WhatsApp has filed a legal complaint in the Delhi High Court against the enforcement of such provisions of the IT Rules that compel it to break privacy protections.
WhatsApp contends that although the IT Rules require WhatsApp to only reveal the identity of credibly accused wrongdoers, it cannot do so in practice. Their primary reason for this is that the messages are end-to-end encrypted, thus implying that to reveal the identity of the first originator, it would have to break encryption for receivers of information as well.
The IT rules
The Indian Government notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules) on February 25, 2021 under Section 87(2) of the Information Technology Act, 2000. The IT Rules replace the Information Technology (Intermediaries Guidelines) Rules, 2011.
The IT Rules aim to serve the dual purpose of (a) enhancing accountability of social media platforms to curtail their misuse; and (b) establishing a grievance redressal mechanism for users of social media platforms. To this end, the IT Rules introduce the following key changes to the existing framework as applicable to intermediaries:
Increased due diligence by intermediaries: Intermediaries are now required to inform users through their privacy policies or user agreements to not publish or share any information that is, among others: (a) invasive of another’s bodily privacy or harassing based on gender; (b) patently false or misleading but appearing as a fact; or (c) false, with the intention of causing injury or to profit.
Additional compliances to be fulfilled by Significant Social Media Intermediaries: A new class of intermediary has been introduced within the IT Rules, called the ‘Significant Social Media Intermediary’ (“SSMI”) which means a social media intermediary having 5 (five) million or more registered users in India. The additional compliance for SSMIs are effective from May 26, 2021.
Identification of first originators: This addition to the legal framework is WhatsApp’s primary bone of contention with the IT Rules. The IT Rules require that an SSMI primarily providing messaging services enables the identification of the first originator of information, as required by a court order or as per the Information Technology (Procedure and Safeguards for interception, monitoring, and decryption of information) Rules, 2009.
The considerations attached to securing this order are: (a) for the prevention, detection or investigation of offences related to the sovereignty and security of India, public order, or offences in relation to rape, where the imprisonment is not less than 5 (five) years; and (b) as a last resort, when the government has no other effective means to identify the originator. The intermediary has no obligation to divulge the contents of the message while identifying the originator.
Expert back WhatsApp
Experts have backed WhatsApp’s concern, stating that the new traceability and filtering requirements seriously jeopardise end-to-end encryption.
The WhatsApp complaint cites the landmark Puttaswamy decision of the Supreme Court to contend that the right to privacy, which end-to-end encryption seeks to secure, can be abrogated only in instances where the abrogation passes the tests of legality, necessity, and proportionality. It is WhatsApp’s stand that the IT Rules fail to meet all three parameters.
While the introduction of the obligation on identification of first originator is a commendable attempt at restricting fake news, it remains to be seen whether the Delhi High Court accepts WhatsApp’s contention and strikes down the contentious provision or directs it to comply with the IT Rules or gives directions to the Government on enforcing this provision.
The very concept of ‘public order’ as examined in Shreya Singhal v. Union of India, has a high threshold, where disturbance of public order is to be distinguished from acts directed at individuals which do not disturb the society to the extent of causing a general disturbance of public tranquillity. Therefore, to ensure protection of the right to privacy, in practice, the government should ensure that for a lawful command on the grounds of ‘public order’, there needs to be an immediate threat to society as a direct consequence of the messages shared; and if not, such messages cannot be said to constitute a disturbance to public order to justify restriction of the freedom of speech.
(The writer is Partner, Induslaw--India-based full service law firm)