WhatsApp notified the Delhi High Court on April 25 that it would have to leave India if it was made to abide by the IT Rules, also known as the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The legal representative for the American corporation, Tejas Karia, informed the Acting Chief Justice Manmohan bench that the IT Rules will compel the business to violate message end-to-end encryption.
The Meta-owned platform is contesting Rule 4(2), which states that in the event that a court or other competent authority issues an order to that effect, any major social media service must provide a means of identifying the message’s original originator.
Why is it that compliance is such a difficult problem?
Important digital platforms with more than fifty lakh registered users are required by IT regulations to identify the original source of the content. For WhatsApp, this has become a difficult situation as it can’t follow the regulations unless it modifies the way it transfers and maintains data.
Information transmission security is the foundation of the instant messaging platform. WhatsApp encrypts user-to-user messages to enable that to occur. Only the intended receiver may view the messages on their device thanks to end-to-end encryption, which adds an additional degree of protection by locking the communications with a cryptographic lock.
All communication encryption and decryption takes place on the users’ devices. Furthermore, end-to-end encrypted calls cannot be viewed by WhatsApp or heard. Furthermore, each time a new message is received, the cryptographic lock’s keys are updated.
Moreover, messages are not kept on Meta’s servers and cannot be intercepted in transit. As required by the government under Rule 4(2) of the IT regulations, WhatsApp is unable to identify the initial sender as a result of this.
What is the policy on data retention for WhatsApp?
Messages and transaction records of sent messages are not kept by WhatsApp. Undeliverable messages are removed from its servers after a 30-day period. Furthermore, any law enforcement agency wishing to learn more about user accounts on its platform needs to submit a request to receive records of certain accounts.
As per the platform’s privacy policy, data on users may be gathered, processed, saved, and shared if the platform determines that it is essential to safeguard users, identify illicit activities, comply with legal mandates, or uphold its usage guidelines. Information “about how some users interact with others on our service” may also be gathered by it.
What makes “traceability” a two-edged sword?
The problem of tracing the original sender of deepfake videos of politicians and celebrities has been brought up again by recent social media activity; however, Meta platforms filed a petition against the IT Rules in the Delhi High Court back in 2021, the year the rule was published.
According to WhatsApp, any government that decides to impose traceability requirements is essentially imposing a new method of widespread surveillance. In order to comply, messaging services would need to maintain enormous databases of every message you send or include a permanent identifying stamp—akin to a fingerprint—in private communications that you exchange with friends, family, coworkers, physicians, and companies.
The system that provides users of secure messaging services with privacy will be destroyed if end-to-end encryption is modified for special circumstances.
Any more grievances regarding India’s IT regulations?
Yes, a number of petitions against the IT Rules have been filed and are currently ongoing in various high courts. A number of applications were sent to the Delhi High Court for consideration by the Supreme Court on March 22.
On appeals contesting the validity of a 2023 change to the IT Rules that allowed a Union government fact-checking unit to find false information about the federal government online, the Bombay High Court recently handed down a divided decision.
The Ministry of Electronics and IT was given the authority to establish a fact-checking unit with the authority to uncover inaccurate or deceptive internet content relevant to Union government concerns when the Union government revised the IT Rules in April 2023.