The surveillance laws in India: After the WhatsApp breach, what should the way forward be

  • Is surveillance of this kind illegal in India?

  • How broad are the laws regarding legal surveillance?

  • What are the rules for carrying out surveillance in India?

  • What about the Supreme Court verdict on privacy?

GS paper 3 (Social Media Networks & Internal Security)

The above article has been retrieved from: Jayant Sriram. ( 2019, November , 20). What are the surveillance laws in India?. The Hindu. Retrieved from

What is the context about?

  • On October 30, many publications reported that phones of several dozen Indian journalists, lawyers and human rights activists had been compromised using an invasive Israeli-developed malware called Pegasus.

  • Messaging platform WhatsApp, through which the malware was disseminated, has reported that 121 individuals were targeted in India alone.

  • A lawsuit was filed against Israeli cyberintelligence firm NSO by WhatsApp and its parent company Facebook in a U.S. court in California on October 29, accusing it of using their messaging platform to despatch Pegasus for surveillance to approximately 1,400 mobile phones and devices worldwide.

Is surveillance of this kind illegal in India?

  • Yes. First, it’s important to explain that there are legal routes to surveillance that can be conducted by the government.

  • The laws governing this are the Indian Telegraph Act, 1885, which deals with interception of calls and the Information Technology (IT) Act, 2000, which deals with interception of data. Under both laws, only the government, under certain circumstances, is permitted to conduct surveillance, and not private actors.

  • Moreover, hacking is expressly prohibited under the IT Act. Section 43 and Section 66 of the IT Act cover the civil and criminal offences of data theft and hacking respectively. Section 66B covers punishment for dishonestly receiving stolen computer resource or communication. The punishment includes imprisonment for a term which may extend to three years.

How broad are the laws regarding legal surveillance?

  • The framework for understanding the checks and balances built into these laws dates back to 1996. In 1996, the Supreme Court noted that there was a lack of procedural safeguards in the Indian Telegraph Act.

  • It laid down some guidelines that were later codified into rules in 2007. This included a specific rule that orders on interceptions of communication should only be issued by the Secretary in the Ministry of Home Affairs.

  • These rules were partly reflected in the IT (Procedures and Safeguards for Interception, Monitoring and Decryption of Information) Rules framed in 2009 under the IT Act.

What are the rules for carrying out surveillance in India?

  • The rules state that only the competent authority can issue an order for the interception, monitoring or decryption of any information generated, transmitted, received or stored in any computer resource (mobile phones would count). The competent authority is once again the Union Home Secretary or State Secretaries in charge of the Home Departments.

  • In December 2018, the Central government created a furore when it authorised 10 Central agencies to conduct surveillance.

  • In the face of criticism that it was building a ‘surveillance state’, the government countered that it was building upon the rules laid down in 2009 and the agencies would still need approval from a competent authority, usually the Union Home Secretary. The 2018 action of the Union government has been challenged in the Supreme Court.