THE IMPACT OF SURVEILLANCE ON SOCIAL MEDIA PRIVACY IN INDIA
Updated: Jul 29, 2020
[Authored by Melita Tessy, who is a law student at CHRIST (Deemed to be University). Her primary interest lies in Tech Law, Labour law and IPR law. She published her novel 'Battle of the Spheres' when she was 15 and is one of India's youngest TEDx Speakers.]
The term ‘surveillance’ invokes mixed feelings. While it plays an important role in protecting borders, investigating delinquents and fighting terrorism, surveillance has also led to unfortunate events. One such incident is the arrest of a 15-year-old Palestinian girl by the Israeli Police after she had updated her status on Facebook with just two words ‘forgive me’. The police had interpreted it to be a sign that she was about to commit an attack and had arrested her.
The surveillance situation in other parts of the world is no less worrying. A 2019 report by UK-based Compritech said, “not one country is consistent in protecting the privacy of its citizens.”
According to Compritech’s privacy index, India, the world’s most populous democracy is also the world’s third biggest surveillance state, falling only behind China and Russia. India’s score of 2.4 out of 5 on the index indicates “a systemic failure to maintain (privacy) safeguards.” Amongst the reasons for this failure is the non-passing of the Data Protection Bill and the extensive monitoring of the Facebook-owned WhatsApp.
The means and methods used for surveillance are manifold. Social Media Intelligence is one such method and it shall form the basis for this article. The role of the Fundamental Right to Privacy found in the Indian Constitution and the Cyber Laws in force in India shall be examined in the context of social media privacy.
Social Media Intelligence
Governments across the world, authoritarian or not, have been developing an increasing taste for a “fast, cheap and easy” type of surveillance. Social Media Intelligence (SOCMINT) is just that. The techniques or technologies that let both private parties and the government monitor social media platforms such as Instagram and Facebook are called SOCMINT. It includes monitoring of text and images in posts, comments and messages that are public or private. Other information that is generated when a person is using Social Media Platforms such as the location of the person when they are using the site, the times at which a person is active on these sites, etc are also collected and monitored.
This intelligence is collected by a non-user or an authenticated user of social media sites and is even collected through fake profiles. Another popular method is the interception of data streams on the device of the user or on an Internet Service Provider (ISP). The government is also enabled to demand data directly from the companies that own a social media platform.
Indian Surveillance and Cyber Law
There is no specific law which provides for mass surveillance in India. However, two statutes provide for interception, namely, the Indian Telegraph Act, 1885 and the Information Technology Act, 2000. Here, lawful interception is of two types: (a) time-limited interception and, (b) targeted interception which must be authorized on a case-to-case basis.
Upon a closer look however, it becomes obvious that colonial India had far better privacy safeguards when compared to the India of today. This is because the Telegraph Act mandates that interception be allowed only during a public emergency or for public safety, while the Information Technology Act allows for interception for the investigation of any offence. This means that the latter has significantly lowered the bar for wiretapping.
In addition to this, all Internet Service Providers and Social Media Companies, considered as intermediaries must extend all facilities and technical assistance to authorized government agencies for purposes of interception, investigation and surveillance. This is provided for under section 69 of the Information Technology Act. The failure to do so attracts imprisonment that can extend up to 7 years and, also a fine. In contrast, the much greater offence of unlawful interception only attracts imprisonment of up to 3 years.
The provisions under other laws too have increasingly lower standards. For example, the Criminal Procedure Code, 1973 does not necessitate a court order for interception unless the entity is a “postal or telegraph authority”. Generally, e-mail providers and social networking sites do not fall under this exception. So, in short, the state of cyber law regulating surveillance in India is tragic.
Right to Privacy and its violation
In K.S. Puttaswamy v. Union of India, it was held that the Right to Privacy is protected under the the Right to Life and Personal Liberty under Article 21 of the Constitution. The judgment calls for the government to create a data protection regime to protect the privacy of the individual. It recommends the balancing individual interests and legitimate concerns of the state. This means that the state must enact data protection laws and must limit interception of data streams for the reasons of public emergency and public protection alone. The state having failed to do so, has violated the Fundamental Right to Privacy of its citizens.
To reduce the negative effects of surveillance on social media privacy, the following steps must be followed:
a) Re-introduction of colonial privacy safeguards: The standards for interception under the Telegraph Act must be brought back as opposed the current lowered standards in the Information Technology Act, i.e. interception must be allowed only in cases of public emergency and public safety. Then, the government may cite only any of the following reasons for interception:
· the sovereignty and integrity of India
· the security of the state
· friendly relations with foreign states
· public order
· preventing incitement to the commission of an offense.
b) Passing of the Data Protection Bill: The government must enact a Data Protection Act that defines the data acquisition and usage powers of both government agencies and private parties comprehensively. It must lay down the specific privacy rights of the citizens and must clearly lay down the offences under the act. It must also set the standards for data collection and monitoring according to the stringent European standards under the General Data Protection Regulation (GDPR) laws. Because of the GDPR laws, European countries have a higher score on Compritech’s privacy index than others.
This measure is to be coupled with the passing of surveillance laws regulating the collection and usage of data by social media platforms.
c) Severe punishments for Unlawful Interception, Invasion of Privacy and Data Leaks: The terms of imprisonment (years) and the fine for above offenses must be set on the higher end to create the required deterrence for such harmful activities.
Privacy has great implications on an individuals’ social and psychological well-being. To allow for respect, trust, control over one’s life, maintenance of reputation and social boundaries, freedom of speech and expression, freedom of social and political activities and limitation of government’s power, privacy must be safeguarded.
Brad Smith, Microsoft’s Chief Legal Officer said in his interview to The Guardian that whenever one wants to ban a technology, one should also question its potential for good so as to understand how to strike the balance. Balance is not achieved by banning all use, but rather, by banning the harmful use.
Thus, while surveillance or social media intelligence cannot be banned, it must be adequately regulated to strike a balance with an individual’s Right to Privacy.
 Indian Telegraph Act, 1885, No.13, Acts of Parliament, 1885 (India).
 Information Technology Act, 2000, No.21 Acts of Parliament, 2000 (India).
 Maria Xynou, The Surveillance Industry in India (March 2014), https://cis-india.org/internet-governance/blog/surveillance-industry-india.pdf.
 Niharika Sharma, India’s among the world’s top three surveillance states (October 2019), Quartz India, Inc. , https://qz.com/india/1728927/indias-among-the-worlds-top-three-surveillance-states.
 Social Media Intelligence (October 2017), https://privacyinternational.org/explainer/55/social-media-intelligence.
 Pranesh Prakash, How Surveillance Works in India (July 2013), Centre for Internet & Society, https://cis-india.org/internet-governance/blog/nytimes-july-10-2013-pranesh-prakash-how-surveillance-works-in-india.
 Daniel Solove, 10 Reasons Why Privacy Matters (Sep 2019), https://teachprivacy.com/10-reasons-privacy-matters.
 Alex Hern, Microsoft boss: tech firms must stop 'if it's legal, it's acceptable' approach, The Guardian, https://www.theguardian.com/technology/2019/sep/20/microsoft-boss-tech-firms-must-stop-if-its-legal-its-acceptable-approach.