In India, the government is empowered to control, supervise or monitor any
information in the interest of its sovereign functions or the security of the
state. The government is allowed to keep surveillance on any information flowing
through its state or affecting its citizens. This power enables the government
to keep eyes on those who are engaged in unlawful or illegal activities.
Section 69 of the Information Technology Act, 2000 empowers the government to
issue directions to certain agencies in the interest of certain grounds to
"intercept or monitor or decrypt" any information from the computer resource. It
was introduced to keep a check on the occurrence of certain cyber offences like
child pornography, cyber terrorism, and voyeurism.
Section 69 of the IT Act
Section 69 was added through amendment in 2008. It was passed without any debate
in Lok Sabha on 22 December and next day on 23 December passed by Rajya Sabha as
well. The then President Pratibha Patil gave her assent on 5 February 2009 after
which the Information Technology Amendment Act, 2009 came into existence.
When government can exercise the power under section 69
There are several grounds provided under Section 69(1) of the IT Act under which
the government can pass orders for interception, monitoring or decryption of the
information, which are as follows:
- Sovereignty or integrity of India
- Defence of India
- Security of the State
- Friendly Relations with foreign states
- Public order
- Preventing incitement to the commission of any cognisable offence
- For investigation of any offence.
Extraction of information from a computer resource through such
means which ensure the availability of information to the person who is neither
a sender or receiver. Following processes would come under ambit of
interceptions as per the definition mentioned in rule 2(l) of IT Rules, 2009.
- monitoring of information through monitoring device
- viewing or inspection of information
- diversion of any direct or indirect information from its intended
destination to any other destination to any other destination
According to rule 2(o) of Information Technology Rules, 2009, the term
'monitor' includes within its ambit the process of inspecting, listening or
viewing or recording any information from a computer resource through a
According to rule 2(f) of IT Rules, 2009, decryption is related to
obtaining information using programming language, mathematical formula or any
fixed algorithm etc.
Objective of section 69
Which agencies can intercept informations
- Law enforcement
Section 69 of the Information Technology Act can help in the enforcement of law
and also in the investigation of other offences. It can also be helpful in
maintaining public order and tranquillity. It can help in curbing
cyber-terrorism, spreading of child pornography, hate speech, fake news etc.
- National security
Section 69 of the Information Technology Act helps in securing the nation from
any external or internal threat. As technology has an immense potential to be a
threat for a nation's security therefore Section 69 helps in interception or
monitoring or decryption of any information through any computer resource which
can be a threat to a nation's security.
- To protect the sovereignty & integrity of the nation.
Section 69 of the Information Technology Act helps in the investigation and
detection of those offences that challenges the sovereignty & integrity of India
such as waging war against the state, sedition, hurting religious sentiments,
aiding enemy state, etc.
Section 69 of IT Act - Section 69 sub-clause one mention about power conferred
upon central government, state governments & authorised officers of central or
state governments. They have power to direct any government agency to put any
computer resource on surveillance i.e., to intercept, monitor or decrypt any
information on a computer system.
Rule 4 of IT Rules, 2009 - Along with section 69(1), rule 4 of the Information
Technology (Procedure and Safeguards for Interception, Monitoring and Decryption
of Information) Rules, 2009 also provide that authorisation to surveillance may
be granted to any government agency by a competent authority such as central
government or state government.
Thus, while exercising its power granted under s. 69(1) and read with rule 4 of
Information Technology Rules, 2009, central government has issued an order dated
20th December 2018 authorising the following ten independent agencies. These
below mentioned security, intelligence and investigating agencies now have the
power to intercept, monitor or decrypt any piece of information surfaced in any
- Intelligence Bureau
- Narcotics Control Bureau
- Enforcement Directorate
- Central Board of Direct Taxes
- Directorate of Revenue Intelligence
- Central Bureau of Investigation
- National Investigation Agency
- Cabinet Secretariat (RAW)
- Directorate of Signal Intelligence (For service areas of Jammu & Kashmir, North-East and Assam only)
- Commissioner of Police, Delhi.
While intercepting, monitoring, or decrypting the required information, the
authorised agency must stick to safeguarding measures and record the reasons for
The Information Technology rules, 2009 provides all the procedure and safeguards
for interception, monitoring and decryption of Information.
Penalties for Non�compliance of S. 69:
- Prohibition from surveillance without authorization:
Rule 24 of Information Technology Rules, 2009 provides for the safeguarding measure by prohibiting unauthorised interception, monitoring or decryption of information from computer resources. Unauthorised surveillance with malafide intention and knowledge of not being empowered to intercept, monitor or decrypt is subjected to punishment under this rule.
- Approval by review committee:
Rule 22 of IT Rules, 2009 requires that every individual case of surveillance ordered by competent authority must pass through the review committee which is to meet once in every 2 months. Only upon the approval of the review committee the information could be intercepted, monitored, or decrypted. Power of surveillance is not simply delegated to authorised agencies as it is subjected to approval of a committee set up by the home ministry.
- Prohibition of disclosure of information:
Rule 25 of information technology rules, 2009 mentions a procedural safeguard by ensuring non-disclosure of information intercepted, monitored, or decrypted. Once any information is intercepted, monitored, or decrypted by lawful means and by authorised agency, it must be used for the purpose of extraction of such information. Nature of this information is confidential and private; thus, its content should not be revealed elsewhere.
- Destruction of recorded information:
According to the rule 23 of Information Technology Rules, 2009, after fulfilment of purpose for which the information is obtained it should be permanently removed from all sources within 6 months. However, if the authorised agency is of the opinion that the information might be useful for its functions, that particular information could be retained.
- Responsibility of intermediaries:
Rule 20 of IT Rules, 2009 mandates that a person in-charge of computer resource or intermediary, as the case may be, must ensure that only authorised agencies be permitted to intercept, monitor or to decrypt. It also provides that the person in-charge must protect the confidentiality of such information. Intermediaries are also to make sure that due cautions and all the procedural safeguards are followed by authorised agencies.
In case intermediaries or persons in-charge fail to ensure any of the safeguarding measures, rule 21 makes provision for punishment under the relevant provisions of law.
- Recording reasons of surveillance:
Sub-section (1) of section 69 mandates recording of reasons for obtaining information from any computer resource. Before directing any agency to intercept, monitor, or decrypt any information, government or officers appointed to act on its behalf must record the reasons for the surveillance of such information.
Subscribers, intermediaries or any other person who is in-charge of particular
computer system whose data is needed to be intercepted, decrypted or monitored
for the reasons mentioned in S. 69(1) is also under obligation to provide their
support be it technical or otherwise when called upon by agency authorised by
government. Those persons who are unable to provide the needed assistance to the
authorities will be penalised under sub-section (4). In the event of failure to
provide assistance required by S. 69(3), such a failed person would be punished
with imprisonment of a term of 7 years along with fine imposed on discretion of
Thus, in other to avoid such punishment subscribers, intermediaries and any such
person by virtue of being in-charge of a computer resource must act in
accordance with section 69(3) which states that they have to ensure full
assistance to authorities:
Challenges with section 69
Destruction of records
- By providing a free pass to the authorities to access, generate, transmit or
receive information stored in the computer resource computer resource, as per
- By aiding in the process of interception or monitoring or decryption of the
- By providing information stored in computer resources.
Rule 23 of IT Rules, 2009 seeks to destroy the records of information within
after the objective with which it was obtained is achieved. This rule was added
as a safeguarding measure, but it can be widely misused. Once all data relating
to extraction of information are erased, government agencies can deny ordering
any interception, monitoring or decryption. There will be no way to prove the
case of unauthorised surveillance or infringement of privacy, if any.
Lack of judicial review
The Competent Authority orders for the surveillance and that order must be
approved by a review committee which meets once in two months. Here, both
competent authority and review committee forms a part of the executive and thus
in a way leading to conflict of interest as an executive committee is approved
by another executive committee. The element of judicial scrutiny to ascertain
that the decryption orders quality the proportionality, necessity, and adequacy
requirement is absent in the Rules.
Misuse for deriving political advantages
Provisions of section 69 are often used for politically motivated purposes such
as suppressing public opinion at large and influencing people based on their
private interest's area and information. Politicians who are in power can also
use section 69 to dominate their political rival by gathering information of
their day to day activity.
Broad & vague meaning of expression: sovereignty or
integrity of India,defence of India, security of the State etc can be misused by
the politicians who are in power to harass opposition leaders. If the
interception or monitoring of information is not regulated properly it can
become a threat to the democratic values of India.
Constitutionality of section 69 of IT Act
Recently, a bunch of public interest litigation has been filed challenging the
constitutional validity of section 69 of IT Act, 2009 by Shreya Singhal, (on
whose petition Section 66 of the IT Act has been striked down) MLA Mahua Moitra,
Internet Freedom Foundation (IFF) and few others.
The Supreme court has issued notice to the government in Internet Freedom
Foundation & Another vs. Union of India and Others
which challenges the
constitutional validity of section 69 of IT Act, 2000, the Information
Technology Rules, 2009 relating to procedure and safeguard for interception,
monitoring and decryption of information & order of government which empowered
10 investigating, security and intelligence agencies to put surveillance on any
computer resource in order to derive private informations. It is argued that
these provisions, rule and order are ultra vires following fundamental rights.
Clash with privacy
The first case against targeted and unwarranted surveillance practices of the
state was People's union for civil liberties (PUCL) vs. Union of India &
another, 1997 in which the Supreme Court laid down a shadow over the
surveillance law in India and put certain guidelines as safeguard against
attacks by surveillance.
Individual privacy was considered as a fundamental right under the ambit of
article 21 of Indian constitution- 'right to life and personal liberty' after
the landmark case of Justice KS Puttaswamy vs. Union of India
, 2018. It was said
that the right to life also contains life full of dignity and without privacy
dignified life could barely be imagined.
After Pegasus spyware, which was sold to governments of different countries,
attacked the privacy of targeted individuals such as journalists, businessmen,
political personalities, oppositional leaders, social activists etc., in Manohar
lal sharma vs. Union of india & ors, 2021 supreme court has directed to
constitute a committee of technological experts who shall recommend to amend the
existing surveillance regime in order to ensure individual privacy.
Violation of Free Speech
Under section 69 of IT Act, 2000, government is empowered to authorise agencies
for intercepting, monitoring or decrypting information in certain conditions
- for protection and preservation of sovereignty and integrity of nation;
- in the interest of national security;
- for maintaining good ties with other nations;
- ensure public order;
- for preventing commission of offences related to above-mentioned areas &
- for investigation of any offences.
Article 19(1)(a) of Indian Constitutions mentions the right to freedom of speech
and expression. It is not an absolute right; thus, reasonable restrictions are
imposed in accordance with article 19(2). Interception, monitoring or decryption
of information from any computer will be considered as restriction to speech and
would be violative of right to free speech if restrictions are unreasonable.
Article 19 (2) imposes reasonable restrictions in interest of nation's
sovereignty & integrity ,national security, friendly relations with foreign
nations, public order, decency or morality or in relation to contempt of court,
defamation or incitement to an offence.
Violation of free speech by section 69 of IT Act can be proved in following
- The conditions upon which the government can order surveillance are
mainly covered under reasonable restrictions to free speech provided under
article 19(2). But, the last one "for investigation of any offence" is not
an enumerated restriction and thus not justified and violates a fundamental
- The above- mentioned 6 conditions in which an information can be surveillanced as it possesses a reasonable restriction to free speech as per
article 19(2), it still is imposed by executive authority not by judicial power.
Here, the reasonable restriction is imposed by executive fiat and not by law. It
is not even subjected to judicial scrutiny as the authority which approves the
request of surveillance is also an executive committee.
If there is apprehension of surveillance over confidential conversation between
two people or among a group, they will tend to self-censor their private
association also. People who associate themselves with a different ideology than
that of the ruling government and often criticise government policies,
journalists, political leaders of opposition etc. are prone to this drawback. If
surveillance is exercised without adequate procedural safeguards it violates the
right of free speech and expression as indirectly it compels people to exercise
self-restraint with respect to private conversations.
In the case of Kharak singh vs. State of Uttar Pradesh
, 1963 apex court has
explained the effect of surveillance of free speech that, "a person under the
shadow of surveillance is certainly deprived of this freedom. He can move
physically, but he cannot do so freely, for all his activities are watched and
Surveillance by the government is never thought of without objections.
Apprehension of being misused is always there if massive data is collected
doesn't matter if the actual purpose is to protect national security.
Surveillance laws are crucial to monitor and keep track of the patterns and
trends which affect national security and thus make management and problems easy
to handle through a targeted intervention by authorised agencies. Indian
democracy being one of the largest in the world has more burden to formulate new
provisions which balances the protection of national security and individual
privacy by incorporating adequate procedural safeguard in the surveillance
Right to freedom of speech and expression guaranteed under article 19 and right
to privacy newly interpreted as fundamental right under article 21 of the Indian
Constitution by virtue of their being the lifeblood of democracy are
non-negotiable and uncompromisable. Thus, the ruling party is obliged to endure
the power of surveillance granted by section 69 while ensuring that the civil
and human rights guaranteed by Indian Constitution are upheld at all times.