionally Sound” Lawful Interception Law and not just any “Self Serving Law”- Praveen Dalal.

World over civil liberties are infringed using information and communication technology (ICT). In the past, Indian telecom companies have used private individuals to do phone tapping. Experts like Praveen Dalal have been suggesting enactment of a “constitutionally sound” lawful interception law in India. Till now we do not have a constitutionally sound lawful interception law in India and the same is urgently required.

On the top of it we have projects like central monitoring system (CMS), national intelligence grid (Natgrid), Aadhar, crime and criminal tracking network and systems (CCTNS), etc that are not governed by any legal framework and procedural safeguards.

We also do not have any encryption laws in India nor do we have any encryption standards in India. Further, India has a poorly drafted and decayed cyber law in the form of information technology act, 2000 that needs urgent repeal, inadequate cyber security, missing cyber forensics capabilities, inadequate critical infrastructure protection and so on.

In this background, the home ministry has asked the departments of telecommunication (DoT) and department of information technology (DIT) to examine the existing legal framework and recommend appropriate amendments of the laws to ensure smooth access to services like BlackBerry and Skype.

The home ministry has asked DoT and DIT to examine the Indian Telegraph Act 1885, Information Technology (Amendment Act), 2008, rules under the Telegraph and IT Act and provisions in the licence agreements and recommend appropriate amendments so that requirements, to the extent possible, are incorporated in the Act itself. However, India needs a dedicated lawful interception law and not just few amendments in the present outdated laws.

According to Praveen Dalal, managing partner of New Delhi base law firm Perry4Law and leading techno legal expert of India, India is the only country of the World where Phone Tapping and Interceptions are done without a Court Warrant and by Executive Branch of the Constitution of India. Phone Tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” for Phone Tappings and Lawful Interceptions. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more, informs Dalal.

The present action of home ministry seems to be in response to these developments that are “unconstitutional” in nature. These activities of Indian government and its agencies can be challenged in Indian higher courts as unconstitutional as violative of fundamental rights of Indians. Let us hope the Parliament of India would soon come up with a constitutionally sound lawful interception law of India.

Internet Kill Switch In India

Indian government in general and intelligence and security agencies of India in particular are not at all comfortable with the use of information and communication technology (ICT) in India. For instance, use of encryption technology in India is feared like a plague by Indian government. That is why there are practically no encryption laws and regulations in India.

Similarly, Internet in India is under potential threats of e-surveillance and civil liberties violations. We have no lawful interception law in India and phone tapping and e-surveillance in India is done in an illegal and unconstitutional manner. As a result, Internet censorship in India, phone tapping and e-surveillance in India have increased a lot.

India has poor cyber law and inadequate cyber security. We have no cyber security policy as well as a national security policy in India. Critical infrastructure protection in India has not yet received the attention of Indian government.

No doubt critical infrastructure protection in India is absolutely required but Internet kill switch is no a solution to cyber security problems of India. Further, Internet kill switch should not be used as a tool of e-surveillance and Internet control in India. On the contrary, we need active steps to formulate anti Internet kill switch measures in India.

We originally raised these concerns in India for the first time and it seems now the media has also taken note of this issue. We once again reiterate the need of anti Internet kill switch laws in India before it is too late.