The Central Monitoring System (CMS) project of India, which was designed to allow the government to monitor and intercept telephone calls, email messages, and communications on the Internet, is having starting trouble and is yet to start operating. The CMS is supposed to allow the government to tap into a national network of telecoms and Internet service providers for information on the activity of targets on communications networks without having to approach the individual providers for the information.
While national security does mandate surveillance and intelligence gathering, the creation and working of a mass surveillance system may not, necessarily, be in absolute conformity with the existing law. Human Rights campaigners argue that the system infringes on privacy and civil liberties. Meenakshi Ganguly, the South Asia director of Human Rights Watch, pointed out that Indian agencies tend to leak data that should remain private, saying, “There is always the danger of private data and conversations going out to unauthorized recipients. A central monitoring system is vulnerable to misuse. An innocuous comment can be interpreted as a threat to someone or something, and we have seen that the response of the state can be ugly. We need a new set of very tight laws. If we are going to live with surveillance, we need an internationally accepted protocol that protects the public from misuse of data. Unless that comes into place, the central monitoring system will be misused by apparatchiks”. We have no dedicated privacy laws, data protection laws, data security laws, and cybersecurity laws in India. In these circumstances implementing the central monitoring system project of India would raise serious constitutional challenges. Pranesh Prakash, director of policy at the Centre for Internet and Society, warned that “In the absence of a strong privacy law that promotes transparency about surveillance and thus allows us to judge the utility of the surveillance, this kind of development is very worrisome. Further, this has been done with neither public nor parliamentary dialogue, making the government unaccountable to its citizens.”
There have been a number of suggestions on how this can work around. The right kind of surveillance program would focus on the needs of the citizen and not the government. Thus, it is imperative that the Indian government take its citizens into confidence on the necessity for such a program, evolve an appropriate framework of laws, including those pertaining to privacy and data retention, and establish a system of checks-and-balances to ensure against systemic overreach prior to the implementation of the CMS. In this respect, the International Principles on the Application of Human Rights to Communications Surveillance could be used as a guiding framework. These principles which were formulated after discourse between civil society groups, industry and international experts in communications surveillance law, policy and technology lays out guidelines which help determine the invasiveness of surveillance activities. In transferring the power out of the hands of the Government and in to those of the judiciary, it takes into consideration the potential of the surveillance to reveal protected information, as well as the purpose for which the information is sought, thereby, providing a higher level of protection to the privacy of a citizen. It accounts for higher levels of transparency and accountability thus providing for meeting the Governments requirements of gathering the needed information while at the same time safeguarding rights to privacy and freedom of expression. Given the lack of an appropriate legal framework in India, such guidelines lend a sense of security that is desperately called for.
