Power of Interception, Monitoring, Decryption (Section 69, 69A, 69B)

Sections 69, 69A and 69B form the surveillance and censorship spine of the Information Technology Act, 2000. Section 69 lets the State intercept, monitor and decrypt any information passing through a computer resource; Section 69A lets it block public access to information; and Section 69B lets it monitor and collect traffic data for cyber security. Together they translate the older telephone-tapping jurisprudence of the Indian Telegraph Act into the digital age — and they live constantly in tension with the fundamental right to privacy recognised in Justice K.S. Puttaswamy. For judiciary and CLAT-PG aspirants, these three sections are a favourite because they sit at the intersection of statutory detail, delegated rule-making and landmark constitutional doctrine. This chapter unpacks each provision, the 2009 Rules that operationalise them, and the case law that both upheld and disciplined them.

The statutory architecture: three powers, one chapter

Sections 69, 69A and 69B sit in Chapter XI of the Information Technology Act, 2000, the chapter dealing with offences and State powers. Only Section 69 existed in the original 2000 enactment; Sections 69A and 69B were inserted by the Information Technology (Amendment) Act, 2008 (Act 10 of 2009), and Section 69 itself was substantially re-cast by the same amendment. The amendment received Presidential assent on 5 February 2009 and was brought into force on 27 October 2009, the same day the three sets of delegated Rules under these sections were notified.

The three powers are conceptually distinct. Section 69 is about content interception — reading or listening to the substance of a communication. Section 69B is about metadata — the traffic data describing a communication (who, when, where, how much), not its content. Section 69A is neither surveillance nor metadata collection: it is a censorship power, directing intermediaries to block public access to information. Confusing these three is the most common error in answers; a clean examination response opens by separating interception, traffic-data monitoring and blocking. For the foundational vocabulary — “computer resource”, “intermediary”, “information” — see the chapter on definitions, because each of these sections is built entirely out of those defined terms.

Section 69: the power to intercept, monitor and decrypt

Section 69(1) empowers the Central Government, a State Government, or any officer specially authorised by them, to direct any agency of the appropriate Government to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource. The power may be exercised where the authority is satisfied that it is necessary or expedient in the interest of: the sovereignty or integrity of India; the defence of India; the security of the State; friendly relations with foreign States; public order; or for preventing incitement to the commission of any cognizable offence relating to the above. Crucially, Section 69 adds a sixth ground absent from the corresponding Article 19(2) catalogue — for investigation of any offence.

That sixth ground is the most examined and most criticised feature of Section 69. The interception grounds in Section 5(2) of the Indian Telegraph Act, 1885 — and indeed the speech-restriction grounds of Article 19(2) — do not contain a free-standing “investigation of any offence” head. By importing it, Section 69 arguably casts a wider net than its analogue telephone-tapping predecessor, a point we return to when discussing constitutional concerns. Section 69(2) leaves the procedure and safeguards to be prescribed by Rules. Section 69(3) obliges the subscriber, intermediary or any person in charge of the computer resource to extend all facilities and technical assistance to the agency, including providing access, intercepting, and providing information stored. Section 69(4) supplies the teeth: any such person who fails to assist the agency shall be punished with imprisonment which may extend to seven years and shall also be liable to fine.

The 2009 Interception Rules and their safeguards

Section 69 is fleshed out by the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009. These Rules are the operative safeguard layer, and a strong answer never discusses Section 69 without them. The Rules designate the Union Home Secretary (and the State Secretary in charge of the Home Department) as the competent authority empowered to pass interception orders — an interception direction cannot be issued by a junior police officer at will. Every direction must be in writing and must record reasons.

The Rules mandate review by a Review Committee constituted under Rule 419A of the Indian Telegraph Rules — the very committee the Supreme Court ordered into existence in the telephone-tapping context. The Committee must meet at least once in two months and examine whether each order conforms to Section 69. Directions lapse unless renewed and cannot remain in force beyond 180 days. Records of intercepted material must be destroyed within prescribed periods, and confidentiality obligations bind the agencies. The 2008 model thus borrows wholesale from the executive-oversight architecture the Court designed in PUCL, which is why understanding the telephone-tapping case is indispensable to understanding Section 69.

PUCL v Union of India: the telephone-tapping template

The constitutional grammar of digital interception was written before the IT Act existed, in People's Union for Civil Liberties v Union of India, AIR 1997 SC 568 (also reported (1997) 1 SCC 301). The petition arose after a CBI report on the misuse of telephone tapping under Section 5(2) of the Indian Telegraph Act, 1885 — prompted in part by allegations that politicians' phones were being tapped. The Supreme Court held that telephone conversations are an exercise of the right to privacy, falling within “life” and “personal liberty” under Article 21, and also engaging the freedom of speech and expression under Article 19(1)(a). Tapping therefore cannot occur except according to a procedure established by law.

Because Section 5(2) of the Telegraph Act contained no procedural safeguards, the Court — rather than strike it down — read in a set of guidelines: interception orders must be issued by the Home Secretary (with limited emergency delegation), must record reasons, are valid for two months (renewable up to a maximum of six months), and are reviewable by a high-level Review Committee. These judicially crafted guidelines were later codified into Rule 419A of the Telegraph Rules and, in turn, into the 2009 IT Interception Rules. PUCL is thus the doctrinal parent of Section 69's safeguard regime, and examiners frequently ask candidates to trace this lineage from 1997 to 2009.

Section 69A: the power to block public access

Section 69A empowers the Central Government — not State Governments — or any officer specially authorised by it, to direct any agency of the Government or any intermediary to block public access to any information generated, transmitted, received, stored or hosted in any computer resource. The grounds mirror Section 69 but are deliberately narrower: sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States, public order, or preventing incitement to the commission of any cognizable offence relating to the above. The sixth ground present in Section 69 — “investigation of any offence” — is conspicuously absent from Section 69A. This is a deliberate and examinable distinction: you may surveil for the investigation of any offence, but you may not block content merely for that purpose.

Section 69A(1) requires that the reasons be recorded in writing. Section 69A(2) leaves the procedure and safeguards to Rules. Section 69A(3) provides that an intermediary who fails to comply with a blocking direction shall be punished with imprisonment which may extend to seven years and shall also be liable to fine. Because blocking restricts the speech of both the speaker and the audience, Section 69A directly engages Article 19(1)(a), and its constitutionality was squarely tested in Shreya Singhal.

The Blocking Rules, 2009 and the confidentiality problem

Section 69A is operationalised by the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009. A request to block originates from a Nodal Officer of a government department or is forwarded by an intermediary; it is examined by a Committee for Examination of Requests headed by a Designated Officer (a senior MeitY official). The intermediary or the originator of the information is, as far as practicable, to be given a hearing before the Committee, and the recommendation is approved by the Secretary, MeitY. There is also an emergency route under Rule 9 permitting interim blocking without prior hearing, subject to ratification within 48 hours, and a Review Committee that meets at least once in two months.

The most controversial feature is Rule 16, which imposes strict confidentiality over blocking requests and the actions taken. This confidentiality has been criticised for preventing affected users from learning why their content was blocked, undermining the very right to a reasoned, challengeable order that Shreya Singhal said the Rules provided. The tension between Rule 16's secrecy and Section 69A(1)'s written-reasons requirement is fertile ground for analytical answers and is central to the later X Corp litigation.

Shreya Singhal: Section 69A survives where Section 66A fell

Shreya Singhal v Union of India, (2015) 5 SCC 1, is best known for striking down Section 66A as unconstitutionally vague and overbroad. But the same judgment upheld the constitutional validity of Section 69A and the Blocking Rules, 2009 — and the contrast between the two outcomes is the heart of the case for these notes. The Court reasoned that Section 69A is a “narrowly drawn provision with several safeguards.” First, blocking can only be resorted to on grounds that substantially track Article 19(2). Second, the reasons for blocking must be recorded in writing under Section 69A(1), so that the order can be assailed by a writ petition under Article 226. Third, the Blocking Rules provide for a hearing to the intermediary or originator and for review by a committee.

The Court read the requirement of recorded reasons as the procedural guarantee that saves Section 69A from the fate of Section 66A. In effect, the very feature missing from Section 66A — a tight, reasons-backed, challengeable process — is what rescues Section 69A. Aspirants should be ready to articulate this comparison precisely: Section 66A criminalised speech on vague grounds with no procedural channel; Section 69A restricts access on Article 19(2)-aligned grounds with a written, reviewable order. For the broader doctrinal background on reasonable restrictions, see the constitutional framing in the introduction to the Act.

Section 69B: monitoring and collecting traffic data for cyber security

Section 69B empowers the Central Government to authorise any agency to monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource, to enhance cyber security and for identification, analysis and prevention of intrusion or spread of computer contaminant. The pivotal limitation is the object: unlike Section 69, which reaches the content of communications for a wide range of security and investigative purposes, Section 69B is confined to traffic data for the narrow purpose of cyber security. “Traffic data” is defined to mean data identifying or purporting to identify any person, computer system or location — the origin, destination, route, time, date, size, duration or type of underlying service — but not the message content itself.

Section 69B(2) delegates procedure to Rules. Section 69B(3) obliges intermediaries and persons in charge of computer resources to provide technical assistance. Section 69B(4) prescribes the penalty: an intermediary who intentionally or knowingly contravenes Section 69B shall be punished with imprisonment which may extend to three years and shall also be liable to fine. The lighter three-year ceiling — against seven years under Sections 69 and 69A — reflects that 69B deals with metadata rather than the substance of communications. The implementing Rules are the Information Technology (Procedure and Safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009, which again designate a competent authority and a review mechanism.

Comparing the three sections side by side

A crisp comparative grasp wins marks. Subject-matter: Section 69 targets the content of information (interception, monitoring, decryption); Section 69A targets public access to information (blocking); Section 69B targets traffic data/metadata (monitoring and collection). Authority: Sections 69 and 69B may be invoked by the Central Government (and under Section 69, also a State Government and its authorised officers), whereas Section 69A is a Central Government-only power. Grounds: Sections 69 and 69A share the Article 19(2)-aligned security grounds, but Section 69 alone adds “for investigation of any offence”; Section 69B operates only for “cyber security”.

Penalty for non-cooperation: failure to assist under Section 69 and failure to comply with a blocking order under Section 69A both attract up to seven years plus fine; contravention of Section 69B attracts up to three years plus fine. Delegated Rules: each section has its own 2009 Rules — the Interception, Blocking, and Monitoring Rules respectively — all notified on 27 October 2009. Memorising the authority/grounds/penalty/Rules grid across the three sections is the single most efficient preparation for both prelims MCQs and a well-structured mains answer.

Puttaswamy and proportionality: the constitutional check

After Justice K.S. Puttaswamy (Retd.) v Union of India, (2017) 10 SCC 1, every State intrusion into informational privacy must clear the privacy doctrine the nine-judge bench laid down. Privacy is a fundamental right intrinsic to Articles 14, 19 and 21, and any limitation must satisfy a three-fold test: there must be a law (legality); the law must serve a legitimate State aim; and the means adopted must be proportionate to that aim — a rational nexus, necessity, and a balancing of competing interests with the least restrictive alternative. Surveillance under Sections 69 and 69B and blocking under Section 69A must each be tested against this framework.

The first limb — legality — is satisfied because each power flows from a statute and notified Rules. The contested terrain is proportionality. Critics argue that Section 69's executive-only authorisation (no judicial or independent oversight, the Review Committee being composed of executive officers) sits uneasily with the proportionality standard, particularly given the wide “investigation of any offence” ground. Puttaswamy did not adjudicate Sections 69–69B directly, but it supplies the lens through which any future challenge will be decided, and a sophisticated answer flags this latent constitutional vulnerability rather than treating the sections as settled.

Anuradha Bhasin: proportionality, publication and the duty to publish orders

Anuradha Bhasin v Union of India, (2020) 3 SCC 637, arose from the internet shutdown and restrictions imposed in Jammu and Kashmir after the abrogation of Article 370 in August 2019. Although the shutdowns themselves were ordered under the Temporary Suspension of Telecom Services Rules, 2017 (under the Telegraph Act) rather than under Section 69A, the judgment is essential context because it crystallised the proportionality standard for restrictions on internet-based speech and trade, holding that freedom of speech and the freedom to carry on trade over the internet are protected under Articles 19(1)(a) and 19(1)(g).

The Court directed that any order suspending internet services must be published, must be reasoned, must be temporary and subject to periodic review, and must satisfy proportionality and the requirement of being the least restrictive measure. This insistence on publication and reviewability resonates directly with the confidentiality controversy surrounding the Section 69A Blocking Rules: where Anuradha Bhasin demanded transparency of restriction orders, Rule 16 of the Blocking Rules pulls in the opposite direction. The case is therefore frequently paired with Section 69A in mains questions on State power over the internet.

X Corp v Union of India: account-level blocking and the limits of judicial review

The most recent significant decision on Section 69A is X Corp v Union of India, decided by the Karnataka High Court on 30 June 2023. Twitter (now X) challenged a series of MeitY blocking orders covering numerous accounts and tweets relating to the farmers' protests and COVID-19 commentary, arguing that the orders were not tweet-specific, lacked recorded reasons communicated to users, and exceeded the statutory power. The single judge dismissed the petition and imposed exemplary costs of fifty lakh rupees on the platform for non-compliance.

The Court held that Section 69A permits blocking at the level of an entire account, not merely individual posts, and that a purposive rather than literal reading of the section is warranted given the dynamic nature of cyber technology. It found MeitY's process compatible with the safeguards Shreya Singhal required, reading the reasons-in-writing obligation as satisfied by the internal record even where users were not individually served. The decision has been criticised for diluting the transparency that Shreya Singhal seemed to promise, and an appeal has been preferred. For examiners, X Corp is the live illustration of how the abstract safeguards of 2015 are being applied — or arguably eroded — in practice.

Intermediary obligations, decryption and the assistance mandate

All three sections impose affirmative duties on intermediaries and persons in charge of computer resources, and these duties are where surveillance law meets commercial reality. Under Section 69(3), a person must extend all facilities and technical assistance to decrypt, intercept or provide stored information; under Section 69A, an intermediary must execute blocking directions; under Section 69B, it must assist monitoring. The penalties — seven years under Sections 69 and 69A, three years under Section 69B — make non-cooperation a serious offence rather than a civil default.

The decryption duty under Section 69 is the sharpest pressure point, because it potentially demands that an intermediary hand over keys or build technical capability to defeat encryption. This collides with end-to-end encryption architectures and underlies the traceability disputes between the Government and messaging platforms. The intermediary's safe-harbour under Section 79 is conditioned on compliance with directions under Section 69 and 69A, linking the assistance mandate to immunity. Aspirants should connect these obligations to the wider scheme of electronic governance and to the trust framework discussed under digital and electronic signatures, since the same intermediaries that authenticate records are the ones compelled to assist in surveillance.

Exam strategy: how to write these three sections

For a high-scoring answer, structure around four anchors. First, separate the three powers at the outset — interception of content (69), blocking of access (69A), collection of traffic data (69B) — and note that only 69 was original while 69A and 69B were inserted by the 2008 Amendment effective 27 October 2009. Second, state the grounds precisely, flagging that Section 69 uniquely includes “investigation of any offence” while 69A omits it and 69B is confined to cyber security. Third, tie each section to its 2009 Rules and safeguards — competent authority, written reasons, Review Committee, 180-day and confidentiality provisions.

Fourth, marshal the case law in pairs: PUCL as the safeguard template for Section 69; Shreya Singhal upholding Section 69A while striking down Section 66A; Puttaswamy supplying the proportionality test; and Anuradha Bhasin and X Corp showing how proportionality and transparency play out for blocking. Close with a critical note on the absence of judicial or independent oversight and the Rule 16 confidentiality problem — examiners reward candidates who show the provisions are constitutionally contestable rather than settled. To revise the surrounding scheme, return to the Information Technology Act notes hub.