India says law permits agencies to snoop on citizen’s devices
The Indian government said on Tuesday that it is “empowered” to intercept, monitor, or decrypt any digital communication “generated, transmitted, received, or stored” on a citizen’s device in the country in the interest of national security or to maintain friendly relations with foreign states.
Citing section 69 of the Information Technology Act, 2000, and section 5 of the Telegraph Act, 1885, Minister of State for Home Affairs G. Kishan Reddy said local law empowers federal and state government to “intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource in the interest of the sovereignty or integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence.”
Reddy’s remarks were in response to the parliament, where a lawmaker had asked if the government had snooped on citizens’ WhatsApp, Messenger, Viber, and Google calls and messages.
The lawmaker’s question was prompted after 19 activists, journalists, politicians, and privacy advocates in India revealed earlier this month that their WhatsApp communications may have been compromised.
WhatsApp has said that Israeli spyware manufacturer NSO’s tools have been used to send malware to 1,400 users. The Facebook-owned company has in recent weeks alerted users whose accounts had been compromised. The social juggernaut earlier this month sued NSO alleging that its tools were being used to hack WhatsApp users.
NSO has maintained that it only sells its tools to government and intelligence agencies, an assertion that stoked fear among some that the state could be behind targeting the aforementioned 19 people — and perhaps more — in the country.
Reddy did not directly address the questions, but in a blanket written statement said that “authorized agencies as per due process of law, and subject to safeguards as provided in the rules” can intercept or monitor or decrypt “any information from any computer resource” in the country.
He added that each case of such interception has to be approved by the Union Home Secretary (in case of federal government) and by the Home Secretary of the State (in case of state government.)
Last month, the Indian government said it was moving ahead with its plan to revise existing rules to regulate intermediaries — social media apps and others that rely on users to create their content — as they are causing “unimaginable disruption” to democracy.
It told the country’s apex court that it would formulate the rules by January 15 of next year.
A report published today by New Delhi-based Software Law and Freedom Centre (SFLC) found that more than 100,000 telephone interception are issued by the federal government alone every year.
“On adding the surveillance orders issued by the state governments to this, it becomes clear that India routinely surveils her citizens’ communications on a truly staggering scale,” the report said.
The non-profit organization added that the way current laws that enable law enforcement agencies to conduct surveillance on citizens’ private communications are “opaque” as they are run “solely by the executive arm of the government, and make no provisions for independent oversight of the surveillance process.”