Computers intercepted, transparency interrupted: MHA’s CPIO refuses information about December 2018 authorisation order under the IT Act

Computers intercepted, transparency interrupted: MHA’s CPIO refuses information about December 2018 authorisation order under the IT Act
Published on

[dropcap]R[/dropcap]EADERS may remember the furore caused by an order issued by the Cyber and Information Security Division of the Union Ministry of Home Affairs (MHA) on 20 December, 2018, authorising 10 security and intelligence agencies to intercept, monitor and decrypt information generated, transmitted, received or stored in any computer resource (see 1st attachment).

Under The Right to Information Act, 2005 (RTI Act), the MHA has refused to disclose the reasons and materials such as file notings which formed the basis for issuing this order. Even more shocking is the MHA's refusal to treat as a valid query. the request for reasons for not complying with the duty of proactive disclosure of all relevant facts and reasons that underpin the order.

Controversy surrounding MHA's December 2018 order

Through the December 2018 order, the MHA authorised intelligence organisations such as the Intelligence Bureau, the Research & Analysis Wing (R&AW) of the Cabinet Secretariat, the Directorate of Revenue Intelligence and the Directorate of Signal Intelligence ( for service areas of Jammu and Kashmir, North East and Assam only) to access information from any computer resource under the Information Technology Act, 2000. Security agencies such as such as the Central Bureau of Investigation (CBI), the National Investigation Agency, the Delhi Police and the Enforcement Directorate are also included in this list. The Central Board of Direct Taxes which is neither a security nor an intelligence agency per se [although one of its arms- the Directorate General of Income Tax (Investigation) does engage in tax-related intelligence gathering operations] was also authorised to intercept computer resources.

In the December 2018 Gazette notification, the MHA stated that the order was being issued under Section 69(1) of the IT Act read with Rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009Reflecting the very public outrage that the order caused, Opposition Leaders raised the issue in the Rajya Sabha, the next day. The Leader of the House ( also the then Hon'ble Union Finance Minister) is reported to have criticised them for raising the issue in the manner they did, saying:

"What you are doing…is making a mountain where even a molehill does not exist." 

He pointed out that the 2009 Rules were notified under the UPA-II regime and that the same agencies were being notified, for the same purpose, from time to time earlier as well. The order was not an omnibus authorisation to intercept any computer resource but only such instruments that are linked to threats to national security, public order and integrity of India, he said. While beginning his reply to the Opposition Leaders, he is reported to have said that as senior leaders they ought to have obtained complete information about the issue before raising it in the House. (Click here for the verbatim report of the House proceedings):

The RTI Intervention

Deeply influenced by the sage advice of the Hon'ble Leader of the House and remembering the fact that the proviso under Section 8(1) of the RTI Act states that information which cannot be denied to a Member of Parliament cannot be denied to any citizen, I submitted a request to MHA  through the RTI Online Facility seeking the following information (see 2nd attachment):

"1) A clear photocopy of all official records that contain the written reasons for issuing the authorisation to the 10 security and intelligence agencies specified in the attached Gazette notification as per the requirements of Section 69(1) of the Information Technology Act, 2000 (IT Act);

2) A clear photocopy of all file notings, correspondence and related legal opinion, if any, with annexures, if any that form the materials on the basis of which the said authorisation was issued;

3) The detailed reasons for not complying with the statutory requirement of voluntary disclosure of facts, details and reasons related to the said authorisation as per the statutory requirements under Section 4(1)(c) and 4(1)(d) read with Section 26(1)(c) of the RTI Act, 2005;

4) A list of all other security and intelligence organisations or other authorities that have been authorised for the purpose of interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource under the IT Act, by the competent authority in the Government of India prior to 20/12/2018; and

5) A clear photocopy of all notifications issued till date, by every State Government and Union Territory Administration, similarly authorising security and intelligence organisations or authorities under their jurisdiction for the interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource under the IT Act."

The MHA's reply

The Central Public Information Officer (CPIO) of the MHA has rejected the information sought at paras 1, 2, 4 and 5 in the following words (see 3rd attachment):

"Sought documents / information is classified as 'Top Secret' and cannot be disclosed as it is exempted under Section 8(1)(a), 8(1)(g) and 8(1)(h) of the Right to Information Act, 2005. This is in confirmation with the Central Information Commission decision vide  no. CIC/VS/A/2014/000378/SB dated 02.09.2015 (available in public domain) in an appeal filed by Shri Amitabh Narayan". (emphasis supplied)

As regards the query about non-compliance with the voluntary disclosure of facts and detailed reasons for the authorisation to intercept computers, the CPIO replied that "it is in the form of a question which is not covered under the definition of 'information' under Section 2(f) of the Right to Information Act, 2005." (emphasis supplied)

What is wrong with the CPIO's reply?

1) The CPIO seems to be completely oblivious of the advice of the Leader of the House in the Rajya Sabha that anybody speaking about the interception order must so do after obtaining all facts. This was the express purpose of the RTI intervention but it was completely lost on the CPIO.

The two gentlemen seem to be operating on completely different wave lengths. Section 4(1)(c) and 4(1)(d) of the RTI Act require every public authority to voluntarily disclose all relevant facts and reasons for such orders to the public at large.  Under Section 26(1)(c) of the RTI Act, the Central Government has a duty to ensure that every public authority performs this voluntary duty. Section 26(1)(c) mandates the Government to require all public authorities to proactively disseminate accurate information about their activities effectively from time to time. The CPIO has ignored all these statutory requirements while making a decision on my RTI application.

2) Further, the CIC's order which the CPIO has cited to reject four of the five RTI queries has nothing to do with the IT Act at all (see 4th attachment). The CIC in its wisdom has thought it fit not to record the contents of the RTI application in its September 2015 order.

The CIC had held that the RTI applicant's request for information about "telephone interception" under the 125+ years old Indian Telegraph Act and relevant Rules cannot be granted because it may prejudicially affect the interests protected under Section 8(1)(a) of the RTI Act (which of the seven grounds mentioned in that exemption is applicable, is not even discussed in the order). The CIC also ruled that disclosure would impede the investigation processes and reveal the source of information given in confidence to law enforcement agencies but there is no discussion about how disclosure will have such an effect. According to several High Courts, a detailed and well reasoned justification is a mandatory requirement while invoking the exemptions under Sections 8(1)(g) and (h) of the RTI Act.

The MHA which had decided this RTI application also, had explained that telephone interception-related records are destroyed after six months. So some of the information was not available with them in material form and could not be supplied to the appellant, it had argued.

In my humble opinion, despite the glaring defects from which the CIC's order suffers, it does not apply to anything done or order issued under the IT Act. The December 2018 order is not for telephone interception at all. Instead, it is for computer interception. The CIC's 2015 order operates in a completely different field.

The CPIO has mechanically washed his hands of the responsibility of being transparent about the routine actions of government. Further, I had not sought any information about any specific computer resource that was being intercepted by any of the 10 agencies listed in the December 2018 order. So the CPIO's action of invoking Sections 8(1)(g) and (h) is also misconceived.

3) Further, there is at least one previous order of the CIC from June 2011 where access to information about telephone interception had been granted after severing the names of officers (see 5th attachment). In this case information was sought from the CBI. Interestingly, the UPA-II Government issued a notification partially excluding CBI from the ordinary obligations of transparency under the RTI Act, in the same month and year.

The CBI challenged the CIC's order arguing that the benefit of exclusion is available to it with retrospective effect. So, the Delhi High Court stayed the operation of the 2011 CIC order. Meanwhile, several citizens filed petitions in High Courts across the country challenging the partial exclusion granted to the CBI.

These petitions were transferred to the Supreme Court on the Central Government's plea. This issue has been pending for more than seven years without resolution.

The CIC's two-page order of 2015 does not even mention the seven and a half page long CIC's 2011 order where reasons for partial disclosure are discussed in detail. One would expect that the appeal ought to have been kept pending in view of the stay granted by the Delhi High Court on a similar issue. The CPIO's MHA has cherry-picked a questionable CIC decision to deny information about the December 2018 interception authorisation order. 

4) The CPIO's reply to my third RTI query is erroneous even under the terms of Section 69(1) of the IT Act, which is reproduced below:

"69. Directions of Controller to a subscriber to extend facilities to decrypt information.

(1) If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign Stales or public order or for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource.

(2) The subscriber or any person incharge of the computer resource shall, when called upon by any agency which has been directed under sub-section (1), extend all facilities and technical assistance to decrypt the information.

(3) The subscriber or any person who fails to assist the agency referred to in sub-section (2) shall be punished with an imprisonment for a term which may extend to seven years." (emphasis supplied)

So when any order is issued under Section 69(1) of the IT Act, reasons must be recorded in writing. Under the 2009 Rules, these duties are required to be performed by the Secretary, MHA who is the "competent authority" for the Central Government. At Query #3 of my RTI application I had asked, why these reasons have not been disclosed as per the requirements of the RTI Act. By holding that Query No. 3 is in the form of a question and is not seeking information, the CPIO has committed another error.

While his boss is duty bound to record reasons before issuing the authorisation order, the CPIO has neither the intention of disclosing them nor will he treat non-compliance with the statutory duty of proactive disclosure of those very reasons as a valid basis for the RTI query. According to the Preamble of the RTI Act one of its objectives is to ensure accountability of the Government and its instrumentalities to the governed. This accountability applies not only for decisions made and actions taken by public authorities but also their omissions and failure to comply with statutory requirements.

Every citizen has the right to know all the facts and reasons that form the basis of the December 2018 authorisation order.

Meanwhile, the December 2018 order has been challenged in the Supreme Court of India. Even as we wait for the outcome of this case, I am planning to file the usual appeals. Perhaps a direct complaint to the CIC about  MHA's non-compliance with Sections 4(1) and 26(1)(c) of the RTI Act might also be order in this case.

logo
The Leaflet
theleaflet.in