Every month nearly 9,000 phone numbers in India are being put under surveillance by the central government, a reply from the Union home ministry has revealed.
This adds up to more than one lakh phone numbers being put under surveillance every year, according to a report (
) prepared by New Delhi-based NGO Software Freedom Law Centre, India (sflc.in).
Mishi Choudhary, the organisation’s India director, released the report at the Internet Governance Forum meet in Istanbul, Turkey, on Wednesday.
The report has compiled information based on interviews and RTI applications to piece together the surveillance regime in India.
“On an average between 7,500 and 9,000 orders for interception of phones are issued by the central government per month,” Rakesh Mittal, director, internal security in the union home ministry stated in his reply to an RTI application from sflc.in.
All these orders are issued by the Union home secretary, according to Mittal’s reply.
The sflc.in report also reveals the government’s ongoing efforts to put internet-based communications under surveillance.
The report focuses on NETRA, an internet surveillance system created by the DRDO laboratory, Centre for Artificial Intelligence and Robotics (CAIR), which will be used to monitor emails, chats and other internet-based communication methods.
NETRA will be installed at the level of the internet service provider at “more than 1,000 locations across India, each with a capacity of 300 GB (Gigabytes). So a total of 300 TB (Terabytes)” will be created to monitor internet-based communication real time across India, according to the report.
The organisation has also claimed that there have been instances of unlawful interception by private companies at the behest of law enforcement agencies.
The report quoted an unnamed source as saying that law enforcement agencies routinely approached them to hack into emails and internet-based communications of specific individuals to collect their data.
The source has told sflc.in that “software disguised as .jpg attachments among others, are injected into target systems” to gather their passwords and other private data.
“Once the software is successfully injected, they proceed to secure access to personal data such as email and IM (Internet Messenger) identities and passwords, which are used to monitor these individual accounts.”
According to the report, this kind of interception of communication is a “criminal” act because such acts have been declared illegal under the Information Technology Act.
The report also highlights that such acts ensures that there is “no public accountability or oversight involved whatsoever”.