Right to Privacy and Freedom of Expression are two of the most fundamental privileges which are ascribed to every person born human by virtue of Articles 12 and Article 19 of the UDHR (Universal Declaration of Human Rights) respectively. According to the declaration no one can be subjected to arbitrary interference to their privacy and family, home or correspondence and a person shall not be subjected to any attacks on their honor or reputation. The declaration also ascribes freedom to express opinions and seek, impart and receive any ideas or information through any media regardless of frontiers. Digitization has integrated the world into a global cyber village and has led humanity to venture further into the digital realm. With a more profound human presence in cyberspace there was a dire need to be aware and exercise our right in our digital home.
The cyberspace is growing dynamically and is unpredictable, possessing immense power to bring about prominent changes in society at large, due to its gargantuan sphere of influence. The internet hosts a multitude of social media platforms, which allows people to interact and express their opinions freely. However this freedom sometimes causes people to invade and hamper the dignity and respect of others, authorities and even government. One post by a single originator can spread like wildfire and can be catastrophic for any person, social groups, authority or even governments something we witnessed during the second wave of covid – 19 when false and corrupt information about medical supplies and beds was quickly disseminated on social media platforms creating hostile situations for people. In order to tackle the prevailing issue a need was felt for stricter norms for regulation of any form of communication via intermediaries. Hence the government necessitated bringing significant amendments to the I.T (Information Technology – Intermediary Guidelines Rules) 2011.
By virtue of new developments, a draft on Information Technology (Intermediary Guidelines) Rules was introduced by the Ministry of Electronics and Information technology (MiETY) in 2018 for public consultation and the same was edited and modified as Information technology (Intermediary Guidelines and Digital Media Ethics) Rules 2021. The new rules made significant changes and expanded the area of intermediary supervision, along with bringing Over-The-Top (“OTT”) Platforms under its ambit.
This recent development in I.T Rules has caused a dispute between social media giants such as WhatsApp and the central government. The bone of contention is the issue of traceability of the first originator. The traceability method allows you to trace data which can be used to determine the origin of the first originator of the content, primarily using two distinct methods i.e by digital signatures and the metadata. The proposed methods are effective in determining the source of content shared on platforms using end to end encryption.
Encrypted systems allow only users to access and read the shared content, using cryptographic keys attached to each data block which are decrypted on the other end by the receiver. This denies access to any third party such as internet providers or even the application itself.
The rules have caused acute polarization between government and social media firms. The government believes traceability will prevent rumours and misleading news from plaguing the minds of the public. The government believes the rules are meant to safeguard public interest and prevent its public from unnecessary chaos generated by rumors, leading to mental and sometimes financial drain. The government says traceability will enable the government to surveil illicit cyber activities in order to neutralise the threat before escalating.
However in case of WhatsApp vs Govt of India, the platform expressed that the requirement of traceability demanded by the central government will compromise end-to-end encryption, undermining the application’s infrastructure which is based on this very feature and safeguards the data privacy of the users enshrined in Article 21 of the constitution of india and article Article 12 of UDHR. It is pertinent to note that the proposals seeking traceability in a fashion compatible with end-to-end encryption were found to be more vulnerable to spoofing, and allows bad actors to modify the content and originator information and can be utilised maliciously to frame innocent persons. Moreover the first originator cannot exercise control over the number of times the content is further shared on any platform, rendering the rules ineffective against the purpose intended.
The prominent platforms namely WhatsApp, Signal etc. rely heavily on end-to-end encryption to ensure security, privacy and reliability of their users. This system enables millions of users in India to evade phishing, identity thefts and other forms of vicious cyber attacks to an extent. The role played by encryption is more significant than ever before in this digital world as people are more aware about their rights and privacy including personal data. Thus there is a need to maintain encryption standards in license agreements with telecom companies, the current government has been criticized for mandating low standards of encryption in Justice Srikrishna Committee on Data Protection report, which has stated “this poses a threat to safety and security of the personal data of data principals”.
Any method allowing third party access to specific content in an end to end encrypted system destroys the semblance of security of every user of the application, as it can allow cybercriminals to utilise vulnerable data on their own accord. Moreover, the differences in the rules are beyond the power of the state outlined under the IT Act as the guidelines mandate the platform to completely transform the infrastructure of the application which is beyond due diligence outlined in Section 79.
The rules pose unprecedented obstacles for intermediaries to secure safe communication channels. All these scenarios can significantly weaken law enforcement, burdening the system further as law enforcement will be overloaded with surveilling and checking millions of terabyte data being published and transferred in cyberspace. The traceability has prominent impact on lives of people using cyberspace and has necessitated to analyse the situation in the context of MHA notification, activating the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 providing power to “decrypt” any data or information transmitted, received or stored in any computer device under section 69 of I.T Act..
The latest I.T Rules has the potential to expand the power of the government tremendously over lives of ordinary citizens in cyberspace, due to lack of actual parliamentary supervision and judicial inspection. Which can ominously resemble China’s breaking and blocking user’s encryption for surveillance. In order to facilitate the concerns of social media platforms, the governments and social media platforms along with civil societies must work together to reach consensus on compliance of new I.T Rules.