The Department of Telecommunications (“DOT”) has notified the Telecommunications (Procedures and Safeguards for Lawful Interception of Messages) Rules 2024 (“Interception Rules”) vide its notification dated December 6, 2024, replacing the extant Indian Telegraph Rules 1951. The DOT had previously published the draft Interception Rules on August 28, 2024, for public consultation and has subsequently amended the draft Interception Rules following the public consultation.
Notably the DOT has introduced modifications to key provisions within the draft Interception Rules, including provisions on (i) the authority qualified to issue interception orders; (ii) the threshold for issuance of an interception order; (iii) the form of the interception order; and (iv) the destruction of interception records.
The Authority Qualified to Issue Interception Orders
Under the Interception Rules, the Central Government is empowered to specify the authorities competent to issue an interception order (“Competent Authority”) and such Competent Authority may authorize an officer not below the rank of joint secretary to the Central Government for the authorization of interception orders.
The Interception Rules also provide that where the issuance of an interception order by an officer not below the rank of joint secretary is not feasible, the interception order may be issued by the head or the second senior most officer of the authorized agency at the central level, and the head or the second senior most officer of the authorized agency, not below the rank of inspector general, at the state level.
It is pertinent to note that the draft Interception Rules did not create such distinction between the officers competent to issue interception orders at the central and the state level (“Competent Officers”), and unambiguously provided that only an officer not below the rank of inspector general of an authorized agency could issue interception orders. The Interception Rules distinguish between the Competent Officers at the central and the state level, only providing for the rank/seniority of Competent Officers at the state level and leaving the rank/seniority of Competent Officers at the central level ambiguous.
Threshold for the Issuance of Interception Orders
The Interception Rules provide for a threshold of ‘necessity’ that must be met before an interception order may be issued by Competent Authority / Competent Officer. Regarding this threshold, the draft Interception Rules provided that no interception order could be made “unless the authority issuing such order has considered and determined that it would not be possible to acquire the necessary information by any other reasonable means.” Notably, the Interception Rules restate the clause while omitting the word ‘determined’, thereby substantially reducing the threshold for the valid issuance of interception orders.
As per the Interception Rules, the Competent Authority is no longer required to make the determination of impossibility of acquisition of the requisite information through alternative and less intrusive means, but is merely required to consider such possibility. The omission of the requirement of determining the possibility of alternative means may allow the use of interception as a frequent resort rather than an occurrence in the rarest circumstances.
Form of the Interception Order
On the other hand, in a welcome move, the Interception Rules require more transparency in the issuance of interception orders than previously contemplated under the draft Interception Rules. Under the draft Interception Rules, an interception order was required to only specify the details of the Competent Authority issuing the interception order, leaving the name/designation of the officer issuing the interception order concealed. The Interception Rules further provide that the interception orders must also contain the details of the designation of the officer issuing the interception order, thereby creating more transparency within the process of issuing the interception order.
The Destruction of Interception Records
The Interception Rules provide that the records of interception are to be maintained in ‘confidentiality and extreme secrecy’ and are to be destroyed in extreme secrecy by the Competent Authorities (i) every 6 (six) months; and (ii) within 2 (two) months of discontinuation of the interception order. While the obligation to destroy the interception records remains the same as the draft Interception Rules, the Interception Rules also add an obligation to maintain the confidentiality and secrecy of the interception records. Nevertheless, the statutorily mandated deletion of all records of interception by the Competent Authorities may threaten the transparency of the process of interception contemplated within the Interception Rules and the right to privacy of individuals. Such deletion of records of interception could place the interception of private information by the Competent Authorities beyond the scope of public scrutiny by mechanisms such as the RTI, allowing the Competent Authorities to operate without accountability.
Conclusion
The Interception Rules form the legal framework for the lawful interception of communications between citizens of India. While an update of the previous Indian Telegraph Rules, 1951 is welcome and necessary, the Interception Rules may fail to strike the required balance between respect for individuals’ right to privacy and national security considerations. The Interception Rules’ lowered threshold for the issue of interception orders, ambiguity regarding the rank of Competent Officers at the central level, provisions for record destruction, and no explicit obligation for the respect of individuals’ privacy rights raise legitimate concerns regarding transparency and accountability, which a legal framework on the interception of individuals’ personal communications should maintain.