Telecom Act, 2023TelecomTelecom Interception Rules, 2024

First read on the Telecommunications Interception Rules, 2024

This post includes our initial analysis of the Telecommunications (Procedures and Safeguards for Lawful Interception of Messages) Rules, 2024 notified on December 6, 2024, including highlighting major changes from the draft rules issued in August 2024.

Karthika Rajmohan
Karthika Rajmohan

13 December, 2024
7 min read

tl;dr

On December 6, 2024, the Department of Telecommunications (“DoT”) officially notified the Telecommunications (Procedures and Safeguards for Lawful Interception of Messages) Rules, 2024 (“Interception Rules”). These rules are the fourth set of regulations issued under the newly enacted Telecommunications Act, 2023 (“Telecom Act”). Prior to the finalization of these rules, the DoT released a draft version of the Interception Rules on August 28, 2024 (“draft rules”), inviting public comments during a thirty-day consultation period. It is important to note that, as of now, the DoT has not made the responses received from stakeholders during the consultation process publicly available. This post includes IFF’s initial analysis of the  Interception Rules. 

Important Documents

  1. Notified Telecommunications (Procedures and Safeguards for Lawful Interception of Messages) Rules, 2024 (link)
  2. Draft Telecommunications (Procedures and Safeguards for Lawful Interception of Messages) Rules, 2024  (link)
  3. IFF’s consultation response on the Draft Telecommunications (Procedures and Safeguards for Lawful Interception of Messages) Rules, 2024 (link)
  4. Indian Telegraph Rules, 1951 (link)
  5. IFF’s analysis of the draft Interception Rules, 2024 (link)
  6. The Telecommunications Act, 2023 (link)
  7. IFF’s first read of the Telecom Bill, 2023 (link)

Background

The Interception Rules have been released in pursuance of clause (a) of sub-section (2) and sub-section (4) of section 20 read with clauses (t) and (u) of sub-section (2) of section 56 of the Telecom Act. The notified rules seek to supersede Rules 419 and 419A of the Indian Telegraph Rules, 1951 (“Telegraph Rules, 1951”). Notably, the Interception Rules will not override the terms and conditions of existing orders relating to the interception of messages under the erstwhile rules, which will continue to apply till the date of expiry of the time period for interception.

The Interception Rules lay down the procedure and due process for the government to lawfully intercept the message of citizens in the country. 

Key changes in the Interception Rules following public consultation

Modification of provisions for authorised agency

Rank modification: Rule 3(3) of the Interception Rules allows for officials other than the competent authority to issue interception orders in remote areas or for operational reasons. The draft rules stated that such an order would be issued by the “Head or the second senior most officer not below the rank of Inspector General of Police of an authorised agency”. However, the new Interception Rules has split the authorisation status between the Union and the State level and states that such order will be issued by “the head or the second senior most officer of the authorised agency at the Central level, and head or the second senior most officer of the authorised agency not below the rank of Inspector General of Police at the State level,”. In the Interception Rules, the rank of the officer not being below that of Inspector General of Police has been made applicable only to authorised agencies at the State level. This adds more vagueness to the rank of the officers who may issue interception orders at the Union level and leaves room for the Union government to widen the scope of officers who may issue interception orders.

Necessity clause modification: Rule 3(6) of the draft rules stated that no interception order must be made unless the issuing authority has “considered and determined” that it would not be possible to acquire the necessary information by any other reasonable means. However, Rule 3(6) of the Interception Rules states that no interception order must be made unless the authority has “considered” it would not be possible to acquire the necessary information by any other reasonable means. The removal of the term ‘determined’ from the necessity requirements of Rule 3(6) has diluted the standard of care and contemplation that an issuing authority must undertake before issuing an interception order. While it may seem like a minor change, this indicates a concerted effort by the Union government to permit intercepting messages in a larger number of cases. If the validity of interception orders were to be challenged in a court of law, now the threshold would be lowered to merely considering whether interception is necessary instead of considering and determining. The term ‘determined’ imposes a more conclusive obligation on the government to ensure that interception is the only means available to obtain the relevant information. This modification has semantically chipped away at the concept of interception being a strategy to be used only in rare circumstances and is likely to have an impact on the rights of users and will subject their messages to more interception orders. 

Insertion of designation disclosure: Rule 3(8)(a) of the draft rules only required an interception order to specify the authorised agency that would undertake the interception. In a laudable step, the Interception Rules have modified Rule 3(8)(a) to require that an interception order must specify the authorised agency and the designation of the officer in the agency who would undertake the interception. As part of IFF’s consultation response on the draft rules, we recommended that the rules be amended to mandate that each interception order disclose the name and designation of the officer or authority to whom the intercepted messages will be disclosed, as was the case in the Telegraph Rules, 1951. Such disclosure will contribute to increased transparency and accountability among the government.

Modification of applicability exemptions 

Rule 3(12) of the draft rules included an exemption clause and stated that “Nothing in these rules shall apply to the demonstration and testing of lawful interception systems and monitoring facilities that the Central Government may require telecommunication entities to put in place.”. However, the Interception Rules has modified the exemption clause under Rule 3(10) which now provides that these rules will not apply to the demonstration and testing of lawful interception systems and monitoring facilities undertaken pursuant to the prior written directions of the DoT. In a welcome step, the Union government has slightly limited the prior overbroad and ambiguous exemption clause.

In our consultation response to the draft rules, IFF pointed out that exemption given to telecommunications entities and government authorities for purposes of “testing and demonstration” by way of Rule 3(12), in the absence of any meaningful safeguards, is overbroad and liable to potential misuse. Such an exemption did not exist under the Telegraph Rules, 1951. The new Interception Rules have now limited this exemption only to the demonstration and testing of lawful interception systems and monitoring facilities undertaken pursuant to a written order of the DoT. While an additional requirement for a written order from the DoT has been added, it still remains that is a minor compliance for the government and such activities are still excluded from regulation under these rules.

The title of Rule 4 in the Interception Rules has been changed from ‘Procedure for implementing an Interception Order’ in the draft to ‘Obligations relating to Interception’. This slight change in semantics signifies that the government views due process relating to issuing inception orders as an obligation and not as prescribed procedures. This change in perspective is a worrying trend.

Rule 4(4)(c) stated that the authorised agency, DoT and telecommunication entities must ensure “confidentiality and secrecy is maintained in the matter of interception of messages.”. This was in contrast to the Telegraph Rules, 1951 prescribed a higher threshold of “extreme secrecy” and “utmost care and precaution” while dealing with interception matters. omitting such standards, it weakens the framework for oversight and enforcement. The removal of the phrase "utmost care and precaution" lowers the previously established threshold for protection, thereby reducing the level of care required in safeguarding sensitive information. The need to retain the higher security threshold and privacy safeguard outlined in the Telegraph Rules, 1951 for dealing with interception matters was recommended by us in our consultation response. 

In a welcome incorporation of our suggestions, Rule 4(4)(c) of the Interception Rules now states “confidentiality and extreme secrecy is maintained and utmost care and precaution is taken in the matter of interception of messages.”. While the retention of “extreme secrecy” and “utmost care and precaution” is a step in the right direction, the term ‘confidentiality’ is still a pain point. The significant emphasis on maintaining confidentiality and secrecy is akin to the provisions in Rule 16 of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009. These provisions are often invoked to obscure the functioning of the Executive, evading necessary oversight and accountability. The confidentiality provisions can be used to withhold even anonymised statistical information, such as the number of interception orders issued. Moreover, in the absence of clear transparency measures, the executive can operate without meaningful accountability. The lack of publicly accessible information regarding surveillance activities allows the executive to evade scrutiny and continue operations with minimal oversight.

Additionally, even in its present form, Rule 4(4)(c) omits reference to the effect of interception on the “privacy of citizens” which did exist in the Telegraph Rules, 1951. Despite the Supreme Court judgement in Justice K.S. Puttaswamy vs Union of India (2017 10 SCC 1) which states that any justifiable intrusion by the State into people’s right to privacy, which is protected under Article 21 of the Constitution, must conform to certain thresholds which include legality, necessity, proportionality and procedural safeguards, the Interception Rules fails to acknowledge or reference to the right to privacy or the need to balance state surveillance efforts with fundamental rights. 

Higher standards for the destruction of records

Rule 3(10) of the draft rules required that records pertaining to an interception order and of intercepted messages must be destroyed by the competent authority and the authorised agency, every six (6) months unless required for functional requirements. Further, Rule 3(11) of the draft rules provided that records pertaining to an interception order must be destroyed by the DoT and the telecommunication entity within two (2) months of discontinuance of interception pursuant to such interception order. However, in the new Interception Rules, both these rules have been omitted and replaced with Rule 4(8), which slightly modifies the exact same destruction timelines, however, with a requirement for records to be “maintained by ensuring confidentiality and extreme secrecy” and to be  “destroyed in a secure manner while maintaining extreme secrecy”. This change in security standards for record maintenance has re-introduced the safeguards under the Telegraph Rules, 1951. 

However, the specifics for record destruction are still problematic. The Interception Rules empower the competent authority and “any authorised agency” to destroy the records as opposed to the Telegraph Rules, 1951 which only empowered the relevant competent authority and authorised Security and Law Enforcement Agencies to do so. By increasing the number of entities that can undertake the destruction of records, while not simultaneously introducing any meaningful safeguards or checks, the Interception Rules create the risk of further reducing the accountability of the government towards its citizens and any transparency around its surveillance practises.

The fact still remains that due to the routine destruction of records (every six months) under the Telegraph Rules, 1951, the government does not maintain even anonymised statistical data on the issuance of interception orders. The inability to produce aggregated, anonymised interception records due to such provisions may have serious ramifications on the citizen’s right to privacy as reaffirmed under K.S Puttaswamy v. Union of India [(2017) 10 SCC 1] as well as the right to receive information. The draft Interception Rules, 2024 contain no provisions for the disclosure of this information, resulting in a troubling lack of transparency and accountability surrounding interception orders.

Donate Now

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Supreme Court issues notice in Sushant Singh's transfer petition challenging website blocking

Sushant Singh has sought transfer of his writ petition from the Bombay High Court to the Supreme Court, challenging Rules 8 and 16 of the IT Blocking Rules, 2009. On 02.05.2025, the Supreme Court issued notice and tagged it with SFLC’s pending petition raising similar issues.

6 min read

2
Section 44(3) and the Systematic Dismantling of the RTI Act: A Fact Check to Ashwini Vaishnaw

Section 3 has no relevance to the RTI amendment, and Mr. Ashwini Vaishnaw's response fails to address the core concern: Section 44(3) weakens citizens’ right to information and transparency in governance. IFF does a fact check. 

6 min read

3
Budget Session 2025: A Digital Rights Review

The Budget Session of Parliament, held from January 21 to April 4, 2025, included a recess from February 13 to March 10 for Standing Committee reviews. Key discussions covered various national issues, including digital rights and freedoms.

12 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!