AI and Mass Surveillance in India: A Critical Analysis through the Lens of Doctrine of Proportionality

Paper Code: AIJACLAV26RP2025

Category: Research Paper

Date of Publication: Nov 19, 2025

Citation: Prof. (Dr.) Jaspreet Kaur Majithia & Shubham Bhatia, “AI and Mass Surveillance in India: A Critical Analysis through the Lens of Doctrine of Proportionality", 5, AIJACLA, 280, 280-290 (2025), <https://www.aequivic.in/post/ai-and-mass-surveillance-in-india-a-critical-analysis-through-the-lens-of-doctrine-of-proportionali>

Author Details: Prof. (Dr.) Jaspreet Kaur Majithia, Professor and Dean, Amity Law School, Amity University, Punjab &

Shubham Bhatia, Assistant Professor, Lincoln College of Law, Sirhind.

Abstract

"The constitutional legitimacy of State surveillance in India has traditionally been assessed in the context of targeted intrusions into individual liberty. The emergence of Artificial Intelligence (AI) has unsettled this framework by enabling forms of mass surveillance that are continuous, automated, and structurally embedded within governance processes. AI-driven surveillance systems, such as facial recognition technologies, predictive policing tools, and large-scale data analytics, recalibrate the scale and intensity of State monitoring in ways that raise foundational constitutional questions.

This paper examines the compatibility of AI-enabled mass surveillance with the Indian Constitution, with particular reference to Articles 14, 19, and 21, through the doctrine of proportionality. Following the recognition of the right to privacy as a fundamental right in Justice K.S. Puttaswamy v. Union of India (2017), proportionality has emerged as the central standard governing judicial review of state action that infringes rights. The paper analyses the four-pronged proportionality test that includes legality, legitimate aim, necessity, and balancing, as articulated in Modern Dental College v. State of Madhya Pradesh (2016) and subsequently applied in Anuradha Bhasin v. Union of India (2020). It argues that the opacity, predictive capacity, and potential for function creep inherent in AI systems intensify risks of arbitrariness, discrimination, and chilling effects on fundamental freedoms.

The paper contends that conventional applications of proportionality, developed in the context of discrete regulatory measures, are insufficient to address the cumulative and systemic harms of mass algorithmic surveillance. The paper adopts a doctrinal and analytical approach grounded in constitutional provisions, Supreme Court jurisprudence, and contemporary scholarly literature.".

Keywords:- Artificial Intelligence, Mass Surveillance, Indian Constitution, Doctrine of Proportionality, Right to Privacy.

Paper Code: AIJACLAV26RP2026

1. INTRODUCTION

The constitutional validity of State surveillance in India has in the past primarily relied upon intrusions that are not only targeted but also based on the law, particularly Section 5(2) of the Indian Telegraph Act, 1885, which allows interception in emergencies or for public safety and Section 69 of the Information Technology Act, 2000, which permits monitoring of computers and other electronic resources for reasons as broad as national security or investigation of crimes.[1]

The introduction of Artificial Intelligence (AI) changes the whole thing by allowing mass surveillance, uninterrupted, automated monitoring of the whole population through technologies such as facial recognition, predictive policing, and data analytics, which are even incorporated in systems like Aadhaar and the Crime and Criminal Tracking Network System (CCTNS). The use of such tools governed poorly by Rule 419A of the Indian Telegraph (Supplementary) Rules, 1951, and Information Technology (Procedure and Safeguards for Interception, Monitoring, Decryption) Rules, 2009 only risks increasing the problems of lack of transparency and the expansion of the initial security aims into the broader area of governance oversight with surveillance becoming the most important control.[2]

This paper seeks to provide a critical analysis of the situation, that is, the mass surveillance by AI-enabled methods, and to assess its compatibility with Articles 14, 19, and 21 of the Indian Constitution using the doctrine of proportionality, which is a four-pronged test involving legality, legitimate aim, necessity, and balancing. This framework necessitates rigorous scrutiny of the state actions that infringe rights, thereby revealing that the predictive ability of AI fosters arbitrariness under Article 14, leads to chilling effects on expression under Article 19(1)(a), and causes the erosion of dignity through continuous monitoring under Article 21.

The traditional proportionality applications, mainly appropriate for distinct measures, get stuck, though when it comes to mass surveillance's systematic harms that are, among others, bias amplification and algorithmic opacity leading to discriminatory outcomes. The actual implementations in smart cities and CCTNS demonstrate the need for such gaps to be filled, as the governmental control under the above-mentioned regulations has not yet allowed the discovery of less invasive options that are still in the dark.

1.1 The Shift from Targeted to Mass Surveillance in the Digital Age

In India, traditional surveillance during the pre-digital age was a targeted model, considering certain persons only if the strict statutory limits were met. The presupposed framework was based on individualized suspicion, and also on the application of procedural safeguards such as Rule 419A of the Indian Telegraph (Supplementary) Rules, 1951, which mandated that no more than two months could be the duration of the interception order, besides specifying the person and the premises. Another example is the Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption) Rules, 2009, which required review by a designated committee every six months to prevent abuse. [3]

AI integration has led to the digital age's transformation into mass surveillance that is marked by the continuous monitoring of the entire population and the automatic processing of the data without any reference to individualized suspicion. One such system is the Central Monitoring System (CMS) that started operating in 2013 and is a classic example of the shift in the surveillance paradigm as it allowed the authorities to have direct access to voice calls, SMS messages, and internet data across the telecom networks without the traditional routing through the service providers which was loosely regulated by the same provisions of the Telegraph Act. However, this regulation has been applied in a manner that enables the processing of billions of data points in real-time.

The National Intelligence Grid (NATGRID) has issued procedural directions to 21 departments to collaborate and at the same time, the Crime and Criminal Tracking Network System (CCTNS) has interconnected 14,000 police stations and is using predictive analytics, both operating within the interception rules of the IT Act, yet making it easier to collect data en masse. The use of AI technologies is heightened: the facial recognition in smart cities indiscriminately scans public areas, the predictive policing algorithms under CCTNS identify neighborhoods through data trends, and Aadhaar's linking of biometrics allows for cross-referencing, which altogether are pushing the limits of the offence-specific requirement of Section 69, as function creep is turning security measures into regular governance. The two-month limit of targeted interception under Rule 419A is contrasted with these systems, which enable perpetual profiling, where algorithms carry out mass processing of metadata; thus, the suspicion threshold that is pivotal to traditional laws is being diminished. [4]

This development highlights the obsolescence of the statutory law: Section 5(2) and Section 69, which were originally designed for the threats posed by analog technology, now lack the means to deal with those arising from the use of algorithms either because of their volume or their complexity, thus, they are allowing the authorities to keep bulk data without the 2009 Rules' review committees intervening that there are systemic biases or there are chilling effects on the freedoms guaranteed under Articles 14 and 19.

The digital deluge thus transforms state power from scalpel to sledgehammer and, therefore, necessitates the scrutiny of the category of proportionality to restore the constitutional equilibrium. Monitoring is regarded as existential rather than episodic, and state power is transformed from a surgical knife to a hammer; therefore, doctrinal recalibration is made indispensable for the new age of surveillance.[5]

2. MEANING AND CONCEPT

AI-assisted mass surveillance in India is a major change from the previous monitoring and manual data processing of a certain few to the automated and large-scale processing of the entire population, which has had a great impact on the already existing legal state-citizen relations. The traditional monitoring approach was directed at the suspect mentioned in Section 5(2) of the Indian Telegraph Act, 1885, which prescribes public emergency or safety justifications, but artificial intelligence disassociates collection from suspicion and enables mass interception under Section 69 of the Information Technology Act, 2000, which gives blanket coverage of national security with no volume restrictions.

This framing depicts bulk surveillance as an algorithmic aggregation of constant profiling, where the Central Monitoring System (CMS), for instance, retrieves telecom metadata in bulk, and the operations are governed by the Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption) Rules, 2009, but still not reaching proportionality thresholds for AI scale. The non-transparency surrounding machine-learning models intensifies the function creep as the original security tools in the context of Rule 419A of the Indian Telegraph (Supplementary) Rules, 1951, morph into governance devices, profiling citizens through interconnected databases without the necessity of individual orders.

2.1 Defining Mass Surveillance: From Traditional to Algorithmic Paradigms

Mass surveillance refers to the practice of monitoring entire populations or significant portions of them without any prior suspicion, and it is distinct from traditional paradigms that required specific justifications under Section 5(2) of the Indian Telegraph Act, 1885, where only named individuals during defined emergencies could be subjected to surveillance. AI-powered algorithms have automated this whole process into continuous data ingestion, facial scans, metadata sweeps, and behavioral predictions; thus, they have bypassed the two-month interception caps of Rule 419A and person-specific directives enabling them to retain the data for an indefinite period under Section 69 of the IT Act, 2000.[6]

This changeover separates supervision from the scale of the operation: where old methods were limited in their volume, the algorithms can operate on the entire population, thereby creating a chilling effect as citizens start to self-censor because of the constant monitoring. The terms used in surveillance studies to define mass surveillance point out that it is still a dragnet operation, a large-scale collection of data for later analysis, which is in stark contrast to targeted models that have a threshold of suspicion, with India's hybrid model lacking explicit mass authorization, depending rather on broad Section 69 interpretations.[7]

2.2 Key AI Technologies: Facial Recognition, Predictive Policing, and Data Analytics

Facial recognition technology (FRT) uses artificial intelligence to create a map of biometric characteristics, distance between the eyes, and face outlines, for instant identification of persons from national databases. Public surveillance cameras are using it without any dedicated legal support, just the general Section 69 powers of the IT Act, 2000. Moreover, predictive policing applies machine learning techniques to historical crime data processed by the Crime and Criminal Tracking Network System (CCTNS), predicting crime spots and suspects with unregulated monitoring under the Telegraph Act, at the same time fostering discriminatory practices by means of still unknown training sets.

In Delhi, the FRT scans the entire populace and matches the timing against biometrics collected through the Aadhaar scheme, which has been repurposed for purposes other than authentication, whereas the predictive tools flag certain neighborhoods as risky areas based on the algorithmic risk scores under the Movement of Groups banned by Section 5(2) of the Protests Rights Act.

The video analytics technologies bring to a close the different features of the human aspect, such as clothing or gait, in the footage, and they do so with the help of the interception rules. Data analytics under NATGRID unifies the data from 21 departments, vehicle registries, and tax records for profiling, where AI dissects behaviors by correlations, making it difficult to operate within the limits of Section 69's investigation of offences mandate. Thus, the law merely regulates the powers of preemptive surveillance, where FRT puts forward its claims, predictive models decide on priorities, and, finally, analytics produce the loop, all this taking place under a legal cover that does not recognize the autonomy of algorithms.[8]

2.3 Legal Framework: Telegraph Act, IT Act, and Emerging Regulations

Section 5(2) of the Indian Telegraph Act, 1885, through Rule 419A of the Supplementary Rules, 1951, permits the surveillance of a targeted nature for public safety under time-bound orders, but does not take into consideration the bulk capabilities of the AI. Further, Section 69 of the IT Act, 2000, covers the monitoring of computer resources for the purpose of safeguarding against security threats or detecting offences, with the Union Home Secretary's notifications providing the basis for the monitoring, along with the IT (Interception) Rules, 2009, which set a standard of six-month reviews for the monitoring process and thus reducing the risk of IT Rules, 2009 to data mining or AI transparency issues. The proposed regulations, such as the Draft Indian Telecommunication Bill, 2022, foresee the establishment of a centralized platform for interception, but at the same time leave the executive with a broad scope of discretion and no mandates for proportionality. Rule 419A of the IT Rules specifies the premises and duration, which is not compatible with the real-time access of pervasive FRT or CMS, while the oversight committees of the IT Rules review the orders but do not consider systemic volumes or biases. [9]

3. LEGAL FRAMEWORK

The trio of Articles 14, 19, and 21 provides the foundation for the critique of AI-assisted mass surveillance in India, where the large-scale data processing under Section 5(2) of the Indian Telegraph Act, 1885, and Section 69 of the Information Technology Act, 2000, overlaps with the guarantees of equal protection, free speech, and privacy.

Article 14 imposes a standard of non-arbitrariness on state behavior and, in this context, requires non-discriminatory procedures that will be able to detect the discriminatory profiling that is intrinsic to the AI systems managed by the Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption) Rules, 2009, which do not provide bias-mitigation measures for the output from the algorithms. Article 19(1)(a) not only safeguards speech but also assembly from the adverse impacts of surveillance, which is continuous monitoring under Rule 419A of the Indian Telegraph (Supplementary) Rules, 1951, discouraging dissent but without the time-bound specificity aimed at the interception of communication.

Article 21 contains the elements of privacy and dignity, thus any intrusion bringing for example, by real-time facial recognition with regard to Section 69, will have to be very rigorously tested against the requirement of procedural fairness, which is lacking in the case of mass deployments. The interplay between these rights highlights the need for proportionality to be applied consistently across laws governing surveillance, revealing the areas where the executive's authorization under the Telegraph and IT Acts permits widespread monitoring of the population without adequate safeguards.[10]

3.1 Article 14: Arbitrariness and Equality in Algorithmic Decision-Making

Under Article 14, no one shall be treated with less favor or benefit than others, and protection from arbitrary state action-AI based surveillance is thus declared unconstitutional, when it is not based upon a rational classification, or it does not afford the parties due process. The IT Act of 2000, Section 69, which allows access to stored communications, has computerized crime and criminal tracking networks and systems (CCTNS), which use historical data to generate risk scores through predictive algorithms. These risk scores often end up being discriminatory as they are likely to confirm existing prejudices against certain already disadvantaged groups.

The IT Rules of 2009 do not even require transparency in such cases, thus creating a situation of discrimination similar to that of manifest arbitrariness. Mismatches in facial recognition are more frequent among certain demographics, and hence they do not conform to the person-specific mandates of Rule 419A of the Telegraph Act, 1885. Since bulk scans are done on a whole population using training data that is not publicly disclosed, unequal treatment of people is taking place. This algorithmic opacity is a stumbling block for the rational nexus test, where the grounds of public safety under Section 5(2) fail if less discriminatory alternatives are available; however, still, executive orders allow unchecked profiling.

The extensive gathering of data through NATGRID cross-references done without audits of equality is thus causing the AI to see suspects through the lens of correlations rather than evidence, and thus violating the non-arbitrariness principle at the core of Article 14. The result is that the existing laws have to be improved upon so that the algorithmic rulings will be in tune with the equal protection of all, and that the underprivileged minorities will not suffer discrimination indirectly through mere analysis of their impacts being different from the majority groups.

3.2 Article 19(1)(a): Chilling Effects on Freedom of Expression and Assembly

Article 19(1)(a) grants freedom of speech and expression, including assembly, protection from unreasonable restrictions, but AI mass surveillance is still a source of self-censorship induced by the constant monitoring provided by Section 69 of the IT Act, 2000. The current metadata analysis through CMS is real-time, and it is also capturing large amounts of communication, which is being regulated by the review committees of the IT Rules, 2009, and these committees are not considering the chilling effects on public discourse that result from people changing their behavior because they fear being flagged by the algorithm. The predictive policing under CCTNS is predicting protests by analyzing the patterns of gatherings; hence, the public order justifications under Section 5(2) of the Telegraph Act are getting extremely strained without having proper measures against the indiscriminate collection of data.

The use of facial recognition at demonstrations is identifying all attendees, which intimidates people to the point where they do not express themselves anymore because of the limits set by Rule 419A that are specific and targeted, while the function creep has broadened the use of security tools to be able to silence opposition. This constant surveillance that connects digital free speech to physical movements is a major factor that alters the democratic character of the right, as even protestors engaging in lawful assembly are subjected to prior scrutiny that is not common in conventional monitoring methods. Statutory reforms should take into account the chilling effect of assessments to bring surveillance into line with Article 19(1)(a) and, at the same time, prevent the bulk practices from secretly limiting expressive freedoms.[11]

3.3 Article 21: Privacy, Dignity, and the right against continuous monitoring

Article 21 guards the life and personal liberty, covering privacy and dignity from unreasonable state interference like continuous AI monitoring without suspicion. Under the IT Act, 2000, Section 69 gives permission for the everlasting data trails through CMS and NATGRID that are not subjected to the 2009 Rules' six-month reviews for systemic retention that destroys personal autonomy over a long period of time. With the loose control of the Telegraph Act Section 5(2), facial recognition and predictive analytics are using personal and behavioral data, the process of dehumanized profiling is done without consent or deletion protocols, thus, killing the right to dignity. Rule 419A's time limits become insignificant in data mining processes that are tailored to keep the files indefinitely, thus making the temporary interception of communication the existential surveillance that invades the most personal spheres of privacy. The continuous watch, from linking Aadhaar biometrics with movement patterns, makes the procedural fairness of Article 21 useless since the lack of transparency obstructs the challenge of automated inferences affecting the freedom. The right imposes restrictions of data minimization on the surveillance laws, ensuring that monitoring is human-dignity-respecting rather than technology-driven, imperatives-unchecked.

4. THE DOCTRINE OF PROPORTIONALITY: EVOLUTION AND STANDARDS

The doctrine of proportionality is the crucial standard for judicial review of the states' actions that violate fundamental rights protected by Articles 14, 19, and 21, especially when the area of concern is mass surveillance, which is allowed by Section 5(2) of the Indian Telegraph Act, 1885, and Section 69 of the Information Technology Act, 2000. The principle is rooted in the global administrative law traditions; it requires a structured examination that guarantees that restrictions are kept within the limits prescribed by the Constitution. This trail applies to the bulk interceptions regulated by Rule 419A of the Indian Telegraph (Supplementary) Rules, 1951, and the Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption) Rules, 2009. This procedure assesses if the state-of-the-art tools based on AI, like CMS and CCTNS, can be used by law enforcement agencies without violating the conditions of legality, necessity, and balancing against rights erosions resulting from non-transparent algorithms. Its acceptance raises the review to a higher standard than just being reasonable under Article 19, and it also requires a thorough empirical justification for the use of mass data that was considered under the traditional targeted interception of Section 69.

4.1 Historical Development: From Global Origins to Indian Adoption

The doctrine was born in Germany in the field of administrative law after World War II, and it stressed the idea of the state intervening in a balanced way by applying the three criteria of suitability, necessity, and proportionality stricto sensu, which were perhaps one of the most influential criteria for the European Court of Human Rights under Article 8 ECHR, for privacy intrusions similar to India's Section 69 monitoring. The Indian courts have implicitly applied this principle long before it was formally recognized, which is seen through the courts invoking reasonableness under Article 19(1) restrictions as early as 1950, and this practice slowly developed through administrative law to scrutinize executive actions under the Telegraph Act. The case of Om Kumar v. Union of India, (2000) 2 SCC 386, represented the court's early formalization of the concept by differentiating the primary review of rights-infringing actions from the secondary Wednesbury scrutiny and applying proportionality to Article 14 claims of arbitrariness in surveillance-like contexts. This global-to-local trajectory was in step with the Canadian Charter influences, which were adaptive to the Indian context, where Section 5(2)'s public safety justifications needed to meet the rational nexus requirement that ultimately led to the establishment of ISPs’ volume caps for IT Act interceptions. [12]

4.2 The Four-Pronged Test: Legality, Legitimate Aim, Necessity, and Balancing

The four-pronged test legality, legitimate aim, necessity, and balancing offers fine-grained analysis for surveillance under Rule 419A and 2009 IT Rules, and it guarantees that Section 69 authorizations come from accessible laws that have clear safeguards in place. Legality requires an exact statutory delegation, which in turn reveals the shortcomings in the provisions of the Telegraph Act regarding the AI bulk collection; the legitimate aim restricts the actions to the constitutional foundations, such as public order under Section 5(2). The necessity of the situation implies using the least intrusive means; hence, the question arises about the CMS metadata sweeps once the targeted alternatives prove to be adequate. The balancing of rights harms against gains is crucial in the case of algorithmic biases that avoid scrutiny by review committees. This test replaces the vague reasonableness standard, and it is applicable in mass practices where the functional creep under the IT Rules is compromising the proportionality principle.

4.2.1 Modern Dental College (2016): Articulation of the Framework

In Modern Dental College & Research Centre & Ors. v. State of Madhya Pradesh & Ors.[13], the Supreme Court laid down the proportionality framework in a step-by-step manner. Lawfulness, legitimacy, necessity, and balance were the criteria for examining the action of the state, while allowing the measures taken for public goods. The court pointed out that the powers of the administration draw their limits from the Constitution when there is arbitrariness or disproportionality, and thus, the court's decision gave a doctrinal basis for the subsequent proportionality review in rights cases. The court's decision involved legislative procedures regulating admissions and fees, and it presented proportionality as a means to prevent arbitrary state action.

4.2.2 Anuradha Bhasin (2020): Digital Restrictions Application

In Anuradha Bhasin v. Union of India[14] the Court applied the proportionality principle to the state-imposed digital restrictions considering that the indefinite internet suspensions were violating Article 19 unless they were based on law, aimed at a legitimate objective, and at last, were strictly necessary and proportional; the judgment made the Temporary Suspension of Telecom Services (Public Emergency or Public Service) Rules, 2017 and orders under Section 144 CrPC be viewed from this perspective and dictated that the shutdown orders must meet the legal safeguards, be limited in time, and not to prolong the chilling effect over press and trading with the help of internet-dependent professionals.

4.3 Judicial Trends Post-Puttaswamy:

In Justice K.S. Puttaswamy (Retd.) & Anr. v. Union of India & Ors[15], the watershed ruling that the right to privacy is a constitutional right guaranteed by Articles 14, 19 and 21; the nine-judge bench created a tripartite proportionality/standards framework (legality, legitimate aim and proportionality-balancing) which now regulates state interventions in the areas of informational privacy and surveillance while recognizing the features – data minimization, purpose limitation and safeguards that are necessary for any lawful surveillance architecture subjected to constitutional review.

People’s Union for Civil Liberties (PUCL) v. Union of India & Ors[16] battled with phone-tapping under the Indian Telegraph Act and decided that interception without proper legislative safeguards is a violation of the right to privacy and Article 21 and freedom of speech and Article 19; the Court prescribed safeguards (authorization, review, record-keeping, and remedy) to curb the arbitrary surveillance and also warned that the power of the state under Section 5(2) Telegraph Act must be directed by law and subjected to the principle of proportionality so that the executive does not overstep its bounds.

Smt. Selvi & Ors. v. State of Karnataka & Anr[17] declared involuntary narcoanalysis, polygraph, and brain-mapping to be unconstitutional where non-consensual, justifying that such methods encroach upon the right to silence because of self-incrimination (Article 20(3)) and the right to life and personal liberty (Article 21); the Court's ruling shields physical and mental integrity from invasive investigative methods making consent and procedural safeguards a condition and stressing that no constitutional guarantees can be bypassed through technology in gathering information.

R. Rajagopal (R. Rajagopal alias R.R. Gopal & Anr. v. State of Tamil Nadu & Ors.)[18] recognized an aspect of privacy as the right not to have one's personal details disclosed and at the same time restricted press freedom if the publication is done in a way that it intrudes upon the privacy and dignity of an individual; while weighing Article 19(1)(a) against Article 21, the Court accepted the argument that free speech is not absolute and that the press should not publish private facts obtained in violation of privacy, thus giving an early doctrinal precedent which limits the claims of public interest that justify mass disclosures.

Shreya Singhal v. Union of India[19]. The court case declared Section 66A of the Information Technology Act void due to the vagueness and disproportionate nature of the law. The case established that there are three prerequisites to be satisfied before digital control can be exercised- legality, necessity, and proportionality under Article 19; the verdict also insisted that internet governance should be stringent and proper statutory standards should be in place to guard against arbitrary censorship and overbroad surveillance, which can reduce expression and shut down journalism in the virtual world.

5. APPLYING PROPORTIONALITY TO AI-DRIVEN MASS SURVEILLANCE

The four prongs of the proportionality doctrine actually offer a systematic approach to analyzing AI mass surveillance practices in India through the Indian Telegraph Act, 1885, Section 5(2), and the Information Technology Act, 2000, Section 69, and therefore unmasking the bulk practices as conflicting with the constitutional commands of Articles 14, 19, and 21 through systemic failures. Legality reveals the lack of precision in the law that is responsible for the algorithmic opacity; in the case of the legitimate aim, the security pretensions are subjected to scrutiny against the possibility of overreach through Rule 419A of the Indian Telegraph (Supplementary) Rules, 1951. This application brings out the fact that AI has virtually severed the link between surveillance and suspicion, thereby putting a strain on the procedural safeguards that were initially designed for human monitoring of interceptions.

5.1 Legality: Statutory Gaps and Opacity in AI Deployments

Legality necessitates the presence of laws that are not only clear but also accessible, and that set the limits to the surveillance; however, Section 69 of the IT Act, 2000, which is the main law regarding disclosure of information for security reasons, uses vague terms such as "national security" and does not define AI parameters or bulk thresholds. This allows the 2009 IT Rules' order-specific reviews to occur behind a veil. Rule 419A requires identification of the person and premises for surveillance under the Telegraph Act, but facial recognition scans whole populations indiscriminately and does not have the necessary statutory permission for real-time matching against Aadhaar databases.

This void allows executive notifications for access to CMS metadata without the need for transparency in the algorithms, thus violating legality because it is giving the authority without limit and without the requirement to specify the type of data or the period of retention. The non-transparency of proprietary AI systems, black-box predictions not made available to reviewing bodies, hinders foreseeability, thus allowing the transition of using the technology for security to governance without legislative changes. The lack of regulations specifically addressing AI leads to the unregulated merging of NATGRID data, making the bulk practices technically legal but unconstitutional in practice due to a lack of safeguards.[20]

5.2 Legitimate Aim: Security vs. Systemic Overreach

Legitimate aim limits the activities to constitutional fields like public safety under Section 5(2), but AI mass surveillance often conceals the issue of systemic overreach, extending the scope of Section 69 from investigating offences to continuous profiling. The telecoms sweep carried out by CMS claims to be for security purposes but actually allows for regular monitoring, which is not in line with the emergency assumptions of the Telegraph Act. Besides, the CCTNS predictive tools make crime data available for social control that goes beyond maintaining public order. This overreach is reflected in the smart city FRT (facial recognition technology), questioning the behavior of non-threats and exceeding the two-month limitations of Rule 419A as the aims become blurred in governance efficiency.

5.3 Necessity: Least Intrusive Alternatives and Evidence of Efficacy

Necessity demands the least invasive means to obtain the objective; however, the AI mass gathering under Section 69 surpasses other options like the manual tails under Rule 419A, which are less intrusive and are not substantiated with evidence of being more effective. CCTNS estimates are based on skewed past data without any randomized trials, while FRT's 80% accuracy limit in Delhi results in false positives, causing human validation, which is less intrusive than scanning the whole population. Legal assessments should insist on comparative data and reject bulk when targeted interception is enough under the Telegraph provisions.

6. CONCLUSION

The Artificial Intelligence-enabled mass surveillance regulated under Section 69 of the IT Act, 2000, does not pass the legality test of the proportionality principle due to the extremely widespread algorithmic opacity, which makes the statutory safeguards just words. The power given by Section 69 for the NS monitoring of computer resources is without any limit regarding the use of the black-box AI models in the CMS, where the proprietary algorithms process data in bulk, which is more than the precision governed by the laws. The Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption) Rules, 2009, require that the orders be reviewed, but they do not provide for source code disclosure or audit trails, allowing the executive to issue notifications that give unrestricted power to the opaque technologies. Such vagueness contradicts the legality's foreseeability prerequisite because the citizens are unable to delineate the surveillance areas when the facial recognition matches escape predetermined boundaries, converting the targeted interception into non-discriminating nets without legislative anchoring.

7. RECOMMENDATIONS

1.                   Legislative amendments to Section 69 of the IT Act, 2000, must incorporate AI-specific safeguards, stipulating pre-use audits and human intervention protocols in the new IT Rules of 2009 to ensure transparency.

2.                   Section 5(2) of the Telegraph Act asks for volume restrictions and random efficiency trials for CCTNS, thus connecting Rule 419A with algorithmic scale through obligatory bias corrections.

3.                   Judicial guidelines should be the ones to advance proportionality through algorithmic impact assessments, where one committee is to question necessity with comparative data before approving CMS.

4.                   Independent oversight boards with the power conferred by IT Rules will carry out an annual structural design of the NATGRID fusions.

5.                   Policy requirements consist of data minimization in the case of the smart city FRT, no secondary uses other than those under Section 69, and sunset clauses that restore the temporal limits of Rule 419A to predictive tools.

[1] Laroia G, “Telephone Tapping, Interception And Surveillance; Thin Line Of Privacy” Live Law (September 8, 2025) <https://www.livelaw.in/articles/phone-tapping-and-right-to-privacy-analysis-303171> accessed January 14, 2026

[2] “Artificial Intelligence and Surveillance in India: 2025” (Software Freedom Law Center, India • Defender of Your Digital Freedom, January 15, 2026) <https://sflc.in/artificial-intelligence-and-surveillance-in-india-2025-roundup/> accessed January 14, 2026

[3] Manupatra, “Articles – Manupatra” <https://articles.manupatra.com/article-details/Right-to-Privacy-in-Digital-Age> accessed January 15, 2026

[4] Mendes VIS and others, “Harnessing Artificial Intelligence for Enhanced Public Health Surveillance: A Narrative Review” (2025) 13 Frontiers in public health 1601151

[5] Al-kfairy M and others, “Ethical Challenges and Solutions of Generative AI: An Interdisciplinary Perspective” (2024) 11 Informatics

[6] Staff C, “CivilsDaily” (CivilsDaily, July 23, 2021) <https://www.civilsdaily.com/news/surveillance-laws-in-india-and-individual-privacy/> accessed January 15, 2026

[7] Komal, “The Transformative Paradigm Of AI And Access To Justice In India” (IJLSSS, March 18, 2025) <https://ijlsss.com/the-transformative-paradigm-of-ai-and-access-to-justice-in-india/> accessed January 15, 2026

[8] “Facial Recognition Technology (FRT) and Surveillance” (ICO, July 29, 2025) <https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/cctv-and-video-surveillance/guidance-on-video-surveillance-including-cctv/additional-considerations-for-technologies-other-than-cctv/facial-recognition-technology-frt-and-surveillance/?search=Taxi> accessed January 15, 2026

[9]Academike, “Law on Phone Tapping in India in Light on Public Safety - Academike” (Laxmikant Bhumkar, October 6, 2020) <https://www.lawctopus.com/academike/law-on-phone-tapping-in-india-in-light-on-public-safety/> accessed January 16, 2026

[10] “S. 69 of the Information Technology Act and the Decryption Rules : Absence of Adequate Procedural Safeguards • Software Freedom Law Center, India” (Software Freedom Law Center, India • Defender of Your Digital Freedom, December 13, 2021) <https://sflc.in/s-69-information-technology-act-and-decryption-rules-absence-adequate-procedural-safeguards/> accessed January 17, 2026

[11] Team PIC, “Free Speech in Digital Age: Balancing Liberty and Responsibility” (PMF IAS, December 17, 2025) <https://www.pmfias.com/right-to-free-speech/> accessed January 17, 2026

[12] Kapoor V, “Doctrine of Proportionality” (iPleaders, May 24, 2024) <https://blog.ipleaders.in/doctrine-of-proportionality/> accessed January 18, 2026

[13] Modern Dental College & Research Centre & Ors. v. State of Madhya Pradesh & Ors., (2016) 7 SCC 353

[14] Anuradha Bhasin v. Union of India, W.P.(C) No.1031/2019, Judgment dated 10 Jan 2020 (Supreme Court of India; AIR 2020 SC 1308)

[15] Justice K.S. Puttaswamy (Retd.) & Anr. v. Union of India & Ors., (2017) 10 SCC 1; AIR 2017 SC 4161

[16] People’s Union for Civil Liberties (PUCL) v. Union of India & Ors., Writ Petition (Crl.) 612 of 1992, decided 5 Feb 1997

[17] Smt. Selvi & Ors. v. State of Karnataka & Anr., (2010) 7 SCC 263

[18] R. Rajagopal (R. Rajagopal alias R.R. Gopal & Anr. v. State of Tamil Nadu & Ors.), AIR 1995 SC 264; (1994) 6 SCC 632

[19] Shreya Singhal v. Union of India, (2015) 5 SCC 1

[20] “IT Act – Constitutional Law and Philosophy” (Constitutional Law and Philosophy) <https://indconlawphil.wordpress.com/category/free-speech/it-act/> accessed January 19, 2026