Last month, messaging platform, WhatsApp, filed a lawsuit in the Delhi High Court against the Indian government over the traceability clause in the new IT Rules 2021. The new IT rules requires social media platforms to locate ‘the first originator of the information’, when asked by authorities, which is called a traceability clause.
Calling it unconstitutional, WhatsApp stated that it was against the fundamental right to privacy as underlined by the Supreme Court decision and urged that it not be imposed on technology mediators. It is claimed that the clause puts ‘criminal liability’ on its employees for non compliance.
While this rule will affect all messaging apps including Snapchat, Signal, Telegram and Snapchat, only WhatsApp is fighting this inclusion. Could this be due to its popularity in India – it has over 390 million users in India, of which around 4% are business users?
For instance, many hotels allow guests to manage their room and dining bookings through this platform. It has emerged as an important technology especially during the pandemic, when guests seek minimal personal communication with hotel staff – they can instead chat on WhatsApp.
Rajarshi Bhattacharyya, CMD of ProcessIT Global
Rajarshi Bhattacharyya, CMD of ProcessIT Global explains to Vinita Bhatia whether this move by the government amounts to mass surveillance and how Rule could impact digital communication, since several businesses use WhatsApp extensively for employee and customer interaction.
Why has WhatsApp filed a lawsuit against the Indian government over a ‘traceability’ clause?
The Indian government’s Intermediary Rules 2021, which is part of the IT Rules 2021, requires WhatsApp to make people’s messages traceable. This would violate people’s privacy and also break the concept of end-to-end encryption, implemented on WhatsApp for Android and iOS platforms. This prompted WhatsApp to file a lawsuit against the Indian government.
How exactly does this traceability clause impact social media intermediaries like Facebook, WhatsApp, Twitter, Telegram, and Signal?
The traceability clauses will impact social media intermediaries in several ways. To begin with, they would have to store enormous amounts of data. They will also be forced to modify their existing tech infrastructure to comply with this proviso’s requirement of metadata access. This in turn will significantly increase the cost of business.
Moreover, traceability means that companies will have to compromise on End-to-End (E2E) encryption. In this regard, E2E encryption means that messages between two individuals cannot be accessed by any other entity, including the social media intermediary. Therefore, any compromise on the E2E encryption design undermines the hitherto-existing privacy of communication over messaging apps, as ensured through E2E encryption.
Is it technologically possible for social media intermediaries to identify the origin or originator of a message or post, given the vast volume of information shared on their platforms?
As per the current law, they have to identify the origin/originator of the post. This traceability is very much possible. However, they will need to make additional investments to comply in terms of capital as well as operational expenditure. The cost of business will definitely rise.
Can WhatsApp remove the default E2E encryption for messages originating from India?
The message can originate anywhere. So, creating a specific version for a country does not help until and unless it is applied for all users.
How will non-compliance of these rules affect these social media companies?
WhatsApp has almost 390 million users in India and out of which around 4% are business users. Non-compliance with the rules would result in them losing their intermediary status. This provides them certain exemptions and immunity from liabilities for any third-party content and data hosted by them. Once this happens, they could be liable for criminal action, in case of complaints.
What is the best way to navigate this situation?
The points stated by the Indian government based on which the rule has been passed are very strong as it concerns the nation’s law and order as well as national security. In no way, can this be compromised. Having said that, what we currently require is an immediate Data Privacy and Protection Rule, which the government should enforce.
Will the government’s heavy-handed approach towards regulation discourage tech companies like Facebook and Google from investing heavily in India?
Every country has the right to be concerned with its security and sovereignty. To do business in India, tech companies have to comply with the laws of the land. The new law should not be treated as an impediment to doing business in the country. However, large tech companies should join hands with the government and work towards contributing to nation building.
Many industries, especially hotel companies, rely on WhatsApp for their official and guest-facing communications. How is this ongoing situation likely to affect them, should it work against WhatsApp?
The current situation will not impact the hospitality industry in any way. The rule clearly states says the government will only seek information on the origin of messages for fake news, child sex abuse material, pornography and cybercrimes like hate-mongering, which are being pushed through the instant messaging platforms.
