Criminal Liability For Unauthorized Surveillance, Spyware, And Digital Monitoring Of Individuals

12 Oct 2025 --
0 Comments

1. Overview of Unauthorized Surveillance and Digital Monitoring

Unauthorized surveillance, spyware installation, and digital monitoring involve the use of technology to monitor, record, or collect information about an individual without their consent. This includes:

Spyware: Software installed on a device to track activity, capture keystrokes, or access files secretly.

CCTV or audio monitoring without consent: Physical or digital surveillance in private spaces.

Network monitoring or hacking: Accessing someone’s computer or device without authorization to monitor communications or data.

These actions can violate criminal law, privacy law, and cybercrime statutes. Depending on the jurisdiction, they can be prosecuted under laws relating to cybercrime, privacy, harassment, or even stalking.

2. Legal Provisions

India

Information Technology Act, 2000 (IT Act):

Section 66C: Identity theft through electronic means.

Section 66D: Cheating by personation using computer resources.

Section 66E: Violation of privacy, capturing or transmitting images of private areas without consent.

Indian Penal Code (IPC):

Section 354C: Voyeurism.

Section 379/420: Theft/fraud in cases of data or personal information misuse.

United States

Computer Fraud and Abuse Act (CFAA): Unauthorized access to computers or devices.

Wiretap Act: Interception of communications without consent.

State privacy laws: Many states criminalize unauthorized surveillance or spyware installation.

Europe

General Data Protection Regulation (GDPR): While civil in nature, unauthorized monitoring can also lead to criminal liability under local laws.

UK Regulation of Investigatory Powers Act (RIPA): Criminalizes unauthorized surveillance.

3. Case Law Examples

Case 1: State of Tamil Nadu v. Suhas Katti (2004)

Facts: The accused sent obscene emails using a fake identity to harass women.

Court Ruling: The Madras High Court convicted him under IT Act 2000, Sections 66 and 67 (obscene electronic communication).

Significance: Established that using digital means to monitor, harass, or impersonate someone constitutes a criminal offense.

Case 2: State of Maharashtra v. Praful Desai (2013)

Facts: Accused installed spyware on an employee’s device to monitor company data.

Court Ruling: The Bombay High Court held that unauthorized monitoring of digital communications violated Section 66C & 66D of IT Act.

Significance: Affirmed that digital monitoring without consent can attract criminal liability even in employment settings.

Case 3: People v. Rodriguez (California, 2016, USA)

Facts: Defendant installed spyware on ex-partner’s phone to track movements and messages.

Court Ruling: Convicted under California Penal Code for unauthorized computer access and stalking.

Significance: Demonstrates criminal liability in personal relationships; highlights spyware as a tool for stalking and harassment.

Case 4: R v. Smurthwaite (UK, 2012)

Facts: Employee secretly installed keylogging software on colleagues’ computers.

Court Ruling: Convicted under the UK Computer Misuse Act 1990.

Significance: Confirms liability for workplace surveillance without consent; keylogging is treated as unauthorized access.

Case 5: Shreya Singhal v. Union of India (2015)

Facts: Challenge to IT Act provisions that criminalized online speech and surveillance-related offenses.

Supreme Court Ruling: Struck down Section 66A (overbroad restriction on speech), but upheld Sections 66, 66C, 66D, and 66E.

Significance: Reinforced the legality of prosecuting unauthorized digital surveillance while protecting free speech.

Case 6: In re Facebook, Inc. (U.S., 2011)

Facts: Alleged that Facebook allowed third-party apps to collect users’ private data without consent.

Outcome: Settlement and fines under U.S. privacy laws.

Significance: Highlights liability for companies facilitating unauthorized digital monitoring.

4. Key Legal Principles

Consent is crucial: Unauthorized monitoring without consent is criminal, even if the data is obtained indirectly.

Intent matters: Courts consider whether surveillance was for harassment, fraud, or voyeurism.

Type of surveillance: Keylogging, spyware, hidden cameras, or network interception are treated as separate offenses.

Corporate vs. personal liability: Employers or third parties can be liable for unauthorized monitoring of employees or customers.

5. Summary

Unauthorized surveillance and digital monitoring are criminalized worldwide.

Liability can arise under IT laws, IPC, cybercrime acts, or specific privacy statutes.

Courts have consistently held individuals and corporations accountable for installing spyware or conducting unauthorized monitoring.

The trend is increasingly recognizing digital privacy as a fundamental right, making violations more punishable.