New Delhi: The Central government issued a gazette notification on Monday, amending the Information Technology (IT) rules for destroying digital records of interception or decryption of information. The amendment will give more power to the Centre to issue directions to destroy such records, which were previously under the control of security agencies.
What are the changes?
The gazette notification, issued by the Ministry of Electronics and Information Technology (MeitY), states that the Union Home Secretary or other bureaucrats in the Centre are allowed to issue directions to destroy digital records of interception or decryption of information under the Information Technology Act, 2000.
The notification modifies the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, in rule 23, which deals with the destruction of records of interception, monitoring or decryption of information. The rule says that every record about directions for interception or monitoring or decryption of information and of intercepted monitored or decrypted information shall be destroyed by the security agency every six months except in cases where such information could be needed in future.
The amendment replaces the words ‘security agency’ with ‘competent authority and the security agency’ in sub-rule (1) of rule 23, implying that the Union Home Secretary and the state/Union Territory Home Secretary must now destroy records, including orders, related to interception, monitoring and decryption of information within six months.
Why is it significant?
The amendment will broaden the Centre’s powers to issue directions to destroy digital evidence, which could have implications for the privacy and security of citizens’ data. Till now, the power to destroy such records was laid with security agencies, such as law enforcement bodies, according to a report by Indian Express.
The amendment comes at a time when the Centre is facing criticism for its alleged use of spyware Pegasus to snoop on journalists, activists, politicians and others. The Centre has denied any involvement in the snooping scandal but has not ordered an independent probe into the matter.
What else did the notification say?
The gazette notification also notified that all computer resources used by the National Investigation Agency (NIA) for its information and office management system must be protected as ‘critical information infrastructure’ under Section 70 of the Information Technology Act, 2000.
This means that the cybersecurity of the NIA will be the responsibility of the National Critical Information Infrastructure Protection Centre (NCIIPC), a unit of the National Technical Research Organisation (NTRO) which is under the Prime Minister’s Office (PMO).
The notification states that the NIA’s computer resources are essential for national security, defence, public health, public safety, banking, finance, energy, power, transport and other critical sectors of the economy.