Govt authorises 10 intel, security agencies to monitor, decrypt ‘any’ computers
New Delhi, Dec 21: The government on Friday said it has authorised 10 central agencies to intercept, monitor and decrypt all the data contained in “any” computer system and asserted that this was being done to prevent “any unauthorised use of these powers”.
The new order, issued late Thursday night, “does not confer any new powers” to any security or law enforcement agency, the Union Home ministry said in a statement as the opposition termed the move an assault on fundamental rights and joined hands against it.
The order was brought out by the ‘cyber and information security’ division of the ministry under the authority of Home Secretary Rajiv Gauba.
According to the order, 10 central probe and snoop agencies are now empowered under the Information Technology (IT) Act for computer interception and analysis, officials said.
The agencies, according to the order, have been authorised “for the purpose of interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource under the said Act (section 69 of the IT Act, 2000)”.
In a clarificatory statement, the Home ministry said adequate safeguards are provided in the IT Act, 2000 and similar provisions and procedures already exist in the Telegraph Act along with “identical safeguards”.
The ministry said “each case” of such computer interception, monitoring and decryption is “to be approved by the competent authority, which is the Union home secretary”.
“The present notification is analogous to the authorisation issued under the Telegraph Act. The entire process is also subject to a robust review mechanism as in case of Telegraph Act. Every individual case will continue to require prior approval of Home ministry or state government. MHA has not delegated its powers to any law enforcement or security agency,” it said.
The ministry used Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 to elaborate its point.
It provides that “the competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub-section (1) of Section 69 of the Act”, the ministry said.
Therefore, it said, the latest order has been issued “in accordance with rules framed in year 2009 and in vogue since then and no new powers have been conferred to any of the security or law enforcement agencies”.
The notification, it said, has been issued to notify the ISPs (internet service providers), TSPs (telecommunications service providers), intermediaries among others to codify the existing orders.
“These powers are also available to the competent authority in the state governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009,” it added.
According to rule 22 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, all cases of interception or monitoring or decryption are to be placed before the review committee, headed by the cabinet secretary, which shall meet at least once in two months to review such cases, the statement said.
In case of state governments, it added, such cases are reviewed by a committee headed by the chief secretary concerned.
The ministry statement also said the new notification had three benefits.
It is aimed at ensuring that any interception, monitoring or decryption of any information through any computer resource is done in accordance with due process of law.
The notification identifies agencies authorised to exercise these powers and is aimed at preventing any unauthorized use of these powers by any agency, individual or intermediary.
Also, it said, the latest order will ensure that provisions of law relating to lawful interception or monitoring of computer resource are followed. If any interception, monitoring or decryption is required for purposes specified in Section 69 of the IT Act, it has to be done in accordance with due process of law and approval of competent authority, which is the Union Home secretary.
The 10 agencies notified under the new order are the Intelligence Bureau, Narcotics Control Bureau, Enforcement Directorate, the Central Board of Direct Taxes (for Income Tax Department), Directorate of Revenue Intelligence, Central Bureau of Investigation, National Investigation Agency, the Research and Analysis Wing, Directorate of Signal Intelligence (in service areas of J-K, North East and Assam) and Delhi Police commissioner.
Section 69 of the IT Act deals with the “power to issue directions for interception or monitoring or decryption of any information through any computer resource”.
According to an earlier order, the Union home secretary is also empowered to authorise or sanction the intelligence and security agencies for undertaking tapping and analysis of phone calls under the provisions of the Indian Telegraph Act.