Internal Security·Revision Notes

Legal Framework for Surveillance — Revision Notes

Constitution VerifiedUPSC Verified

Version 1Updated 7 Mar 2026

Explore This Topic

Definition Detailed Explanation Legal Precedents Security Framework Legal Reforms UPSC Importance Prelims Strategy Mains Strategy Prelims MCQs Mains Questions MCQ Practice Predicted 2026 Revision Notes Current Affairs

⚡ 30-Second Revision

Telegraph Act, 1885 (S.5): — Interception of telephonic communication.

IT Act, 2000 (S.69): — Interception, monitoring, decryption of digital info.

Article 21: — Right to Life & Personal Liberty, includes Right to Privacy (Puttaswamy).

K.S. Puttaswamy (2017): — Privacy = Fundamental Right. Established 'Proportionality Test'.

PUCL (1997): — Procedural safeguards for telephone tapping (Home Secy authorization, review committee).

Authorizing Authority: — Union/State Home Secretary.

Review Committee: — Executive-led, post-facto review.

Proportionality Test: — Legality, Legitimate Aim, Necessity, Proportionality.

DPDP Act, 2023: — New data protection law, but with broad govt exemptions for surveillance.

Metadata: — Data about data, less regulated than content, high privacy risk.

PMLA: — Financial intelligence gathering by ED.

2-Minute Revision

India's surveillance legal framework is a blend of old and new laws, constantly shaped by judicial pronouncements. The Indian Telegraph Act, 1885 (Section 5), governs traditional communication interception, while the Information Technology Act, 2000 (Section 69), covers digital surveillance.

Both empower the government to intercept for national security and public order, with authorization from the Union or State Home Secretary and review by executive committees. The constitutional bedrock is Article 21, which, post-K.

S. Puttaswamy judgment (2017), includes the fundamental Right to Privacy. This judgment mandated a 'proportionality test' for any state action infringing on privacy, requiring it to be lawful, for a legitimate aim, necessary, and proportionate.

Despite these safeguards, concerns persist regarding transparency, the adequacy of executive oversight, and the challenge of regulating rapidly evolving digital surveillance technologies like metadata collection.

Recent developments like the Digital Personal Data Protection Act, 2023, introduce new complexities with broad government exemptions, keeping the debate on balancing security and privacy highly relevant.

5-Minute Revision

The legal framework for surveillance in India is a dynamic and often contentious area, balancing the state's security imperatives with individual fundamental rights. It is primarily governed by two key statutes: the Indian Telegraph Act, 1885 (Section 5), which allows for the interception of telephonic communications, and the Information Technology Act, 2000 (Section 69), which empowers the government to intercept, monitor, or decrypt digital information from computer resources.

Both acts permit surveillance on grounds of national security, public order, and preventing serious offences. The authorization for such orders rests with high-ranking executive officials, typically the Union Home Secretary or State Home Secretary, and these orders are subject to review by executive-led committees, as mandated by the PUCL vs Union of India (1997) judgment.

However, the overarching constitutional framework is provided by Article 21, which guarantees the 'Right to Life and Personal Liberty.' The landmark K.S. Puttaswamy vs Union of India (2017) judgment unequivocally declared the 'Right to Privacy' as a fundamental right under Article 21.

This judgment introduced the 'proportionality test', a stringent four-part criteria (legality, legitimate state aim, necessity, and proportionality) that any state action infringing on privacy, including surveillance, must satisfy.

This significantly raised the constitutional bar for surveillance activities.

Beyond these, the Prevention of Money Laundering Act (PMLA), 2002, facilitates financial intelligence gathering, a form of surveillance by agencies like the Enforcement Directorate. The Indian Evidence Act, 1872, governs the admissibility of intercepted evidence.

Despite these provisions, challenges persist: lack of transparency in the authorization process, inadequate oversight due to executive-led review committees (absence of mandatory prior judicial warrants), broad 'national security' exceptions, and the difficulty of laws keeping pace with technological advancements (e.

g., metadata collection, AI-driven surveillance). Recent developments, such as the Digital Personal Data Protection Act, 2023, while aiming for data protection, include broad exemptions for government agencies, raising further concerns about the balance between privacy and state access.

The Pegasus controversy highlighted the potential for misuse of advanced digital surveillance tools. The ongoing debate emphasizes the critical need for a comprehensive, modern, and constitutionally compliant surveillance law with robust independent oversight.

Prelims Revision Notes

Key Acts & Sections:

* Indian Telegraph Act, 1885: Section 5(2) - Interception of messages (telephonic). * Information Technology Act, 2000: Section 69 - Interception, monitoring, decryption of digital information from computer resources. * Prevention of Money Laundering Act (PMLA), 2002: Financial intelligence gathering.

Constitutional Basis:

* Article 21: Right to Life and Personal Liberty, interpreted to include Right to Privacy.

Landmark Judgments:

* K.S. Puttaswamy vs Union of India (2017): Declared Right to Privacy as a fundamental right under Article 21. Established the 'Proportionality Test' (Legality, Legitimate Aim, Necessity, Proportionality) for state actions infringing on privacy.

* People's Union for Civil Liberties (PUCL) vs Union of India (1997): Laid down procedural safeguards for telephone tapping (e.g., Home Secretary authorization, review committee). * Anuradha Bhasin vs Union of India (2020): Internet access as a fundamental right, restrictions must be temporary, necessary, proportionate.

Authorizing Authority: — Union Home Secretary (for Central Govt.) / State Home Secretary (for State Govt.).

Review Committee: — Executive-led, reviews interception orders post-facto.

Duration of Orders: — Typically 60 days, extendable up to 180 days.

Metadata: — Data about communication (not content). Less regulated, significant privacy implications.

Recent Developments:

* Digital Personal Data Protection Act, 2023: Contains broad exemptions for government agencies from its provisions for national security, public order, etc. * CERT-In Directions (2022): Mandates data retention for VPNs, data centers; raises privacy concerns. * Pegasus Controversy: Allegations of state-sponsored spyware use, highlighting digital surveillance challenges.

Mains Revision Notes

Core Conflict: — National Security vs. Right to Privacy (Article 21). This is the central analytical lens.

Legal Framework Analysis:

* Telegraph Act & IT Act: Understand their specific scopes (voice vs. digital), grounds for surveillance, and procedural safeguards (authorization, review committees). Critically evaluate their adequacy in the digital age. * PMLA: Role in financial surveillance, its powers, and checks.

Constitutional Scrutiny (Puttaswamy):

* Right to Privacy: Explain its fundamental nature and implications for state power. * Proportionality Test: Apply its four components (legality, legitimate aim, necessity, proportionality) to analyze the constitutional validity of surveillance actions. This is crucial for critical examination.

Challenges & Concerns:

* Transparency & Oversight: Lack of public disclosure, executive-dominated review (vs. demand for judicial warrants), potential for abuse. * Technological Lag: Laws struggling to regulate emerging technologies (AI, facial recognition, metadata collection, bulk data analysis).

* Broad Exemptions: Vague 'national security' clauses, especially in new laws like DPDP Act, and their potential for misuse. * Accountability: Mechanisms for redressal and accountability for unauthorized surveillance.

Recent Developments & Reforms:

* DPDP Act, 2023: Analyze its impact on government surveillance, particularly the exemptions. Discuss whether it strengthens or weakens privacy. * Need for Comprehensive Law: Argument for a unified, modern surveillance law with robust independent oversight. * International Best Practices: Reference models like the UK's Investigatory Powers Act or US FISA courts for comparative analysis.

Vyyuha Connect: — Link to broader themes like separation of powers, judicial activism, federalism, and digital governance. Emphasize a balanced, reform-oriented conclusion.

Vyyuha Quick Recall

To remember the key principles and safeguards for lawful surveillance, use the mnemonic LEGAL WATCH:

Lawful authority: Must be authorized by a competent legal authority (e.g., Home Secretary).

Exceptional circumstances: Only for specific, grave reasons (national security, public order, etc.).

Government notification: Orders must be in writing and recorded.

Article 21 compliance: Must respect the fundamental Right to Privacy and satisfy the proportionality test.

Limited duration: Orders are for a specific, limited period (e.g., 60 days).

Written authorization: No verbal orders; proper documentation is mandatory.

Appeal mechanisms: Provisions for review or challenge of surveillance orders.

Transparency safeguards: Though limited, some level of accountability through review committees.

Constitutional review: Subject to judicial scrutiny by higher courts.

Home Ministry oversight: Central role of the Home Ministry in authorizing and reviewing.