Statutory Order under section 69 of IT Act

Statutory Order (S.O.) dated 20.12.2018 by Union Home Secretary states that, “In exercise of the powers conferred by sub-section (1) of section 69 of the Information Technology Act, 2000 (21 of 2000) read with rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, the Competent Authority hereby authorises the following Security and Intelligence Agencies for the purposes of interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource under the said Act”:

1- Intelligence Bureau

2- Narcotics Control Bureau

3- Enforcement Directorate

4- Central Board of Direct Taxes

5- Directorate of Revenue Intelligence

6- Central Bureau of Investigation

7- National Investigation Agency

8- Cabinet Secretariat (RAW)

9- Directorate of Signal Intelligence (For service areas of Jammu & Kashmir, North-East and Assam only)

10- Commissioner of Police, Delhi

Information Technology Act (ITA) 2000, notified on 17 October 2000, provides legal framework for electronic governance by giving recognition to electronic records by giving recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information. It also defines cybercrimes and prescribed penalties for them. The Act also amended various sections of Indian Penal Code 1860, Indian Evidence Act 1872, Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934 and for matters connected therewith or incidental thereto, to make them compliant with new technologies.

Section 69 of ITA 200 states: If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign Stales or public order or for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource. The subscriber or any person in charge of the computer resource shall, when called upon by any agency which has been directed, must extend all facilities and technical assistance to decrypt the information. The subscriber or any person who fails to assist the agency referred is deemed to have committed a crime. Failure/refusal to decrypt data is an Offence under the Act, under which the Penalty is Imprisonment up to seven years and possible fine.

A Major Amendment was made in 2008. It introduced Section 66A which penalized sending of “offensive messages”. It also introduced the Section 69, which gave authorities the power of “interception or monitoring or decryption of any information through any computer resource”. It also introduced for child porn, cyber terrorism and voyeurism. It was passed on 22 December 2008 and was signed by the then President Pratibha Patil on 5 February 2009.

S.O dated 20.12.2018 will help in following ways:

• To ensure that any interception, monitoring or decryption of any information through any computer resource is done as per due process of law.
• Notification about the agencies authorized to exercise these powers and preventing any unauthorized use of these powers by any agency, individual or intermediary.
• The above notification will ensure that provisions of law relating to lawful interception or monitoring of computer resource are followed and if any interception, monitoring or decryption is required for purposes specified in Section 69 of the IT Act, the same is done as per due process of law and approval of competent authority i.e. Union Home Secretary.
• This notification does not confer any new powers.
• Adequate safeguards are provided in the IT Act 2000.
• Similar provisions and procedures already exist in the Telegraph Act along with identical safeguards.
• Present notification is analogous to the authorization issued under Telegraph Act.
• Entire process is also subject to a robust review mechanism.
• Every individual case will continue to require prior approval of Home ministry or state government.
• MHA has not delegated its powers to any law enforcement or security agency.

Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 provides that ‘the competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub-section (1) of Section 69 of the Act’.

• O. dated 20.12.2018 has been issued in accordance with rules framed in year 2009 and in vogue since then.
• No new powers have been conferred to any of the security or law enforcement agencies by the S.O. dated 20.12.2018.
• Notification has been issued to notify the ISPs, TSPs, and Intermediaries etc. to codify the existing orders.

Each case of interception, monitoring, decryption is to be approved by the competent authority i.e. Union Home secretary. These powers are also available to the competent authority in the State governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009.

As per rule 22 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, all such cases of interception or monitoring or decryption are to be placed before the review committee headed by Cabinet Secretary, which shall meet at least once in two months to review such cases. In case of State governments, such cases are reviewed by a committee headed by the Chief Secretary concerned.