Internal Security·Explained

Legal Framework for Surveillance — Explained

Constitution VerifiedUPSC Verified

Version 1Updated 7 Mar 2026

Explore This Topic

Definition Detailed Explanation Legal Precedents Security Framework Legal Reforms UPSC Importance Prelims Strategy Mains Strategy Prelims MCQs Mains Questions MCQ Practice Predicted 2026 Revision Notes Current Affairs

Detailed Explanation

The legal framework for surveillance in India is a critical component of its internal security architecture, designed to empower the state to protect national interests while theoretically safeguarding individual liberties.

This framework, however, is a mosaic of colonial-era laws, modern digital statutes, and a robust body of judicial pronouncements, constantly evolving in response to technological advancements and constitutional interpretations.

From a UPSC perspective, the critical constitutional tension emerges between the state's imperative for national security and public order, and the individual's fundamental right to privacy, as articulated under Article 21 of the Constitution.

Origin and Evolution of Surveillance Laws in India

Surveillance powers in India trace their roots back to the colonial era, primarily through the Indian Telegraph Act, 1885. This Act, originally designed to regulate telegraphic communication, became the primary legal instrument for intercepting private communications.

Post-independence, the same framework continued, with Section 5 of the Telegraph Act allowing for interception in cases of 'public emergency' or 'public safety,' or in the interest of national sovereignty, integrity, security, friendly relations, or public order.

The advent of the internet and mobile telephony in the late 20th century rendered the Telegraph Act increasingly inadequate for digital surveillance. This led to the enactment of the Information Technology Act, 2000, which specifically addressed electronic communications and data.

Constitutional and Legal Basis for Surveillance

1. Article 21: The Right to Life and Personal Liberty

At the heart of the debate on surveillance lies Article 21 of the Indian Constitution, which states, 'No person shall be deprived of his life or personal liberty except according to procedure established by law.

' The Supreme Court, through various judgments, has expanded the ambit of Article 21 to include the 'right to privacy.' This evolution culminated in the landmark K.S. Puttaswamy vs Union of India (2017) judgment, which unequivocally declared privacy a fundamental right.

This judgment established a stringent 'proportionality test' for any state action infringing on privacy, including surveillance. The test requires: (a) a legitimate aim, (b) suitability of the measure to achieve the aim, (c) necessity (no less intrusive alternative), and (d) proportionality (balancing the infringement with the public interest).

This judgment fundamentally reshaped the constitutional landscape for surveillance, moving from a more permissive approach to one demanding strict constitutional scrutiny. This forms the bedrock of the "constitutional right to privacy framework" .

2. Indian Telegraph Act, 1885 (Section 5)

Section 5(2) of the Telegraph Act empowers the Central or State Government, or an officer specially authorized, to intercept messages on the occurrence of a 'public emergency' or in the interest of 'public safety,' or for reasons related to national security, sovereignty, public order, or preventing incitement to an offence.

The key conditions are: (a) 'public emergency' or 'public safety' must exist, (b) reasons must be recorded in writing, and (c) the order must be issued by a competent authority. The rules framed under this Act, particularly Rule 419A of the Indian Telegraph (Amendment) Rules, 2007, specify the procedural safeguards, including authorization by the Union Home Secretary or State Home Secretary, and a review committee to oversee such orders.

This governs "communication interception procedures under Telegraph Act".

3. Information Technology Act, 2000 (Section 69)

Section 69 of the IT Act, 2000 (as amended in 2008), grants powers to the Central or State Government or their agencies to intercept, monitor, or decrypt any information generated, transmitted, received, or stored in any computer resource.

This power can be exercised in the interest of India's sovereignty, integrity, defence, security of the State, friendly relations with foreign states, public order, or for preventing incitement to a cognizable offence, or for investigation of any offence.

Unlike the Telegraph Act, Section 69 specifically addresses digital surveillance, including data interception and decryption. The procedural safeguards are outlined in the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, which mirror those under the Telegraph Act, requiring authorization by the Union Home Secretary and review by a committee.

This is a crucial part of the "cyber security legal framework implementation" .

4. Prevention of Money Laundering Act (PMLA), 2002

The PMLA empowers authorities like the Enforcement Directorate (ED) to conduct investigations, including accessing financial records, bank accounts, and other related data, often without prior judicial warrants in the initial stages of investigation.

While not direct 'interception' in the traditional sense, these powers constitute a significant form of financial surveillance, crucial for combating economic crimes and terror financing. The Act allows for summons, searches, and seizures based on 'reason to believe' that a person possesses proceeds of crime.

This forms a key part of "financial intelligence gathering under PMLA" .

5. Indian Evidence Act, 1872

While not directly granting surveillance powers, the Indian Evidence Act, 1872, governs the admissibility of evidence obtained through surveillance. Sections 65A and 65B deal with the admissibility of electronic records.

For intercepted communications or digital data to be admissible in court, strict compliance with the procedural requirements of the IT Act and Telegraph Act, along with the conditions specified in Section 65B, is crucial.

Non-compliance can render the evidence inadmissible, as seen in cases like Anvar P.V. vs P.K. Basheer (2014).

Practical Functioning and Safeguards

The operationalization of surveillance powers involves a multi-layered process. For interception under the Telegraph Act and IT Act, the request typically originates from a law enforcement agency (e.g.

, police, intelligence bureau). This request must be justified with specific reasons and then approved by a designated 'competent authority,' which is the Union Home Secretary for central agencies and the State Home Secretary for state agencies.

The order specifies the target, the type of communication, and the duration (usually not exceeding 60 days, extendable up to 180 days). A review committee, comprising senior bureaucrats, periodically reviews these orders to ensure compliance with legal provisions and necessity.

This system is intended to provide a check on executive power, though its effectiveness is often debated. This highlights the need for robust "judicial oversight mechanisms for surveillance" .

Criticism and Challenges

Despite the legal framework and safeguards, the surveillance regime in India faces significant criticism:

Lack of Transparency: — The process of authorization and review is largely opaque, with orders not being publicly disclosed. This makes it difficult to ascertain the scale and scope of surveillance.

Inadequate Oversight: — Critics argue that the executive-led review committees lack the independence and judicial authority to effectively scrutinize surveillance orders. The absence of mandatory judicial warrants, unlike many Western democracies, is a major concern.

Technological Gap: — Laws often lag behind technological advancements, leading to ambiguities in regulating new forms of digital surveillance, such as facial recognition, drone surveillance, and sophisticated data analytics.

Potential for Abuse: — The broad wording of 'national security' and 'public order' can be misused, leading to surveillance of political dissidents, journalists, or activists, raising concerns about "fundamental rights limitations" .

Metadata Collection: — While direct content interception has safeguards, the collection and analysis of metadata (who called whom, when, for how long, location data) often falls into a legal grey area, despite its immense potential for profiling.

Recent Developments and Policy Implications

Personal Data Protection Bill (now DPDP Act, 2023): — The enactment of the Digital Personal Data Protection Act, 2023, is a significant development. While it aims to protect individual data, it includes broad exemptions for government agencies in the interest of national security, public order, and prevention of crime. This raises concerns about how the 'necessity' and 'proportionality' principles established in Puttaswamy will be applied to these exemptions, particularly concerning government surveillance. The Act mandates data fiduciaries to process data lawfully and fairly but carves out significant space for state access. This will be crucial for the "digital governance legal framework" .

CERT-In Directions (2022): — The Indian Computer Emergency Response Team (CERT-In) issued directions mandating VPN providers, data centers, and cloud service providers to store user data for extended periods and report cyber incidents within six hours. While aimed at enhancing cyber security, these directions have been criticized for potentially facilitating mass surveillance and infringing on privacy, leading some VPN providers to exit India.

Pegasus Controversy (2021-2022): — Allegations of the use of Pegasus spyware against journalists, activists, and opposition leaders sparked a national debate on the legality and ethics of state-sponsored digital surveillance. The Supreme Court constituted an expert committee to investigate the matter, highlighting the urgent need for a robust and transparent legal framework for "digital surveillance constitutional challenges".

Vyyuha Analysis: Constitutional Evolution and the Puttaswamy Paradigm

Vyyuha's analysis reveals that the legal framework for surveillance in India has undergone a profound constitutional evolution. Prior to the K.S. Puttaswamy judgment in 2017, the state's power to surveil, primarily under the Telegraph Act, operated with a more permissive understanding of privacy.

While the PUCL judgment (1997) introduced some procedural safeguards, the fundamental right to privacy itself was not explicitly recognized as inherent to Article 21. This meant that surveillance laws, while requiring 'procedure established by law,' faced less stringent constitutional scrutiny.

The executive's discretion, though subject to review committees, was largely unchallenged on fundamental rights grounds. The Puttaswamy judgment marked a paradigm shift. By declaring privacy a fundamental right, it elevated the constitutional bar for any state intrusion.

Now, any surveillance law or action must not only have a 'procedure established by law' but also satisfy the 'proportionality test.' This means surveillance must be for a legitimate state aim, necessary, proportionate, and have procedural safeguards, including potentially judicial oversight.

This shift demands greater accountability, transparency, and a re-evaluation of existing surveillance practices against stricter constitutional standards. The pre-2017 approach, often criticized for its opacity and potential for abuse, has been replaced by a framework that, at least in theory, places individual privacy on a much stronger constitutional footing, compelling the state to justify its actions more rigorously.

Inter-Topic Connections (Vyyuha Connect)

Constitutional Governance (Separation of Powers): — The surveillance framework highlights the delicate balance of powers. While the executive (Home Ministry) authorizes surveillance, the judiciary (Supreme Court) sets constitutional limits and reviews the legality of such actions. The demand for judicial warrants reflects a desire to strengthen the separation of powers in surveillance authorization.

Federal Structure (Centre-State Coordination): — Both Central and State governments possess surveillance powers. Effective coordination and clear demarcation of authority are crucial to prevent overlapping jurisdiction or gaps, especially in cross-border or inter-state investigations. The "intelligence agencies legal framework" also plays a role here.

Judicial Activism (Supreme Court's Expanding Privacy Jurisprudence): — The Supreme Court, particularly through judgments like Puttaswamy and Anuradha Bhasin, has actively expanded the scope of fundamental rights, especially privacy, compelling the executive to reform its surveillance practices. This demonstrates judicial activism in protecting civil liberties.

International Relations (Surveillance Cooperation and Diplomatic Implications): — India engages in intelligence sharing and surveillance cooperation with other nations. However, allegations of state-sponsored surveillance (e.g., Pegasus) can have significant diplomatic repercussions and raise questions about adherence to international human rights norms.