Naavi.org

Intermediary Guidelines.. Who is and who is not an intermediary?

Posted on December 25, 2018 by 98410spice

The following are the comments from Naavi.org on the proposed modified rules under Section 79 of ITA 2000/8 released for public comments on 24th December 2018.

After the passage of amendments to ITA 2000 in December 2008, which was notified with effect from 27th October 2000, a notification was released under G S R 314(E) dated 11th April 2011. This notification was called ” Information Technology (Intermediate guidelines) Rules, 2011 and laid out the requirements of “Due Diligence” to be followed by “Intermediaries”.

Who is and Who is Not an “Intermediary”?

The Intermediaries are defined under Section 2(w) as follows:

“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

The intermediaries includes the many IT giants such as the Google, Facebook, WhatsApp etc.

Though some of the E Commerce websites may also be treated as “Intermediaries” and Banks have also tried to wear this hat some times to claim exemption of liabilities for cyber crimes, it must be noted that the definition applies to those organizations who process third party information without “initiating the transmission”, “Selecting the receiver of the information” or “Select or modify the information contained in the transmission” . (Refer section 79(2)).

In other words, most of the intermediaries who today interfere with the messages passing through them by trying to use the content for their own benefit including for advertising purposes lose the status of an “Intermediary”. They become users of the information passing through them and would fall under “Due Diligence” or “Reasonable Security Practices” as required under Section 43A of the ITA 2000/8. (This aspect needs to be kept in mind when Section 43A is removed with the introduction of PDPA 2018)

It is not a Section for Exemption..But for defining Due Diligence

While Section 79 has often been interpreted as a section which provides “Exemptions to Intermediaries” from liabilities, it must be remembered that it actually extends all the liabilities under ITA 2000/8 that may be attributed to a computer/human resource owned by an organization to the organization itself and also triggers the liabilities under Section 85, if the conditions under Section 79(3) are not fulfilled.

According to Section 79(1), an intermediary shall not be liable for any third party information, data, or communication link hosted by him only if the provisions of sub-sections (2) and (3), are fulfilled”.

Sub section (2) clarifies who is an intermediary and Sub section (3) talks of conspiracy, abetment and assistance including inducement and threats and the action to be taken on receipt of knowledge.

Before we start discussing the Guidelines issued by the Ministry now, it is essential for all of us to be familiar with Section 79 since the rules are to be interpreted within the provisions of the Act/Section and cannot be ultra vires the Act itself. If the “Rules” try to change the “Act”, it has to be held invalid.

Possibility of Mistakes by the Court

In the course of the discussion of the new rules, some members of the media have referred to the Shreya Singhal judgement which resulted in the scrapping of Section 66A which remains a symbol of the inability of the honourable Supreme Court to appreciate the need of certain parts of the law.

This has been extensively debated earlier and we would not like to digress here except to highlight that Supreme Court is amenable to be misguided by Vocal PIL Advocates into decisions which are short sighted and it has to guard itself against such attempts in every case where a political motivation is evident.

It is often observed that lawyers who are supposed to be “Servants of the Court” and assist the Judges in arriving at a truth through a judgement, often resort to complete falsehoods in trying to justify their client’s interest bordering on committing a “Fraud on the Court”. The Court cannot therefore drop its vigilance and go entirely by the averments of the advocates.

The silence of the defense advocates which lead to some recent wrong decisions was also evident in the withdrawal of some tender notifications by UIDAI on media monitoring which were wrongly projected in the Court as a possible violation of Privacy and the Court appeared to concur with it.

While Courts are required to adjudicate on genuine differences of views on legal issues they often are called upon to adjudicate on differing political views. If the Court is not fully conscious of this possibility, there could be slip ups which come to haunt them later and adversely affect the reputation of the judiciary either for their in efficiency or for bias.

The recent Aadhaar judgement which inter-alia killed the e-Sign system of authentication, which many of the experts who support the judgement never realized, is another example of how the Court may be driven into an incorrect decision with a blinkered vision particularly when the matter can be linked to a “Constitutional Right”.

Now a days, every politician including the enemies of the State have become conscious of their rights under the constitution and drag Supreme Court to sit in judgement of every administrative order issued by the Government. This is a gross misuse of the resources of the Supreme Court.

Though the current CJI has been conscious of the fact that the precious time of the Court is being wasted in politically motivated cases, we need to still witness the courage of the Court to put its foot down on frivolous and politically motivated litigation which are brought up only to gain media attention and score a political point.

The PIL filed by advocate Mr M.L. Sharma on the MHA notification on Section 69 will be a test case on whether the current Supreme Court does exhibit its resolve to focus on the more important matters of the Citizens or devote most of its energies to satisfy the political debates in the garb of upholding the constitutional rights of citizens. (This requires a separate debate which we shall do shortly).

It is one of the strategies of the opposition to engage the Court in such a manner that more important cases gets relegated hopefully until the Government changes. Citizens are watching if the Supreme Court is conscious of this clever manipulations.

We hope there would not be one more PIL on the proposed Section 79 rules and all those who have a view will try to place their comments with the Ministry rather than going straight to the Court.

While we donot expect everybody to accept the views presented here, I suppose these views would be considered before they come to their own conclusions.

So…let us proceed further on the proposed changes in the intermediary responsibilities…

…. To Be Continued

Naavi

Previous Articles:

New Intermediary Guidelines… Legitimate and Well within the rights of the Government:
Proactive technology tools to identify violation..new intermediary rules:
New Intermediary Guidelines.. Intermediaries need to have Indian Subsidiaries..:
Intermediary Guidelines.. Who is and who is not an intermediary?:
Draft Intermediary Guidelines 2018… Public Comments invited:
Copy of the guidelines:

Posted in Cyber Law | Tagged Intermediary rules, section 79 | 3 Comments

Draft Intermediary Guidelines 2018… Public Comments invited

Posted on December 25, 2018 by 98410spice

The Government of India has released a draft Intermediary guidelines 2018 under Section 79 of Information Technology Act 2000 (ITA 2000/8) for public comments before January 15th. (Refer here).

The notification records that a calling attention motion on “Misuse of Socal Media platforms and spreadig of fake News” was admitted in the Parliament (Rajya Sabha) in 2018 (Monsoon session) and the Hon’ble Minister for Electronics and IT, responding to the calling attention motion on 26/07/2018, made a detailed statement where he inter alia conveyed to the House the resolve of the Government to strengthen the legal framework and make the social media platforms accountable under the law.

The department (MeitY) has now prepared the draft Information Technology (Intermediary Guidelines) Rules 2018 to replace the rules notified in 2011.

Comments and suggestions can be sent to gccyberlaw@meity.gov.in, pkumar@meity.gov.in, and dhawal@gov.in.

The Copy of the proposed guideline is available here.

As has been the trend of politics today, there has already been comments by many politicians that this is an attempt at the Government trying to take control of the social media as a part of the strategy to win elections etc. It appears that the politicians are only exposing their ignorance of law and bias by making extreme comments which are misplaced.

These comments supported by some of the known biased journalists will be spreading disinformation to the extent possible. For the time being let us ignore these comments.

We will try to explain the changes and put out our views in this regard.

Naavi

PS: As per the addendum released on 31/12/2018, the public comments released upto 15th January 2019 would be placed on the website on 18th January 2019 and a 10 day period upto 28th January 2019 would be allowed for receiving counter comments if any…. Group Cordinator, gccyberlaw@meity.gov.in

Posted in Cyber Law | 1 Comment

The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?

Posted on December 23, 2018 by 98410spice

[This is in continuation of the previous article on the subject]

(P.S: These discussions are called the “Second Awakening” because though ITA 2000 came into existence on 17th October 2000, the stake holders and more particularly the IT industry never recognized that there was a law that required a closer look as part of their compliance requirements. It was only in April 2011 when the rules under Section 43A was notified, that the industry woke up to the existence of this law. This was the first awakening. Then everybody went to sleep once again. Today there is greater recognition of GDPR and the proposed PDPA than the currently prevailing ITA 2000/8. The current controversy which was politically motivated and arose out of a simple sub notification has suddenly created a flutter in the IT industry which I have called the Second Awakening.)

Background:

In the previous article, I referred to Section 69 of ITA 2000/8 which empowers a competent authority to authorize “Interception, Monitoring and Decryption” of electronic information through any computer source.

There was a notification of a rule titled “Information Technology (Procedure and
Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009″ on October 27, 2009.

A Controversy has now broken out after the Ministry of Home Affairs came up with a notification on 20th December 2018 stating that they are designating 10 agencies to carry out Interception, Monitoring and Decryption.

The notification has been wrongly interpreted by members in the political community as a move to create a Police State in India before the next general election and a challenge to Privacy. The controversy has gained traction because the professionals also were unaware of the law as it existed and what this notification actually meant and in their eagerness to support Privacy, the technical circles also went with the politicians in criticizing the MHA order as a draconian move to upstage the Puttaswamy judgement of Supreme Court on Privacy. Media as usual went with their TRP objective to create a fire where there was none. The legal activists are already preparing their petition to move the Supreme Court after the vacation to get the Section 69 of ITA 2000/8 squashed a-la Section 66A.

I completely disagree with the false narrative being created in this regard and tried to explain the legal position related to Section 69. The narrative has taken political over tones and most of the professionals are not comfortable in expressing their views if it opposes Rahul Gandhi’s Congress because they are afraid that if Congress comes to power ever, it could hold a grudge. On the other hand we know that Mr Modi and BJP is too soft and anything can be said against them.

Readers of this blog who think I am expressing political views may excuse me since it is difficult to remain silent when Rahul Gandhi, Asaduddin Owasi, Omar Abdulla, Anand Sharma or Gulam Nabhi Azad etc start interpreting Section 69 of ITA 2000 and the regulations there under to create a fake narrative for their political gain. Kindly leave the political comments and focus on what I would like to say on the law as it appears to me.

I pointed out in my previous article that section 69 of ITA 2000/8 gave certain powers but they were within the exceptions under Article 21 of the Constitution, (Refer: Academike)

According to the Article 21, no person shall be deprived of his liberty “Except according to a procedure established by law”.

It is the duty of the Government to define what is the procedure to be followed if this exception has to be exercised. Not providing such procedure would tantamount to “Dereliction of Duty”.

Privacy is admittedly not an “Absolute Right” and is subject to reasonable restrictions .

Section 69 is an attempt to define the “Due Legal Process” and incorporates adherence to the reasonable restrictions principles.

Hence Section 69 is well within the powers of the Government (remember, it was passed by the UPA Government).

Having enacted Section 69 with effect from 27th October 2009, it was incumbent on the Government to expand the provisions of the section into a more detailed rules which was also promptly done by the UPA Government with its notification of October 27, 2009.

What does the Notification of 2009 contain?

This notification has 25 different clauses. The clause headings are reproduced below.

Short title and Commencement
Definitions
Direction for interception or monitoring or decryption of any information
Authorization of agency of Government
Issue of decryption direction by competent authority
Interception or monitoring or decryption of information by a state beyond its jurisdiction
Contents for direction
Competent authority to consider alternative means in acquiring information
Direction of interception or monitoring or decryption of any specific information
Direction to specify the name and designation of the officer to whom information to be disclosed
Period within which the direction shall remain in force
Authorized agency to designate nodal officer
Intermediary to provide facilities, etc
Intermediary to designate officers to receive and handle
Acknowledgement of instruction
Maintenance of records by designated officer
Decryption key holder to disclose decryption key or provide decryption assistance
Submission of the list of interception or monitoring or decryption of information
Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information
Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information
Responsibility of Intermediary
Review of directions of competent authority
Destruction of records of interception or monitoring or decryption of information.
Prohibition of interception or monitoring or decryption of information without authorization
Prohibition of disclosure of intercepted or monitored, decrypted information.

Even without going into the details of these 25 clauses, I suppose the professional critics of the MHA notification will realize that this notification does address all the concerns that the critics have raised from the Privacy perspective.

The MHA order was made under rule (4) above which stated

Authorisation of agency of Government.— The competent authority may
authorise an agency of the Government to intercept, monitor or decrypt information
generated, transmitted received or stored in any computer resource for the purpose
specified in sub-section (1) of section 69 of the Act.

So far no such agency had been designated and therefore the Competent authority had a wide power to designate any public or private body for the purpose of exercising its rights albeit the other restrictions.

By designating 10 agencies now, the Government has curtailed the powers of the Competent authority significantly.

Who is the Competent Authority?

According to rule 1(d), Competent authority means (i) the secretary in the Ministry of Home Affairs in case of the Central Government and (ii) the Secretary of the Home Department in case of the State Government or a Union Territory as the case may be.

The jurisdiction of the state authority lies within the State and where interception etc is required in a different state, the state authority has to work through the MHA.

Is there a proper Over view

The Competent authority has to issue a written order and name the person to whom the information has to be disclosed, containing the reason for the necessary action. This has to be forwarded also to a review committee within 7 days. The order itself lapses in 90 days unless extended and can be extended to a maximum of 6 months.

The Review committee is the Review Committee constituted under rule 419A of Indian Telegraph Rules 1951 and should meet once in two months.

The Review committee consists of the Cabinet Secretary (Chairman) and the Secretary legal affairs and Department of Telecommunications in respect of the Central Government and the Chief Secretary (Chairman) and the law secretary and another secretary other than the Home Secretary).

Under rule 24, any person who violates any of the provisions of this order is liable for punishment.

I interpret this as an authorization to not only launch Section 43 and 66 proceedings in case of “Unauthorized access or disclosure”.

This also provides for judicial overview in case there is any violation of the order.

Destruction of Records

Under Rule 16, the designated officer has to maintain proper records of compliance. But the monitored information need to be destroyed after 6 months according to the rule 23.

I have in the past indicated my view that if the information becomes an evidence of a crime, the record may be deemed as evidence and needs to be preserved.

The rule 25 prohibits disclosure of information monitored except as per the order.

Judicial Challenge is not even worth Admission

Thus we can see that there is enough checks and balances built into the rule to satisfy any legal requirements and therefore if this order is challenges in the Court and if the Court is aware of the legal provisions, then the challenge should be not even admitted.

Misinterpretation that the Agencies have been given power

We need to recognize that the MHA order does not provide any powers to the agencies to conduct their own investigations. Such an impression if created is wrong.

The only authority that can order the interception is the Secretary Home. The agencies are those through which such information can be collected by the competent authority.

Any person including the agency itself if it requires monitoring, has to approach the Competent authority, get a written order and proceed.

There are of course certain emergency powers where monitoring can be started before the authority issues a written order and they are dealt with separately under Rule 3 as emergency powers.

I request all my professional friends to go through the above and let me know if any further doubts remain in their mind that the perception being circulated in the media is blatantly false and malicious.

Naavi

The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?
The Second Awakening… What is Section 69?
Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening
Agencies empowered under Sec 69. No Need to raise a false alarm

The MHA Notification
Section 69
Section 69 Rules of 2009

Articles on ITA 2008 written in 2008/9

Posted in Cyber Law | Tagged rules, section 69, snooping | 1 Comment

The Second Awakening… What is Section 69?

Posted on December 23, 2018 by 98410spice

[This is a continuation of the earlier articles on the subject]

Section 69 along with 69A and 69B was introduced in ITA 2000 with the amendments passed in December 2008 by the then UPA Government. Though the passage was without any discussion, there was a standing committee which deliberated the amendment bill for over 2 years before the bill was introduced in its final form and passed.

Sections 69, 69A,and 69B along with 70B gave powers to different officials of the Government for the purpose of interception, blocking and collecting data from intermediaries and other IT users and to implement the Cyber Security.

These sections provided “Legal Empowerment” to enable discharge of the normal Governance functions which was necessary and also permitted under the Constitution.

The Politics behind the Criticism

Most people in the media are commenting on the MHA circular without reading the Section and the relevant regulation. They are politicians like Rahul Gandhi who deserve to be ignored or media anchors who are arrogant and think they know everything or professionals who are passionate about the concept of Privacy and distrust the Government.

It is disappointing that some of the well informed professionals in the security arena are also joining the bandwagon of critics and giving support to the false accusations of the Corrupt Congress politicians.

Their concerns may be genuine but in the present context, their stand is only helping the corrupt politicians and not the cause of either Privacy or Governance. I am therefore vocal about my views though some may think that it represents political support to the current regime.

These professional critics should realize that during the UPA regime there were not only thousands of snooping orders (as revealed by the RTI which is in the news) but there were many more without record.

Misuse of power is an issue that is to be handled separately and not mixed up with the current issue of whether the MHA order is an intention of the current Government to create a Police State, Create an Emergency situation etc as Rahul Gandhi, Owasi or Omar Abdulla or Gulam Nabhi Azad complain.

It is necessary that professionals who are trying to apolitical and avoiding recognition of the politics behind the current outrage realize that they are only deceiving themselves. My intention is to open the eyes of such professional critics so that they donot become pawns in the hands of the politicians to create a narrative which is false and malicious.

MHA Order does not give Snooping Powers to any agency

To start with let us recount that the current MHA order is within the powers conferred under section 69(1) of ITA 2000/8.

It is therefore incorrect and malicious to read this as if it is an order authorizing the 10 agencies to conduct a roving monitoring of the activities of the citizens as is being presented by the ill informed media and the opposition politicians.

The order only designates the agencies that may be called “authorized” to carry out the orders if any from the “Competent authority”.

This is actually restricting the powers of the Competent authority preventing it from using any agency other than these designated agencies.

These agencies cannot independently start any monitoring activity because they are not the “Competent Authority” and their powers are restricted to a “Specified Order”.

Competent authority can only issue such orders if

“it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence,”

subject to the provisions of sub-section (2),

for reasons to be recorded in writing,

by order,..”

Sub section (2) above refers to the Procedure and Safeguards which were later notified under the “Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 which was notified on 27th October 2009.

In order to understand the legislative intent of Section 69, it is necessary to also look at Sub section (3) and (4) of Section 69 which states as under.

(3) The subscriber or intermediary or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub section (1), extend all facilities and technical assistance to –

(a) provide access to or secure access to the computer resource,, generating, transmitting, receiving or storing such information; or

(b) intercept or monitor or decrypt the information, as the case may be; or

(c) provide information stored in computer resource.

(4)The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with an imprisonment for a term which may extend to seven years and shall also be liable to fine.

The legislative intent of this section was to ensure that Intermediaries and persons in charge of the IT systems cooperate with the agency entrusted with the security obligations when called upon to do so.

The competent authority was obliged to use this provision only when there was a situation where the “Exceptions to the Privacy” was permitted under the Constitution and not otherwise. It was also obliged to have a written order for the purpose and use only designated agencies for the purpose.

It is therefore wrong to consider that this section is ultra vires the constitution whether before or after the Puttaswamy judgement.

Don’t Let the Supreme Court to be mislead again

I suppose that even the Government agencies need to realize the intent of the section and ensure that mischievous advocates donot mislead the Supreme Court with PIL s just as they did in the case of Section 66A of ITA 2000.

The Supreme Court is not infalliable and may be swayed by the popular public sentiment and can give wrong decisions in such cases.

This has to be prevented by the professionals who should be prepared to identify the nature of the section and the inbuilt safeguards in the section followed by the notification which we shall discuss in the follow up article.

Misuse of Law and Powers

Arguing that safeguards may be there in the law but it will not be followed is not an argument that can be countered. Yes every law can be misused. This is the element of distrust I mentioned earlier. We inherently distrust the Government and its officials who can be corrupted. But the solution is to make them honest and not distrust all of them for all the time.

I personally distrust the opposition politicians and officials under the UPA rgime hundred times more than the BJP under Mr Modi and officials in the Modi regime. I am therefore willing to place the trust in the current regime and consider that this MHA order was a routine order.

Why Now Argument

Opposition politicians seem to think that this Government should stop Governing and hand over the decision making to the opposition because they believe that they will win the next election.

Hence, every decision is linked to the forthcoming election and objected to.

I would like to say that the notification of 2009 had required these agencies to be notified even on October 27, 2009. It was better late than never. It was difficult to understand certain parts of the order such as “Nodal Officers” without the notification of these agencies for implementation. This uncertainty has been prevailing all along. In the absence of this notification, it was a fair interpretation that the competent authority under the law could designate any agency (public or private) and hence every IT company and Government department should designate a compliance officer or a nodal officer to carry out the directions.

The MHA order serves the purpose of providing a clarity that only these agencies need to be involved in the implementation of Section 69.

I donot know how this sudden realization came upon the MHA. Only insiders can explain how this idea originated.

But I would like to believe that after the recent Supreme Court judgement, there could have been a discussion on what is the “Procedure for Interception” which does not violate the Puttaswamy judgement and the concerns of the Privacy activists. At that time, the department has realized that the procedure is defined under the rules under Section 69 but there is a lacuna that specific agencies have not been formally notified.

Hence MHA could have tried to regularize the lacuna and come up with the clarificatory notification restricting the powers of the competent authority only to these 10 agencies.

….To Be Continued

Naavi

The MHA Notification
Section 69
Section 69 Rules of 2009

Articles on ITA 2008 written in 2008/9

Posted in Cyber Law | Tagged privacy, Puttaswamy, section 69, snooping | 1 Comment

Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening

Posted on December 22, 2018 by 98410spice

[This is a continuation of the previous article]

Yesterday was a day when ignorance and politics took over the debate on the new MHA guidelines under Section 69 of ITA 2000. As expected, the Congress politicians opened the debate in the Parliament with the “Jupiter Escape Velocity” fame expert commented that “India is being converted into a Police State”. Several other politicians such as Sitaram Yechury, Asaduddin Owaisi, Omar Abdulla joined the line of political experts who declared that there is a need for Supreme Court to take a hard look. Towards the end of the day Congress appeared to pull back when they realized that Section 69 in its present form was actually passed into law by the Congress Government itself.

Though some sane voices did emerge from the Cyber Law experts, later in the day, the media as usual continued to bombard the sensational angle as if India has over night become a Police State. The young anchors talking like experts in Cyber Law referred to the Puttaswamy judgement and declared that Privacy is under threat.

In the professional arena, some sense prevailed except for a few Privacy passionate enthusiasts expressed their anguish that the law can be misused.

Behind the criticisms that prevailed all across the media it was evident that many of the commentators were realizing for the first time that there was a section called Section 69 in ITA 2008 and it provided for certain powers for interception etc.

The situation was similar to the moment in 2011 when after the passage of the rules under Section 43A, the IT professionals suddenly came to realize the existence of ITA 2000/8 which became a law on 17th October 2000 with the important amendments of 2008 becoming effective from 27th October 2009.

Perhaps this second awakening is good for the society since we need to understand and appreciate the nature of ITA 2000/8 which is an important legislation of the “Digital Society”. So far everybody was talking of “Digital India”, “Digital Disruption”, “Innovation” etc with complete abandonment of an awareness of the background law.

This debate on “Snooping” however absurd it is, will perhaps result in at least some of the politicians and professionals developing a better understanding.

In the discussions that ensued yesterday, following points have been raised.

Timing: Why did the Government come up with this notification? Does it have anything to do with the forthcoming elections?
Privacy: Does this notification affect the principles of Privacy as a Fundamental Right?
Surveillance: Does this notification mean that the named 10 agencies will start snooping on 1 billion people from tomorrow?
Oversight: Does such powers require a judicial oversight?
Prior Debate: Was a public debate required before this notification was released?

Naavi had highlighted the sweeping powers that sections 69,69A and 69B provided to the state when the amendments were passed in 2008. Unfortunately, at that time no body took notice.

Then on 27th October 2009, the notification called “Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 was published. These guidelines had some ambiguities. This notification has in fact cleared some aspects of this notification which were difficult to interpret because of the inherent ambiguities. The MHA notification has therefore come as a relief as it sets dome doubts to rest.

I anticipate that the controversy on Section 69 would not die down. The next level of action would be when people like Prashant Bhushan, Indira Jaiswal and others would raise the issue in the Supreme Court.

The Supreme Court is known to be vulnerable to succumb to media hype as it did in the case of Section 66A judgement and partially in the case of the Aadhaar judgement and arrive at incorrect interpretations. Hence we need to place on record our views so that the false propagandists donot hijack the debate.

We shall therefore explain the Section 69, the notification of October 27, 2009 and also answer some of the questions raised above in a series of articles that will follow.

We hope this will clarify the uncertainty that may prevail in the minds of the public. This is only an academic explanation of what ITA 2000/8 for those who want to debate the law.

This may not however satisfy the Politicians who want to any way blame the Government because they feel that they have a friendly media which will make any lie uttered 1000 times look like truth. We have to leave them revel in their imaginary world.

...To Be continued

Naavi

Reference:

The MHA Notification
Section 69
Section 69 Rules of 2009

Articles on ITA 2008 written in 2008/9

Some media reports: The Wire : Arun Jaitely : Rahul Gandhi: Owaisi : Experts

Posted in Cyber Law | Tagged section 69, snooping | 1 Comment

Agencies empowered under Sec 69. No Need to raise a false alarm

Posted on December 21, 2018 by 98410spice

The uninformed media is at work since morning commenting on the MHA Order notifying additional agencies empowering use of powers under Section 69 of ITA 2000/8.

Refer notification here:

According to the notification, 10 agencies such as the IB, ED, CBI etc are notified as authorized agencies.

Until now according to the earlier notification G.S.R. 780 (E) dated 27th October 2009, for such orders the competent authority was the “Secretary of Ministry of Home Affairs” in the Central and State Governments. No other agency had been named for execution of the action envisaged.

The Competent authority was empowered to authorize an agency of the Government for the purpose. The process for authorization was detailed in the notification. What the MHA has now done is to exercise these powers to notify the agencies which can exercise the powers.

The powers are as per restrictions inherent in Section 69 (1) and are well within the constitutional provisions.

For immediate reference we quote the section 69(1).

“Where the central Government or a State Government or any of its officer specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may, subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information transmitted received or stored through any computer resource”

It is prudent for responsible citizens to recognize that the powers are to be exercised under a process and are well within the provisions of Constitution and refrain from making a hue and cry about a routine notification.

Such powers of India has been there since long under Telegraph Act itself and is also present world over including USA and UK. The powers are essential for Governance and does not preclude action against people who misuse.

Section 69 itself contains an inbuilt provision for preventing misuse which may be invoked if concerned citizens have any issues.

Under Section 69(2), the law provides that the

“Procedure and safeguards subject to which such interception or monitoring or decryption may be carried out shall be such as may be prescribed”.

In the event the procedures and safeguards are not followed even by a Government official, it would tantamount to “Unauthorized Access” and could be considered as an offence under Section 66 of ITA 2000/8 which has a punishment of upto 3 years.

Those who are today throwing tantrums on the TV and those members of the media who are raising the bogey of Privacy, Constitutional rights etc are either not adequately informed or are as usual raising a bogey to criticize the Government.

I will not be surprised if politicians raise ruckus in the Parliament and some activists also go to Supreme Court against the order.

Let’s understand the law as it is and respond without raising a needless false alarm.

Naavi

The MHA Notification
Section 69
Section 69 Rules of 2009

Articles on ITA 2008 written in 2008/9