Privacy in Peril: India’s Interception Regime

For over a century, India’s interception laws, grounded in the colonial-era Indian Telegraph Act 1885, had allowed the government to monitor communications. Despite updates in 2007 that introduced some safeguards, such as requiring telecom providers to prevent unauthorized interceptions and penalties, the law suffered from limitations. The amendments failed to address key weaknesses: vague grounds for interception and a lack of effective oversight. These flaws left the door open for abuse.

Now, with the passing of the Telecommunications Act 2023 and the draft Telecommunications (Procedures and Safeguards for Lawful Interception of Messages) Rules 2024, India is on the brink of a dramatic shift. Rather than modernizing interception laws, the new framework expands state powers significantly, putting citizens’ privacy and digital rights at risk.

A Lack of Clarity, Transparency, and Accountability

The Telecom Act’s definition of telecommunication as the “transmission, emission, or reception of any messages, by wire, radio, optical, or other electromagnetic systems” is so broad it could cover all mobile phone traffic, including Internet-based activity. This could extend interception orders to encrypted messaging platforms like WhatsApp, a move that undermines both service providers’ commitments to encryption and raises significant privacy concerns.

Over-the-top (OTT) service providers, technologists, and researchers have also raised alarms about the lack of clarity in the law’s scope. The sweeping definition could be interpreted as a deliberate attempt to bring encrypted communication systems under the surveillance regime in India. Despite statements from the Department of Telecommunications (DoT) and the former Telecom Minister, no official clarification on the scope of the law has been provided, including whether OTTs are excluded from the Act.

In addition, the vague language surrounding the grounds for interception—such as “public emergency” and “public order”—offers no clear definition, leaving these terms open to subjective interpretation. This ambiguity creates a dangerous precedent, allowing the state to justify intercepting communications for trivial or politically motivated reasons rather than legitimate national security concerns.

What’s more concerning is that the new interception framework gives officials of similar rank within the executive branch the power to both issue and review interception orders, undermining impartiality in the review process. This concentration of power within the executive branch goes against democratic principles and natural justice, which hold that no one should judge their own cause. It creates an environment where politically motivated or unlawful interceptions may go unchecked, bypassing independent oversight from Parliament or the judiciary—key pillars of democratic accountability.

Finally, the interception process is inherently secretive, and the new framework exacerbates this issue by mandating the destruction of interception orders. This policy creates an opaque system where no records exist to contest government actions, shielding executive power from scrutiny, severely undermining transparency and accountability, and leaving citizens vulnerable to unchecked surveillance.

Equally alarming is a provision allowing the indefinite retention of intercepted messages for "functional purposes" with no clear time limit. Without a defined retention period, authorities can interpret “functional purposes” in ways that serve their agenda, further eroding privacy protections. Even more troubling is the potential for a “harvest now, decrypt later” strategy, where authorities could store encrypted messages to decrypt them at a later time, perhaps using advanced technology like quantum computing.

The Urgent Need for Safeguards and Judicial Oversight

The conflict between interception and encryption animates the government’s policy choices. Interception inherently compromises privacy, while encryption is designed to protect it. The government’s expansion of surveillance powers threatens to bypass the protections afforded by encryption, forcing platforms to break their promises to users by allowing decryption of messages. This would not only violate privacy policies but also tilt the delicate balance between national security and individual rights, enabling pervasive state surveillance of private communications.

Exacerbating the issue is the absence of key protections for telecom service providers (TSPs), which were established in the 2007 amendments to prevent unauthorized interception. Without these safeguards, TSPs may be tempted to collude with authorities, turning a blind eye to unauthorized surveillance and leaving citizens and organizations unable to challenge unlawful interception. This creates a chilling effect, where fear of government surveillance stifles dissent and activism.

India’s shifting interception laws demand urgent judicial oversight. The government has little incentive to slow its own expansion of power. In the absence of proper checks and balances, the judiciary must step in to protect the constitutional rights of Indian citizens. At the same time, civil society has a critical role to play in advocating for a more balanced approach that respects both national security and individual freedoms. As the government seeks to expand its surveillance reach, we must demand accountability and transparency, not just for our own security but for the future of privacy in India.