Freedom of Expression vs. National Security: Post-DPDP and Cyber-Terrorism Cases

  • Post category:Jobs
  • Reading time:8 mins read

Freedom of Expression vs. National Security: Post-DPDP and Cyber-Terrorism Cases

Table of Contents

The digital ecosystem of India in 2026 sits at the epicenter of a profound constitutional tug-of-war. On one end is the fundamental right to freedom of speech and expression, intertwined with the right to privacy. On the other end lies the imperative of national security, tasked with shielding the state from the unprecedented threats of cyber-terrorism, organized digital fraud, and algorithmic radicalization.

With the phased implementation of the Digital Personal Data Protection (DPDP) Act, 2023, and the increasingly expansive application of the Unlawful Activities (Prevention) Act, 1967 (UAPA) to online speech, the legal landscape has been permanently altered. Constitutional courts are currently navigating this precarious frontier—balancing the sanctity of end-to-end encryption with the state’s demand for traceability, and distinguishing between legitimate online dissent and digital terrorism.

This article provides a comprehensive legal analysis of how Indian courts and statutes are mediating the conflict between digital liberties and state security in the post-DPDP era.

1. The Post-DPDP Landscape: Privacy Shield or Surveillance Framework?

The enactment and subsequent notification of the DPDP Act marked India’s transition into a regulated data economy. While fundamentally designed to protect digital personal data from corporate misuse, the Act has ignited a fierce debate regarding state exemptions and transparency.

The Conflict Between Privacy and the Right to Information (RTI)

One of the most litigated intersections of the new law is its impact on the Right to Information Act, 2005. Section 44(3) of the DPDP Act amended Section 8(1)(j) of the RTI Act, effectively creating a blanket exemption for the disclosure of “personal information.”

While intended to protect citizens’ data, transparency activists argue that this provision is frequently weaponized by public authorities to deny legitimate RTI requests regarding bureaucratic accountability. The legal friction points to a direct conflict between the Right to Privacy (Article 21) and the Right to Know—a derivative of the Freedom of Speech and Expression (Article 19(1)(a)).

Section 17 Exemptions: The National Security Carve-Out

The most contentious provisions for national security are found in Section 17 of the DPDP Act.

Section 17(1) and 17(2) exempt the state from standard data protection obligations (like consent, purpose limitation, and data erasure) when processing data in the interest of:

  • Sovereignty and integrity of India
  • Security of the State
  • Maintenance of public order
  • Prevention of incitement to any cognizable offense

In the ongoing 2026 Supreme Court litigation (Venkatesh Nayak v. Union of India), petitioners have challenged these exemptions, arguing they grant the executive unchecked power to surveil citizens without a statutory review mechanism. The courts are currently evaluating whether these sweeping exemptions pass the doctrine of proportionality established in the landmark K.S. Puttaswamy judgment, which requires any invasion of privacy to have a legitimate aim, legislative backing, and be strictly proportionate to the objective.

2. Cyber-Terrorism and the Expansive Net of the UAPA

Historically, anti-terror legislation in India, such as the Terrorist and Disruptive Activities (Prevention) Act (TADA) and the Prevention of Terrorism Act (POTA), focused on conventional kinetic violence—bombs, firearms, and armed insurgency. Today, the theater of conflict has shifted to WhatsApp groups, X (formerly Twitter), and encrypted messaging applications.

Redefining “Terrorist Act” Under Section 15 of UAPA

Section 15 of the UAPA defines a “terrorist act.” Crucially, it includes acts committed using bombs, dynamite, poisonous gases, or “by any other means of whatever nature.”

Recently, law enforcement agencies have capitalized on this broad phrasing to categorize digital speech, online mobilization, and the administration of social media groups as acts of terrorism. Courts have seen a surge in UAPA prosecutions where the core allegation is not physical violence, but the creation of an “organized, sustained, and conspiratorial” digital campaign to paralyze essential services (such as organizing “chakka jams” or road blockades via social media).

The Blurring Lines: Public Order vs. Security of the State

The judicial challenge lies in delineating the boundaries of disruption. In constitutional jurisprudence, courts have long held that “law and order,” “public order,” and “security of the State” represent three concentric circles.

  • A localized protest may disrupt law and order.
  • A large-scale riot affects public order.
  • Only acts that threaten the very sovereign existence of the nation strike at the security of the State.

By charging digital dissidents and journalists under the UAPA for online posts, the state effectively elevates a public order issue to a national security crisis. Legal scholars argue that this expansive interpretation creates a severe chilling effect on free speech. Just as the Supreme Court struck down Section 66A of the IT Act in Shreya Singhal v. Union of India (2015) for its vague criminalization of “annoying” online speech, there is growing judicial unease over the overbroad application of Section 15 of the UAPA to non-violent digital expression.

3. The Encryption Dilemma: Traceability vs. Anonymity

At the heart of the national security debate is the technological reality of End-to-End Encryption (E2EE). Platforms like WhatsApp and Signal utilize E2EE to ensure that only the sender and the recipient can read the messages; not even the platform itself holds the decryption keys.

Section 69 of the IT Act and Traceability Mandates

Under Section 69 of the Information Technology Act, 2000, the government possesses sweeping powers to issue directions for the interception, monitoring, or decryption of any information generated, transmitted, or received in any computer resource, provided it is necessary for national security.

Furthermore, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules mandate that Significant Social Media Intermediaries (SSMIs) must enable the “identification of the first originator” of a message if ordered by a competent court or government authority.

The Law Enforcement Argument

Intelligence and law enforcement agencies argue that encryption provides an impenetrable dark space for cyber-terrorists, hostile foreign state actors, and organized syndicates (such as those running sophisticated “digital arrest” extortion scams). Without the ability to trace the origin of a digitally transmitted terror plot or a viral deepfake designed to incite communal riots, the state is effectively blindfolded.

The Privacy and Free Speech Argument

Conversely, privacy advocates assert that breaking encryption to find a single bad actor requires fundamentally altering the software architecture for all users, thereby destroying the privacy of millions of law-abiding citizens. Furthermore, anonymity is often inextricably linked to free speech. Whistleblowers, journalists, and political dissidents rely on encrypted platforms to expose corruption and express dissent without fear of state retribution.

The courts are caught in a technological paradox: can traceability be engineered without breaking end-to-end encryption? Thus far, technology experts suggest it cannot, leaving the judiciary to decide which constitutional value must yield.

4. How Courts Are Striking the Balance

When tasked with balancing Article 19(1)(a) (Freedom of Speech) and Article 21 (Right to Privacy) against Article 19(2) (Reasonable Restrictions for State Security), the Indian judiciary relies heavily on the Proportionality Standard.

The Rejection of “Pre-Censorship”

The Supreme Court has consistently held a strong presumption against pre-censorship. The judiciary maintains that restricting speech to prevent a hypothetical threat to national security is constitutionally suspect. To restrict digital speech, the state must demonstrate a “proximate and direct nexus” between the online post and an imminent threat of violence or destabilization. The spark must be in a “powder keg” context; a mere remote possibility of disturbance is insufficient to suspend fundamental rights.

Curtailing “Digital Arrests” and Cyber Fraud

While courts are highly protective of political speech, they are aggressively expanding the state’s power to act against purely criminal cyber enterprises. In recent suo motu cognizance cases regarding the epidemic of “digital arrest” scams, the Supreme Court has unequivocally stated that the right to privacy does not shield organized cyber-fraud. The Court has directed the integration of advanced cyber forensic capabilities and centralized investigative coordination to track digital financial trails, indicating that when the crime is distinctly financial and coercive, the threshold for state intervention is significantly lowered.

Demanding Granular Accountability

In UAPA prosecutions based on digital evidence, the courts are increasingly demanding high evidentiary standards under Section 65B of the Indian Evidence Act (now transitioned into the Bharatiya Sakshya Adhiniyam). Courts are rejecting vague allegations of “cyber-conspiracy” if the prosecution cannot demonstrably link the accused’s digital footprint (IP addresses, metadata, encrypted device logs) to an actual overt act of terrorism.

Conclusion

The intersection of freedom of expression and national security in India is no longer confined to physical borders or printed pamphlets; it is fought in the realm of server logs, encrypted packets, and digital data protection frameworks.

The post-DPDP era has codified the state’s right to process data for security purposes, but it has simultaneously armed citizens with a statutory recognition of their digital privacy. Meanwhile, the expansion of the UAPA to cover online mobilization threatens to blur the critical distinction between democratic dissent and cyber-terrorism.

Ultimately, the responsibility of maintaining this delicate equilibrium falls upon the judiciary. By rigorously applying the proportionality test, enforcing strict evidentiary standards for digital evidence, and resisting the urge to classify all disruptive online speech as a threat to the state, the courts remain the final bulwark. As technology continues to evolve at a breakneck pace, Indian jurisprudence must ensure that the digital architecture designed to protect the nation does not inadvertently construct a panopticon that stifles its democratic soul.