Privacy and emerging technology : Are Indian laws catching up?

Privacy and emerging technology : Are Indian laws catching up?

By Rachika Agrawal

Source: This article appeared in the February 2004 issue of Lawyers Collective

Half a century has passed since India framed its Constitution and still the Indian Constitution still does not recognise privacy as an inherent fundamental right. The concept of privacy as a fundamental right first evolved in the sixties in the case of Kharak Singh v State of Uttar Pradesh, (1964) 1 SCR 332. The Court held that the Right to Privacy is an integral part of the Right to Life. But with no clear cut laws, it remains in the grey area.

Thus, under Article 21 of the Constitution of India, an encroachment upon one's privacy can be only shielded if the transgressor is the state and not a private entity. If the offender is a private individual then there is no effective remedy except in tort where one can claim damages for intruding in his privacy and no more. Tort itself falls in the grey area.

An example of this being, when Maneka Gandhi moved the Delhi High Court against Khushwant Singh's autobiography Truth, love and a little malice claiming it had violated her privacy. The judgment went in favor of Khushwant Singh. The two judge bench observed that the right to privacy enshrined in article 21 could be invoked only against the state action and not against private entities.

Another landmark judgment which addressed the issue of privacy was the telephone tapping case—People's Union for Civil Liberties v Union of India, (1997) 1 SCC 301. In this case the Supreme Court observed, "The Right to Privacy by itself, has not been identified under the Constitution. As a concept it may be too wide and moralistic to define it judicially. Whether Right to Privacy can be claimed or has been infringed in a given case would depend on the facts of the said case…."

Privacy vis-a-vis technology
The problem gets serious when one is virtually defenseless in cyberspace. The Information Technology Act, 2000 (ITA) has recognized various crimes like cyber- stalking, cyber snooping, spam mail and such others. An individual can do very little about these offences. But even the ITA touches the issue of privacy only under Section 72 which talks about breach of confidentiality and privacy. Thus, if a Government official passes on electronic information or data that he has received about an individual in his official capacity, he can be punished.

With the advancement of technology, with every passing moment, even the new ITA seems obsolete. In a recent article by Satyantan Chakrawarty(1) on the need for use of new hi-tech devices for the purpose of investigating, the author stated that sometimes the officials transgress their authority and enter the private domain of the people thus infringing their privacy. The Research and Analysis Wing (RAW) had access to bugging, surveillance and counter surveillance equipment. A variety of devices can be used by an investigating agency, like, e-logger(2), GSM monitor(3), laser ear(4), e-mail interceptor(5), spy cavities(6).

However, the increased use of these devices has definitely increased the vulnerability of a person, and the only check on this is the controller appointed by the Government of India under the ITA. If the controller is convinced himself that the interception is required then he may grant the permission for the same. The ITA also provides for a list of reasons, which are not exhaustive, under which the controller can grant such permission. The reasons in the list are, in the interest of maintaining the sovereignty and integrity of India, security of the state, in the interest of pursuing friendly relations with foreign states, public order and preventing a cognizable offence.

The fact that cannot be ignored here is that while in a case of privacy infringement by a state or an instrumentality of the state, as discussed above, an infringement action can be brought under Article 21 of the Constitution(7), there is no remedy available if such an infringement is committed at the hands of a private individual. For such an infringement no expensive devices and equipments are required.

Cellular phones
As digital photo components have plummeted in price and their size has shrunk, the privacy implications of cameras on phones have raised concerns beyond the fears of stalked celebrities and cheating spouses.

Even the makers of camera phones do not seem keen on the technology when it is turned on them. Samsung Corporation and LG Electronics Inc, the South Korean handset makers, caused a chuckle in the industry when they banned the use of their own phones (with camera) in their own facilities this year.

As regards the friendly computers, our very own PCs can infringe our privacy by sending out a a lot of information about us to third parties. A software programme by the name of Spybot.gen downloaded on a computer's hard drive has the power to read MS Word documents and send contents back to its originator, or to an accomplice.(8)

Also, hacking and spoofing are words not unknown to us. Section 66 of the ITA has defined hacking and the impact of such hacking can be best understood when a website is defaced. Section 66(1) states, "Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking." Thus, hacking can be committed only if the person has the intent or knowledge of committing the same.

Though steps have been taken by the Ministry of Information and Broadcasting to combat this crime a lot has yet to be done. Setting up a cyber crime cell is not the only step that we need to take. More importantly, we need to educate the investigators in this specialised field. There should be many training programmes for the police and investigating officers on cyber crimes, as awareness levels of such executive functionaries are often quite poor.

Further, reporting the matter to the police means inviting negative media publicity. It also leads to a media trial about the security capabilities of the said company or its network, often even without giving the company an opportunity to express its side of the story. The hassles of going to court and producing evidence are other strong deterrents. Unfortunately, this scenario prevails not only in India but also worldwide.

However, as a result, cyber crimes like hacking go unreported. The government basks under a false sense of security that their companies and networks are free from cyber crime. Very few cases are reported to the police and consequently there are very few convictions.(9) Either one should have all the latest state-of-the-art security systems in place or you are totally insecure. There is a need to standardise the cyber laws as only 12 countries, including India, have authenticated digital signatures. Further the countries without cyber legislation needs to be convinced to assist in checking IT crimes.

Just as the human mind is ingenious enough to devise new ways for perpetuating crime, similarly, human ingenuity needs to be channelised into developing effective legal and regulatory mechanisms to control and prevent cyber crimes.

Thus, we see that the more technically equipped we become, the easier it has become to peep into the bedroom of others. Though an individual has protection from state intervention but what protection can an individual claim against a person who is infringing one's right to privacy sitting miles away, probably in some other country. These are some questions which have not yet been addressed by any of the statutes and require a lot of thinking to be done by the legislators of the country as has already been done by other countries.

When George Orwell(9) floated the idea of 'the thought police' back in 1930s, no one must have ever perceived this to become true with time. Today, the more tech-savvy you get, the more vulnerable you get to the infringement of your privacy. There are lots of new devices in the market facilitating communication but using them means trading off one's privacy. 'They know where you are.' The cellphones today provide a facility specially to the parents of youngsters to track down the
whereabouts of their children. But tomorrow they could even haul you up for 'unwelcome thoughts'. Welcome to the then imaginary, but now real Orwellian world. Big brother is watching you…. almost always…

end notes:
(1) Satyantan Chakravarty, Technology Spying: Big Brother is Listening…, India Today, Nov17, 2003
(2) E- Logger is a computer worm that is sent as an e- greeting to a target. It will pick up passwords, read all files and capture all keystrokes of targeted computer.
(3) GSM Monitor automatically tracks targeted cellular phones round- the - clock. Sophisticated GSM gateways track underworld callers whose voice samples are fed in systems.
(4) Laser Ear picks up vibrations created by speech and convert them into electric signals to reproduce conversations by hitting infra red rays on the window of a room.
(5) E- mail interceptor: a Special software allows intelligence agencies to capture e- mails and voice mails using about 2,00000 key words at India's Internet and telephone gateways. This is passive tracking with no human involvement.
(6) Spy Cavities are hidden cone shaped metal cavities in walls which pick up sounds which can be recreated.
(7) Provides for a fundamental right to life and liberty i.e. the state shall not deprive an individual of his life and liberty except according to law.
(8) Bhopal Plus, After Big Brother, Spybot is Watching You, Nov. 14, 2003, Vol. II, Issue No. 30
(9) George Orwell's book "1984" in which he gave the concept of hauling up people for thoughts against the Big Brother by the Thought Police.

Rachika Agarwal is a fourth year student at the National Law Institute University, Bhopal.

Back to commentry