- India’s new social media regulations want social media apps like WhatsApp, Signal and Telegram to identify the ‘first originator’.
- In cases where social media apps are being used to spread ‘mischief’, the government wants the ability to track down the instigators.
- Tracking the origin of messages may require apps offering privacy to break end-to-end encryption.
- Check out the latest tech news and updates on Business Insider.
Encryption is a safety blanket for many. It is the night light to keep nightmares away. But, that may no longer be the case with India’s new social media regulations.
The Indian government thinks that it has found a loophole. It claims that it does not care about what messages are being passed around, but if an incident is found to have been instigated through social media, they want to know who started it all — they want to find the ‘first originator’.
“We don’t want the content, because the content is already out there in the form of tweets or messages. But, who began the mischief? This, they [social media platforms] will have to disclose,” said the Minister of Electronics and Information Technology (MeitY),
Ravi Shankar Prasad, while announcing India’s new IT rules on February 26.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More The catch-22 here is, “Who came first, the chicken or the egg?” Without being able to peep at the content, how can one know who started a particular incident? And, how far back do you go to assign blame?
Platforms like WhatsApp, Signal and Telegram — who run their business on promising users’ privacy with end-to-end encryption — are going to have a
tough time dealing with such a regulation once it comes into play after three months, when the new regulations are set to be enforced.
To break or not break encryption
End-to-end encryption is a fairly simple concept. This means that no-one except for you and the person you are sending messages to, can peep into your conversations. The content is private and according to India’s Supreme Court,
privacy is a fundamental right.
However, if platforms like WhatsApp do not adhere to the new IT rules, they will be answerable to the Indian government. “Failure to do so will make these intermediaries liable for any illegal third-party information that is made available or hosted by them without their consent and may even lead to an end of their operations,” Neeraj Dubey, partner of corporate law at Singh and Associates, told Business Insider.
Like the tech giant Apple told the Federal Bureau of Investigation (
FBI) back in 2016, if the encryption is strong enough, even the companies implementing it have no say in unlocking it. According to the Silicon Valley firm, creating a backdoor that voids encryption would
unlock a whole new set of security threats for users.
“We don't know how the government expects platforms to comply with this requirement without breaking encryption,” noted Mishi Choudhary, the legal director of the Software Freedom Law Centre (SFLC). “It will limit the choices of users who have now come to expect encrypted messaging services as an essential part of their communications habits.”
In the past, when the government has asked WhatsApp to identify the origin of messages, the Facebook-owned messaging service has always
turned down such requests citing end-to-end encryption.
“You can only tell how many times a thing has been forwarded. You can’t go back and trace the source in that context. If you are doing that, then it means you are reading the content,” Tarun Pathak, associate director with global analysis firm Counterpoint Research, told Business Insider.
Even if a platform like WhatsApp were to break encryption in order to adhere with the government guidelines, it would be violating its own rules and regulations.
“For an intermediary to collect the content of the messages, which it would need to trace the first originator of information, this would mean breaking encryption and storing the content of messages on servers, which would constitute violation of privacy guidelines,” explained Dubey.
Social media may not be entirely doomed
According to Induslaw’s Avimukt Dar, the underlying intent of the law is not to break encryption. “In the event the identity of the person sending the message is already visible to the messaging platform under its data harvesting protocols then it can be shared on lawful request without breaking double encryption,” he told Business Insider.
WhatsApp offers users the option to back up their chats and messages onto the cloud — a change the company brought in
three years ago. “Once the chats are backed up on a cloud storage platform, they are no longer protected by end-to-end encryption and can be accessed by Intermediary or any other third party,” said Dubey.
Moreover, in the past, the Indian government has suggested alternative means of tracing messages like
digital fingerprints or
embed a user’s information within the messages themselves.
Not that WhatsApp has complied because until now, intermediary platforms — like Whatsapp, Telegram, and Signal — have benefitted from the safe harbour protection available to them. “However, the safe harbour rules are also subject to compliance with the IT Act and the rules framed by the government,” explained Tanu Banerjee, a partner at legal consultancy firm Khaitan & Co.
Terms and conditions apply
The government has mandated that finding the ‘first originator’ will only be in cases where the penalty is greater than five years. This includes instances where there may be a threat to India’s national sovereignty, security of state, public order, and other scenarios laid out under Section 69 of the IT act.
This also implies that there has to be a valid court order in order to ask for the ‘first originator’. “The rules clarify that such an order should not be passed if less intrusive means are effective in identifying the originator,” explained Banerjee.
Encryption is a hurdle that these companies will have to address on their own. For users, the bigger question is around freedom of speech. Section 69 of the IT Act is not very clear with respect to what constitutes a valid threat. What may be right for me, may not be right for you. “It is something that is needed but it should be executed in a way that the framework is clear at least,” said Pathak.
Within the new rules, India has not specified who will be making the decision of whether or not the line has been crossed. With a wiggle of three months, it is possible that the guidelines can be tweaked to find a balance between what companies like WhatsApp are capable of, what users want and what the government is hoping to achieve at the end of the day.
SEE ALSO:
Facebook and Twitter have a ton of new rules to abide by in India — WhatsApp may find itself in the toughest spot of all
Indian government assumes the right to block digital news content along with a new set of regulations
Netflix, Amazon, Disney+ Hotstar will now have to classify their content according to age in India
Next Story
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
From terrace to table: 8 Edible plants you can grow in your home
India fourth largest military spender globally in 2023: SIPRI report
New study forecasts high chance of record-breaking heat and humidity in India in the coming months
Gold plunges ₹1,450 to ₹72,200, silver prices dive by ₹2,300
Strong domestic demand supporting India's growth: Morgan Stanley
