CLFR - India

Monday, January 8, 2018 - 10:23

PROVISION OF REAL-TIME LAWFUL INTERCEPTION ASSISTANCE

LEGISLATION

Under Section 5(2) of the ITA read with Rule 419- A (I) of the Indian Telegraph Rules, 1951 (ITR), either the Secretary to the Ministry of Home Affairs (in case of the central government) or the Secretary to the Home Department (in case of the state government) or a person above the rank of Joint Secretary (in unavoidable circumstances) authorised by the respective government, during a public emergency or in the interests of public safety, may issue a written order directing an interception, if the official in question believes that it is necessary to do so in the: (a) interest of sovereignty and integrity of India; (b) the security of the State; (c) friendly relations with foreign states; (d) public order; or (e) the prevention of incitement of offences.

In case of an emergency, the prior approval of the government officials referred to above may be dispensed with. In such a case, the interception or monitoring will have to be carried out by an officer not below the level of the Inspector General of Police.

Section 69 of the IT Act permits authorised government officials to intercept or monitor information transmitted, generated, received or stored in any computer. Accordingly, the service provider is required to extend all technical facilities, equipment and technical assistance to the authorised government officials to intercept the information and to provide information stored in the computer. The Interception Rules lay down the procedure to be followed by the government to authorise such interception or monitoring.

Under Section 69 of the IT Act read with Rule 3 of the Interception Rules, either the Secretary to the Ministry of Home Affairs (in case of the central government) or the Secretary to the Home Department (in case of the state government) or a person above the rank of Joint Secretary authorised by the respective government (in unavoidable circumstances), may issue an order for the interception of any electronic information transmitted, stored or generated over any computer, if the official in question believes that it is necessary to do so in: (a) the interest of sovereignty and integrity of India; (b) the security of the State; (c) friendly relations with foreign states; (d) public order; or (e) the prevention of incitement of offences.

The UASL and the ISP License require the licensee to implement the necessary facilities and equipment for interception purposes in terms of the following provisions:

Clause 41.20 (xvi) of the UASL and Clause 34. 28 (xvi) of the ISP License require the licensee to provide the necessary hardware/software in their equipment to enable the government to enable interception and monitoring from a centralised location.

Under Clause 34.4 and Clause 41.7 of the ISP License the licensee is required to install the equipment that may be prescribed by the government for monitoring purposes.

As per Clause 34.28(xiv) of the ISP License and Clause 41.20 (xiv) of the UASL, in case of remote access of information, the licensee is required to install suitable technical devices enabling the creation of a mirror image of the remote access information for monitoring purposes.

Clause 41.10 of the UASL License requires the licensee to install the necessary hardware/software to enable the government to monitor simultaneous calls.

Under Rule 13 read with Rule 19 of the Interception Rules, once the interception order has been issued as per Rule 3 of the Interception Rules, an officer not below the rank of the Additional Superintendent of Police shall make a written request to the intermediary to provide all facilities and the necessary equipment for the interception of the information.

Section 2(w) of the IT Act defines intermediary to include ‘telecom service providers, network service providers and internet service providers’.

LICENSES

The UASL is entered into between a telecom service provider and the Department of Telecommunication (“DoT”) for the provision of telecommunication services. The ISP License is entered into between an internet service provider and the DoT for the provision of internet services. Under both the UASL and the ISP License, licensees are bound to take all steps and provide all facilities to enable the government to carry out interception of communications. Clause 42.2 of the UASL and Clause 35.5 of the ISP License provide that the licensee is required to provide the necessary interception facilities as required under Section 5 of the ITA.

Clause 41.10 of the UASL and Clause 34.6 of the ISP license provide that designated government officials shall have the right to monitor the telecommunication traffic at any technically feasible point. The licensee is required to make arrangements for simultaneous monitoring by the government.

Clause 34.8 of the ISP License, requires each ISP to maintain a log of all connected users and the service that they are using. The ISP is also required to maintain every outward login. The logs and the copies of all the packets originating from the Customer Premises Equipment (“CPE”) of the ISP must be available in real time to the government.

DISCLOSURE OF COMMUNICATIONS DATA

LEGISLATION

The Code of Criminal Procedure (“CrPC”) empowers a court or police officer in charge of a police station to seek the production of any ‘any document or other thing’ if the officer believes that the document is necessary for the purposes of any investigation.

Section 69 of the IT Act permits authorised government officials to intercept or monitor information transmitted, generated, received or stored in any computer. Accordingly, the service provider is required to extend all technical facilities, equipment and technical assistance to the authorised government officials to intercept the information and to provide information stored in the computer.

LICENSES

Under the UASL and the ISP License Agreement, the licensee is required to provide access to all call data records as well any other electronic communication. Under Clause 41.10 of the UASL, the licensee is required to provide the call data records of all the calls handled by the licensee as and when required by the government.

With respect to the ISP License Agreement, Clause 33.4 requires the licensee to provide the government with the required tracing facilities to trace messages or communications, when such information is required for investigation of a crime or for national security purposes. Section 91 of the CrPC permits a court or officer in charge of a police station to issue a summons or written order respectively, requiring the production of “any document or other thing necessary or desirable for the purposes of any investigation, inquiry, trial or proceeding”

Section 69 of the IT Act permits authorised government officials to “intercept or monitor information transmitted, generated, received or stored in any computer”. Accordingly, the service provider is required to extend all technical facilities, equipment and technical assistance to the authorised government officials to intercept the information and to provide information stored in the computer.

Interception has been defined under Rule 2(l) of the Interception Rules to include the acquisition of “the contents of any information” through any means in so far as it enables the content of the information to be made available to a person other than the intended recipient.

NATIONAL SECURITY AND EMERGENCY POWERS

LEGISLATION

Under Section 5(1) of the ITA, if there is a public emergency or in the interest of public safety, the government believes it is necessary, the government has the power to temporarily take possession of the ‘telegraph’ established and maintained or worked on by any person authorised under the ITA.

LICENSES

The government has the following special powers under the UASL and the ISP License:

Under Clause 41.13 of UASL and Clause 10.5 of ISP License; the government may “take over the service, equipment and networks of the licensee” in the event that such directions are issued in the public interest by the Government of India in the event of a national emergency, war, low-intensity conflict, or any other eventuality.

As per Clause 41.1 of UASL and Clause 34.1 of ISP License, the licensee must “provide necessary facilities depending upon the specific situation at the relevant time to the Government to counteract espionage, subversive act, sabotage or any other unlawful activity”.

Under Clause 41.5 of UASL and Clause 5.1 of the ISP License, the government may revise the license Clauses at any time if “considered necessary in the interest of national security and public interest”.

In terms of Clause 41.11 of UASL and Clause 34.9 of ISP License, the government may, through appropriate notification, block the usage of mobile terminals in certain areas of the country. In such cases, the licensee must deny service in the specified areas within six hours of receiving the request.

Under Clause 41.20(xviii) of UASL and Clause 34.28(xviii), the government may restrict the licensee from operating in any sensitive area on national security grounds.

In addition, Clause 33.7 of the ISP License and Clause 39.14 of the UL provide that the “use of the network for anti-national activities” (such as breaking into an Indian network) may be deemed sufficient reason to revoke the license, and will be considered an offence punishable under criminal law.

The ITA, the UASL and the ISP License do not prescribe the method and the instrument that the government may use in this regard.

OVERSIGHT OF THE USE OF THESE POWERS

There is no judicial oversight over the interception process.

With respect to the review of the interception of telephonic communication under the ITA and the ITR, a Review Committee has been established under Rule 419-A(16) of the ITR at both the central and the state level. As per the ITR, every order issued by the relevant government officials has to be sent to the Review Committee.

The Review Committee is required to meet once every two months and if the Review Committee is of the opinion that interception order was not in accordance with the provisions of the ITA and the ITR, it may set aside the interception order and also order the destruction of the information obtained through interception.

Rule 419- A (17) provides that in case the interception has been carried out in an emergency, the relevant government official has to be informed of such interception within three working days and the interception has to be confirmed within 7 working days, otherwise the interception will have to cease and the same message cannot be intercepted without the prior approval of Union or state Home Secretary.

A similar Review Committee has also been established under the Interception Rules. Rule 22 of the Interception Rules provides for the establishment of a Review Committee to examine the interception or monitoring directions. If the Review Committee is of the opinion that the interception or monitoring directions are not in accordance with Section 69 of the IT Act, then it may set aside the direction and also order the destruction of the information obtained through interception.

CENSORSHIP RELATED POWERS

SHUT-DOWN OF NETWORK AND SERVICES

INDIAN TELEGRAPH ACT 1885

On the occurrence of a public emergency or in the interest of public safety, the government, if it believes it is necessary, may temporarily take possession of a provider’s network (such as Vodafone’s network) pursuant to provisions of the Indian Telegraph Act 1885. This, power, however, is subject to the license conditions stated below, and fundamental rights of citizens envisioned under the Constitution of India.

INDIA DEPARTMENT OF TELECOMMUNICATION – UAS LICENCE & ISP LICENCE

India’s Department of Telecommunication licences telecom service providers under its Unified Access Service Licence Agreement (a ‘UAS Licence’) or Unified License Agreement (a ‘UL License’), and internet service providers under its Internet Service Provider Licence Agreement (an ‘ISP Licence’).

Under the terms of these licenses, the government may, in the public interest, issue directions entitling it to take over the service, equipment and networks of the licensee in the event of a national emergency, war, low-intensity conflict, or any other eventuality.

Additionally, under the license terms, the government through appropriate notification, may debar usage of mobile terminals, and require the licensee to deny services, as may be prescribed, in certain areas of the country. The licensee must deny service in the specified areas, within six hours of receipt of the request. Therefore, Vodafone may be required to cease providing services in certain areas, if required by the government.

This should be read in light of any and all Addendums and Amendments to the license conditions, as may be made from time to time.

BLOCKING OF URLS & IP ADDRESSES

INFORMATION TECHNOLOGY ACT 2000

Under Sub-Section (1) of Section 69A of the Information Technology Act 2000, the Central government or any of its officer specially authorized by it in this behalf (acting through an officer not below the rank of Joint Secretary), has the power to direct telecom providers, network providers and internet service providers to block public access to any information generated, transmitted, received or stored in any computer resource. The officer giving the direction may only do so, if he or she believes it is necessary, in the interests of protecting the sovereignty and integrity of India, defending the security of the State, protecting public order, maintaining friendly relations with foreign States, or preventing incitement to the commission of any cognizable offence relating to above. Therefore, Vodafone may sometimes be required by the government to block public access to information accessed on its network. In practice, this is likely to be by blocking a URL or IP address.

The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules 2009 (known as the ‘Blocking Rules’), prescribe the procedure to be followed in such matters. Under the Blocking Rules, the Designated Officer may, on receipt of any request from the Nodal Officer of an organisation, or a competent court, by order, direct any Agency of the Government or intermediary to block access by the public to any information or part thereof, generated, transmitted, received, stored or hosted in any computer resource for any of the reasons specified in under Sub-section (1) of Section 69A of the Information Technology Act. Upon receipt, the government reviews the request as per the detailed procedure set forth in the Blocking Rules, and if it believes it necessary, may issue a written order (acting through the Designated Officer), requiring that access to the website be blocked.

INDIA DEPARTMENT OF TELECOMMUNICATION – LICENCES

In addition to the above, the government has the authority under the ISP licence to direct all ISP Licensees, like Vodafone, to block websites and/or individual subscribers, in the interest of national security or public interest.

INFORMATION TECHNOLOGY (INTERMEDIARIES GUIDELINES) RULES 2011

Under Rule 3 of the Information Technology (Intermediaries Guidelines) Rules 2011, a telecoms provider, network provider or internet service provider is required to take down content once it obtains knowledge that the content is in violation of Rule 3. The content must be taken down within 36 hours. Usually the type of content to which this rule applies is content which contains information that is grossly harmful, harassing, blasphemous, defamatory or otherwise illegal or offensive.

POWER TO TAKE CONTROL OF VODAFONE’S NETWORK

Please refer to the powers outlined at ‘Shut-down of network and services’ above.

OVERSIGHT OF THE USE OF POWERS

The aforementioned prohibitory orders can be issued only by persons with appropriate authority, after following due process. Such orders, if any, must to be passed judiciously by the appropriate governmental or regulatory authorities, within the framework of applicable legal provisions, license conditions, and Constitutional rights of citizens; otherwise, the same would be subject to judicial scrutiny.

An order may be challenged on legitimate grounds before the TDSAT, or in a court with appropriate jurisdiction over the matter.

This information was originally published in the Legal Annexe to the Vodafone Group Law Enforcement Disclosure Report in June of 2014, which was updated in February of 2015.