Last week brought us explosive revelations from the The Guardian that the US National Security Agency (NSA) is conducting extensive surveillance on internet traffic patterns, email, and telecommunications. While perhaps not surprising, the news was shocking on at least three levels – (1) the program’s extensive reach, (2) its corporate participation from the likes of Google, Facebook, Microsoft and Apple, and (3) the fact that it was entirely secret from the public.
In an editorial today entitled “Do not emulate the US on surveillance.” The Economic Times reminds us that in India, “[t]he actual situation might already be alarming: remember, a leading service provider not too long ago revealed it had intercepted around 1.5 lakh phone calls over a five-year period. And that’s just one service provider.” The editorial goes on to declare, “[w]anton use of such capability isn’t just illegal, it vitiates the notions of transparency and accountability central to democracy.”
So what is the actual situation? What is the reach of the Indian cyber surveillance state?
Yesterday, The Hindu reported on an upcoming government initiative that looks eerily similar to the US program, dubbed the National Cyber Coordination Centre (NCCC). According to the newspaper, it obtained details of the program from a “secret government note.” The goal of the NCCC will be to provide a “real-time assessment of cyber security threats and generate actionable reports/alerts for proactive actions by law enforcement agencies.” In order to accomplish this, the NCCC will “collect, integrate and scan [Internet] traffic data from different gateway routers of major ISPs at a centralised location for analysis,” which also happens to be the backbone activity of the US program. In addition, the NCCC will have several members of the national security apparatus as active participants, including: the IB, RAW, the National Technical Research Organisation (NTRO), DRDO, and all three branches of the military, among others. The NCCC will be under the Department of Electronics and Information Technology and is expected to cost around Rs. 1000 crore.
The NCCC may not be in place just yet, but extensive government surveillance capabilities, both physical and legal, are already in place. The Information Technology Rules, 2011, provide for the release of sensitive personal information (including passwords, bank accounts, credit and debit card details, physical, physiological and mental health conditions, sexual orientation, medical records, and biometric information) to government officials on written request for the purpose of investigation and prosecution. The free speech implications of provisions in the Rules prohibiting certain types of internet content are already well known, with numerous cases of individuals facing legal action and jail over social media posts.
Just last month, the government began to roll out the Central Monitoring System, which will give government organizations like the Intelligence Bureau, National Investigation Agency, and tax authorities access to the entire spectrum of personal communications, including online activities, phone calls, SMS messages, and social media. Last week, Human Rights Watch issued a statement calling the CMS “chilling.”
This post presents a very cursory sketch of the cyber surveillance apparatus, and nothing in it is intended to say that the government has no legitimate interest in protecting the country from cyber threats. In the modern security landscape, coordinated cyber attacks (especially from China) present a significant national security threat and alarming incidents have already been documented. Assuming the story in The Hindu is accurate, however, the formation of the NCCC and roll out of the CMS, will have huge implications for the privacy of internet and telecom users.
Coupled with the IT rules and recent developments in the erosion of free speech, such provisions have the potential to further dampen political dissent on internet forums and social media. Unlike the American spying program, however, the basic framework of India’s cyber surveillance state is still in its nascent stages, and public debate may yet impact its scope. A quick search of parliamentary questions and debates from the Fifteenth Lok Sabha yields many logistical questions about cyber security, but few concerns about cyber privacy. One can only hope that, as programs such as the NCCC are developed further, some measure of parliamentary accountability takes hold and an even more robust public debate ensues.
 Do not emulate the US on surveillance, Economic Times (Jun. 11, 2013), http://economictimes.indiatimes.com/opinion/editorial/do-not-emulate-the-us-on-surveillance/articleshow/20531613.cms.
 Sandeep Joshi, India gets ready to roll out cyber snooping agency, The Hindu (Jun. 10, 2013), http://www.thehindu.com/news/national/india-gets-ready-to-roll-out-cyber-snooping-agency/article4798049.ece?homepage=true
Barton Gellman & Laura Poitras, U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program, The Washington Post (Jun. 7, 2013), http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html
 Joshi, supra note 2.
Chakshu Roy & Harsimran Kalra, Rules and Regulations Review: The Information Technology Rules, 2011, PRS Legislative Research (Aug. 12, 2011), http://www.prsindia.org/uploads/media/IT%20Rules/IT%20Rules%20and%20Regulations%20Brief%202011.pdf
 India’s centralised monitoring system comes under scanner, reckless and irresponsible usage is chilling, DNA (Jun. 8, 2013), http://www.dnaindia.com/india/1845205/report-india-s-centralised-monitoring-system-comes-under-scanner-reckless-and-irresponsible-usage-is-chilling
 Indu Nandakumar & J. Srikant, Central Monitoring System to make government privy to phone calls, text messages and social media conversations, Economic Times (May 7, 2013), http://articles.economictimes.indiatimes.com/2013-05-07/news/39091148_1_single-window-pranesh-prakash-internet
 India: New Monitoring System Threatens Rights, Human Rights Watch (Jun. 7, 2013), http://www.hrw.org/news/2013/06/07/india-new-monitoring-system-threatens-rights
 Manu Kaushik & Pierre Mario Fitter, Beware of the bugs, Business Today (Feb. 17, 2013), http://businesstoday.intoday.in/story/india-cyber-security-at-risk/1/191786.html