The recent expose in the media about the alleged violation of privacy of citizens of many countries, including India, as a result of the reported Prism Project, if true, is a matter of grave concern. The privacy of citizens in any country must be respected and protected by taking steps to balance national security objectives against needs of surveillance interception and data mining. In this regard, Government must take the following three steps:
Engage the US Government to uncover the truth
While there are wide ranging reports regarding the Prism Project, there is a matched confusion as to whether its implementation was done under proper procedure and US law, or whether it was an extrajudicial act. At one level, India seems to figure in the top 5 countries on the list of surveillance – based on the report - and it seems there are violations of privacy from several other major US social media and ICT corporations, though these companies have denied participating in any illegal project. In fact, there are now reports that several US companies are asking the US Government to allow them to publicize more details about any surveillance related activities to enable greater transparency.
Amongst these conflicting reports, it would be advisable that the Government of India reaches out to its counterpart in the US to discover the actual facts from official sources keeping in mind the privacy interests of Indian citizens. If it is uncovered that Indian citizens’ privacy was, in fact, violated through illegal means, then the Government of India must contemplate steps to fix responsibility and ensure that such wide scale or illegal surveillance is swiftly brought to an end. However, uncovering the facts would be the first step in the right direction. This should be followed by a proper and detailed press briefing by the Government of India for its citizens.
Review privacy surveillance and interception in India
The news about the Prism Project is also an opportunity to review the level of privacy protection, legislation and processes that the Government of India has in place, along with various telecom and internet service providers (ISPs). It is my understanding, and based on several instances of leaked voice tapes, Call Data Records (CDRs) and other content, that the Indian consumer is most vulnerable when it comes to privacy protection at the hands of our own government and service providers. Administrative orders for surveillance are used widely and the procedure followed is said to often be in violation of the DoT Notification of 01 March, 2007, with regards to Indian Telegraph Rules, 1951, specifically Rule 419A. It also remains unclear as to how data traffic, especially those which flow on the networks of ISPs is monitored, since there is no clear process laid down for such interpretation, except the Government’s right to intercept under the ISP license.
The Indian citizen remains extremely vulnerable on the home front where her privacy is concerned, and this could be a perfect opportunity to have a wide dialogue across government, telecom service providers, ISPs, technical experts and citizens groups to audit, review and improve on the privacy processes and legislation within India.
Time for more privacy rather than more government surveillance
At times like these, with pressure from media and citizen groups, the Government has two options. First, to join other governments and seek equal access to surveillance by increasing our capabilities and scope. The second is to desist any bad practice that may have come to light, and instead, improve the norms to protect privacy and safeguard individuals against illegal or mass surveillance/interception. I would strongly recommend that we choose the second option and desist any temptation to compete with the US or any other government to increase surveillance and interception of our citizens. Undoubtedly, national security, lawful interception and monitoring are critical to our national objectives, but this is the time to remain balanced and lead an inter-governmental dialogue for establishing a truly multi-stakeholder discourse on how to improve privacy and overall internet governance.
It was for this reason that I have remained opposed to the concept of United Nations Committee on Internet Related Policies (UN-CIRP) that had been proposed by some overzealous officials in the Ministry of External Affairs and PMI Geneva in the 2011 UN General Assembly.
Any attempt to either revive UN-CIRP or push for a structure that places government front and Centre would mean further and irretrievable harm to the privacy discourse.