Power Play To Bring The Digital Ecosystem To Heel

The Hindu     1st June 2021     Save    

Context: While there are problems in the system, ill-considered regulation such as the new IT Rules is not the way forward.

Background: Recently, WhatsApp filed petition in Delhi High Court alleging that the mandate for traceability violates the privacy rights of Indian citizens by rendering WhatsApp unable to provide encrypted services.

Arguments for imposing traceability: Government’s stance -

  • Privacy is not an absolute right: Traceability obligation is proportionate and sufficiently restricted.
    • E.g. IT Rules 2021 (through Rule 4(2) mandates traceability only in case of significant social media intermediaries that provide messaging services (threshold of 50 lakh users), subject to an order being passed by a court or government agency and only in the absence of any alternatives.
  • Responsibility on intermediaries: To find an alternative method to protect user privacy, with or without the use of encryption.

Arguments against traceability feature

  • Neither suitable nor proportionate: The Rules lack effective safeguards as they fail to provide any system of independent oversight over tracing requests made by the executive.
    • Inferences from K S Puttaswamy judgment tests: Weakening encryption for law enforcement agencies come at huge costs in terms of the overall cybersecurity and privacy problems.
  • Compromise privacy and security: Due to no added encryption data protection option despite no illegal activity on platforms’ part.
  • Incentivise fishing expeditions by government agencies: As the Rules mandated unfettered access to data for law enforcement agencies.
  • Overlooks requirement of anonymity in many cases: E.g. In contexts of journalistic source protection and for whistle-blowers; Deciding whether to remove anonymity requires application of an independent judicial mind, which is not incorporated in the Rules.
  • Furthering risk of state surveillance:
    • Justice B.N. Srikrishna Committee report of 2018 already recognised the vast and overreaching surveillance powers of the Government.
    • Section 69(3) of the Information Technology Act and Rules 17 and 13 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 already require intermediaries to assist with decryption where they have the technical ability to do so, and where law enforcement has no alternatives.
    • Newly notified Rules seeks to punish relevant intermediaries for failing to adequately weaken encryption systems.
  • Lack of stakeholder consultations in the framing of Rules: Consultation reduced to rejection of all views that goes against state interest.

Conclusion

  • It is clear that the move by the Government is part of a broader power play against foreign-based technology companies.
  • Ill-considered regulations like new intermediary rules, which appear to have little basis in evidence or care for consequences, is not the way forward.
  • Truly democratic and relatively long-term solution would be for legislative change along multiple avenues, including revising and reforming the now antiquated IT Act, 2000.