In India, the government is empowered to control, supervise or monitor any information in the interest of its sovereign functions or the security of the state. The government is allowed to keep surveillance on any information flowing through its state or affecting its citizens. This power enables the government to keep eyes on those who are engaged in unlawful or illegal activities.

Section 69 of the Information Technology Act, 2000 empowers the government to issue directions to certain agencies in the interest of certain grounds to "intercept or monitor or decrypt" any information from the computer resource. It was introduced to keep a check on the occurrence of certain cyber offences like child pornography, cyber terrorism, and voyeurism.

Section 69 of the IT Act
Section 69 was added through amendment in 2008. It was passed without any debate in Lok Sabha on 22 December and next day on 23 December passed by Rajya Sabha as well. The then President Pratibha Patil gave her assent on 5 February 2009 after which the Information Technology Amendment Act, 2009 came into existence.

When government can exercise the power under section 69
There are several grounds provided under Section 69(1) of the IT Act under which the government can pass orders for interception, monitoring or decryption of the information, which are as follows:

• Sovereignty or integrity of India
• Defence of India
• Security of the State
• Friendly Relations with foreign states
• Public order
• Preventing incitement to the commission of any cognisable offence
• For investigation of any offence.

Important Definition
Interception- Extraction of information from a computer resource through such means which ensure the availability of information to the person who is neither a sender or receiver. Following processes would come under ambit of interceptions as per the definition mentioned in rule 2(l) of IT Rules, 2009.

1. monitoring of information through monitoring device
2. viewing or inspection of information
3. diversion of any direct or indirect information from its intended destination to any other destination to any other destination

Monitor- According to rule 2(o) of Information Technology Rules, 2009, the term 'monitor' includes within its ambit the process of inspecting, listening or viewing or recording any information from a computer resource through a monitoring device.

Decryption- According to rule 2(f) of IT Rules, 2009, decryption is related to obtaining information using programming language, mathematical formula or any fixed algorithm etc.

Objective of section 69

1. Law enforcement
   Section 69 of the Information Technology Act can help in the enforcement of law and also in the investigation of other offences. It can also be helpful in maintaining public order and tranquillity. It can help in curbing cyber-terrorism, spreading of child pornography, hate speech, fake news etc.
    
2. National security
   Section 69 of the Information Technology Act helps in securing the nation from any external or internal threat. As technology has an immense potential to be a threat for a nation's security therefore Section 69 helps in interception or monitoring or decryption of any information through any computer resource which can be a threat to a nation's security.
    
3. To protect the sovereignty & integrity of the nation.
   Section 69 of the Information Technology Act helps in the investigation and detection of those offences that challenges the sovereignty & integrity of India such as waging war against the state, sedition, hurting religious sentiments, aiding enemy state, etc.

Which agencies can intercept informations
Section 69 of IT Act - Section 69 sub-clause one mention about power conferred upon central government, state governments & authorised officers of central or state governments. They have power to direct any government agency to put any computer resource on surveillance i.e., to intercept, monitor or decrypt any information on a computer system.

Rule 4 of IT Rules, 2009 - Along with section 69(1), rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 also provide that authorisation to surveillance may be granted to any government agency by a competent authority such as central government or state government.

Thus, while exercising its power granted under s. 69(1) and read with rule 4 of Information Technology Rules, 2009, central government has issued an order dated 20th December 2018 authorising the following ten independent agencies. These below mentioned security, intelligence and investigating agencies now have the power to intercept, monitor or decrypt any piece of information surfaced in any computer resource.

1. Intelligence Bureau
2. Narcotics Control Bureau
3. Enforcement Directorate
4. Central Board of Direct Taxes
5. Directorate of Revenue Intelligence
6. Central Bureau of Investigation
7. National Investigation Agency
8. Cabinet Secretariat (RAW)
9. Directorate of Signal Intelligence (For service areas of Jammu & Kashmir, North-East and Assam only)
10. Commissioner of Police, Delhi.

Safeguarding Measures
While intercepting, monitoring, or decrypting the required information, the authorised agency must stick to safeguarding measures and record the reasons for such surveillance.
The Information Technology rules, 2009 provides all the procedure and safeguards for interception, monitoring and decryption of Information.

1. Prohibition from surveillance without authorization:
   Rule 24 of Information Technology Rules, 2009 provides for the safeguarding measure by prohibiting unauthorised interception, monitoring or decryption of information from computer resources. Unauthorised surveillance with malafide intention and knowledge of not being empowered to intercept, monitor or decrypt is subjected to punishment under this rule.
    
2. Approval by review committee:
   Rule 22 of IT Rules, 2009 requires that every individual case of surveillance ordered by competent authority must pass through the review committee which is to meet once in every 2 months. Only upon the approval of the review committee the information could be intercepted, monitored, or decrypted. Power of surveillance is not simply delegated to authorised agencies as it is subjected to approval of a committee set up by the home ministry.
    
3. Prohibition of disclosure of information:
   Rule 25 of information technology rules, 2009 mentions a procedural safeguard by ensuring non-disclosure of information intercepted, monitored, or decrypted. Once any information is intercepted, monitored, or decrypted by lawful means and by authorised agency, it must be used for the purpose of extraction of such information. Nature of this information is confidential and private; thus, its content should not be revealed elsewhere.
    
4. Destruction of recorded information:
   According to the rule 23 of Information Technology Rules, 2009, after fulfilment of purpose for which the information is obtained it should be permanently removed from all sources within 6 months. However, if the authorised agency is of the opinion that the information might be useful for its functions, that particular information could be retained.
    
5. Responsibility of intermediaries:
   Rule 20 of IT Rules, 2009 mandates that a person in-charge of computer resource or intermediary, as the case may be, must ensure that only authorised agencies be permitted to intercept, monitor or to decrypt. It also provides that the person in-charge must protect the confidentiality of such information. Intermediaries are also to make sure that due cautions and all the procedural safeguards are followed by authorised agencies.
   
   In case intermediaries or persons in-charge fail to ensure any of the safeguarding measures, rule 21 makes provision for punishment under the relevant provisions of law.
    
6. Recording reasons of surveillance:
   Sub-section (1) of section 69 mandates recording of reasons for obtaining information from any computer resource. Before directing any agency to intercept, monitor, or decrypt any information, government or officers appointed to act on its behalf must record the reasons for the surveillance of such information.

Penalties for Non�compliance of S. 69:
Subscribers, intermediaries or any other person who is in-charge of particular computer system whose data is needed to be intercepted, decrypted or monitored for the reasons mentioned in S. 69(1) is also under obligation to provide their support be it technical or otherwise when called upon by agency authorised by government. Those persons who are unable to provide the needed assistance to the authorities will be penalised under sub-section (4). In the event of failure to provide assistance required by S. 69(3), such a failed person would be punished with imprisonment of a term of 7 years along with fine imposed on discretion of the court.

Thus, in other to avoid such punishment subscribers, intermediaries and any such person by virtue of being in-charge of a computer resource must act in accordance with section 69(3) which states that they have to ensure full assistance to authorities:

• By providing a free pass to the authorities to access, generate, transmit or receive information stored in the computer resource computer resource, as per the requirement.
• By aiding in the process of interception or monitoring or decryption of the information
• By providing information stored in computer resources.

Challenges with section 69
Destruction of records
Rule 23 of IT Rules, 2009 seeks to destroy the records of information within after the objective with which it was obtained is achieved. This rule was added as a safeguarding measure, but it can be widely misused. Once all data relating to extraction of information are erased, government agencies can deny ordering any interception, monitoring or decryption. There will be no way to prove the case of unauthorised surveillance or infringement of privacy, if any.

Lack of judicial review
The Competent Authority orders for the surveillance and that order must be approved by a review committee which meets once in two months. Here, both competent authority and review committee forms a part of the executive and thus in a way leading to conflict of interest as an executive committee is approved by another executive committee. The element of judicial scrutiny to ascertain that the decryption orders quality the proportionality, necessity, and adequacy requirement is absent in the Rules.

Misuse for deriving political advantages
Provisions of section 69 are often used for politically motivated purposes such as suppressing public opinion at large and influencing people based on their private interest's area and information. Politicians who are in power can also use section 69 to dominate their political rival by gathering information of their day to day activity.

Broad & vague meaning of expression: sovereignty or integrity of India,defence of India, security of the State etc can be misused by the politicians who are in power to harass opposition leaders. If the interception or monitoring of information is not regulated properly it can become a threat to the democratic values of India.

Constitutionality of section 69 of IT Act
Recently, a bunch of public interest litigation has been filed challenging the constitutional validity of section 69 of IT Act, 2009 by Shreya Singhal, (on whose petition Section 66 of the IT Act has been striked down) MLA Mahua Moitra, Internet Freedom Foundation (IFF) and few others.

The Supreme court has issued notice to the government in Internet Freedom Foundation & Another vs. Union of India and Others which challenges the constitutional validity of section 69 of IT Act, 2000, the Information Technology Rules, 2009 relating to procedure and safeguard for interception, monitoring and decryption of information & order of government which empowered 10 investigating, security and intelligence agencies to put surveillance on any computer resource in order to derive private informations. It is argued that these provisions, rule and order are ultra vires following fundamental rights.

Clash with privacy
The first case against targeted and unwarranted surveillance practices of the state was People's union for civil liberties (PUCL) vs. Union of India & another, 1997 in which the Supreme Court laid down a shadow over the surveillance law in India and put certain guidelines as safeguard against attacks by surveillance.

Individual privacy was considered as a fundamental right under the ambit of article 21 of Indian constitution- 'right to life and personal liberty' after the landmark case of Justice KS Puttaswamy vs. Union of India, 2018. It was said that the right to life also contains life full of dignity and without privacy dignified life could barely be imagined.

After Pegasus spyware, which was sold to governments of different countries, attacked the privacy of targeted individuals such as journalists, businessmen, political personalities, oppositional leaders, social activists etc., in Manohar lal sharma vs. Union of india & ors, 2021 supreme court has directed to constitute a committee of technological experts who shall recommend to amend the existing surveillance regime in order to ensure individual privacy.

Violation of Free Speech
Under section 69 of IT Act, 2000, government is empowered to authorise agencies for intercepting, monitoring or decrypting information in certain conditions namely:

1. for protection and preservation of sovereignty and integrity of nation;
2. in the interest of national security;
3. for maintaining good ties with other nations;
4. ensure public order;
5. for preventing commission of offences related to above-mentioned areas &
6. for investigation of any offences.

Article 19(1)(a) of Indian Constitutions mentions the right to freedom of speech and expression. It is not an absolute right; thus, reasonable restrictions are imposed in accordance with article 19(2). Interception, monitoring or decryption of information from any computer will be considered as restriction to speech and would be violative of right to free speech if restrictions are unreasonable. Article 19 (2) imposes reasonable restrictions in interest of nation's sovereignty & integrity ,national security, friendly relations with foreign nations, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence.

Violation of free speech by section 69 of IT Act can be proved in following ways:

1. The conditions upon which the government can order surveillance are mainly covered under reasonable restrictions to free speech provided under article 19(2). But, the last one "for investigation of any offence" is not an enumerated restriction and thus not justified and violates a fundamental right.
    
2. The above- mentioned 6 conditions in which an information can be surveillanced as it possesses a reasonable restriction to free speech as per article 19(2), it still is imposed by executive authority not by judicial power. Here, the reasonable restriction is imposed by executive fiat and not by law. It is not even subjected to judicial scrutiny as the authority which approves the request of surveillance is also an executive committee.

If there is apprehension of surveillance over confidential conversation between two people or among a group, they will tend to self-censor their private association also. People who associate themselves with a different ideology than that of the ruling government and often criticise government policies, journalists, political leaders of opposition etc. are prone to this drawback. If surveillance is exercised without adequate procedural safeguards it violates the right of free speech and expression as indirectly it compels people to exercise self-restraint with respect to private conversations.

In the case of Kharak singh vs. State of Uttar Pradesh, 1963 apex court has explained the effect of surveillance of free speech that, "a person under the shadow of surveillance is certainly deprived of this freedom. He can move physically, but he cannot do so freely, for all his activities are watched and noted."

Conclusion
Surveillance by the government is never thought of without objections. Apprehension of being misused is always there if massive data is collected doesn't matter if the actual purpose is to protect national security. Surveillance laws are crucial to monitor and keep track of the patterns and trends which affect national security and thus make management and problems easy to handle through a targeted intervention by authorised agencies. Indian democracy being one of the largest in the world has more burden to formulate new provisions which balances the protection of national security and individual privacy by incorporating adequate procedural safeguard in the surveillance regime.

Right to freedom of speech and expression guaranteed under article 19 and right to privacy newly interpreted as fundamental right under article 21 of the Indian Constitution by virtue of their being the lifeblood of democracy are non-negotiable and uncompromisable. Thus, the ruling party is obliged to endure the power of surveillance granted by section 69 while ensuring that the civil and human rights guaranteed by Indian Constitution are upheld at all times.

References:

• https://thewire.in/law/supreme-court-pil-centre-snooping
• https://link.springer.com/article/10.1007/s13347-022-00503-9#Sec2
• https://cis-india.org/internet-governance/blog/free-speech-and-surveillance
• https://www.indialegallive.com/special-story/it-act-section-69-privacy-implications-article-21/

Also Read:

• Section 69 Of IT Act: Is It A Threat To Our Privacy?