Guest Post: Vinit Kumar v CBI: Admissibility of evidence and the right to privacy

This post was authored by Sama Zehra

The Bombay High Court (‘HC’) in Vinit Kumar v CBI was faced with a situation familiar to the constitutional courts in India. The HC was called upon to decide whether telephone recordings obtained in contravention of section 5(2) of the Telegraphs Act, 1885 (‘Act’) would be admissible in a criminal trial against the accused. Before delving into the reasoning of the HC, it will be instructive to refer to the facts of the case and an overview of India’s interception regime. 

Section 5(2) of Telegraph Act, permits interception (or ‘phone tapping’) done in accordance with a “procedure established by law” and lays down two conditions: the occurrence of a “public emergency” and in the interests of “public safety”,under which such orders may be passed. Moreover, the order must be “necessary” for reasons related to the security of the state, friendly relations with other states, sovereignty or preventing the commission of an offense. The Apex Court in PUCL v. UOI (‘PUCL’) stated that telephone tapping without following the appropriate safeguards and legal process would infringe the Right to Privacy of an individual. Accordingly, procedural safeguards, in addition to those under section 5(2) of the Act, were laid down; eventually incorporated in the Telegraph Rules, 1951 (‘Telegraph Rules’). These included; such orders being only issued by the Home Secretaries of Central and State governments in times of emergency. Secondly, such an order shall be passed only when necessary and the authority passing the order shall maintain a detailed record of the intercepted communication and the procedure followed. Further, the order shall cease to be effective within two months, unless renewed. Lastly, the  intercepted material shall be used only for purposes deemed necessary under the Act.

In the Vinit Kumar case, during a bribery related investigation, three interception orders were issued directing the interception of telephone calls by the petitioner. These were challenged as being ultra vires of section 5(2) of the Act, non-compliant with the Telegraph Rules, and for being in violation of the fundamental rights guaranteed under Part-III of the Indian Constitution. 

The HC quashed the said orders by holding that: 

Firstly, the right to privacy would include telephone-conversation in the privacy of one’s home or office. Telephone-tapping would, thus, impermissibly infringe on the interceptee’s Article 21 rights unless it is conducted under the procedure established by law (in this case, the law laid down in PUCL and the Telegraph Rules). In Vinit Kumar, the HC found the impugned orders were in contravention of the procedural guidelines laid down for the protection of the right to privacy by the Supreme Court in PUCL, section 5 of the Act and Rule 419A of the Telegraph Rules. Additionally, (and crucially) the evidence obtained through infringement of the right to privacy would be inadmissible in the court of law. 

This blog analyses this third aspect of the HC judgment and argues that the approach of the HC reflects a true reading of the decision of the SC in K.S. Puttaswamy v UoI (‘Puttaswamy’) and ushers us into a new regime of right to privacy for accused persons. While doing so, the author critically examines the previous decisions wherein the courts have held the evidence collected through processes that infringe  the fundamental rights of the accused to be admissible.

Correct Reading of Privacy Doctrine and Puttaswamy Development

Based on the decisions of the SC in State v Navjot Sandhu and Umesh Kumar v State, the current legal position would appear to be that illegally obtained evidence is admissible in courts as long as it is relevant. Consequently, as Vrinda Bhandari and Karan Lahiri have argued, the State is placed in a position whereby it is incentivised to access private information of an accused in a manner which may not be legally permissible. There are no adverse legal consequences for illegally obtaining evidence, only prosecutorial benefits. This is reflected in the decisions concerning the admissibility of recordings of telephonic conversations without the knowledge of the accused.  The rule regarding admissibility of illegally collected evidence stems from a couple of cases, however it is submitted that the rule has a crumbling precedential basis. 

A good starting point is the  Supreme Court’s decision in RM Malkani v State  (‘Malkani’). It was held that telephone recordings without  the knowledge of the accused would be admissible in evidence as long as they are not obtained by coercion or compulsion. The Court had negligible analysis to offer insofar as the right to privacy of an individual is concerned. However, this decision dates back to the Pre-PUCL and the Pre-Puttaswamy era, wherein the right to privacy (especially vis-a-vis telephonic conversations) was not recognised as a fundamental right. Hence, it becomes imperative to question the continued relevance and correctness of this decision in light of the new developments in our understanding of fundamental rights under the Constitution. Moreover, Malkani relied on  Kharak Singh v. State of U.P, which was explicitly overruled by Puttaswamy. This also casts doubt on other cases which relied on the reasoning in Kharak singh on the issue of privacy. 

In Vinit Kumar, the HC rejected the approach adopted in Malkani and Kharak Singh. Affirming the right to privacy as a fundamental right, and relying on the requirements of ‘public emergency’ or ‘public order’, the HC observes that the respondents failed to justify any ingredients of “risk to the people at large or interest of the public safety, for having taken resort to the telephonic tapping by invading the right to privacy” (¶ 19). It emphasized the need to adhere by procedural safeguards, as provided in the Act, the Telegraph Rules, and the PUCL judgment, so as to ensure that the infringement of the right to privacy in a particular case meets the standards of proportionality laid down in Puttaswamy. Crucially, the HC goes a step further to hold that since the infringement of the right to privacy is not in accordance with the procedure established by law, the intercepted messages ought to be destructed and not used as evidence in trial as it is sourced from the infringement of the fundamental right to life (¶ 22). 

Thus, we can see an adherence to the new constitutional doctrines espoused by the Supreme Court whereby the HC emphatically rejected the now-overruled reasoning of Kharak Singh v State as far as the right to privacy is concerned, and refused to apply the cases of Malkani and Dharambir Khattar v UoI whose ratios flow from Kharak Singh’s non-recognition of a right to privacy. The HC held that such judgements have been overruled by Puttaswamy (to the extent that they do not recognise the right to privacy as a fundamental right). Furthermore, it was also held that these cases involved no examination of law on the touchstone of principles of proportionality and legitimacy, as laid down in Puttaswamy (¶ 37). It circumvented the issue of ‘relevancy’ by distinguishing between ‘illegally collected evidence’, and ‘unconstitutionally collected evidence’, ruling that the latter was inadmissible as it would lead to the erosion of fundamental rights at the convenience of the State’s investigatory arm. 

The HC judgment is, therefore, an important landmark with respect to the admissibility of evidence involving violation of fundamental rights. However, given the absence of a clear Supreme Court judgment in this regard, the rights of the Indian citizenry are susceptible to the difference in the approaches taken by other HCs. A case in point is the Delhi HC judgment in Deepti Kapur v. Kunal Julka wherein a video-recording of the wife’s conversation with her friend, collected by the CCTV camera in her room was admitted in evidence despite the arguments raised with regards to infringement of the right to privacy. Thus, the exact application of a bar on evidence collected through privacy infringing measures in different contexts will need to be developed on a case by case basis. 

Conclusion

The Bombay HC judgment correctly traces the evolution of the right to privacy debate in the Indian jurisprudence. It is based on the transformative vision of the Puttaswamy judgment and appropriate application of precedent with regards to the case in hand. It symbolizes a true deference to the  Constitution by protecting the citizenry from state surveillance and  potential abuses of power. Especially in the current electronic era where personal information can be extracted through unconstitutional means, the Vinit Kumar judgment affirms the importance of procedural due process under the fundamental rights regime in India. 

Guest Post: The inclusion of “OTT” services in the Indian Telecommunications Bill 2022

This post is authored by Chiranjeev Singh

The Department of Telecommunications (“DoT”) released a draft for the Indian Telecommunications Bill 2022 (“the Bill”) on 21^st September 2022. It seeks to replace the Indian Telegraph Act 1885 (“the Telegraph Act”), among others, and provide a modern framework for regulating Telecommunications. One of the significant changes proposed by the Bill is to include over-the-top (“OTT”) communication services within the scope of regulation. This inclusion will be a paradigm shift in the Indian telecom law regime as non-spectrum services will now require a license. This article questions the rationale of including OTT services and critiques its formulation in the Bill.  

The Telegraph Act, which is the extant law, was enacted to deal with Telegraphs and Telephone Exchanges. Section 4 of the Telegraph Act states that a license is required to establish, operate and use a “Telegraph”, which is defined as any apparatus used for the transmission and emission of signals. These technologies have long been abandoned. To make this framework applicable to the modern forms of telecommunications, services provided by a “Telegraph” have been interpreted to include Access Services (voice calling, messages), Carrier Services (long distance communication) and Internet Access Services (providing access to the internet) among others. The entities which wish to provide these services (Telecom Service Providers or “TSPs”) have to obtain a license from the DoT, and abide by the conditions prescribed therein. Additionally, licensed entities must abide by regulations under the Telegraph Act, such as interconnection obligations and contributions to the Universal Service Obligation Fund.

Licensed services typically require the use of spectrum. Even though spectrum is non-depletable, it is limited in nature. The reason being, transmission of information can only take place in specific bands of spectrum, which is dependent on the nature of information. Further, the same part of the spectrum cannot be used by multiple persons at the same time and within the same geographical area. Interference of multiple signals over the same frequency can significantly worsen spectrum quality and reliability. In other words, it is a scarce rivalrous natural resource.

As is the case with other such resources, it becomes a duty upon the State to allocate the use of spectrum in a way which maximises the efficient use of the resource, maintains the quality of service and ensures that the public gets the benefit of such services to the fullest. Therefore, the State is justified in regulating the TSP’s economic exploitation of an exclusive natural resource, through licensing, national frequency allocation plans and other means.

At the same time, there has been a rise of another class of services, which are provided over-the-top of the existing network infrastructure. That is to say, entities are providing communication services over the internet, which in the first place is provided by a TSP. As an example, WhatsApp is a platform which allows users to have video and audio calls over the internet. While it provides a service which may seem similar to a traditional phone call, it neither requires any spectrum use nor a license under the Telegraph Act which a TSP would require.

Presently, OTT services act as intermediaries, i.e. they receive, store or transmit electronic records on behalf of others, are covered under the Information Technology Act 2000 (“IT Act”). The regulation of intermediaries under the IT Act involves content moderation, data privacy, lawful interception mechanism and safe harbour protections.

The Bill proposes to include OTT communication services under the telecom law regime. It seeks to regulate how communication takes place on these platforms, and intends to subject the providers of these services to regulations at par with TSPs.

The Bill introduces the term “Telecommunication Services”, which is defined as a service of any description given to a user through telecommunication. It includes, “voice, … internet and broadcast services, … internet based communication services, …  OTT communication services …” among other things. Section 3 of the Bill further states that it is the exclusive privilege of the Central Government to provide “Telecommunication Services”, and a license is required by an entity to operate the same.

A cursory look at the definition will make it evident that it is all encompassing in nature. It includes services which utilise spectrum and those that do not. In fact, one can say that it covers virtually all digital communication services.

There are a number of issues with such an approach. At the outset, the regulatory justification present for providing licenses for spectrum services does not exist for OTT services. Internet, unlike spectrum, is an abundant non-rivalrous resource which is not owned by the State. Thus, the scarcity of resources is not a concern here and the case for a licensing model is not made out. The issues pertaining to handling of sensitive personal information are taken care by the IT Act presently, and will be better addressed by the upcoming personal data protection regime. Concerns regarding quality of service also do not stand. The OTT environment is extremely competitive, and consumers have a wide range of options. As a result, consumers frequently change to higher-quality services.

The inclusion of OTT services in the telecom law regime also brings up the issue of incompatible compliance regimes. As highlighted before, OTT services are regulated by the IT Act as well. One area of dual regulation would be the lawful interception mechanism. Under the Bill as well as the Telegraph Act, there needs to be a public emergency for the State to make an interception order, which is not the case under the IT Act. Furthermore, the IT Act also recognises investigation of an offence as a ground for interception, which the Bill and the Telegraph Act do not. In such a situation, OTT services will be subjected to contradictory regulations.  

Several TSPs have welcomed this inclusion as it espouses the principle of “same services, same rules”. The argument is that while TSPs have to comply with several requirements and incur several costs (spectrum use charges, license fees etc), none of these rules apply to entities which provide OTT services which are the “same” as spectrum services. This reasoning is unfounded because the two services are based on different kinds of technologies, operate on different network layers and have different economic models.

OTT services are dependent on the network provided by the TSPs, and cannot function without them. Additionally, by subjecting OTT services to similar requirements, the net-neutrality principle will be violated. Certain websites which provide OTT services will be subject to greater barriers in the form of requiring a license to operate and other such compliances, as opposed to other websites on the Internet. This is not the case when TSPs are required to have a license. In essence, functional similarities should not be the only guiding factor for regulating them at parity.

In addition, the formulation of Telecommunication Services within the Bill is questionable. The definition of OTT services for the purpose of telecom law is disputed globally. Issues like what is meant by communication, what all is covered under OTT communication services, or should communication be a predominant function of the service to be included invite a lot of discourse as the response to them can drastically alter the scope of regulation. However, the Bill makes no effort to provide any clarity on these issues.

All these gaps make the definition vague. A law is termed vague when there is no reasonable opportunity to understand what conduct is regulated with an amount of certainty. The result is that it delegates to the law enforcers and judges the job of determining the positive content of the regulated act to an impermissible extent. Based on these reasons, the Supreme Court has previously struck down  provisions relating to the licensing powers of the executive concerning Gold dealers under the Gold (Control) Act 1968, stating that the grounds for the grant were uncertain and vague.

Presently, the Bill makes it an offence to provide Telecommunication Services without a license. However, given the sheer variety of different OTT communication services that exist, the service providers would simply not know whether they require a license to function in India. More so, the Bill is silent on the grounds on which a license may be granted, which is left to the rule making powers of the Central Government.  Thus, the constitutional validity of such a provision is suspect.

To conclude, the Telecommunications Bill 2022 leaves us with more questions than answers. It seeks to bring in a radical new individual licensing regime for OTT communication services without providing any clarifications on what it constitutes or why such a significant change is required. As can be seen from the discussion, the definition is vague in scope and can potentially include everything on the internet. Further, there is no basis on which services which are utilising spectrum are treated the same as OTT services. The policymakers need to address these concerns while revisiting the draft.

Guest Post: Access to call records under Section 91, CrPC

This post is authored by Debayan Bhattacharya and Pulkit Goyal

Section 91 of the Criminal Procedure Code 1973 (“CrPC”) empowers the police to require the production of ‘any document or thing’ from any person if they consider it ‘necessary or desirable’ for any investigation, inquiry, or proceeding under the CrPC. The provision grants the police broad power to obtain evidence and it is frequently used to mandate the production of revealing data like Call Detail Records, (“CDRs”) which contain details of communications made over a telecommunications network. While they do not contain the content of the communication, they contain metadata such as the duration of call, who made it, who it was addressed to, when it was made and from where. The section, which stands in effect unchanged from section 94 of the CrPC, 1898 is a colonial provision that was enacted by a foreign power when fundamental rights, and in specific a right to privacy, did not exist. Moreover, our personal data, today, is available to a larger number of actors, at a higher level of granularity, than in the past. This makes the privacy risk associated with requisitioning data significantly greater. For example, RazorPay was recently required to hand over the data on thousands of transactions that had been made via its platform to AltNews. This post explores the privacy implications of the current framework, arguing that the provision is a significant infringement on individual privacy that lacks crucial safeguards. It also makes recommendations to address these concerns.

Issues with Section 91

The judgment in Puttuswamy I recognized the right to privacy as a fundamental right under Article 21 of the Constitution. By recognising privacy within the ambit of Article 21, the court ensured that restrictions on privacy would have to comply with the requirements of a ‘fair, just, and reasonable’ procedure set out by the decision in Maneka Gandhi. In fact, the court in PUCL had ruled that a surveillance provision in the Telegraph Act did not contain sufficient safeguards, prompting the court to lay down guidelines that were eventually codified in the Telegraph Rules. In Puttaswamy I, itself, Justice Chandrachud’s opinion traced and emphasized the importance of procedural safeguards for the right to privacy. Moreover, Justice Kaul at Para 71 of his opinion in the same judgment identifies the requirements of legality, necessity, proportionality, and procedural safeguards that must be met for a provision to be constitutional.

The lack of procedural safeguards causes Section 91 to constitute an impermissible infringement of individual privacy. At first blush, Section 91 of the CrPC seems to have some safeguards. It lays down a standard of ‘necessity or desirability’ to require the production of information. Textually speaking, ‘desirability’ means ‘the quality of being wanted’, which confers significant discretion by conflating ‘when the police want’ data and ‘when it is legal for the police to requisition data’. The standard may be contrasted with Section 311 of the CrPC, which permits the Court to summon a witness ‘essential to the just decision of the case.’ The Supreme Court recently distinguished Sections 91 from 311 in Varsha Garg v State of Madhya Pradesh. It held that the “necessary or desirable” standard under section 91 is met when the information sought is relevant, while 311 requires the higher standard of essentiality to be met. Even aside from this low standard, these safeguards are largely illusory as there is no independent oversight mechanism (either ex-ante or ex-post) to scrutinize whether the action was necessary (or desirable at the time it was done). 

Moreover, there are primarily two stages where section 91 requisitions are made – (1) during investigation by the police and (2) during trial on an application made in court. While applications made in court can be, and are, challenged (as they were in Varsha Garg), orders made during investigation are not. These orders are made by the police to entities in possession of data, which are corporations and intermediaries such as banks, telecos, etc. These entities lack any incentive to challenge any such order made against them, especially when noncompliance carries criminal consequences under section 174 of the Indian Penal Code, 1860 (Non-attendance in obedience to an order from public servant). Further, there is no requirement to notify the affected individual (either ex ante or post facto) so little or no adversarial contestation to section 91 orders made during investigation by the police to third party intermediaries. This further limits any potential challenge to Section 91 orders by investigative agencies. 

Additionally, since Section 91 does not limit whose data can be demanded, it is possible that a third person’s CDRs are presented at trial as evidence, this person will probably never learn of it or have the opportunity to challenge the disclosure of such information even post or during trial. Ultimately, the affected individual does not know when such a request is made, these requests are legally binding, the substantive threshold for initiating a request for information provides almost absolute discretion to the executive, and there is no mechanism to enforce a standard even if it is construed narrowly. Thus, there is a significant lack of procedural safeguards.  

Call data records

Another issue with Section 91 is that it is essentially a shortcut to a level of invasive surveillance that ordinally requires the State to satisfy higher standards. The Telegraph Act, 1885 and the Information Technology Act, 2000 provide for the interception of calls and electronic transmissions but have some safeguards in place. Specifically, Section 5(2) of the Telegraph Act allows for interception of messages  on the occurrence of a public emergency or in the interest of public safety. Further, Rule 419A of the Indian Telegraph Rules of 1951 provides for review of directions under Section 5(2) of the Telegraph Act. Similarly, section 69A of the Information Technology Act read with IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 empowers senior government officials to issue surveillance directions if it is necessary or expedient to do so for specific grounds (including in this case investigation of an offense). These directions are also reviewed as per Rule 22 of the Interception Rules. 

CDRs and ongoing interception (surveillance) may appear to be different since the latter deals with the recording of content of calls in real time while CDRs are metadata of past calls. However, the routine maintenance of CDRs itself represents an indirect and ongoing form of surveillance. With access to metadata, it is possible to combine this metadata with other publicly available data, such as phone books, social media accounts, etc., and discern information such that it constitutes a significant violation of the right to privacy, arguably on par with real-time surveillance. Moreover, metadata can be more easily processed by computers than content data. For e.g A calls her sister B for an hour following which A calls an abortion clinic which is followed with multiple follow up calls over the period of a few months. It may reasonably be deduced, even without knowing the contents of the call, that A got an abortion. This is private information but can be revealed just by perusing metadata. Metadata, thus, also carries substantial privacy implications. Accordingly, the requisitioning of CDRs should be accorded similar safeguards to those which apply to interception. The provisions under the Telegraph Act and IT Act have more safeguards in the form of who is empowered to issue the directions and that the directions are reviewed by specific authorities. Though these safeguards are in no way sufficient, the issue is that section 91 effectively bypasses the limited safeguards that do exist to obtain information that is privacy infringing to a similar degree. 

Alternatives and recommendations

Choices made with respect to the collection of evidence strike a specific balance between Crime Control and Due Process models of criminal procedure. The former emphasizes the importance of tailoring evidence law to ensure sufficient punishment of crimes while the latter provides greater importance to the protection of rights and liberties. Since Section 91 allows for a broad, unchecked power for police to acquire CDRs and other documents, it clearly leans towards a crime control model. 

What would a due process approach look like? The South African Constitutional Court recently held that surveillance orders constitutionally require notification to the person affected as soon as it can be given without jeopardizing the purpose of the investigation. It further required the collected data to be deleted after a fixed amount of time. In the United States, a warrant is required for the production of such evidence and consequently, as per the IVth Amendment, requires probable cause in order to justify infringing the privacy of individuals. Probable cause must be shown to a judge for the issue of a warrant, meaning that there is a procedural safeguard in the form of application of judicial mind to ensure adherence to the standard.

Therefore, a good starting point for additional safeguards (for CDRs at the bare minimum) includes requiring prior permission from a judicial authority in the form of a warrant and a notification of the surveillance (either ex ante or post facto). This would allow a challenge to the requisition order in a court of law as violating their fundamental rights and ensure some prior judicial application of mind in the process. 

CCG’s Comments to the Department of Telecommunications on the Draft Telecommunication Bill, 2022

On 21st September 2022, the Department of Telecommunications (“DoT”) released the Draft Telecommunication Bill, 2022 for feedback and public comments. The draft is based on the consultation paper on ‘Need for a new legal framework governing Telecommunication in India’ which was published by the DoT in July 2022. The proposal aims to replace three laws: the Indian Telegraph Act, 1885, the Indian Wireless Telegraphy Act, 1933, and the Telegraph Wires (Unlawful Possession) Act, 1950.

CCG submitted its comments on the Bill, highlighting its feedback and key concerns. The comments were authored by Aishwarya Giridhar, Priyanshi Dixit, Sidharth Deb, reviewed and edited by Jhalak M. Kakkar, Shashank Mohan, Sachin Dhawan with research help from Shreenandini Mukhopadhyay and Shreya Parashar. 

CCG’s key comments on the Government of India’s proposals under the Bill are divided into 6 parts –

Exclude digital/ internet based services from telecommunication regulation

The Information Technology Act, 2000 (“IT Act”) exclusively deals with issues pertaining to the internet and digital platforms, and provides corresponding regulation and user safeguards. The Bill’s proposed inclusion of digital services within telecommunications law may create a parallel legal regime and regulatory confusion that hinders innovation and the ease of doing business. Additionally, this Bill would likely subsist in parallel to the forthcoming Digital India Act which is under development at the Ministry of Electronics and Information Technology (“MeitY”). Therefore, we propose that the telecommunication regulation in India should not include digital services as it would create dual compliances for services which will negatively impact India’s overall internet ecosystem.

Revisit the Premise of Licensing Internet Based Digital and Software Services

Telecom Service Providers (“TSPs”) require a license to operate in the market since their operations are dependent on the use of spectrum, which is a limited natural resource. It is based on this scarcity that the Government grants exclusive licenses to access and use spectrum to select service providers. The Government’s privilege in this regard emerges from spectrum scarcity and the public trust doctrines. Conversely, internet based services do not function with the same scarcities and resource requirements as TSPs. Instead, they offer their services over the internet/ telecom network infrastructure. The internet is an ecosystem of abundance and thus digital service providers need not contend with the same infrastructural scarcities as network operators. Since OTTs services do not require exclusive allocation of a scarce public resource like spectrum, imposing strict licensing requirements on them would hinder innovation, consumer choice and user accessibility.

The Bill Should Avoid One Size Fits All Regulation

The Bill in its current form deploys overbroad definitions for several terms including “telecommunication services” and “message”. This particular definition will envelope all OTT communication services, data communication services, email, and other digital platforms within a common licensing regime as all telecom services. Aside from compromising the principle of legal certainty, this overbroad definition contributes to a one size fits all regulatory approach for both carriage and content providers. Such a broad approach is antithetical to the internet’s innate characteristics and heterogeneities across its network stack. It is also inconsistent with the growing international and domestic consensus that the internet requires differential regulations which are curated to the features and contextual harms which are native to specific types of platforms and services. 

The Bill’s Interception Proposals are Overbroad and may Violate Constitutional Rights

The Bill allows the State to order the interception of messages transmitted over telecommunication services or networks in specific situations. The broad definition in the Bill allows this provision to broadly apply to all messages communicated over all digital services, which may amount to a disproportionate restriction on users’ right to privacy. Under Indian jurisprudence, measures restricting privacy must: (a) be provided by law; (b) pursue a legitimate aim and be necessary in a democratic society; (c) be proportionate to the need for the interference with the right to privacy; and (d) contain procedural safeguards to prevent against abuse. Existing provisions permitting interception must be re-examined for conformity with these standards and recent Supreme Court jurisprudence. Additionally, interception provisions in the Bill overlap with those in the IT Act and risks creating a parallel regulatory regime over digital services. 

The Bill’s ID Verification Proposals may Violate Constitutional Rights to Privacy and Free Expression

The Bill requires service providers to identify users of their services, and also requires the identity of persons sending messages over telecommunication services to be made available to the recipient. Although these measures may have sought to target cyber-fraud, they will also serve to effectively remove anonymity in online communications. Online anonymity and encrypted services can however play a key role in protecting user privacy and the right to free expression, and mandated identity verification systems can significantly restrict these rights, particularly for minorities and vulnerable populations.

Provisions relating to the Suspension of Telecommunications Services Would Restrict the Right to Free Expression

The Bill authorises the State to direct the suspension of communications transmitted or received by telecommunication networks. It allows for the suspension of ‘telecommunication services’, which would include all digital services, along with phone calls, text messaging, etc. This provision would expand the ambit of suspension powers to allow states to restrict or blacklist specific services, in addition to restricting access to the internet as a whole. The internet plays a key role in exercising fundamental rights such as free expression and education, and in accessing essential services. Wide powers to restrict access to the internet as a whole, as well as specific services can therefore significantly restrict the fundamental rights of users.

You can read CCG’s full submission to the DoT here.