Yesterday, we pointed towards a report in DNA which indicates that the Mumbai Police has set up a team to track content being downloaded from the web by citizens, and explained the implications with respect to privacy of citizens, and effectively goes against the spirit of the 1996 PUCL judgment which established procedures for the government to tap phone lines. Now if you look at the IT Act, passed by Parliament in 2008 with almost no debate, it actually enables snooping by the government by forcing intermediaries (like ISPs) to provide all assistance to the government, else face imprisonment. From Page 13 of the IT Act (download):
Section 69B of the IT Act states:
(1) The Central Government, may, to enhance cyber security and for identification, analysis and prevention of intrusion or spread of computer containment in the country, by notification in the Official Gazette, authorise any agency of the government to montor and collect traffic data or information generated, transmitted, received or stored in any computer resource.
(2) The intermediary or any person in-charge or the computer resource shall, when called upon by the agency which has been authorised under sub-section (1), provide technical assitance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating, transmitting, receiving or storing such traffic data or information.
(3) The procedure and safeguards for monitoring and collecting traffic data or information, shall be such as may be prescribed.
(4) Any intermediary who intentionally or knowingly contravenes the provisions of sub-section (2) shall be punished with an imprisonment for a term which may extend to three years and shall be liable to fine.
Explanation — for the purposes of this section, —
(i) “computer contaminant” shall have the meaning assigned to it in section 43;
(ii) “traffic data” means any data identifying or purporting to identify any person, computer system or computer network or location to or from which the communication is or may be transmitted and includes communications origin, destination, route, time, data, size, duration or type of underlying service and any other information.’
It’s important to note that the IT Act has mentioned safeguards built in, saying that the procedure and safeguards for monitoring and collecting traffic data or information need to be prescribed. As far as we know, even though it appears that government agencies are snooping, no safeguards have been established. No rules regarding Section 69B have been notified. This is incredibly convenient for the Indian government – they’re snooping because the IT Act enables them to do this, and not protecting the rights of citizens. Like I said yesterday, maybe someone needs to file a case. Perhaps, PUCL needs to get involved again.