Tucked away from nosy parkers, a group of 20 specially trained men and women in Mumbai scour the social media platforms everyday tracking conversations and mining keywords for sentiment and topical analysis. They are members of a Social Media Laboratory (SML). Here's the surprise: pleasant or otherwise is your pick. These men and women are police officers and the innocuously named unit -- a nomenclature more suited to a research institution than a police force -- is expected to help the government get the 'correct picture of societal needs and misgivings'. Or so says the city's police commissioner Satyapal Singh. With the lab popping up, as it were, on the heels of the ham-handed use of Section 66A of the IT Act against Shaheen Dhada for her Facebook update, speculation about its 'real purpose' raised the suspicions of rights and privacy activists. Seemingly justified as the lab, unlike a cyber crime unit that requires a crime to be committed first for subsequent action, can theoretically extend its scope to preventive and proactive action. Overstating a point, but think of the movie
Minority Report. But till now the cops seem to be playing fair, showing remarkable transparency in their use of open source tools and in the tie up with Delhi-based start-up SocialAppsHQ for algorithmic support.
Lost in the international din about Edward Snowden's expose of the American Prism programme and the domino exposure that it unleashed on European electronic snooping -similar British and French programmes are apparently more intrusive than Prism - India's hesitant, and sometimes bumbling, steps in the same direction have not attracted much attention. Simply called the CMS, another innocuous sounding acronym for Central Monitoring System, the government officially admitted to its existence in April 2013. The SML, interestingly, was set up immediately after this disclosure. Insiders say the system, albeit in various stages of evolution and in bits and pieces, has existed for over ten years. But in 2011 the government decided to pump in close to Rs40 crores to bring together all the bits and pieces and integrate it with the Telephone Call Interception System (TCIS) that monitors voice calls, SMS and MMS, GPRS, facsimile communications on landlines, CDMA, GSM and 3G networks, and video calls. Viewed in this light, all that noise around the same time about encrypted communication of Blackberry Messengers and endangered national security suddenly acquires context. In short, the Indian CMS already has the capability to intercept our calls, analyse data on social networking sites, and track encrypted signals. The Research and Analysis Wing (R&AW), the Central Bureau of Investigation (CBI), the National Investigation Agency (NIA), the Central Board of Direct Taxes (CBDT), the Narcotics Control Bureau, and the Enforcement Directorate (ED) already have, or will soon have, access to this system.
Impressive indeed, though there are curious kinks that are somehow found only in the systems designed by C-DoT. For instance, mobile operators in only seven of the 22 service areas have been connected to the CMS, strangely defeating the very purpose of 24/7 monitoring and surveillance. More importantly, the system lacks search algorithms. Without the ability to search, which today even a home-grown website has, one has to go through every email, SMS or MMS to find anything 'incriminating'. And it seems the datacentre to store the intercepted data is not ready, which means that all the analysis currently is being done on a real-time basis. Not such a great thing when several decisions will be made without a comparative analysis of cached data. The debate unleashed by Snowden's revelations has coagulated into two dominant positions of 'why' and 'why not'. Both positions are imbued with justifiable issues of ethics, privacy and security. Broadly the rights groups cluster around 'why', while the establishment and pro-establishment institutions and groups cluster around 'why not'. When one approaches surveillance and electronic snooping from the standpoint of 'why', it eventually leads to amplification of the dangers, justifiably so in several cases, of a big brother. And from the standpoint of 'why not' security of the collective -- local, national or global -- acquires paramount position and electronic snooping is justified as 'necessary for the larger good'. Think Barack Obama.
There is, however, a third position of realism that hasn't been explored as much. The dividing line in the digital world between what constitutes 'snooping' and what is considered as 'collection' of information is thin. That line will only get blurred as the digital footprint of people expand and need for customised solutions increase. With the government also increasingly turning towards digital technology for eliminating inefficiencies in the social sector, customisation aka profiling, to use a politically incorrect term, will become the norm. Yes it's not the same as reading your emails and listening to your phone conversations. But then doesn't that distinction suddenly get fuzzy when you realise that Google's bots have been reading your emails for close to five years? Or that call centres have been routinely recording our conversations ostensibly for training purposes? Social media platforms, search engines, comparator and e-commerce sites, mobile applications and location-based services are able to give you personalised services because they track your moves, collect your data and predict your next move. It's something the government also wants to do; an imperative need considering the logic national security cannot really be overemphasised. Pervasive digitalisation is a reality. In a digital world electronic signature will always be generated, captured and analysed. Indeed it's already being done. We know it by a different name -- big data. So the takeaway is this: Digitalisation is here to stay and prosper and the resultant footprints will be captured. In such a scenario how do we ensure that we, the people, do not get the wrong end of the stick, not just from the government but also from the seemingly benign market forces?
First, there has to be a decisive move towards enacting a strong privacy law as per the recommendations of the Planning Commission expert group chaired by retired Justice A P Shah. The committee rightly pointed out that a robust privacy law cannot exist till two laws addressing interception and access to communication data are not modified extensively. The first law is The Information Technology (Amendment) Act, 2008 that allows the government to 'intercept, monitor or decrypt' any information 'generated, transmitted, received or stored in any computer resource' in the interest of 'sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States, or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence'. The second is the antiquated Indian Telegraph Act of 1885 that also allows wiretapping by enforcement agencies. The expert group clearly says that these two laws 'have created an unclear regulatory regime that is non-transparent, prone to misuse, and that does not provide remedy for aggrieved individuals'.
Second, Section 66A of the Information Technology Act needs to be either jettisoned or substantially modified. This author was one of the first to point out the potential for misuse of this particular provision. The terms 'grossly offensive' 'has menacing character', 'causes annoyance or inconvenience', 'grossly harmful', 'disparaging' that are part of Section 66A, as suspected, have been misused by the executive agencies. In fact, in March 2013, a parliamentary standing committee on the 2011 Information Technology rules noted how the vague and ambiguous language of Section 66A has lead to harassment.
Third, the right to privacy should be linked to the fundamental rights guaranteed in the Indian Constitution and strong legal measures of writ petitions and habeas corpus must be made available for redress. The right to privacy is guaranteed under the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights. India is a signatory. Additionally, the Right to Information Act must be extended to include actions of the government and businesses that explicitly and implicitly collect and store information of a personal nature. By taking the lid off an open secret Snowden has actually done all of us a favour. It gives us an opportunity to acknowledge the new digital reality. It's only by acknowledging it that we will be able create strong policy measures to not only regulate its obviously intrusive reach, but also to allow its free flowing nature to be used for our collective security.
(The writer is a Visiting Fellow at Observer Research Foundation. He is also a National Internet Exchange of India Fellow)
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.