Let us return, now, to our paradigm cases of surveillance. In 1997, the Supreme Court decided PUCL v Union of India. This case is the most important privacy case after Gobind, and the most important case for our purposes, that of studying surveillance. It therefore deserves very close study.
At issue in PUCL was telephone tapping, which is – for obvious reasons – central to our enquiry. In PUCL, the constitutionality of S. 5(2) of the Telegraph Act was at issue. This Section reads:
“On the occurrence of any public emergency, or in the interest of public safety, the Central Government or a State Government or any Officer specially authorised in this behalf by the Central Govt. or a State Government may, if satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of and offence, for reasons to be recorded in writing, by order, direct that any message clear of messages to or from any person or class of persons, relating to any particular subject, brought for transmission by or transmitted or received by any telegraph, shall not be transmitted, or shall be intercepted or detailed, or shall be disclosed to the Government making the order or an officer thereof mentioned in the order.” (Emphasis Supplied)
S. 5(2), therefore, necessitates a number of issues. The first is the meaning of the terms “public emergency” and “public safety”. The second is the meaning of the terms “persons or class of persons”. And the third – and this was the core of the arguments in the PUCL case – is the scope of the procedural safeguards required to make this Section constitutionally legitimate. A close reading of the case, I suggest, places PUCL firmly within the continuing tradition of Kharak Singh and Gobind, in setting stringent safeguards upon infringements of privacy.
The first thing to note is whether S. 5(2) is relevant at all to the question of bulk surveillance, a la CMS. There are at least three reasons to suggest that it is not. First, the Indian Telegraph Act is an 1885 legislation, drafted at a time when bulk surveillance was unimaginable, and aimed at addressing a very different problem – interception of individual telegraphic messages for specific, short-term purposes. Secondly, the term “persons or class of persons” in S. 5(2) is clearly indicative of identifiable individuals (or classes of individuals), and is not meant to include the citizenry as a whole. And thirdly, the Court’s own guidelines militate against reading a permission for bulk surveillance into the Act (I’ll come to this later). S. 5(2), therefore, does not authorize bulk surveillance, and does not authorize the CMS.
That said, let us now examine the development of privacy law in the case. The Court held unambiguously that individuals had a privacy interest in the content of their telephone communications. It cited Kharak Singh, Gobind and R. Rajagopal for the proposition that privacy was a protected right under Article 21. Coming, then, to the all-important interpretation of “public emergency” and “public safety”, the Court held – and it is submitted correctly – that the two phrases “take their colour off each other”. It defined public safety as the state of safety or freedom from danger for the public at large, and argued that neither a public emergency nor public safety could be “secretive”, but must be evident to the reasonable person.
There is an elementary reason why “public emergency” and “public safety” cannot be given widely divergent interpretations. This is because if the standard embodied by one was laxer than the standard embodied by the other, then the latter would become redundant: in other words, if “public safety” is interpreted more broadly than public emergency, then there would be no point to having the phrase “public emergency” at all, because any public emergency would necessarily be a matter of public safety. The two categories must therefore be non-overlapping, referring to different aspects, and requiring roughly the same standard to be attracted. This argument is buttressed by the fact that the Court required a proclamation of an Emergency via public notification: now if that procedural safeguard is required in one case (Emergency), but the government can simply get around it by doing the same thing (phone interception) under the guise of public safety then, once again, “public emergency” becomes an almost redundant category, something clearly beyond the expectation of the legislature. For “public safety” to have any teeth, therefore, it must refer to a specific situation of identifiable danger – and not a general, vague idea – perhaps – of containing potential terrorist threats.
This position is buttressed by the Court’s citation of the Press Commission Recommendations, used the phrases “national security”, “public order” and “investigation of crimes”; the Press Commission also urged regular review, and expiry within three months, once again suggesting that what was contemplated was a specific response to a specific situation, one that would expire once the situation itself expired (this is in keeping with the targeted-surveillance focus that we have seen in Kharak Singh, Malkani, Gobind and Pooran Mal). The Commission also categorically ran together “public emergency” and “public safety”, by holding that in the interests of public safety, the surveillance power should be exercised one month at a time, extendible if the emergency continued (as we have argued above, this makes sense).
After citing the Press Commission observations with approval, the Court then addressed the question of whether judicial review was necessary. Taking its cue from the English Interceptions Act of 1985, it held that it was not. The Central Government had the authority to make the rules governing the specific exercise of the interception power. Since it had not done so for all these years, however, the Court stepped in to fill the breach.
The Court’s rules are extremely instructive in order to understand how surveillance and privacy interact with each other. Under Rules 2 and 4, the Court required that the communications to be intercepted be specified (Rule 2), and the persons and the addresses specified as well (Rule 4); this is a very familiar proscription against general warrants – see, e.g., the American Fourth Amendment – “no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized“. The whole purpose of this part of the Fourth Amendment was to mitigate the evil – prevalent under British colonial rule – of general warrants, giving a blank cheque to colonial officials to conduct widespread, dragnet invasions of privacy, as happened in the landmark case of Entick v Carrington. Indeed, the Virginia Declaration of Rights, one of the precursors of the Fourth Amendment, recognized even more explicitly the dangers to liberty that general warrants embodied, and clearly made this an issue about containing untrammeled executive power, and subjecting it to the rule of law:
“That general warrants, whereby any officer or messenger may be commanded to search suspected places without evidence of a fact committed, or to seize any person or persons not named, or whose offense is not particularly described and supported by evidence, are grievous and oppressive and ought not to be granted.”
Therefore, Rule 4, based as it is upon such lineage, clarifies beyond any doubt that S. 5(2) does not permit bulk, indiscriminate surveillance; because if it did, it would not make any sense to require specificity of disclosure for communication, persons and addresses. Once again, the idea is simple: the government must act on some reasonably strong suspicion before it begins to infringe citizens’ privacy – it cannot simply do so on a general belief that at some point in the future the information it gleans might come in use; and it cannot intercept the data – and intrude upon the privacy of – innocent citizens, suspected of no wrongdoing.
Rules 3 and 7, read together, codify the narrow tailoring rule: Rule 3 requires the government to take into account whether “the information which is considered necessary to acquire could reasonably be acquired by other means.” Rule 7 states: “the use of intercepted material shall be limited to the minimum that is necessary in terms of Section 5(2) of the Act.” The minimum necessary and reasonable acquisition by other means are a clear enunciation of the narrow tailoring rule, that requires the infringement of a right to be narrowly tailored to the legitimate State goal, and holds it invalid if that goal could be achieved in a manner that was less of an infringement upon the right in question.
What, then, are we to take away from PUCL? In my view, three things:
(a) Neither the Telegraph Act nor the Court contemplates bulk surveillance. Consequently, the Court’s specific view that targeted surveillance does not need judicial review is not necessarily true for bulk surveillance.
(b) Rigorous standards are needed to justify an infringement of privacy rights – in other words, a compelling State interest (although the Court does not use the specific term).
(c) Privacy restrictions must be narrowly tailored, if they are to be constitutional. This means that they must be targeted, based on specific suspicion of identifiable individuals (as opposed to a general dragnet sweep), and the only means possible to fulfill the government’s goals of public safety and crime prevention. In both (b) and (c), therefore, the Court continues with the strong privacy-protection standards developed in Gobind, and afterwards.
And at the end of the day, it affirms one very basic thought: that for liberty to flourish, there is an aspect of all our lives that must remain private from government.