The Indian government can monitor the online activity of anyone using an internet service provider (ISP) based in India. Since the 2008 Mumbai terror attacks, New Delhi has been increasing its online surveillance.
According to tech outlet Entrackr, the Department of Telecommunications has unrestricted and direct access to online traffic through Indian ISPs. The outlet claimed that public records requests revealed that the government can remotely access real-time web traffic without the user and ISP knowing. So, Indian internet users can never be sure if their internet traffic is not being monitored by law enforcement agents.
The core of India's surveillance system is the Central Monitoring System. It was launched before the Mumbai attacks to intercept internet data and phone calls. However, not much is known about the program.
“Essentially, every form of electronic communication will be under the government's microscope. Even partially written emails saved in draft folders will be vulnerable to government intrusion,” a professor at Washington University wrote in a paper published in 2015.
Connecting to the internet through a VPN could shield users from potential surveillance. However, in recent months, the government has cracked down on VPNs. It passed a law requiring VPN providers with servers in India to store detailed logs about their customers, including names and IP addresses. Many providers responded by pulling their services from India.
The government is only supposed to conduct surveillance to protect the “sovereignty or integrity of India, defense of India, security of the state, friendly relations with foreign states or public order.” But these conditions are vague and ill-defined and are applied without oversight, making it easy for the government to overreach.