WhatsApp vs Government | Why exiting India threat bestirs ‘traceability’ debate

mohitsiddhi

WhatsApp vs Government | Why exiting India threat bestirs ‘traceability’ debate


On April 25, WhatsApp told the Delhi High Court that it will have to exit India if forced to comply with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, or IT Rules. The U.S.-based firm’s counsel, Tejas Karia, told a Bench of Acting Chief Justice Manmohan that compliance with the IT Rules will force the company to break end-to-end encryption of messages.

The Meta-owned platform is challenging Rule 4(2), which stipulates that any significant social media service must enable a way to identify the first sender of the message when an order to that effect is issued by a court or by a competent authority.

Why is compliance a sticky issue?

The IT rules mandate significant digital platforms – – those with over fifty lakh registered users – – to identify the originator of the information. This has become a sticky point for WhatsApp as it can’t comply with the rules unless it changes the very way it transmits and stores information.

The instant messaging platform is built on the idea of securely transmitting information. To make that happen, WhatsApp encrypts messages sent between users. This end-to-end encryption adds an extra layer of security by bolting the messages with a cryptographic lock so only its intended recipient can read it on their device.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Encryption and decryption of message happen entirely on users’ devices. And WhatsApp has no way to see the content or listen to calls that are end-to-end encrypted. Additionally, keys to cryptographic lock keep changing every time a new message is sent.

Also, messages exchanged are not stored on Meta’s servers and they can’t be intercepted while in transit. This makes it difficult for WhatsApp to identify the first sender, which the government wants the platform to do under Rule 4 (2) of the IT rules.

What is WhatsApp’s data retention policy?

WhatsApp does not store messages or transaction logs of delivered messages. Messages undelivered are deleted from its servers after 30 days. And, if any law enforcement agency wants information about user accounts on its platform, they must make a request to obtain records of specific accounts.

“We will take steps to preserve account records in connection with official criminal investigations for 90 days pending our receipt of formal legal process,” the platform notes in its FAQs page.

In its privacy policy, the platform states that it may collect, use, store, and share user information if it deems necessary to keep users safe, detect illegal activity, respond to legal requests, or enforce its terms of use. It may also collect information “about how some users interact with others on our service.”

Why is ‘traceability’ a double-edged sword?

While the recent deepfake videos of politicians and celebrities being circulated on social media have re-upped the issue of traceability of the first sender, the petition against the IT Rules, filed by Meta platforms in the Delhi High Court, dates back to 2021, when the law was announced.

WhatsApp sees any government that chooses to mandate traceability as “effectively mandating a new form of mass surveillance. To comply, messaging services would have to keep giant databases of every message you send, or add a permanent identity stamp — like a fingerprint — to private messages with friends, family, colleagues, doctors, and businesses.”

The company contends that India’s IT Rules are against the privacy of users and that they were introduced without any consultation. “There is no such rule anywhere else in the world. Not even in Brazil,” Advocate Karia, appearing for WhatsApp said on Thursday, per PTI. (After India, WhatsApp’s largest user base is in Brazil.)

At the other end of the spectrum, some legal scholars and law enforcement agencies say that end-to-end encryption must not be a blanket option. And that, it must be broken in cases involving fake news, deepfakes, or child abuse content as they cause social harm.

But making tweaks to end-to-end encryption for exceptional cases will destroy the very system that grants privacy to users of secure messaging platforms.

Are there other complaints against India’s IT Rules?

Yes, several petitions have been moved against the IT Rules and are pending before different high courts. On March 22, the Supreme court transferred a batch of petitions to the Delhi High Court for hearing.

Recently, the Bombay High Court delivered a split verdict on pleas challenging the constitutionality of a 2023 amendment to the IT Rules that permitted a fact check unit of the Union government to identify misleading online content about the central government.

In April 2023, the Union government amended the IT Rules that allowed the Ministry of Electronics and IT to set up a fact-checking unit that was empowered to identify false or misleading online content concerning matters pertaining to the Union government.

And once the unit notifies any content as false or misleading, the platform must flag it appropriately. Failing to do so would cost the platform its ‘safe harbour’ status — essentially losing its legal protection and being drawn into a criminal prosecution.

What happens next on the WhatsApp case?

WhatsApp’s counsel Karia requested the Delhi High Court to tag this case with other similar petitions transferred to it by the Supreme court on March 22 so they all matters can be heard as a batch. The bench has listed the case on August 14, and awaits transfer of all other petitions.



Source link

Leave a Comment