The information technology (intermediary guidelines and digital media ethics code ) Rules, newly amended IT laws came into force on May 26 which ends the three months period provided for compliance.
Where do US tech Giants stand As of now –
Here’s what’s happening in the name of compliance of IT Rules in India, by US based Tech-giants Twitter Inc., Facebook Inc., and Google Inc. –
What Google said-
Google CEO Sundar Pichai, has reiterated the company’s plans to comply with India’s new Intermediary rules.
He said, the company respects the legislative processes, and in cases where it needs to push back, it does so. “It’s a balance we have struck around the world,” but Google also wants to be treated as a search engine and not an intermediary.
What Facebook Inc. said-
A Facebook Spokesperson said, “Pursuant to the IT Rules, we are working to implement operational processes and improve efficiencies. Facebook remains committed to people’s ability to freely and safely express themselves on our platform,” but its WhatsApp arm has moved Delhi HC over traceability of the encrypted messages on its platform.
One of the provisions of the IT laws requires identification of the first originator of any information posted on WhatsApp, if it is needed in an investigation by Authorities by order of a judicial or competent authority under section 69, IT Act, 2000.
WhatsApp, has approached the Delhi HC on May 25, a day before the law comes into force.
In its petition WhatsApp prayed to declare traceability unconstitutional and stop it from coming into force and also against the criminal liability for non- compliance.
WhatsApp’s petition invokes the 2017 Justice K S Puttaswamy Vs Union of India case, challenging the rule on these grounds –
- It violates the fundamental right of privacy and freedom of speech and expression guaranteed under article 19 of the Indian constitution;
- It is ultra vires (beyond their legal powers) the IT Act, 2000.
- It violates Article 14 of the Constitution.
A WhatsApp Spokesperson said, “We have consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of our users. In the meantime, we will also continue to engage with the Government of India on practical solutions aimed at keeping people safe, including responding to valid legal requests for the information available to us,”
WhatsApp says that if it had to trace an originator, then it would have to “store information”. The argument is tracing even one message means tracing every single message on the platform.
In order to trace messages, WhatsApp will have to add some sort of “permanent identity stamp” or effectively ‘fingerprint’ each message, which it says will be like a mass surveillance program.
Mr. Jiten jain, Director, Digital Lab Voyager Infosec, argues that WhatsApp has ”conveniently ignored Article 19(2) that provides for reasonable restrictions on fundamental rights on certain specified grounds”
He further argues that ”A comparison between these provisions and the Article 19(2) makes it clear that the new rules are well within what is already provided in the constitution as grounds for imposing reasonable restrictions in fundamental rights.”
A WhatsApp spokesperson said, ”Requiring messaging apps to ‘trace’ chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people’s right to privacy,”
But new rules have made it clear that, “platforms will be liable to disclose the originator of the message “only for the purposes of prevention, detection, investigation, prosecution or punishment of an offence related to sovereignty and integrity of India,” among others.
Meaning Govt. Is not asking them to break encryption. And Whatsapp don’t need to trace entire path the message has travelled.
The misuse of WhatsApp’s platform for illegal and terrorist activities has been a matter of grave concern in several other democracies as well.
European Union and United States
On 11th December 2019, in a Joint EU-US statement following the EU-US Justice and Home Affairs Ministerial Meeting, the Council of European Union said-
We also acknowledged that the use of warrant-proof encryption by terrorists and other criminals – including those who engage in on-line child sexual exploitation – compromises the ability of law enforcement agencies to protect victims and the public at large. At the same time, encryption is an important technical measure to ensure cybersecurity and the exercise of fundamental rights, including privacy, which requires that any access to encrypted data be via legal procedures that protect privacy and security. Within this framework, we discussed the critical importance of working towards ensuring lawful access for law enforcement authorities to digital evidence, including when encrypted or hosted on servers located in another jurisdictionCouncil of European Union
In October 2020, Seven Countries issued a joint statement on Encryption urging tech industry to address the “serious concerns where encryption is applied in a way that wholly precludes any legal access to content”.
Law enforcement, the statement continues, has a responsibility to protect citizens by investigating and prosecuting crime and safeguarding the vulnerable. Technology companies also have responsibilities and put in place terms of service for their users that provide them authority to act to protect the public.
Primarily it invited technology companies to work with governments to take the following steps, “focused on reasonable, technically feasible solutions:”
• Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
• Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
• Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.
The statement also highlights the concerns over End To End encryption as follows-
- By severely undermining a company’s own ability to identify and respond to violations of their terms of service. This includes responding to the most serious illegal content and activity on its platform, including child sexual exploitation and abuse, violent crime, terrorist propaganda and attack planning; and
- By precluding the ability of law enforcement agencies to access content in limited circumstances where necessary and proportionate to investigate serious crimes and protect national security, where there is lawful authority to do so.
In another statement, In July 2019, the governments of the United Kingdom, United States, Australia, New Zealand and Canada issued a communique, concluding that:
Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can gain access to data in a readable and usable format. Those companies should also embed the safety of their users in their system designs, enabling them to take action against illegal content.
UK, US and Australia
On October 4, 2019, In an open letter, The UK Home Secretary – alongside US Attorney General Barr, Secretary of Homeland Security (Acting) McAleenan, and Australian Minister for Home Affairs Dutton requested Facebook on its “Privacy first” proposals –
“We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.”
This Comes as on 6 March 2019, in a post titled ‘A Privacy-Focused Vision for Social Networking’, Facebook acknowledged that “there are real safety concerns to address before we can implement end-to-end encryption across all our messaging services.”
The post also read, “we have a responsibility to work with law enforcement and to help prevent” the use of Facebook for things like child sexual exploitation, terrorism, and extortion
These developments across the globe raise a serious concerns over these “tech-giants” and the hard bargain they drive in India while they themselves are being bashed and called out left and right.
And it’s not like there are no options available for WhatsApp/ Facebook Inc. to Utilize regarding this.
Many advance cryptographic technology provide for attaching a unique hash with every cryptic message.
Even after Three months since February 25, 2021, when the laws were passed and since it came into force on May 26, twitter has failed to comply with IT Rules 2021.
Ravi Shankar Prasad, Law & Justice, Communications, Electronics & Information Technology Minister of India, tweeted on june 16th, 2021-
“There are numerous queries arising as to whether Twitter is entitled to safe harbour provision. However, the simple fact of the matter is that Twitter has failed to comply with the Intermediary Guidelines that came into effect from the 26th of May. Further, Twitter was given multiple opportunities to comply with the same, however it has deliberately chosen the path of non compliance.”
This comes over speculation that Twitter might have lost its “Intermediary” position that provides it a safe harbour in India. He further added-
The culture of India varies like its large geography. In certain scenarios, with the amplification of social media, even a small spark can cause a fire, especially with the menace of fake news. This was one of the objectives of bringing the Intermediary Guidelines. It is astounding that Twitter which portrays itself as the flag bearer of free speech, chooses the path of deliberate defiance when it comes to the Intermediary Guidelines. Further, what is perplexing is that Twitter fails to address the grievances of users by refusing to set up process as mandated by the law of the land. Additionally, it chooses a policy of flagging manipulates media, only when it suits, its likes and dislikes.
Highlighting a recent case of Fake News that was shared on Twitter and Twitter’s unwillingness and bias in removing the content or flagging it as manipulated, communally sensitive The Minister added-
What happened in UP was illustrative of Twitter’s arbitrariness in fighting fake news. While Twitter has been over enthusiastic about its fact checking mechanism, it’s failure to act in multiple cases like UP is perplexing & indicates its inconsistency in fighting misinformation.
Indian companies be it pharma, IT or others that go to do business in USA or in other foreign countries, voluntarily follow the local laws. Then why are platforms like Twitter showing reluctance in following Indian laws designed to give voice to the victims of abuse and misuse?
The rule of law is the bedrock of Indian society. India’s commitment to the constitutional guarantee of freedom of speech was yet again reaffirmed at the G7 summit.
However, if any foreign entity believes that they can portray itself as the flag bearer of free speech in India to excuse itself from complying with the law of the land, such attempts are misplaced.
On June 18th, 2021 In a deposition before joint IT Panel headed by Dr. Shashi Tharoor and several Other members from Ruling and Opposition parties, Twitter India’s public policy manager Shagufta Kamran and legal counsel Ayushi Kapoor submitted that the Covid-19 pandemic was responsible for the delay in them following the regulations specified by India, which baffled the whole of parliamentary panel members.
Reports say, representatives were also asked if they followed Law of the land, to this they responded by saying that they follow Twitter Policies. The representatives also admitted that it “promotes” & “demotes” tweets based on what it considers “healthy”. Which is kinda shadow banning and being a jury and judge in itself.