From UPSC perspective, the following things are important :
Prelims level : Not much.
Mains level : Paper 2- Breach of privacy in sharing of call record data of citizens.
In bypassing established protocol to seek call details of citizens en masse, the government violates SC guidelines.
What is the issue?
- Departure from stringent protocol: The Cellular Operators Association of India has reported mass requests from the government for mobile call detail records (CDRs).
- Which is a serious departure from the stringent protocol established by the UPA government following an uproar in 2013 after prominent politicians were found to be under unauthorised surveillance.
- Records of all customers: Records have been sought for all consumers on certain dates in parts of Delhi, Andhra Pradesh, Haryana, Himachal Pradesh, Jammu & Kashmir, Kerala, Odisha, Madhya Pradesh and Punjab.
- In the case of Delhi, records were sought for the last three days of campaigning before assembly elections, while the anti-CAA protests were at their peak.
- How the data was requested? Requests were delivered by local offices of the Department of Telecommunications, taking advantage of a condition in licences granted to operators, which permits the DoT to inspect their CDRs, which go back one year.
Breach of many requirements and norms
- A serious breach of privacy: These requests depart from established protocol and international expectations on multiple counts, and amount to a serious breach of privacy.
- What is the protocol for requesting CDR information? A CDR request is supposed to be sanctioned by the home secretary and handled by a police officer of the rank of SP or above,
- But in this case DoT offices were used.
- The requirement of informing magistrate was not fulfilled: The requirement to report CDR requests on a monthly basis to the district magistrate was not complied with.
- No reason was offered: Most importantly, no reason was offered for snooping on the traffic of citizens.
- Surveillance must be specific and purposive: It is generally understood that communications surveillance must be specific and purposive, and must not trespass on the privacy of the innocent.
- Invasion of privacy of all citizens: Indiscriminate mass surveillance of communications invades the privacy of all citizens to the detriment of public trust. In this case, it was for purposes which are not verifiably honourable, since the government has chosen not to reveal them.
Why the CDR data matters if it is metadata only?
- Combining CDR with other data gives more information: CDRs are all metadata and no content. They do not reveal any words uttered or messaged.
- But combining the metadata with phone location data reveals a lot about connections between specific people and the actions that they take.
- Multi-dimensional map of human activity: If data is available at scale, as was the case here, it is possible to build a multi-dimensional map of human activity, and correlate it with real events.
- This would disturb the balance of information power between the citizen and the state, and amount to a breach of privacy.
If the government needs CDR data for a legitimate purpose, it should have no objection to following the rule-book scrupulously. And if there is a reason for sidestepping protocol in a sensitive matter, it should explain why.