Previously on this blog, we have covered the oral arguments (see here and here) in ACLU vs Clapper, before the Southern District Court of New York. ACLU vs Clapper, of course, is the American Civil Liberties Union’s challenge to the NSA’s bulk surveillance “PRISM” program. We have also covered the decision of the Southern District Court of New York, which rejected the challenge and upheld PRISM, as well as its implications for India (see here). Today, the Second Circuit Court of Appeals will hear ACLU’s appeal from the District Court’s decision. ACLU has the details here, reiterating its Fourth Amendment (privacy) and First Amendment (free speech and association) . As we’ve noted before, both these rights occupy important places in the Indian Constitution as well; consequently, it will be well worth following the progress of this case, as it winds its way through the Appeals Court, and possibly up to the Supreme Court of the United States.
Tag Archives: surveillance
On this blog, we had discussed earlier the oral arguments in ACLU v Clapper. Just now, the New York District Court has ruled bulk surveillance legal, going against the decision of the Columbia District Court in Klayman v Obama (if it wasn’t already, this makes it inevitable that eventually, the United States Supreme Court will be called upon to settle the conflicting lower court decisions).
As we had discussed earlier, ACLU v Clapper consisted of two claims: a statutory one, based on S 215 of the Patriot Act, which is of no concern to us, since no parallel legislation with a similar history exists in India. The second claim was a constitutional one, based on issues of free association and privacy, which is directly relevant to India.
On a quick reading of the judgment the following important points emerge:
– contrary to ACLU’s submissions, the Court held that the 1978 precedent of Smith vs Maryland applied, which had held that an individual had no privacy interest in information voluntarily turned over to third parties (telecommunications providers). As we have discussed on this blog, the Indian courts have rejected Smith vs Maryland and its precursor, US vs Miller, in the 2004 judgment of Distt Collector vs Canara Bank. Holding that privacy is a right of persons, not places, the Supreme Court affirmed in Canara Bank that an individual has a privacy interest in personal financial documents held by a third party (the bank). [the New York court’s Smith analysis can be found in pages 39 – 43] The Court also holds that the Fourth Amendment lays down a standard of reasonableness, and does not require that the “least intrusive method” be used when carrying out a search within the terms of the Constitution. Again, arguably, the position is different in India. As we have seen, the compelling State interest test for privacy violations goes hand-in-hand with narrow tailoring, as is evident by the rules framed by the Court in PUCL vs UoI, and those accepted as constitutional in State of Maharashtra vs Bharat Shantilal Shah, which categorically required the government to explore other, less intrusive methods of surveillance before carrying out interceptions, and also required it to intercept to the minimum extent possible to carry out its goals.
– The Court also ruled that the argument that bulk collection would have a chilling effect on the freedom of association was not well-founded. To recap: ACLU had argued that the knowledge that is call records were being collected would lead to a “chilling effect” in that it would restrict the communication and association rights of hostile and unpopular (yet legal) groups, who would self-censor in an attempt to avoid governmental knowledge of their activities. The reasoning of the Court appears to be that what was taking place was only collection; actual querying of the metadata to reveal specific information could be undertaken only on specific grounds. Since the likelihood that ACLU’s data itself would be queried and reviewed rested upon an “attenuated chain of possibilities“, the chilling effect had not been proven. In this way, the Court implicitly distinguished prior cases like NAACP vs Alabala, where for instance, a group treated with hostility by the government had been required to reveal its membership lists. Whatever the merits of this argument, once again, the key point upon which it turns is that the NSA surveillance is restricted to metadata collection. Consequently, the logic does not apply to something like the CMS, which is all about intercepting bulk content. [see pages 45 – 46 for the First Amendment analysis]
An extraordinary statement at the end:
“The effectiveness of bulk telephony metadata collection cannot seriously be disputed.” [p. 48]
However, as Klayman found, that is precisely what is under dispute. In the fifty-four instances cited by the government, it had failed to demonstrate that the outcome would have been materially different in anyone. (see here for an analysis). In other words, there is a familiar story here: in a national security case, a judge takes the executive’s words at face value, and accords an extremely high level of deference. The Indian courts have an ignominious history in this regard (Habeas Corpus), and it will be crucial how this particular claim is treated in the Indian courts.
The New York court ruling is certainly a blow for privacy rights. Like Klayman vs Obama, Indian privacy lawyers ought to study it carefully, not only because of what it holds, but because of what implicitly follows: if the holding of legality is founded upon legal arguments that have been considered and rejected by the Indian Supreme Court, and upon factual premises directly opposed to those prevailing in India, ACLU vs Clapper might – paradoxically – be more of an ally than an enemy in the fight against bulk surveillance.
Over the last six posts, we have tried to examine – chronologically – Indian Supreme Court cases dealing with the constitutional right to privacy, with a specific focus on surveillance. Our enquiry has spanned fifty years and many different aspects of law that touch an individual’s personal life – from criminal law practices (police surveillance, narco-analysis, self-incrimination) to phone-tapping, from marital relations to the status of one’s bank records. Despite the diversity of cases and the differing reasoning employed by judges to reach differing results over time, we have seen that a careful analysis reveals certain unifying strands of logic and argument that can provide a coherent philosophical and constitutional grounding to the right to privacy in Indian law, bases that the Court can – and should – draw upon in order to decide an eventual CMS/bulk surveillance challenge in a principled manner.
We can commence by emphasizing the distinction between two sets of privacy cases, a distinction that the Court has failed to appreciate so far. One set of cases involves privacy claims between private parties. Examples include a hospital revealing a patient’s medical records (Mr X v Hospital Z), or one spouse tapping the other’s phone (Rayala v Rayala). Now, these cases involve the infringement of a privacy right, but they do so as a matter of private law, not constitutional law. As a matter of principle, the remedies would lie in tort – the tort of invasion of privacy, for instance, or breach of confidence. The Court’s invocation of Article 21 in these cases must be deplored as a serious mistake. Article 21 is sets out a constitutional right, and unless otherwise expressly provided by the Constitutional text (see, e.g., Article 15(2)), constitutional rights are applicable vertically against the State, and not horizontally between individuals. Once again, a simply hypothetical will illustrate the absurdity of cases like Rayala: A murders B. Very obviously, the law governing this incident is the Indian Penal Code, which defines murder and prescribes the punishment for it. A has not violated B’s Article 21 right to life by murdering him. Now, there is something to be said for philosophical arguments that challenge the public/private State/individual dichotomy as a matter of first principle. That, however, is not our concern here. Whatever the philosophical validity of the distinction, there is little doubt that our Constitution subscribes to it quite explicitly, by having a Part III in the first place, and with provisions such as Articles 13 and 32.
There is one way of reconciling these cases. That is to read them not as invoking Article 21 as a ground for the decision, but invoking it to infuse the right to privacy with substantive content. That is, the private law right to privacy and the constitutional right to privacy, while rooted in different sources and enforceable against different entities, nonetheless (reasonably enough) codify the same abstract conception of what privacy is – and it is to that end that the Court, in private-party cases, cites 21.
This is crucial, because it helps to clarify the way in which these two rights are different, and to make sense of a jurisprudence that would be hopelessly incoherent otherwise. The difference lies in the standard for justifying an infringement. In the private-party cases, the Court – rightly – treats the matter as balancing various rights and interests involved of the different parties to the case. Mr X v Hospital Z, for instance – as understood by the Court – required a balancing of the patient’s right to privacy against his future in-laws right to know about prior, debilitating medical records in order that there be informed consent to the marriage. Small wonder then, that in these cases the Court – again, rightly – cites Article 8 of the ECHR, and analyses them in the language of proportionality.
In cases involving the State, however, we have seen that the Court has (almost uniformly) insisted upon the far higher standard of compelling State interest. Again, there is a logic to this distinction. The importance of maintaining a private sphere against State intrusion, the extent to which the State now has the power to intrude (as we have all seen over the last six months), considerations that ultimately go to the heart of maintaining a free and democratic society – all justify (if not necessitate) a higher standard. Once we understand this, it is possible now to understand why the Supreme Court has adopted one test in some cases, and another test in other cases. The justification is a principled one (even if the Supreme Court might not have been aware of it).
Proceeding, then, to the Article 21 constitutional right to privacy. The Court has located this within Article 21’s guarantee of personal liberty. In the early cases – Kharak Singh and Gobind – the Court understood the philosophical foundations of privacy to lie in the idea of individual dignity; that is, the basic thought that in order to live a dignified life, one must be able to have a sphere of action that is free from external invasion (this, essentially, is what is meant by the phrase, often used by the Court, “the right to be left alone). The dignitarian justification of privacy is to be sharply contrasted with another justification, that held the field in American Constitutional law for a long while: the propertarian justification, that grounds privacy in the idea that government is to keep off private property. This is what is meant by the Supreme Court’s slogan, “the right to privacy belongs to persons, not places.”
Ultimately, possibly, the basic philosophy is similar – advocates for property rights argue that without a certain measure of private property, an individual cannot live an independent and dignified life. Practically, however, the shift encodes an analytical difference. A propertarian foundation – concretely – would involve a set of spaces that are placed out of bound (e.g., the Fourth Amendment’s list of “homes, papers, effects” etc.) The dignitarian foundation would extend its scope to acts and places with regard to which persons have a reasonable expectation of privacy. Naturally, this will – and has – led to different results in practice, with the dignitarian foundation leading to more expansive privacy protection.
The persons-not-places justification also led the Supreme Court to reject the third-party doctrine, according to which privacy interest is lost when personal effects are voluntarily handed over to a third party. In Canara Bank the Court emphasized that the character of those items – their personal nature – does not change simply because their location has changed. The privacy interest is retained, whether they are bank records, or telephone details.
These are the contours of the privacy right. Naturally, it is not absolute, and the Court has taken pains to specify that on numerous occasions. What, then, justifies an infringement? The Court has consistently called for a “compelling State interest“, one that rises beyond the simple “public interest” encoded in the 19 restrictions. Side-by-side with compelling State interest, the Court has also required – although it has never expressly spelt it out – the restrictive law to be narrowly tailored. In other words, the government must show that its infringing law not only achieves the compelling State interest, but does so in a way that restricts privacy in the narrowest possible manner. If there are other conceivable ways of achieving the same goal that do not infringe upon privacy to the extent the impugned law does, the law will be struck down. We see this in the police surveillance cases, where in Gobind, for instance, the Court read into Regulation 855 an additional requirement of gravity, to ensure that it was narrowly tailored; and we see it even more clearly in the phone-tapping cases, where the Court’s rules require not only specification of persons, numbers and addresses, but also require the State to resort to surveillance only if other methods are not reasonably open, and in so doing, to infringe privacy minimally. Targeting, indeed, is critical: all the surveillance cases that we have explored have not only involved specific, targeted surveillance (indeed, S. 5(2) of the Telegraph Act only envisages targeted surveillance), but the very fact that the surveillance is targeted and aimed at individuals against whom there are more than reasonable grounds of suspicion, has been a major – almost dispositive – ground on which the Court has found the surveillance to be constitutional. Targeting, therefore, seems to be an integral aspect of narrow tailoring.
I do not mean to suggest that the above is a complete philosophical account of privacy. It ignores, for instance, the very legitimate concern that creating a private sphere only serves to justify relations of non-State domination and oppression within that sphere – both symbolically, and actually (see, for instance, the infamous marital rape exception in Indian criminal law). It presumes – instead of arguing for – the basic philosophical idea of the ultimate unit of society being indivisibly, atomized individual selves living in hermetically sealed “zones” of privacy, an assumption that has come under repeated attack in more than fifty years of social theory. I hope to explore these arguments another day, but the purpose of this series has been primarily doctrinal, not philosophical: to look at surveillance in the framework of established constitutional doctrine without questioning – at least for now – the normative foundations of the doctrine itself.
Our conclusions, then, summarized very briefly:
– the right to privacy is an aspect of Article 21’s guarantee of personal liberty, and is grounded in the idea that a free and dignified life requires a private sphere
– one does not necessarily lose one’s privacy interest in that which one hands over to a third party
– an infringement of privacy must be justified by a compelling state interest, and the infringing law must be narrowly tailored to serve that interest
As far as the CMS, Netra and other dragnet surveillance mechanisms go, it is clear, then, that they implicate a privacy interest; and to justify them, the government must show that there is no other way in which it could achieve its goals (of combating terrorism etc) without bulk surveillance on an industrial scale.
If recent judgments of our Supreme Court do not exactly instill confidence in its role as the guarantor of our civil liberties, its long-term record in national security cases is even worse. A.K. Gopalan, Habeas Corpus and the 2004 PUCL come to mind as examples. It is therefore unclear how the Court will rule on a CMS/surveillance challenge. One thing is clear, though: the privacy law jurisprudence that it has developed over the last fifty years provide it with all the analytical tools to fulfill its constitutional mandate of protecting civil liberties. Consistent with the narrow tailoring test, the Supreme Court ought not to allow the government to baldly get away with asserting a national security interest, but require it to demonstrate not only how national security is served by dragnet surveillance, but also how dragnet surveillance is the only reasonable way of achieving national security goals. The possibility of abuse is too great, and the lessons that history teaches us – that totalitarianism always begins with pervasive governmental spying over individuals – is to be ignored at all our peril.
In that respect, last week has been significant, as it witnessed the beginnings of the pushback against the American surveillance state. In his opinion on the Columbia Circuit Bench, which we referred to on this blog, not only did Judge Leon hold the NSA spying program likely to be unconstitutional, but notably, he refused to accept NSA claims of national security on their face. He went into the record, and found that out of the 54 instances that the NSA had cited of allegedly foiled terrorist plots, it had miserably failed to prove even one where the outcome would have been different without bulk surveillance. This is a classic example of how narrow tailoring works. And later in the week, the Review Panel set up by President Obama emphatically rejected the contention that bulk surveillance is a necessary compromise to make in the liberty/security balance. Given this, and given the worldwide pushback underway against such surveillance measures, from Brazil to Germany, it would be a constitutional tragedy if the Supreme Court ignored its own well-crafted jurisprudence and let the government go ahead with bulk surveillance on the basis of asserted and unproven national security claims. Tragic, but perhaps not entirely unexpected.
I must thank Amlan for bringing to my attention an important aspect of the Canara Bank case, that I overlooked in my discussion in the last post. I had pointed out how Canara Bank departed from the American Supreme Court case of Miller in basing privacy upon a personal, as opposed to propertarian, foundation (“privacy is of persons, not places”). Miller, however, also stood for an important proposition known as the “third party doctrine”, which has direct implications for the law of privacy in the context of the CMS. It is crucial to examine Miller in relation to Canara Bank with respect to that. Amlan rightly pointed out that if Canara Bank rejects the third-party doctrine, then this has profound implications for the constitutionality of CMS-surveillance; we must therefore pay close attention to the issue.
Before we commence, one distinction: there is a difference between telephone tapping (that Malkani held certainly violates a privacy interest), and telephone records that are held by telephone companies and are then turned over to the government (the NSA’s PRISM project, the GCHQ’s Tempora Project, and our very own CMS). The third-party doctrine isn’t applicable to the Malkani case of the government directly tapping your line, but becomes very important precisely when the information is routed to the government via a third party (in this case, the telecom companies). Since there is no settled case in India (to my knowledge) on CMS/PRISM style surveillance, we must examine the third-party doctrine as developed elsewhere.
“The depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to the Government. This Court has held repeatedly that the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.”
This is known as the third-party doctrine. Speaking for four members of the Court in dissent, Justice Brennan rejected it, reasoning that:
“[A] depositor reveals many aspects of his personal affairs, opinions, habits, associations. Indeed, the totality of bank records provides a virtual current biography. . . . Development of photocopying machines, electronic computers and other sophisticated instruments have accelerated the ability of government to intrude into areas which a person normally chooses to exclude from prying eyes and inquisitive minds.”
Three years later, in Smith vs Maryland, the question arose whether a pen register (that is, an electronic device that records all numbers called from a particular telephone line), installed on the telephone’s company’s property, infringed upon a legitimate expectation of privacy. The Court held that it did not, because:
“Telephone users, in sum, typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes. Although subjective expectations cannot be scientifically gauged, it is too much to believe that telephone subscribers, under these circumstances, harbor any general expectation that the numbers they dial will remain secret.”
Smith vs Maryland is essentially the third-party doctrine applied to telephone records. Records in question are knowingly and voluntarily passed on to a third party (the telephone company), the customers being aware that the third party is storing and recording them. Consequently, there is no reasonable expectation of privacy. Of course, there is a gap in the logic: the fact that we have no reasonable expectation of privacy against the telephone company storing and recording our data does not mean that we have no reasonable expectation of privacy that government will not do so. Nonetheless, Smith vs Maryland was what the government has relied upon in the recent NSA litigations across American District Courts. In the oral arguments in ACLU vs Clapper, for instance, which we have discussed previously on this blog, the government’s entire privacy argument was based upon the Smith vs Maryland holding, and ACLU’s counter-arguments turned upon how, in the last thirty years, the use of the telephone had increased so much, with so many personal details now part of phone records, that Smith no longer held the field.
This week, in Klayman vs Obama, Judge Leon at the Columbia District Court accepted in substance, the ACLU argument. He observed that “the relationship between the police and phone company in Smith is nothing compared to the relationship that has apparently evolved over the last seven years between the Government and telecom companies” – that is, a formalized policy as opposed to a one-time collection. Judge Leon then went on to hold that not only was the government’s surveillance technology vastly more all-encompassing than it had been in 1979, but also that “the nature and quantity of information contained in peoples’ telephony data is much greater as well.” The “ubiquity” of phones had altered both the amount of information available, and what that information could tell government about peoples’ lives (and indeed, previously on this blog we have discussed how bulk surveillance of telephone records can enable government to construct a complete record of a person’s social, sexual, religious and political mores). Consequently, Judge Leon held that there was likely to be a reasonable expectation of privacy in telephone records.
Does Canara Bank, in rejecting Miller, reject the third-party doctrine as well? I think it does so, although not unambiguously. In the Court’s mind, the third party doctrine is a corollary of the propertarian theory of privacy. Thus, in paragraph 54, the Court observes:
“Once we have accepted in Govind and in latter cases that the right to privacy deals with ‘persons and not places’, the documents or copies of documents of the customer which are in Bank, must continue to remain confidential vis-a’-vis the person, even if they are no longer at the customer’s house and have been voluntarily sent to a Bank.“
The Court here conflates “no longer at the customer’s house” (persons v places) and “voluntarily sent to the Bank” (third party). Because even if one holds that the right to privacy belongs to persons and not places, it is logically possible to hold that once one voluntarily turns over one’s information to someone else, one no longer has a privacy interest in it. The Court, however, expressly forecloses that option by reading the two together – because the right of privacy belongs to persons and not to places, therefore we retain our privacy interests even in those documents that we have voluntarily turned over to a third party. In other words, the Court’s logic appears to be that the nature of the documents vis-a-vis us remains unchanged despite their location shifts from beyond our control, even if this shift is knowingly and voluntarily cause by us. Thus, it would appear that Canara Bank adopts a particular conception of privacy-interests-belong-to-peoples-and-not-places, one that rejects the third party doctrine. To repeat: this is not the only way in which we can understand the people/places distinction; conceptually, people/places and third-party come apart, as they have done so in American law. What we have tried to do here is to make sense of the Canara Bank holding, and I submit that the only way to do so is to understand Canara Bank as rejecting third party through one specific conception of people/places. Thus, the Smith v Maryland argument is not open to the government if it wishes to collect data from telecom companies or, in the case of the internet, ISPs. In light of Canara Bank, the privacy interest remains.
We may now end our substantive privacy law discussion by a brief examination of two cases whose locus lies in the domain of medical tests, although in differing areas. Selvi v State, decided in 2010, involved the constitutionality of narco-analysis and polygraph tests during police investigations, and the testimonial statements obtained therefrom. The Court had no trouble in finding that, insofar as these techniques interfered with a person’s mental processes in order to elicit information from him, they infringed his right to privacy. The Court then summarily rejected the State’s argument of a compelling interest in eliciting information that could lead to the prevention of crime, holding that: “There is absolutely no ambiguity on the status of principles such as the `right against self-incrimination’ and the various dimensions of `personal liberty’. We have already pointed out that the rights guaranteed in Articles 20 and 21 of the Constitution of India have been given a non-derogable status and they are available to citizens as well as foreigners. It is not within the competence of the judiciary to create exceptions and limitations on the availability of these rights.”
This passage is curious. While a non-derogable right need not be an absolute right, our privacy jurisprudence suggests that the right to privacy is indeed derogable – when there is a compelling State interest. Insofar as Selvi goes beyond the accepted doctrine, it is probably incorrectly decided; nonetheless, it affirms – once more – even if only through contentions made by the State, that the relevant standard for infringement is the compelling interest standard. Furthermore, in subsequently investigating whether compelled undertaking of narco-analysis or polygraph tests are actually likely to reveal the results that the investigating authorities need – and finding them unconstitutional because they don’t – the Court takes a path that resembles narrow tailoring.
Lastly – and most recently – Rohit Shekhar v Sri Narayan Dutt Tiwari dealt with a Court order requiring a compulsory DNA test in a paternity dispute. After lengthy citation of foreign precedent, the Court entered into a bewildering discussion of the relationship between DNA tests and the right to privacy. It held that depending upon the circumstances of a case, mandatory testing would be governed by a number of factors such as a compelling interest, a probable cause, decreased expectations of privacy, and so on. (Para 79) It then went on to hold: “forced interventions with an individual’s privacy under human rights law in certain contingencies has been found justifiable when the same is founded on a legal provision ; serves a legitimate aim ; is proportional ; fulfils a pressing social need ; and, most importantly, on the basis that there is no alternative, less intrusive, means available to get a comparable result.” This is extremely strange, because the first three conditions form part of a classic proportionality test; and the last two are – as readers will recognize – the two parts of the compelling state interest – narrow tailoring test. Indeed, the Court contradicts itself – “legitimate aim” and “pressing social need” cannot both be part of the test, since the latter makes the former redundant – a pressing social need will necessarily be a legitimate aim. Consequently, it is submitted that no clear ratio emerges out of Rohit Shekhar. It leaves the previous line of cases – that we have discussed exhaustively – untouched.
Let us return, now, to our paradigm cases of surveillance. In 1997, the Supreme Court decided PUCL v Union of India. This case is the most important privacy case after Gobind, and the most important case for our purposes, that of studying surveillance. It therefore deserves very close study.
At issue in PUCL was telephone tapping, which is – for obvious reasons – central to our enquiry. In PUCL, the constitutionality of S. 5(2) of the Telegraph Act was at issue. This Section reads:
“On the occurrence of any public emergency, or in the interest of public safety, the Central Government or a State Government or any Officer specially authorised in this behalf by the Central Govt. or a State Government may, if satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of and offence, for reasons to be recorded in writing, by order, direct that any message clear of messages to or from any person or class of persons, relating to any particular subject, brought for transmission by or transmitted or received by any telegraph, shall not be transmitted, or shall be intercepted or detailed, or shall be disclosed to the Government making the order or an officer thereof mentioned in the order.” (Emphasis Supplied)
S. 5(2), therefore, necessitates a number of issues. The first is the meaning of the terms “public emergency” and “public safety”. The second is the meaning of the terms “persons or class of persons”. And the third – and this was the core of the arguments in the PUCL case – is the scope of the procedural safeguards required to make this Section constitutionally legitimate. A close reading of the case, I suggest, places PUCL firmly within the continuing tradition of Kharak Singh and Gobind, in setting stringent safeguards upon infringements of privacy.
The first thing to note is whether S. 5(2) is relevant at all to the question of bulk surveillance, a la CMS. There are at least three reasons to suggest that it is not. First, the Indian Telegraph Act is an 1885 legislation, drafted at a time when bulk surveillance was unimaginable, and aimed at addressing a very different problem – interception of individual telegraphic messages for specific, short-term purposes. Secondly, the term “persons or class of persons” in S. 5(2) is clearly indicative of identifiable individuals (or classes of individuals), and is not meant to include the citizenry as a whole. And thirdly, the Court’s own guidelines militate against reading a permission for bulk surveillance into the Act (I’ll come to this later). S. 5(2), therefore, does not authorize bulk surveillance, and does not authorize the CMS.
That said, let us now examine the development of privacy law in the case. The Court held unambiguously that individuals had a privacy interest in the content of their telephone communications. It cited Kharak Singh, Gobind and R. Rajagopal for the proposition that privacy was a protected right under Article 21. Coming, then, to the all-important interpretation of “public emergency” and “public safety”, the Court held – and it is submitted correctly – that the two phrases “take their colour off each other”. It defined public safety as the state of safety or freedom from danger for the public at large, and argued that neither a public emergency nor public safety could be “secretive”, but must be evident to the reasonable person.
There is an elementary reason why “public emergency” and “public safety” cannot be given widely divergent interpretations. This is because if the standard embodied by one was laxer than the standard embodied by the other, then the latter would become redundant: in other words, if “public safety” is interpreted more broadly than public emergency, then there would be no point to having the phrase “public emergency” at all, because any public emergency would necessarily be a matter of public safety. The two categories must therefore be non-overlapping, referring to different aspects, and requiring roughly the same standard to be attracted. This argument is buttressed by the fact that the Court required a proclamation of an Emergency via public notification: now if that procedural safeguard is required in one case (Emergency), but the government can simply get around it by doing the same thing (phone interception) under the guise of public safety then, once again, “public emergency” becomes an almost redundant category, something clearly beyond the expectation of the legislature. For “public safety” to have any teeth, therefore, it must refer to a specific situation of identifiable danger – and not a general, vague idea – perhaps – of containing potential terrorist threats.
This position is buttressed by the Court’s citation of the Press Commission Recommendations, used the phrases “national security”, “public order” and “investigation of crimes”; the Press Commission also urged regular review, and expiry within three months, once again suggesting that what was contemplated was a specific response to a specific situation, one that would expire once the situation itself expired (this is in keeping with the targeted-surveillance focus that we have seen in Kharak Singh, Malkani, Gobind and Pooran Mal). The Commission also categorically ran together “public emergency” and “public safety”, by holding that in the interests of public safety, the surveillance power should be exercised one month at a time, extendible if the emergency continued (as we have argued above, this makes sense).
After citing the Press Commission observations with approval, the Court then addressed the question of whether judicial review was necessary. Taking its cue from the English Interceptions Act of 1985, it held that it was not. The Central Government had the authority to make the rules governing the specific exercise of the interception power. Since it had not done so for all these years, however, the Court stepped in to fill the breach.
The Court’s rules are extremely instructive in order to understand how surveillance and privacy interact with each other. Under Rules 2 and 4, the Court required that the communications to be intercepted be specified (Rule 2), and the persons and the addresses specified as well (Rule 4); this is a very familiar proscription against general warrants – see, e.g., the American Fourth Amendment – “no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized“. The whole purpose of this part of the Fourth Amendment was to mitigate the evil – prevalent under British colonial rule – of general warrants, giving a blank cheque to colonial officials to conduct widespread, dragnet invasions of privacy, as happened in the landmark case of Entick v Carrington. Indeed, the Virginia Declaration of Rights, one of the precursors of the Fourth Amendment, recognized even more explicitly the dangers to liberty that general warrants embodied, and clearly made this an issue about containing untrammeled executive power, and subjecting it to the rule of law:
“That general warrants, whereby any officer or messenger may be commanded to search suspected places without evidence of a fact committed, or to seize any person or persons not named, or whose offense is not particularly described and supported by evidence, are grievous and oppressive and ought not to be granted.”
Therefore, Rule 4, based as it is upon such lineage, clarifies beyond any doubt that S. 5(2) does not permit bulk, indiscriminate surveillance; because if it did, it would not make any sense to require specificity of disclosure for communication, persons and addresses. Once again, the idea is simple: the government must act on some reasonably strong suspicion before it begins to infringe citizens’ privacy – it cannot simply do so on a general belief that at some point in the future the information it gleans might come in use; and it cannot intercept the data – and intrude upon the privacy of – innocent citizens, suspected of no wrongdoing.
Rules 3 and 7, read together, codify the narrow tailoring rule: Rule 3 requires the government to take into account whether “the information which is considered necessary to acquire could reasonably be acquired by other means.” Rule 7 states: “the use of intercepted material shall be limited to the minimum that is necessary in terms of Section 5(2) of the Act.” The minimum necessary and reasonable acquisition by other means are a clear enunciation of the narrow tailoring rule, that requires the infringement of a right to be narrowly tailored to the legitimate State goal, and holds it invalid if that goal could be achieved in a manner that was less of an infringement upon the right in question.
What, then, are we to take away from PUCL? In my view, three things:
(a) Neither the Telegraph Act nor the Court contemplates bulk surveillance. Consequently, the Court’s specific view that targeted surveillance does not need judicial review is not necessarily true for bulk surveillance.
(b) Rigorous standards are needed to justify an infringement of privacy rights – in other words, a compelling State interest (although the Court does not use the specific term).
(c) Privacy restrictions must be narrowly tailored, if they are to be constitutional. This means that they must be targeted, based on specific suspicion of identifiable individuals (as opposed to a general dragnet sweep), and the only means possible to fulfill the government’s goals of public safety and crime prevention. In both (b) and (c), therefore, the Court continues with the strong privacy-protection standards developed in Gobind, and afterwards.
And at the end of the day, it affirms one very basic thought: that for liberty to flourish, there is an aspect of all our lives that must remain private from government.
Surveillance and Privacy in India – III: The Public/Private Distinction and the Supreme Court’s Wrong Turn
We have seen that Gobind essentially crystallized a constitutional right to privacy as an aspect of personal liberty, to be infringed only by a narrowly-tailored law that served a compelling state interest. After the landmark decision in Gobind, Malak Singh v State of P&H was the next targeted-surveillance history-sheeter case to come before the Supreme Court. In that case, Rule 23 of the Punjab Police Rules was at issue. Its vires was not disputed, so the question was a direct matter of constitutionality. An order of surveillance was challenged by two individuals, on the ground that there were no reasonable bases for suspecting them of being repeat criminals, and that their inclusion in the surveillance register was politically motivated. After holding that entry into a surveillance sheet was a purely administrative measure, and thus required no prior hearing (audi alteram partem), the Court then embarked upon a lengthy disquisition about the scope and limitations of surveillance, which deserves to be reproduced in full:
“But all this does not mean that the police have a licence to enter the names of whoever they like (dislike?) in the surveillance register; nor can the surveillance be such as to squeeze the fundamental freedoms guaranteed to all citizens or to obstruct the free exercise and enjoyment of those freedoms; nor can the surveillance so intrude as to offend the dignity of the individual. Surveillance of persons who do not fall within the categories mentioned in Rule 23.4 or for reasons unconnected with the prevention of crime, or excessive surveillance falling beyond the limits prescribed by the rules, will entitle a citizen to the Court’s protection which the court will not hesitate to give. The very rules which prescribe the conditions for making entries in the surveillance register and the mode of surveillance appear to recognise the caution and care with which the police officers are required to proceed. The note following R. 23.4 is instructive. It enjoins a duty upon the police officer to construe the rule strictly and confine the entries in the surveillance register to the class of persons mentioned in the rule. Similarly R.23.7 demands that there should be no illegal interference in the guise of surveillance. Surveillance, therefore, has to be unobstrusive and within bounds. Ordinarily the names of persons with previous criminal record alone are entered in the surveillance register. They must be proclaimed offenders, previous convicts, or persons who have already been placed on security for good behaviour. In addition, names of persons who are reasonably believed to be habitual offenders or receivers of stolen property whether they have been convicted or not may be entered. It is only in the case of this category of persons that there may be occasion for abuse of the power of the police officer to make entries in the surveillance register. But, here, the entry can only be made by the order of the Superintendent of Police who is prohibited from delegating his authority under Rule 23.5. Further it is necessary that the Superintendent of Police must entertain a reasonable belief that persons whose names are to be entered in Part II are habitual offenders or receivers of stolen property. While it may not be necessary to supply the grounds of belief to the persons whose names are entered in the surveillance register it may become necessary in some cases to satisfy the Court when an entry is challenged that there are grounds to entertain such reasonable belief. In fact in the present case we sent for the relevant records and we have satisfied ourselves that there were sufficient grounds for the Superintendent of Police to entertain a reasonable belief. In the result we reject both the appeals subject to our observations regarding the mode of surveillance. There is no order as to costs.”
Three things emerge from this holding: first, the Court follows Gobind in locating the right to privacy within the philosophical concept of individual dignity, found in Article 21’s guarantee of personal liberty. Secondly, it follows Kharak Singh, Malkani and Gobind in insisting that the surveillance be targeted, limited to fulfilling the government’s crime-prevention objectives, and be limited – not even to suspected criminals, but – repeat offenders or serious criminals. And thirdly, it leaves open a role for the Court – that is, judicial review – in examining the grounds of surveillance, if challenged in a particular case.
After Malak Singh, there is another period of quiet. LIC v Manubhai D Shah, in 1993, attributed – wrongly – to Indian Express Newspapers the proposition that Article 19(1)(a)’s free expression right included privacy of communications (Indian Express itself had cited a UN Report without incorporating it into its holding).
Soon afterwards, R. Rajagopal v State of TN involved the question of the publication of a convicted criminal’s autobiography by a publishing house; Auto Shankar, the convict in question, had supposedly withdrawn his consent after agreeing to the book’s publication, but the publishing house was determined to go ahead with it. Technically, this wasn’t an Article 21 case: so much is made clear by the very manner in which the Court frames its issues: the question is whether a citizen of the country can prevent another person from writing his biography, or life story. (Paragraph 8) The Court itself made things clear when it held that the right of privacy has two aspects: the tortious aspect, which provides damages for a breach of individual privacy; and the constitutional aspect, which protects privacy against unlawful governmental intrusion. (Paragraph 9) Having made this distinction, the Court went on to cite a number of American cases that were precisely about the right to privacy against governmental intrusion, and therefore – ideally – irrelevant to the present case (Paras 13 – 16); and then, without quite explaining how it was using these cases – or whether they were relevant at all, it switched to examining the law of defamation (Para 17 onwards). It would be safe to conclude, therefore, in light of the clear distinctions that it made, the Court was concerned in R. Rajagopal about an action between private parties, and therefore, privacy in the context of tort law. It’s confusing observations, however, were to have rather unfortunate effects, as we shall see.
We now come to a series of curious cases involving privacy and medical law. In Mr X v Hospital Z, the question arose whether a Hospital that – in the context of a planned marriage – had disclosed the appellant’s HIV+ status, leading to his social ostracism – was in breach of his right to privacy. The Court cited Rajagopal, but unfortunately failed to understand it, and turned the question into one of the constitutional right to privacy, and not the private right. Why the Court turned an issue between two private parties – adequately covered by the tort of breach of confidentiality – into an Article 21 issue is anybody’s guess. Surely Article 21 – the right to life and personal liberty – is not horizontally applicable, because if it was, we might as well scrap the entire Indian Penal Code, which deals with exactly these kinds of issues – individuals violating each others’ rights to life and personal liberty. Nonetheless, the Court cited Kharak Singh, Gobind and Article 8 of the European Convention of Human Rights, further muddying the waters, because Article 8 – in contrast to American law – embodies a proportionality test for determining whether there has been an impermissible infringement of privacy. The Court then came up with the following observation:
“Where there is a clash of two Fundamental Rights, as in the instant case, namely, the appellant’s right to privacy as part of right to life and Ms. Akali’s right to lead a healthy life which is her Fundamental Right under Article 21, the RIGHT which would advance the public morality or public interest, would alone be enforced through the process of Court, for the reason that moral considerations cannot be kept at bay.”
With respect, this is utterly bizarre. If there is a clash of two rights, then that clash must be resolved by referring to the Constitution, and not to the Court’s opinion of what an amorphous, elastic, malleable, many-sizes-fit “public morality” says. The mischief caused by this decision, however, was replicated in Sharda v Dharmpal, decided by the Court in 2003. In that case, the question was whether the Court could require a party who had been accused of unsoundness of mind (as a ground for divorce under the wonderfully progressive Hindu Marriage Act) to undergo a medical examination – and draw an adverse inference if she refused. Again, whether this was a case in which Article 21 ought to be invoked is doubtful; at least, it is arguable, since it was the Court making the order. Predictably, the Court cited from Mr X v Hospital Z extensively. It cited Gobind (compelling State interest) and the ECHR (proportionality). It cited a series of cases involving custody of children, where various Courts had used a “balancing test” to determine whether the best interests of the child overrode the privacy interest exemplified by the client-patient privilege. It applied this balancing test to the case at hand by balancing the “right” of the petitioner to obtain a divorce for the spouse’s unsoundness of mind under the HMA, vis-à-vis the Respondent’s right to privacy.
In light of the above analysis, it is submitted that although the outcome in Mr X v Hospital Z and Sharda v Dharmpal might well be correct, the Supreme Court has misread what R. Rajagopal actually held, and its reasoning is deeply flawed. Neither of these cases are Article 21 cases: they are private tort cases between private parties, and ought to be analysed under private law, as Rajagopal itself was careful to point out. In private law, also, the balancing test makes perfect sense: there are a series of interests at stake, as the Court rightly understood, such as certain rights arising out of marriage, all of a private nature. In any event, whatever one might make of these judgments, one thing is clear: they are both logically and legally irrelevant to the Kharak Singh line of cases that we have been discussing, which are to do with the Article 21 right to privacy against the State.
Just now, the US Federal Court has held that the NSA’s bulk metadata telephony surveillance is “likely unconstitutional” under the Fourth Amendment. “Likely” because this was a motion for a preliminary injunction, and the grounds for an injunction are based upon the plaintiff’s likelihood of success.
I haven’t had time to read the judgment in detail, but a quick skim-through reveals that under the two-step Fourth Amendment test, the Court found, first, that people have a reasonable expectation of privacy in their telephone data, because of the sheer volume of personal information that is transacted via phone; and on an investigation of evidence, the Court found that the infringement was unreasonable, because there was no evidence to demonstrate that the compelling State interest – that of protecting national security – was actually being served effectively by said collection. On p. 64, the Court observes:
“I cannot imagine a more indiscriminate and arbitrary invasion than this systematic and high-tech collection and retention of personal data on virtually every single citizen for the purpose of querying and analyzing it without prior judicial approval. Surely such a program infringes on the degree of privacy that the Founders enshrined in the Fourth Amendment.”
Indian privacy lawyers would do well to study this judgment closely. As we have argued before in this blog, the two-step Fourth Amendment test is materially similar to Article 21’s right-to-privacy/compelling State interest test. Of particular interest is the Court’s conclusion that:
(a) We do have a reasonable expectation of privacy in our telephone records
(b) The government cannot simply assert national security; the burden lies upon it to actually show that bulk surveillance is effectively serving this purpose – and that is, show through demonstrable evidence of terrorist attacks foiled or prevented.
(c) The absence of judicial approval for mass surveillance is constitutionally fatal.
All of these positions are extremely relevant for the constitutionality of the CMS. We shall see how this judgment progresses through the Courts.