May 25 was the last day for some of the biggest social media firms operating in India to comply with new rules that the Centre had notified in February this year with a view to checking the misuse of their platforms. While the deadline passed without the likes of Facebook and Google having created the roles and mechanisms mandated by the government, they clarified that they were working to bring their processes vis-a-vis India in line with the new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021.
However, on the day the deadline lapsed, WhatsApp moved Delhi High Court against a specific provision of the rules that some experts say spells the end of end-to-end encryption in India.
What Is The Rule That WhatsApp Has Challenged?
Section 4 of Part II of the rules that were notified on February 25 says that a “significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information". Simply put, it means that a platform like WhatsApp will have to make sure that it can trace any message to the person who had first sent it in case the courts or any “competent authority" seek such information.
The Facebook-owned WhatsApp has close to 40 crore users in India and, hence, is covered by the definition of a “significant social media intermediary" which, for the purposes of the new rules, means any platform with more than 50 lakh users in the country.
Referring to the Supreme Court’s judgement recognising privacy as a fundamental right in the 2017 KS Puttaswamy case, the messaging service urged HC that the requirement to introduce traceability was unconstitutional and violative of users’ right to privacy.
In a webpage that reportedly went live today, WhatsApp offers a detailed explanation of its stand against traceability. “Technology and privacy experts have determined that traceability breaks end-to-end encryption and would severely undermine the privacy of billions of people who communicate digitally," it said on its page.
End-to-end encryption means that nobody, including WhatsApp itself, can access anything that is shared on the platform — calls, messages, photos, videos, voice notes. It added that this feature was introduced “throughout its app" in 2016.
But the IT rules requirement jeopardises this mechanism that WhatsApp says keeps messages safe and secure for everybody. The rules say that information on the first sender of a message will only be sought in specific cases that impinge on the sovereignty and security of India, public order and to prevent and punish offences related to rape, publication of sexually explicit material, etc.
WhatsApp has pointed out that traceability can’t be on a case-by-case basis or piecemeal and would require it to scan and store every message. “In order to trace even one message, services would have to trace every message," it said.
Further clarifying the point, it said that all messages would need to be tracked as there would be no way for the platform to know what message exactly would the government want to investigate in the future. Painting an ominous picture, it said that this requirement raises fears of a “mass surveillance" mechanism “at a time when people want companies to have less information about them".
Apart from the legal considerations, there are considerable technical and logistical challenges, too, the company said: “To comply, messaging services would have to keep giant databases of every message you send, or add a permanent identity stamp — like a fingerprint — to private messages…"
Reuters, meanwhile, said it had been told by a government official that WhatsApp could find a way to track originators of disinformation and that it was not being asked to break encryption.
Have other countries pushed for similar requirements?
End-to-end encryption in the information age is something that governments and intelligence and law enforcement agencies are understandably quite wary about. However, the need to share information for stated purposes of zooming in on offenders and preventing crime has not been an argument that has been unequivocally accepted by messaging and social media platforms.
Last year, Facebook, reportedly told US officials that it would neither remove encryption from its messaging apps nor provide them access to its encrypted services.
“As a company that supports 2.7 billion users around the world, it is our responsibility to use the very best technology available to protect their privacy. Encrypted messaging is the leading form of online communication and the vast majority of the billions of online messages that are sent daily, including on WhatsApp, iMessage, and Signal, are already protected with end-to-end encryption," WhatsApp and Facebook officials are said to have written in a letter to US government officials.