The Indian government said Tuesday that new rules allowing it to access personal information available with Internet companies have inherent checks and balances against misuse.
The rules under section 43A of the Information Technology Act were enacted last month and reflect the government’s perception that security threats to the country can be countered by better access to online information.
The country is, for example, locked in a dispute with Research In Motion, demanding access to e-mails and other communications on RIM’s corporate service, called BlackBerry Enterprise Server.
Privacy groups and lawyers have described the rules as draconian and said they infringe Indians’ fundamental rights. “These are arbitrary powers that are being given to government, without any checks and balances,” said Pavan Dugga, a cyberlaw consultant and advocate in India’s Supreme Court.
The rules place controls on the gathering and use of personal data by Internet companies, including requiring permission from the provider of information for sharing such data. But the rules cite the government as an exception in this regard.
The purpose of the rules is to protect sensitive personal data and information, and government agencies cannot be made an exception to this, Duggal said.
The government now holds that by limiting access to personal information to government agencies that are mandated under the law to collect such information, it has provided the required checks and balances against misuse, according to a statement issued by Ministry of Communications & Information Technology.
Besides sending a request in writing to companies, stating the purpose for seeking personal information, government agencies have to also give an undertaking that the information obtained will not be published or shared with any other person, the ministry added.
Police need a search warrant to enter a home, but in the digital world the government appears to be giving itself the power of entry and search without a warrant, Duggal said.
The government is not required to follow due process of law, and is only required to send a request for information in writing, Duggal said. There is no adjudication of the purpose for which the information is required and there is no competent authority or court to rule on the requirement, he added.
India is already facing criticism for the leak last year of telephone recordings made by the country’s Income Tax Department. The telephone conversations between a lobbyist and some businessmen and politicians have been key inputs in investigations into an alleged scam in the allotment of 2G licenses and spectrum in 2008 by former telecommunications minister A. Raja.
A top Indian industrialist, Ratan Tata, said that his privacy had been encroached upon by leaks to the media of tapes of his telephone conversation with the lobbyist, and filed a case with the country’s Supreme Court for protection of his privacy.
The country’s Cabinet Secretary K.M.Chandrasekhar, who was directed by Prime Minister Manmohan Singh to review India’s telephone interception rules and procedures in December, said that interception of telephone calls by government agencies should be limited to situations when there is a “public emergency” or “public safety” is at stake.
Chandrasekhar cited Supreme Court rulings that state that a public emergency or the interest of public safety are preconditions for the application of legal provisions for such interceptions.
“You can’t have one set of laws for telephone interception and another set of rules for privacy on the Internet,” Duggal said.
The new rules have also drawn criticism for conditions relating to content posted on websites and blogs.
Intermediaries such as telecommunications companies, ISPs and blogging sites have to bring down content within 36 hours of being alerted by an affected person, without giving the content’s creator the opportunity to defend the material, Duggal said. The intermediaries will not have the option to decide whether the content is indeed against the law, he added.
Content can be found objectionable on a number of legally vague grounds, including if it is “grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, pedophilic, or libelous.”
John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John’s e-mail address is john_ribeiro@idg.com