While Europe is aghast over new revelations about National Security Agency (NSA) snooping, reports indicate India is setting up a broad surveillance program with no independent oversight — and it will operate under a law that dates back to the colonial era. But other countries, including the U.S., are similarly using analog legal frameworks to govern digital surveillance systems.
The world’s largest democracy is moving forward with plans to implement a program called the Central Monitoring System (CMS) which will eventually allow security agencies and even tax officials to intercept any emails and phone calls within the country without oversight by the judicial system or elected officials. The program, which was first announced in 2011, means that Indian citizens and visitors to the country will essentially have no assurances about the privacy of their in-country communications from government surveillance.
Questions about the specifics of the program have gone unanswered because officials say making the details public would limit its effectiveness — a narrative anyone following the NSA leaks will think sounds familiar. It appears the system will function similarly to the NSA’s PRISM content snooping program, in that there will be interception data servers on the premises of private telecommunications firms, but the Indian program will have fewer privacy safeguards than PRISM.
Even before this program, India engaged in a significant amount of digital surveillance, sending the highest number of requests to Google for user data in the world after the United States in 2012. But government officials speaking to Reuters said security agencies will no longer need to receive a court order or to ask communication providers to give them data under CMS.
While India has no formal privacy law, the program will function under the Indian Telegraph Act — a law giving the government broad authority to monitor private conversations that was created by British colonial authorities in 1885, long before the internet was a gleam in Tim Berners-Lee’s eye. But India isn’t alone in using laws from bygone eras to justify modern day surveillance operations.
In 1979, the Supreme Court held in Smith v. Maryland that the identity of the phone numbers Americans dial do not enjoy protection under the Fourth Amendment. But this decision arose in an era when the kind of massive databases of who-calls-who that make up the backbone of the NSA’s surveillance program were technologically impossible to construct.
Since the proliferation of mass telecommunications networks including mobile phones and the internet, people’s relationship with technology has changed drastically, as has the amount of information that can be siphoned out of those systems — and government’s ability to store and process it. Every website visited or phone call made comes with metadata that can be reconstructed to paint a very specific portrait of real world actions and relationships.
The American government now relies on Smith to justify large collections of metadata, but the justices who decided that case could not have conceived of the type of data retention and analysis that is possible today. In the thirty plus years since Smith, the legal framework for government access to data has stayed the same as the technological capabilities enabling the discovery of patterns and relationships from this data have evolved dramatically.
There’s nearly a century between 1885 and 1979, but just as it seems ridiculous to use a law from a repressive colonial regime to justify a broad surveillance program, it shows a similar misunderstanding of current technology to apply a court ruling from thirty years ago to data with fundamentally different applications today.