The Union government’s Cabinet Committee on Security recently gave clearance to the Home Ministry’s NATGRID project. The project aims to allow investigation and law enforcement agencies to access real-time information from data stored with agencies such as the Income Tax Department, banks, insurance companies, Indian Railways, credit card transactions, and more. NATGRID, like a number of other government initiatives (UIDAI), is being established through governmental notifications rather than legislation passed in Parliament. The examination of this issue requires an assessment of the benefits of legislation vis-a-vis government notifications. Government notifications can be issued either under a specific law, or independent of a parent law, provided that the department issuing such notification has the power to do so. Rules, regulations which are notified have the advantage of flexibility since they can be changed without seeking Parliamentary approval. This advantage of initiating projects or establishing institutions through government notifications is also potentially of detriment to the system of checks and balances that a democracy rests on. For, while legislation takes a longer time to be enacted (it is discussed, modified and debated in Parliament before being put to vote), this also enables elected representatives to oversee various dimensions of such projects. In the case of NATGRID, the process would provide Parliamentarians the opportunity to debate the conditions under which private individual information can be accessed, what information may be accessed, and for what purpose. This time consuming process is in fact of valuable import to projects such as NATGRID which have a potential impact on fundamental rights. Finally, because changing a law is itself a rigorous process, the conditions imposed on the access to personal information attain a degree of finality and cannot be ignored or deviated from. Government rules and regulations on the other hand, can be changed by the concerned department as and when it deems necessary. Though even governmental action can be challenged if it infringes fundamental rights, well-defined limits within laws passed by Parliament can help provide a comprehensive set of rules which would prevent their infringement in the first place. The Parliamentary deliberative process in framing a law is thus even more important than the law itself. This is especially so in cases of government initiatives affecting justiciable rights. This deliberative process, or the potential scrutiny of government drafted legislation on the floor of Parliament ensures that limitations on government discretion are clearly laid down, and remedies to unauthorised acts are set in stone. This also ensures that the authority seeking to implement the project is The other issue pertains to the legal validity of the project itself. Presently, certain departmental agencies maintain databases of personal information which helps them provide essential services, or maintain law and order. The authority to maintain such databases flows from the laws which define their functions and obligations. So the power of maintaining legal databases is implicit because of the nature of functions these agencies perform. However, there is no implicit or explicit authorization to the convergence of these independent databases. One may argue that the government is not legally prevented from interlinking databases. However, the absence of a legal challenge to the creation of NATGRID does not take away from the importance of establishing such a body through constitutionally established deliberative processes. Therefore, the question to be asked is not whether NATGRID is legally or constitutionally valid, but whether it is important for Parliament to oversee the establishment of NATGRID. In October 2010, the Ministry of Personnel circulated an “Approach paper for a legislation on privacy”. The paper states: “Data protection can only be ensured under a formal legal system that prescribes the rights of the individuals and the remedies available against the organization that breaches these rights. It is imperative, if the aim is to create a regime where data is protected in this country, that a clear legislation is drafted that spells out the nature of the rights available to individuals and the consequences that an organization will suffer if it breaches these rights.” As the lines above exemplify, it is important for a robust democracy to codify rights and remedies when such rights may be potentially affected. The European Union and the USA, along with a host of other countries have comprehensive privacy laws, which also lay down conditions for access to databases, and the limitations of such use. The UIDAI was established as an executive authority, and still functions without statutory mandate. However, a Bill seeking to establish the body statutorily has been introduced, and its contents are being debated in the Parliamentary Standing Committee on Finance and the Bill has also been deliberated on by civil society at large. A similar approach is imperative in the case of NATGRID to uphold the sovereign electorate’s right to oversee institutions that may affect it in the future.
"Parliamentary approval of the creation, mandate and powers of security agencies is a necessary but not sufficient condition for upholding the rule of law. A legal foundation increases the legitimacy both of the existence of these agencies and the (often exceptional) powers that they possess." Though mechanisms for ensuring accountability of the executive to the Parliament are in place for most aspects of government in India, such mechanisms are completely absent for the oversight of intelligence agencies. In India, various intelligence agencies such as the Research and Analysis Wing, and the Intelligence Bureau are creations of administrative orders, and are not subject to scrutiny by Parliament. This is in direct contrast to the practise of the Legislature's oversight of intelligence agencies in most countries. Though different countries have different models of exercising such oversight, the common principle - that activities of intelligence agencies should be subject to Parliamentary scrutiny, remains uniform. In the US for example, both the House and the Senate have a Committee which exercises such scrutiny. These are House Permanent Select Committee on Intelligence, established in 1977, and the Senate Select Committee on Intelligence, created in 1976. Both committees have broad powers over the intelligence community. They oversee budgetary appropriations as well as legislation on this subject. In addition, the House Committee can do something which the Senate can not: “tactical intelligence and intelligence-related activities.” This gives the Committee the power to look into actual tactical intelligence, and not just broader policy issues. Intelligence agencies are also governed by a variety of laws which clearly lay out a charter of responsibilities, as well as specific exemptions allowing such agencies to do some things other government agencies ordinarily cannot. (For source, click here) In UK, the Intelligence Services Act of 1994 set up a similar framework for intelligence organisations in the UK, and also set up a mechanism for legislative oversight. The Act set up a Committee which should consists mostly of Members of Parliament. The members are appointed by the Prime Minister in consultation with the leader of opposition, and the Committee reports to the Prime Minister. The Prime Minister is required to present the report of the Committee before Parliament. (For the Act, click here) Recently, the Committee has expressed concerns in its 2009-10 report over the fact that it is financially dependent on the Prime Minister's office, and that there could be a conflict of interest considering it is practically a part of the government over which it is supposed to express oversight. (For the report, click here) A study titled "Making Intelligence Accountable: Legal Standards and Best Practice" captures the best components of Parliamentary oversight of intelligence bodies. Some of these are:
- The entire intelligence community, including all ancillary departments and officials, should be covered by the mandate of one or more parliamentary oversight bodies.
- The mandate of a parliamentary oversight body might include some or all of the following (a) legality, (b) efficacy, (c) efficiency, (d) budgeting and accounting; (e) conformity with relevant human rights Conventions (f) policy/administrative aspects of the intelligence services.
- The recommendations and reports of the parliamentary oversight body should be (a) published; (b) debated in parliament; (c) monitored with regard to its implementation by the government and intelligence community.
- The resources and legal powers at the disposal of the parliamentary oversight body should match the scope of its mandate.
- Parliament should be responsible for appointing and, where necessary, removing members of a body exercising the oversight function in its name.
- Representation on parliamentary oversight bodies should be cross-party, preferably in accordance with the strengths of the political parties in parliament.
- Government ministers should be debarred from membership (and parliamentarians should be required to step down if they are appointed as ministers) or the independence of the committee will be compromised. The same applies to former members of agencies overseen.
- The oversight body should have the legal power to initiate investigations; Members of oversight bodies should have unrestricted access to all information which is necessary for executing their oversight tasks.
- The oversight body should have power to subpoena witnesses and to receive testimony under oath.
- The oversight body should take appropriate measures and steps in order to protect information from unauthorised disclosure.
- The committee should report to parliament at least yearly or as often as it deems necessary.
- The oversight body should have access to all relevant budget documents, provided that safeguards are in place to avoid leaking of classified information.