Starting December 2011, WikiLeaks started publishing a series of documents title ‘The Spy Files’, which made startling revelations about the global mass surveillance industry. A set of four leaks revealed how intelligence agencies of the world have spent millions on next-generation mass surveillance technology to target the entire population.

Months after this, in 2012, an investigation conducted by a Special Investigation Team in Himachal Pradesh revealed phone-tapping during the BJP’s rule in the state. The SIT had seized 12 hard drives which contained nearly 1371 phone numbers, which were targeted and tapped. Conversations of some very prominent leaders, senior police officers, including the DGP and a journalist were being monitored and recorded.

Ever since Edward Snowden blew the whistle, exposing how United States’ National Security Agency (NSA) was doing mass surveillance on people across the world, state surveillance has attracted a lot of heat.

In India, the fight against surveillance can be traced back to the 1980s and 90s when activists opposed the illegal phone-tapping by the state, carried out under the garb of security requirement. A nationwide outcry against phone-tapping resulted in a probe by Central Bureau of Investigation, which pointed out how the Rajiv Gandhi government used to engage in constant surveillance of the Opposition, and sometimes, members of its own Cabinet. The issue was heard before the Supreme Court after a PIL was filed by the People’s Union for Civil Liberties (PUCL). In a landmark judgment in the PUCL Vs Union of India case (1996), the court held that illegal phone-tapping was a violation of the citizens’ fundamental right to privacy. The court decision also created adequate safeguards to ensure that the state’s surveillance powers were not misused.

What we have today is ubiquitous surveillance and whether we like it or not, all of us are being watched all the time. The government’s efforts to implement programs of mass surveillance could soon put us at par with the NSA in the US and British Government Communications Headquarters (GCHQ). Some of the noteworthy mass surveillance projects by the Indian government include:

1. Central Monitoring System (CMS): The CMS is the country’s ace surveillance project which aims to create a system that provides central and direct access to information without any intervention by third parties. Developed by the Centre for Development of Telematics (C-DOT), the CMS is capable of accessing all communication data (telephone calls, both mobile and landline, VoIP calls, emails, and other communication on social media). In essence, the CMS is an extension of the already existing ‘Lawful Interception and Monitoring System’ which telecom and internet service providers are required to install. The service providers are required to integrate Interception Store and Forward (ISF) servers which are connected to various Regional Monitoring Centres. What this essentially means is that the CMS has direct access to vast amounts of real-time data and metadata of users. Although much information does not exist about the program, the government apparently has been running trials in gradual phases. Going by the available information, the Indian government may have been successful in creating India’s version of PRISM program run by the NSA

2. Network Traffic Analysis (NETRA): Developed by the Centre for Artificial Intelligence and Robotics (CAIR) of the Defence Research and Development Organisation (DRDO), NETRA is a native system developed by Indian scientists and other staff. It was built with the intent of combating threats both internal and external by monitoring real-time Internet traffic. NETRA has apparently been fully functional since 2014 and is used by the Intelligence Bureau and the Research and Analysis Wing. NETRA has the capability to intercept and analyse data (including voice traffic) passing through Google, Skype, and other social networking forums. It can also track keywords from emails, tweets, Facebook status updates, comments, blogs, messages on forums, and even images shared over the Internet.

3. National Intelligence Grid (NATGRID): In view of the increasing number of terrorist activities in the country, NATGRID was proposed just after the 26/11 Mumbai attacks. It is essentially an intelligence grid that links all the stored data from different government and intelligence entities, which enables it to analyse data gathered by the linked agencies. The grid provides intelligence agencies access to data sources, including bank accounts, details regarding taxes, credit card transactions, vehicle registration, immigration and visa records among others, which are then used to decipher patterns and track suspicious activities. However, the program allegedly remains semi-functional.

4. Lawful Interception and Monitoring Project (LIM): The LIM works in a similar way to NETRA. It is a program for surveillance of Internet traffic in India, allowing the monitoring of all traffic (text and audio) passing through ISPs. The LIM’s unique capability is to conduct automated keyword searches, which allows government agencies to track data passing through servers for as long as they want, without the ISP’s knowledge. Reports have pointed out that the legal procedures for such monitoring is seldom followed, resulting in the violation of privacy of the concerned individuals.

Although there is substantial information to prove that the Indian government intends to create large-scale systems to track all of its citizens, concrete information about these programs hardly exist. As the Internet has become our primary mode of communication today, it comes as no surprise that the government has shifted its focus to the digital sphere. The question that needs to be answered is whether there are adequate legal safeguards to prevent misuse of the state’s surveillance powers.

Cyber-security expert Rakshit Tandon believes the government and other agencies like CERT-In play an active role in monitoring traffic in order to safeguard the state from cyber attacks.

However, experts believe that the idea of every byte of big data being monitored is practically impossible. Which means finding a terrorist in a country of more than a billion is like finding a needle in a haystack. Hence the probability of us being charged for an offence, not committed by us is definitely true.

The question here is whether there are adequate legal safeguards to prevent misuse of the state's surveillance powers so that they do not violate privacy, which is at the heart of all communication online.

While surveillance is one of the most effective ways to combat terrorism, it should not come at the cost of individual privacy. The existing laws are outdated and weak, there is no privacy law in India to protect us from privacy infringement or other human rights violation, and within this atmosphere, we have programs like the CMS, without any effective legal backing. Amidst the vagueness that revolves around surveillance in India, the only thing that appears to be crystal clear is the fact that we are giving out large chunks of data in the hope that we are being protected from threats, internal and external. Let’s do something more than just hoping that the privacy trade-off is worth it.