Background of Lawful interception or monitoring or decryption of information through computer resource
Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 provides that ‘the competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub-section (1) of Section 69 of the Act’.
The Statutory order (S.O.) dated 20.12.2018 has been issued in accordance with rules framed in year 2009 and in vogue since then. No new powers have been conferred to any of the security or law enforcement agencies by the S.O. dated 20.12.2018. Notification has been issued to notify the ISPs, TSPs, Intermediaries etc. to codify the existing orders.
Each case of interception, monitoring, decryption is to be approved by the competent authority i.e. Union Home secretary. These powers are also available to the competent authority in the State governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009.
As per rule 22 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, all such cases of interception or monitoring or decryption are to be placed before the review committee headed by Cabinet Secretary, which shall meet at least once in two months to review such cases. In case of State governments, such cases are reviewed by a committee headed by the Chief Secretary concerned.
Vision behind Statutory order (S.O.) dated 20.12.2018
To ensure that any interception, monitoring or decryption of any information through any computer resource is done as per due process of law.
Notification about the agencies authorized to exercise these powers and preventing any unauthorized use of these powers by any agency, individual or intermediary.
The above notification will ensure that provisions of law relating to lawful interception or monitoring of computer resource are followed and if any interception, monitoring or decryption is required for purposes specified in Section 69 of the IT Act, the same is done as per due process of law and approval of competent authority i.e. Union Home Secretary.
This notification does not confer any new powers. Adequate safeguards are provided in the IT Act 2000. Similar provisions and procedures already exist in the Telegraph Act along with identical safeguards. The present notification is analogous to the authorization issued under the Telegraph Act. The entire process is also subject to a robust review mechanism as in case of Telegraph Act. Every individual case will continue to require prior approval of Home ministry or state government. MHA has not delegated its powers to any law enforcement or security agency.