I am glad that the Draft Encryption Policy was circulated for public scrutiny recently, especially in the manner in which it was drafted. Ironic indeed that one of the most popular encryption programs is called PGP, for “Pretty Good Privacy”, which indicates the very purpose of encryption. It just strengthened the argument for privacy, as a fundamental right. If that seems contrarian, let me elaborate.
Reasonable expectation of privacy
Indians have taken privacy for granted except for the aberration of our friendly neighborhood maamis (or “aunties”) exercising their inherent right to pry into our lives. Indians have had reasonable cause to assume that the right to waive such privacy lay solely in their hands – for reality shows, real life public dramas or on Social Media.
There has been no justification to assume otherwise. Our Supreme Court said privacy was a fundamental right vested in us under the Constitution – from the minority view in Kharak Singh (1963), which is under review now, and thereafter in several judgments including in Gobind Vs. State, PUCL Vs. Union of India and in Auto Shankar’s case (R.Rajagopal Vs. UoI).
That’s not all. Our leaders claimed violation of their fundamental right of privacy every time they alleged phone tapping by the government in power (Amit Shah Vs. UoI). Our industry heads claimed this when embarrassing conversations were leaked on public domains (eg. the Niira Radia Tapes), and of course the International Bill of Human Rights emphatically confirmed that our right to privacy extended not only to our family and home but also to our correspondence.
Today, our reasonable expectation of privacy is being threatened not just through a challenge before the Supreme Court, based on two almost forgotten judgments – M. P. Singh Vs. Satish Chandra (1954) and Kharak Singh (1963) – which ruled till now, but also through the Draft Encryption Policy. One did not expect the government to show such unmitigated earnestness to delve deep into personal conversations and correspondences, as much as it did through the Draft Encryption Policy, an addendum exempting Social Media, notwithstanding.
In the name of security
Social contract theory suggests that Man entered into a social contract to form a State for his own protection. This theory has now been turned on its head whereby the primary duty of the state to protect the individual has been turned into the primary right of the state to take away all freedoms in the name of such security.
Our hopes for protecting our “right to be let alone”, as succinctly put by Justice Brandeis in his minority dissension in Olmstead Vs. US, as a fundamental right, now rest with the Supreme Court. Meanwhile, policy documents like the Draft Encryption Policy keep the public alert to the need for protecting our rights, including to privacy. This policy espoused lofty visions of protecting confidentiality of information in cyberspace and use of encryption to protect privacy and then went on to burst the bubble through unenforceable provisions for the handing over of encrypted information to law enforcement agencies, as and when called upon by them, apparently in the name of security. It relied on S.84A of the Information Technology Act, 2000 (as amended), even though the said provision only enables the Central government to prescribe rules for “secure use” of electronic medium and promotion of e-governance, e-commerce, through encryption and not to decrypt encrypted information or to give unfettered rights to enforcement authorities, who in any event do not think there are any restrictions to their powers.
It’s fundamental, my dear Indians
To paraphrase the Bombay High Court, recognition of various fundamental rights did not come easily. They were forged on the anvil of many a battle and cannot be surrendered cheaply.
From 1954, when privacy was considered a strained construction of constitutional provisions (M.P.Singh Vs. Satish Chandra) to a minority view in Kharak Singh’s case in 1963, reading privacy into Article 21 and consequently protecting it as a fundamental right, has come a full circle in the Aadhar case (Justice K. S. Puttaswamy Vs. UoI), wherein the Supreme Court has opened the debate wide on whether privacy is a fundamental right. Technically, the Supreme Court’s decision to refer the issue to a larger bench may be correct. However, opening this issue up lends fear to the fact that the hard earned victory of including privacy as a fundamental right, may face reversals.
Need for constitutional guarantee
Individual privacy has gained impetus, especially when it comes to cyberspace, through its inclusion in the IT Act in 2008. The privacy provisions under the IT Act, however, only protect against dissemination of Sensitive Personal Information through criminal prosecutions and Personal Information through civil action. In addition, capturing, publishing or transmitting images of the private parts of individuals without their consent is a punishable offence. Apart from this, punishment for publishing or transmission of pornographic content could also be squeezed into the privacy slot.
The above provisions are however at best supplementary for protecting privacy and cannot by any stretch of imagination be construed to be sufficient to replace a constitutional right.
Interestingly, the government stand of privacy not being a fundamental right comes in the wake of the 2014 draft of the Privacy Bill, which has specifically incorporated a provision recognising the Right to Privacy as part of Article 21 of the Constitution.
Privacy is not just about your right to treat your home as your castle or to keep physical or virtual prying eyes away from family and home. It is about a reasonable expectation not only to be left alone but to protection of all attendant rights, including against domiciliary visits by police; search and seizure without following due process; confidentiality and privacy of communications without interception; right against surveillance; protection of personal details including photographs, DNA samples and fingerprints from public scrutiny; confidentiality of health information and personal preferences; and confidentiality and due process in dissemination of personal data, including those submitted voluntarily.
Even assuming privacy legislation is enacted, it would not be as sacrosanct or inviolable as a constitutional right. Further, even if the Privacy Bill of 2014, which seems to be a heavily guarded secret, sees the light of day, special enactments (like the Maharashtra Control of Organised Crime Act) will overrule the general privacy laws, leaving individuals with limited to non-existent protection, in case of abuse.
Protecting our castles
At least one of the two earlier judgments, which Supreme Court recently referred for a decision by a larger bench, relies substantially on the majority judgment in Olmstead. It is the minority view in that very same judgment (Kharak Singh), which was relied on by subsequent judgments of the Supreme Court. The rule of stare decisis mandates that today’s court will stand by yesterday’s judgments. The dilemma before the Supreme Court will probably be, which of the two sets of judgments, would then fall within the stare decisis rule. For this, it may be kept in mind that the US courts also moved away form the Olmstead Rule in Griswold v. Connecticut in 1965 itself, just as our own Supreme Court moved to a categorical assertion that privacy was a fundamental right in Gobind Vs. State.
As observed by the Bombay High Court in NSEI Vs. Moneywise Media (2015), our freedoms have come at a price. Some of the cases, decided based on such assertion of privacy as a fundamental right, range from holding illegal surveillance or domiciliary visits by police as violations; recognition of prisoner’s rights; phone interceptions as invalid; narco-analysis tests being in violation of privacy of the most intimate portion of a human – his mind; and significantly cases which hit closer to home – eg. in Neeru Mathur Vs. LIC, where it was held that asking for a woman’s menstrual cycle was a gross violation of privacy. These cases show that categorisation of privacy as a fundamental right is not just semantics but a basic or essential right. Hence, surrendering this right or allowing its dilution will definitely be at our peril.
The writer is a Mumbai-based lawyer