The Centre’s order to authorise 10 agencies to monitor online communications and intercept data contained in any computer system is not new. And according to intelligence sources, intercepting online communication and monitoring computer systems is not as easy as the Opposition has alleged.
In fact, agencies have been conducting surveillance on internet communication for several years now, particularly in matters related to terrorism. The 2013 Bodh Gaya blasts case was cracked in great measure with crucial online communication intercepts.
The National Investigation Agency (NIA) had sought permission from the home secretary to monitor online communication of certain suspects and were intercepted from internet gateways (such as Airtel or Tata) in real time after the requisite legal process. The intercepts had given the agency crucial leads to nab suspects.
“In fact, the new notification has only streamlined the process and specified which agencies can do this (intercept and monitor computer systems). Earlier it was free for all,” said a home ministry official.
According to an official, despite the powers, unlike phone conversations, it is not easy to intercept Internet communication.
“Platforms such as WhatsApp have end to end encryption. So even if you intercept it from the gateway, what you will get is garbled text that will make no sense. It is like opening a Hindi text document on a computer that has no Hindi fonts. Even if we apply decoding technology, it is very difficult to break 256-bit encryption. It can take weeks or months to break it, by when the information may be of no use,” the official said.
Another complication is that most of these companies do not have servers in India. “If they do keep the data here, then I can formulate relevant laws and force the company to not encrypt beyond 64-bits, which is easier to break,” said the official.
In cases where communication has already taken place, there is no other way than to send a request through mutual legal assistance agreements.
The request will be subject to examination by US authorities, in case the server is in the US, who may or may not agree with the need for interception depending on the seriousness of the crime involved, said sources.
“Social media platforms with servers in the US have largely been reluctant to share information. Post 26/11, there has been good cooperation between the US and Indian agencies and social media information has been shared on a case to case basis. But most of it has been in cases related to terrorism. Unless companies voluntarily agree to do this, there is no way of forcing them until their servers are based here,” said another officer.
Under the rules – The Indian Telegraph Act and the Information Technology Act – interception of phone calls and internet communications are to be made by the service provider on a request approved by the Home Secretary of a state government or the Central government.
The Intelligence Bureau (IB), in fact, has been pushing for getting large social media platforms to keep their servers in India for over a decade now. “Some multi-national banks have now begun to keep their data in India. We have to similarly get social media platforms to do so for interception powers to have any meaningful outcome. China has forced companies to do this,” said an officer.
There are further complications as Internet communication can be sent using proxy servers. “A smart operator can even encrypt his email and we will not be able to do anything,” said the officer. Sources said as far as the fear of illegal interception is concerned, it is as good as the fear of anything illegal.
Illegally, one would have to hack into the computer of the person of interest and create a parallel line to get all his communication in real time. This, if found, is punishable under the law.
“There have been cases of illegal interception as far as phone tapping is concerned. Whenever it has come to light, it has created considerable trouble for the officers involved,” said the officer.