CONTEXT

• Recently, WhatsApp decided to legally challenge one of India’s new Information Technology rules.
• New rules have been challenged because it requires messaging platforms to help investigative agencies in identifying the originator of problematic messages.
• However as per WhatsApp, this would break end-to-end encryption and undermine people’s right to privacy.
• The government on the other hand is defending the new rules on the ground on ensuring national security.
• These contradictory stands have led to a debate on privacy versus security balance over data security of the state.

WHY NEW IT RULES ARE PROBLEMATIC?

Vague terminology:

• New IT rule in its present form is vague, disproportionate, and probably unnecessary.
• The reasons for which this traceability power can be used, like ‘security of the state’, are quite broad and therefore capable of misuse.

 Contradicts constitution and IT Act of 2000:

• Every provision of the new IT rules is ultra vires the Constitution and the parent IT Act of 2000.
• The rules only make superficial attempts at balancing privacy and security interests.
• Hence, it is clear that security interests are being given primacy over both civil liberty interests as well as economic interests.
• Also, as per Section 79 of the IT Act, which is being used can give effect only to the main provision.
• Hence, no new offences can be introduced nor new rules can go beyond the original provisions  

Existing huge powers of surveillance:

• The rules are not required because the government already has huge powers of surveillance as recognised by the Justice Srikrishna Committee report.
• Hence, rather than seeking to revise these powers, the government is giving itself greater ability to snoop on and interfere with the private lives of citizens.

 Traceability obligation:

• To ensure traceability, the government wants to move away from encryption controlled by the users to encryption done by the intermediary itself.
• This is problematic because, if intermediaries are controlling encryption, the government can just go to them and ask for this information.

Existence of alternative:

• There are laws other than IT rules which allow the government to request decryption of data where it’s held by an intermediary or where the intermediary holds the private encryption key.
• Also Instead of using a specific mandate for traceability, law agencies should use metadata as well as other forms of unencrypted data.

Global example:

• Even in Australia where fairly wide-ranging powers have been given to the government under the Telecommunications Act, enforcement has been allowed only to request information and assistance from intermediaries.
• There has been no creation of systemic weaknesses or vulnerabilities.

IN FAVOUR OF NEW RULES

• Law enforcement in the digital domain is needed because of the changing nature of society from pre-digital to digital societies.
• Even Justice Srikrishna has recommended  the need for new law to be brought out which discusses the rationale, gives good institutional checks and balances, and then places this significant and new legal possibility for the law enforcement in that context.
• Also, those in favour of IT rules argue that traceability of encrypted messages does not require breaking encryption. Metadata which carries many layers of information will be enough to lock the originator of every message when it is created.
• The new rules ensure that the intermediary has been given an opportunity of being able to access to the originators of a message through less intrusive means.
• There have been grave offences taking place, like circulation of obscene pictures, non consensual, intimate pictures, derogatory message to Dalits, systematic election-related manipulation, leakage of information on WhatsApp. In the absence of a traceability clause, it becomes difficult to implement laws in the digital domain and solve such menace.

WAY FORWARD

• Need of the hour is a new law with systemic explanation of intent, purpose, and institutional safeguards.
• Access to the originator of a message to the Judicial order that too after giving an adequate opportunity to the intermediary for hearing.
• The Supreme Court should clarify terms like ‘public order’ and ‘security of the state’ for rationale and balanced legislation.

Reference:

1. https://www.thehindu.com/opinion/op-ed/information-technology-rules-a-case-of-overreach/article34721074.ece