India authorizes 10 agencies to intercept, monitor, and decrypt citizens' data

Order sparks outrage in India with citizens, privacy advocates, and political opponents accusing the government of trying to establish a "surveillance state."

India's oldest bank hit by cyberheist An in-depth look into the incident reveals how the 112-year-old bank may have been swindled out of $13.5 million.

On Thursday, the Indian government gave ten agencies the legal authority "to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer."

The order, approved on December 20 by the Indian Ministry of Home Affairs, is an expansion of India's IT Act of 2000 and effectively gives the Indian government the legal power to snoop on all its citizens' Internet traffic, and the authority to request access to any encrypted information.

Individuals and entities who don't comply with requests to intercept, monitor, or access citizens' data face up to seven years in prison or a fine.

The ten agencies authorized to intercept or request access to user data under the new order are:

  • the Intelligence Bureau
  • the Narcotics Control Bureau
  • the Enforcement Directorate
  • the Central Board of Direct Taxes
  • the Directorate of Revenue Intelligence
  • the Central Bureau of Investigation
  • the National Investigation Agency
  • the Cabinet Secretariat (R&AW)
  • the Commissioner of Delhi Police, and
  • the Directorate of Signal Intelligence (for service areas of Jammu & Kashmir, North-East, and Assam only)

The order sparked outrage in India, among citizens, privacy watchdogs, and opposing political parties, who called it a stepping stone towards an Indian surveillance state.

The same rhetoric heard in all countries where similar surveillance laws exist, or governments tried passing a surveillance law, were also heard from the Delhi government today.

Government officials argued that the order expanding India's IT Act was needed for national security, to maintain public order, and to deal with foreign government interventions.

To calm some of the rumors swirling online, the Ministry of Home Affairs also issued a clarification today, explaining that any interception, monitoring, or data decryption will be "done as per due process of law" with approval from the Union Home Secretary. The ministry also said that adequate safeguards against abuse exist under both the IT and Telegraph Acts.

"Every individual case will continue to require prior approval of Home ministry or state government," the government said. "MHA has not delegated its powers to any law enforcement or security agency."

The order is expected to be challenged in court as unconstitutional.

More cybersecurity coverage: