Skip to content

Surveillance in India: How does the government track people?

  • by
  • 6 min read

In 2022, several civil society groups approached the High Court of Delhi against mass surveillance by the government. The Writ Petition challenges mass surveillance systems by the government on the following grounds:

  • It hampers the right to privacy of the individual.
  • Aggregating the metadata can lead to the profiling of an individual.
  • It directly violates the International Covenant on Civil and Political Rights and the Universal Declaration Of Human Rights.
  • Lack of Parliamentary and Judicial insights.

In India, there was no judicial oversight on mass surveillance by the Government until the 1996 PUCL Vs Union of India case, where the Supreme Court passed guidelines against illegal state surveillance. Since then, technology has developed manifold. Two years back, the Ministry of Home Affairs launched the Cyber Crime Volunteers program, allowing citizens to report anti-national activity.

Governments are increasing mass surveillance to protect citizens, which is a valid argument. But, this system can be used against the citizens, and there should be a proper debate among all the stakeholders. Also, in countries like India, where there is still no official National Cybersecurity Policy, such a huge amount of metadata gives immense power to the government.

In this article, we explain three of the major mass surveillance tools that are currently being used in India.

In the News: GoI confirms use of facial recognition to verify SIM card users

Centralised Monitoring System (CMS)

India’s Centralised Monitoring System (CMS) system allows intelligence and revenue officials to monitor text messages, social media interactions and citizens’ phone calls. It is one of the many parts of the state’s security apparatus that the Centre designed for the Development of Telematics (C-DOT).

The project was first conceived in 2009 in the wake of the 26/11 attacks in Mumbai, and the pilot project was completed in 2011. In June 2013, the Indian Government announced an amendment to the UAS License Agreement mandating licensees “to provide connectivity up to the nearest point of presence of the Multi-Protocol Label Switching (MPLS) network of the CMS at its own cost in the form of dark fibre with redundancy.” In simple terms, it means that the data collected by the telecom operators and the Internet Service Providers will be transmitted to the Regional Monitoring Centre of the CMS.

Thus, with this amendment, the Government doesn’t need to approach the Internet Service Providers or the telecom companies on a case-by-case basis, as mandated by the Supreme Court. Instead, Government can now bypass the operators without notifying the nodal officers of these companies.

PM Modi's Digital India has the highest internet shutdowns: A brief history

Here is a list of data sets that the Telecom Service Providers are required to present before the government:

  • PSTN numbers of both the parties on the call — caller and receiver.
  • Time, date and duration of the call.
  • Location information.
  • Failed call attempts, if any.
  • Call Data Records of Roaming Subscribers.
  • A list of telephone numbers that the target has forwarded.

As you can see from the above list, it is a massive database that the telecom operators provide to the Government. While the Government’s logic is that they are doing it for the protection of the citizens, several arguments can be made against CMS.

  • A citizen’s right to privacy is a primary argument reiterated by the Supreme Court in the Puttaswamy case of 2017.
  • The second argument stems from the fact that CMS is not strictly regulated as of now. Only the Indian Telegraph Act, of 1885 somewhat regulates the mass surveillance attempt by the state. The act states that the Government can intercept communications when it deems “necessary or expedient” or in the occurrence of a “public emergency” and to safeguard “public safety”. As you can see, the terms are vague and can be interpreted per the state’s wishes. For instance, what constitutes a public emergency? A disaster or a riot or something else. Many media houses noted that during the COVID crisis, India increased its surveillance.

Also read: Has China turned into a dystopian nightmare?

National Intelligence Grid (NATGRID)

NATGRID is a database of intelligence inputs provided by the country’s intelligence agencies. In the first phase, 10 user agencies and 21 service providers will be connected to the platform, increasing to 1000 organisations. This whole project is envisaged as a pre-emptive attempt by the Indian Government against the terrorists and other elements.

A 2011 RTI revealed that the database consists of a plethora of information, including but not limited to tax details, train itineraries and immigration records. It is interesting to note that after the RTI, NATGRID was removed from the ambit of RTI by the government. As of now, NATGRID functionality remains in the dark.

It is a no-brainer to the importance of the data that NATGRID currently possesses. With regular data breach incidents in the country and no official National Cybersecurity Policy in sight, it suffices to say that the data is unsafe. The more metadata collection, the more the attack on the individual’s privacy. Some things would be revealed that might otherwise be kept secret in natural circumstances, such as political leanings or sexual preferences. Not to say the effect of such massive information is in the wrong hands.

The idea of a centralised database came into existence after the 2008 attacks.

At that time, the United Progressive Alliance (UPA) government gave clearance of ₹3,400 to the project. In May 2022, Union Home Minister, Amit Shah, inaugurated the NATGRID Bengaluru campus. In the latest Budget for 2023-2024, the government has doubled the fund allocation to NATGRID to ₹200.53 crore from ₹96.56 crores in the previous year. This should ring some alarm bells to a concerned citizen.

Network Traffic Analysis (NETRA)

NETRA was developed by DRDO’s Centre for Artificial Intelligence and Robotics and is a real-time surveillance software. This software monitors internet traffic — both voice and text — and flags when it detects certain harmful words.

NETRA’s storage servers are installed with Internet Service Providers in more than 1000 locations for the seamless functioning of the software. There is an absence of information on the subject in the public sphere.

NETRA has a capacity of 300 TB, which is a lot less when compared to other mass surveillance systems like the National Security Agency of the United States, which has a capacity of over 5 trillion GB.

Again with the NETRA, the concerns are privacy, data theft, constitutionality and a fear that there will be a rise in the police state in India. One cannot deny that the data can be used for politically motivated reasons or that it can be hacked.

In the News: You can now use voice notes as WhatsApp status updates

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: