Before we continue our discussion of privacy, surveillance and civil liberties, we may note media reports this week on “Netra“, the government’s new internet surveillance system. Netra is supposed to detect words like “attack”, “bomb”, “blast” and “kill”from tweets, SMSes, emails – and all other forms of online communication. Now, forget for a moment that a terrorist who uses his personal Nokia Lumia 520 to send an unencrypted text message over an unsecured Airtel network to his fellow-terrorist, saying “We iz gonna bomb blast the Parliament tmrw and kill some people LULZ!” is probably not going to be competent enough to blow up a balloon, let alone Parliament. But that apart, Netra is an example par excellence of what it means for something to be over-broad and not narrowly tailored: there are innumerable legitimate, non-terroristy uses of these words, in literal language, in metaphor, in allusion, in allegory, in poetry and most of all, in slang (let’s face it – do you really trust our security spooks to understand that saying “have a blast!” or “that plan totally bombed, dude!” actually has nothing to do with violence?). Netra’s dragnet is non-discriminating enough to capture all of them. Undoubtedly, the law is a blunt instrument, but that does not mean you use a hammer to perform brain surgery.
We noted how PUCL entrenches a compelling state interest/narrow tailoring test for infringements of privacy. Cases after PUCL are a mixed bag. District Collector v Canara Bank, decided in 2005, is notable for containing the most detailed examination of the development of American law, as well as Indian law, on searches and seizures and the associated right to privacy. In that case, Section 73 of the Stamp Act, that allowed – inter alia – the Collector to access private records that would normally be subject to the confidentiality relationship between banker and customer, was challenged. The Court made two very important observations: responding to the contention that once one had voluntarily given over one’s bank records to a third party, there was no privacy interest remaining in them (as held in the much-critcised American case of US v Miller), the Court made an obiter observation in Gobind the centerpiece of its holding:
“the right to privacy deals with ‘persons and not places’, the documents or copies of documents of the customer which are in Bank, must continue to remain confidential vis-`-vis the person, even if they are no longer at the customer’s house and have been voluntarily sent to a Bank…. once that is so, then unless there is some probable or reasonable cause or reasonable basis or material before the Collector for reaching an opinion that the documents in the possession of the Bank tend, to secure any duty or to prove or to lead to the discovery of any fraud or omission in relation to any duty, the search or taking notes or extracts therefore, cannot be valid. The above safeguards must necessarily be read into the provision relating to search and inspection and seizure so as to save it from any unconstitutionality.”
Three things stand out: the first is an affirmation that the right is one that vests in persons (consequently, when we support this with the PUCL holding, the privacy interest in phone data becomes inescapable); secondly, once again in line with all previous cases, the Court requires reasonable suspicion before the surveillance in question (in this case, a search and seizure) is undertaken. Once again, then, there is a clear indication that anything more than a targeted search is ipso facto unreasonable. And thirdly, the Court reads down a provision to mean that in order to save it from unconstitutionality (as it read procedural safeguards into S. 5(2) Telegraph Act, and as it will hopefully do to the IT Act).
The Court’s second holding is equally interesting:
“Secondly, the impugned provision in sec. 73 enabling the Collector to authorize ‘any person’ whatsoever to inspect, to take notes or extracts from the papers in the public office suffers from the vice of excessive delegation as there are no guidelines in the Act… under the garb of the power conferred by Section 73 the person authorized may go on rampage searching house after house i.e. residences of the persons or the places used for the custody of documents. The possibility of any wild exercise of such power may be remote but then on the framing of Section 73, the provision impugned herein, the possibility cannot be ruled out.”
This paragraph is critical, because for the first time, the Court rules that if the framing of the legislation leaves it open to an abuse of privacy rights, then the legislation is constitutionally problematic even though the possibility of abuse is remote. And this is what is precisely the problem with bulk surveillance – collecting the content of every citizens’ communications reveals to the government (and, by extension, private contractors, to the extent they are involved) everything about your personal life. Your religious beliefs, your political views, what you watch on the internet, which restaurant you go to eat, your friends, workmates and lovers – one doesn’t need so summon up an Orwellian dystopia to understand the vast possibility of abuse here, abuse that was not even contemplated by the judges in Canara Bank who held S. 73 unconstitutional, abuse that is ripe for being inflicted upon dissidents and unpopular minorities, precisely the groups that a Constitution is most required to protect. It is submitted, therefore, that both aspects of the Canara Bank holding make it extremely difficult to justify across-the-board bulk surveillance.
Following on from Canara Bank, in P.R. Metrani v State, a search and seizure provision in the Income Tax Act (S. 132(5)) was construed strictly as it constituted a “serious invasion into the privacy of a citizen.” Similarly, Directorate of Revenue v Mohammad Nissar Holia involved the interpretation of the search and seizure provisions of Ss. 42 and 43 of the NDPS Act. Citing both Canara Bank and Gobind, the Court held that the right to privacy was crucial, and imposed a strict requirement of written recording of reasons (once again, notice the targeted nature of the search) before an NDPS search-and-seizure could be carried out.
In light of these cases, the Court’s 2008 judgment in State of Maharashtra vs Bharat Shantilal Shah must rank among the more disappointing opinions that the Court has handed down in an area in which its jurisprudence has been satisfactory, as a whole. Bharat Shantilal Shah involved a constitutional challenge to Ss. 13 – 16 of the Maharashtra Control of Organised Crime Act that, like PUCL, involved provisions for interception of telephone (and other wireless) communications. The Court dismissed the contention in a paragraph, refusing to take the trouble of a meaningful analysis:
“The object of the MCOCA is to prevent the organised crime and a perusal of the provisions of Act under challenge would indicate that the said law authorizes the interception of wire, electronic or oral communication only if it is intended to prevent the commission of an organised crime or if it is intended to collect the evidence to the commission of such an organized crime. The procedures authorizing such interception are also provided therein with enough procedural safeguards, some of which are indicated and discussed hereinbefore.”
It is disappointing that the Court does not even refer to compelling State interest or narrow tailoring, although the underlined portion might hint at something of the sort. Nonetheless, if we scrutinize the impugned provisions closely, we can understand the kind of safeguards that the Court found satisfactory. Section 14, for example, requires details of the organized crime that “is being committed” or is “about to be committed” before surveillance may be authorized; the requirements include, in addition, a description of the “nature and location of the facilities” from which the communication is to be intercepted, the “nature of the communication” and, if known, “the identity of the person.” In addition, 14(2)(c) requires a “statement as to whether or not other modes of enquiry or intelligence gathering have been tried and failed or why they reasonably appear to be unlikely to succeed if tried or to be too dangerous or is likely to expose the identity of those connected with the operation of interception.” 14(2)(d) requires special reasons for surveillance to continue after information has been received. An extension application, under 14(2)(f), requires an update on results thus far. Section 14(8) limits duration to sixty days, permitting extensions on specific grounds but only – again – for a period of sixty days, and requires “minimal interception.”
The attentive reader will note that this is – in terms – a codification of the PUCL rules; and like PUCL, the focus of these rules is to prevent abuse through specificity: specificity of individuals and locations, specificity of duration of surveillance, specificity of reasons. Once again – and it almost no longer bears repeating – surveillance is tolerated only because of its narrow, targeted nature, a position further buttressed by the 14(2)(c) requirement of exhausting all other options that achieve the same goal without infringing upon privacy before actually resorting to interception. Thus, even though the Bharat Shantilal Shah bench did not refer to compelling State interest and narrow tailoring, it is obvious that their upholding of MCOCA was predicated upon these considerations.
In our next – and last substantive post – in this series, we shall examine some of the more recent privacy cases from the last four years that do not deal directly with surveillance, but raise important constitutional issues nonetheless.