Published On : Wed, Sep 23rd, 2015

It’s time to bring strict law for public privacy!

Large Man Looking At Co-Worker With A Magnifying Glass

It is welcome that the draft national encryption policy with inane demands on the public to maintain records of transactions on assorted messaging applications, for handover to the authorities on request, has been dropped. This gives the government an opportunity to start afresh. Security is important. So is the citizen’s privacy. There will be trade-offs, in this interlinked world where the very same linkages that offer unprecedented opportunities for social and economic advance also contain the capacity for organised mayhem. The state would be remiss, were it not to monitor the nodes of global connectedness. But the point is to make this necessary intrusion into privacy regulated and accountable.

The first step is to frame an explicit law to protect privacy. At present, the right to privacy is derivative of the fundamental rights, resting on judicial interpretation. We must have an unambiguous law. The law can also spell out the circumstances in which protected privacy can be breached by the state, lay down the due process for such breach and mandate accountability. Specialised agencies have to monitor metadata on communications to look out for patterns that could spell brewing trouble. Acourt mandate to breach privacy could be obtained, for clearly described reasons. Security agencies must give account to a panel of the legislature, thereafter, on the outcome of the privacy breach it legally took permission for. The current system of the executive deciding when and whose privacy to breach is not good enough.

A complementary necessity is for the state to acquire the technological capacity to monitor cyber traffic and detect/prevent cyber crime. This cannot really be bought — there is no reason for foreign governments to pass on extremely useful technologies. India has the manpower to develop the capacity. The lack has been of political will. The government can and must hire and deploy a few thousand young engineers to develop the capacity needed to monitor communications, unscramble encryptions and fight cyber crime.