Implications of Section 69 of IT Act 2000 R/w IT rules 2009 imposed on the citizens of India vis-a-vis privacy guaranteed under Article 21
By Kunal Yadav
“Wherever the real power in a Government lies, there is the danger of oppression. In our Governments, the real power lies in the majority of the Community, and the invasion of private rights is chiefly to be apprehended, not from the acts of Government contrary to the sense of its constituents, but from acts in which the Government is the mere instrument of the major number of the constituents.”
― James Madison
With the advent of technology developing over the years at rapid pace, a drastic shift has occurred in the field of e-commerce , communication and vice versa. Consequential amendments taken place in the IT Act, 2000 to facilitate e commerce industry in more efficient and smooth manner. Shreya Singhal v UOI, AIR 2015 SC 1523 was path breaking case which was pronounced by apex court and struck down 66A of IT ACT, 2000 and safeguarded the right and freedom of speech and expression guaranteed under Indian constitutition.
Witnessing the tremendous change in communication technology, digital technology from quite some time in our lives by strengthening e-commerce more reliable, more efficient, time-saving and time-consuming. Despite seeing some positive changes, it rapidly showing its adverse implications. Moreover, numerous amendments have been incorporated and modifications to have already been placed in the Information Technology Act,2000 along with IT Rules, 2009. Notably, multiple petitions have been tagged along with Public Interest Litigation by Internet Freedom Foundation and Ors. have been preferred challenging the arbitrariness of section 69 of IT ACT, 2000 in pursuant to Article 19(1), Article 21 post the notification issued on 20 December 2018 by the Ministry of Home Affairs in authorising ten central agencies to intercept, monitor, and decrypt “any information generated, transmitted, received or stored in any computer which is an utter infraction of K.S. Puttaswamy Judgment passed by the apex court and also an ultravires of the principles and foundation of fundamental rights. While some claim this to be a violation of the fundamental right to privacy the Ministry of Home Affairs has claimed its validity on the grounds of national security. Vide such notification /circular by MHA on 20.12.2018, the regressive approach adopted by the government is totally uncalled for, as it goes against the contours of constitution of India. Such implementation of laws cannot be arbitrarily imposed against the citizen of this nation and it requires to be repressed forthwith by making necessary amendments in the said IT Act, 2000.
Recently, the apex court inclined to issue notice in an Public interest litigation titled as “Internet Freedom Foundation & Another VERSUS Union of India and Others challenging section 69 of IT Act, 2000 , Information Technology (Procedure and safeguard for interception, monitoring and decryption of information rules 2009) pursuant to Section 69(2) read with Section 87(2)(y) of the Act and MHA order dated 20th December 2018 empowering 10 security and intelligence agencies to intercept, decrypt , monitoring the data , information generated through computer, or any other electronic device , data stored in any medium of communication since it is ultra vires Articles 14, 19(1)(a), 19(1)(d), and 21 of the Constitution of India.
The implication of enactment and enforcement of section 69 of IT ACT, 2000 coupled with the directions issued for interception/monitoring/decryption of any such information to the general public of this country entails grave consequences ,when it comes to issue of right to privacy guaranteed under article 21 of the constitution of India , wherein the nine judge bench of apex court affirmed the constitutional right to privacy as an integral part of part III of constitution of India in the matter titled as K.S. Puttaswamy v Union of India (2017) 10 SCC 1 (Privacy)overruling the previous decision passed in Kharak singh v state of U.P. (1964) 1 SCR 332, wherein the six judges bench had concurring opinion and ruled out that privacy was not a guaranteed right and is not absolute. However, Justice Subbarao in his dissented judgement expressed his views akin to infraction of Article 19(1)(d) and of personal freedom and liberty as such, even though the right to privacy was not recognised as a fundamental right, it was essential for personal liberty under Article 21.
It is needless to say that once again the apex court has turned out to be saviour for the citizens of this country by taking a firm stand that privacy of an individual must be respected at any cost and must not be abridged by anyone, not even the state government are permissible to do so in toto. So far as rights of an individual are concerned and when such rights/freedoms/liberties are constantly being infringed/invaded either by state government/central government or public administration, the role of judiciary plays pivotal role in upholding the principles underlying in constitution of India by sustaining rule of law in order, thus, privacy is a fundamental inalienable right, intrinsic to human dignity and liberty under article 21 of the constitution of India and hence in any manner, cannot be abrogated. The five judges bench in K. S. Puttaswamy v. Union of India (2018) 12 SCALE 1 (Aadhaar) uphold the constitutional validity of Aadhar Act, 2016 relied upon the test of proportionality which became decisive factor and it was one of the tests among three tests founded in K.S. Puttaswamy case (Privacy) case.
In such scenario, it becomes imperative to anticipate that whether the provision i.e. section 69 in toto or only 69(3), 69(4) of Information Technology Act, 2000 can actually hamper the basic framework of Indian constitution whereby infracting the constitutional freedoms guaranteed under part 3 of constitution to the people of the nation and as such this recent notification brought in IT Act, 2000 could bring serious repercussions or not, and another question arose herein that whether any adverse implications could be drawn in forthcoming litigation cases and if the answer is in affirmative, then whether such provision of law could be constitutionally be challenged before the apex court. Let us analyse the section 69 of IT Act ,2000 in details –
Section 69(1) empowers the officers authorised either by central government or by state government in order to prevent incitement if any cognizable offence being committed keeping in mind the vested interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order , relating to above or for investigation of any offence, it may, subject to the provisions of sub-section (2). Furthermore, section 69 sub clause (2) stipulates procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed in accordance with the rule 3 of Information Technology (Procedure and safeguard for interception, monitoring and decryption of information rules 2009).
Thereafter, such reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.
Let us understand in a much simpler, precise way about the actual meaning of Cognizable Offence which has already been incorporated in the Information Technology Act, 2000. The term ‘Cognizable offence ‘defined and discussed under Section 154. Section 2(c) of Cr.P.C. describes “an offence in which the police officer can arrest the person without a warrant and can start an investigation without the due permission of the court. These are the offences that are usually very serious and generally heinous in nature. For example Rape, murder, kidnapping, dowry death etc. All cognizable offences are non-bailable due to their serious and heinous nature.
Section 69 (3) empowers the additional right to competent authorities to call upon the subscribers or intermediaries or any other person in charge of / in possession of computer device or data and could seek their assistance in every possible way and provide them the access to or secure access to the computer resource generating, transmitting, receiving or storing such information; or intercept, monitor, or decrypt the information, as the case may be; or provide information stored in computer resource. Competent authorities include secretary of MHA, ,Secretary of home department, in case of state government. So, unless these officials does not give consent to a specified person, none can carry out the interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub-section (2) of section 69 of the Act.
So, as per Section 2 of Information Technology intermediaries shall also incorporate network service providers, web hosting providers, internet providers, online payment sites, online auction sites, search engines etc. although the absolute and arbitrary power has been accorded to authorised officer / competent authority by the central government under the act and they can carry out necessary proceedings enshrined in the IT ACT,2000 within the domain of provision.
In pursuant to article 19(2) ,a reasonable restriction could only be imposed on the person whose data is to be encrypted/intercepted/decrypted by the authorised officer designated by central government/state government , in writing , by order if their sole purpose is to maintain public order in prevention of incitement of commission of cognizable offence and not in the absence of incitement of cognisable offence per se.
Just have a glance at section 5 sub clause 1 of Telegraph act , 1885 which mandates central government or state government or any other officer as appointed by either central or state government to seize license telegraphs and intercept the messages temporarily but there is a condition attached to it, that is that can only be processed in case of public emergency where the vested interest of the public at large at stake. There is absolute power vested to both governments which could lead to serious invasion of privacy to an individual life and such intrusion tantamount to contravention of fundamental principles of Indian Constitution and an absolute utter disregard of the rule of law.
Let us delve into nuances of provision 5 of Telegraph Act, 1885 R/w 419a of Telegraph Rules, 1951 wherein an Public interest Litigation was preferred under Article 32 of Constitution of India challenging the constitutional validity of provision of 5 (2) of Telegraph Act, 1885 in People Union Civil Liberties v. Union of India (AIR 1997 SC 568) highlighting the grave prejudice caused to an individual, if his right of privacy be breached . The apex court passed several directions while protecting and upholding the right of privacy of an individual , whereby the absolute power was accorded to home secretaries of both central government, state government ,not below the rank of joint secretary and checks and balances to be maintained whether the information which is considered imperious to acquire from such persons could have reasonably be acquired by other means under section 5(2) of Indian Telegraph Act, 1885 R/w 419a of Telegraph Rules, 1951.
The significance of both these Articles 19 (1) and Article 21 is that both are intertwined and pillars of constitution.
Though section 5(2) of Indian Telegraph Act stipulates condition in which that such authorised officer appointed on behalf of central or state government may direct any such persons or to or from class of persons to adduce such messages to concerned officer that might provoke in commission of an crime/offence , if it is nature of public safety ,or interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states is concerned, such information/messages to be brought for transmission , making it mandatorily to be intercepted or detained, or further it shall be disclosed to the Government.
In my opinion, until and unless, the nature of public emergency gets determined by the government or prior to collection of data, encryption, decryption of data, transmitting from one device to another, pen drive, hard disk etc, the competent officer either on behalf of central or state government should not be provided with arbitrary power in accordance with section 69(3) of IT Act, 2000 to inquire /act with the proceedings of gathering data collection, encryption or decryption in the name of interest of public or state sovereignty and such conduct/act of proceedings to be ousted in toto by the apex court, keeping in mind the rights of an individual are concerned and other various grounds raised in an PIL before apex court. So, defacto, the jurisdiction to intervene in individual space, by breaching its privacy and the mechanism of doing that by gathering data by various means as articulated in ab initio of the article required to be ousted outrightly and procedural safeguards needs to be looked upon and not merely be discarded and overlooked by the central government/state government.