This article is written by Vanya Verma from O.P. Jindal Global University. This article focuses on the grounds on which Whatsapp had filed a lawsuit against the Indian government and the reason behind it along with the response of the government to the lawsuit.

Introduction

On February 25, 2021, the Centre published the Information Technology (Guidelines For Intermediaries And Digital Media Ethics Code) Rules, 2021, WhatsApp filed a lawsuit against the Indian government over a “traceability” clause in the new Intermediary Rules 2021. Further, claiming that the rule will force social media companies to violate privacy protections. As a result, the lawsuit requested the Delhi High Court to declare that “one of the new rules,” which requires social media sites to identify the “first creator of information” if authorities inquire, is a violation of privacy rights of an individual under the Indian Constitution. Furthermore, if WhatsApp begins to identify wrongdoers, the app’s encryption policy would be violated.

New IT Rules 2021 for digital media platforms

The “new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021” have been implemented by the Indian government, these new guidelines were issued, giving social media services including WhatsApp, Facebook, Koo, Instagram, and Twitter three months to comply with the new guidelines.

The big IT corporations have been requested to appoint an Indian chief compliance officer who can cater to the government’s needs and handle the issues identified by the government under the new law. For example, if the government requests user data from any social media platform and if that request is valid, then the compliance officer will have to comply. Companies have also been asked to recruit a nodal officer who will coordinate with the law enforcement authorities when necessary, in addition to a compliance officer.

Companies have also been asked to hire a dedicated grievance redressal officer who would be in charge of dealing with social media users’ complaints.

If the necessity arises, WhatsApp has been ordered to track a communication back to its original source. This, however, is in direct violation of WhatsApp’s pledge to its users. The app is end-to-end encrypted, which means that no one, including the firm, has access to the users’ chats. However, this new regulation would imply that end-to-end encryption on messages would be broken or circumvented. It appears that appointing officers is less difficult than complying with a request like this. 

Notice to WhatsApp

This is the first time the Ministry has threatened WhatsApp with legal action; it has stated that it will explore all legal measures available to it “to preserve Indian citizens’ sovereign rights.” The Ministry has stated that the changes to WhatsApp’s privacy policy, as well as the way in which they were implemented, jeopardise the sacred principles of informational privacy, data security, and user choice for Indian users.

The government stated that it would assist in preventing the dissemination of fake news via platforms such as Whatsapp. Content on social media platforms will be actively monitored, and monthly compliance reports will be produced for Indian users. The Ministry of Electronics and Information Technology warned WhatsApp to reverse its recent privacy policy amendment.

How long has this exchange been going on

Since January 2021, the IT Ministry has been in communication with WhatsApp about the amended privacy policy. Even as Parliament was debating the Personal Data Protection Bill, the Ministry had addressed its first letter on this issue to Will Cathcart, the global Chief Executive Officer of WhatsApp. The amended privacy policy and subsequent adjustments, according to the Ministry’s letter to Cathcart, allowed WhatsApp and other Facebook firms to “create invasive and precise inferences about users.”

The Ministry then sent WhatsApp a list of 14 questions on the various ways it collected data, as well as the permissions and consents it acquired from domestic users and whether they differed from those obtained from users in other areas of the world. The Ministry also wanted to know if the corporation did any profiling and if yes, what kind of profiling it did.

The lawsuit filed by Whatsapp against the government

WhatsApp has filed a lawsuit against the Indian government, claiming that new regulations might allow authorities to track people’s private chats and conduct mass monitoring.

WhatsApp declared the new social media guidelines unlawful and filed a lawsuit on May 25, which also happened to be the deadline for businesses to comply with the new rules. In support of its arguments, the Facebook-owned messaging service cited the case of Justice K S Puttaswamy vs Union Of India (2018). WhatsApp wants the court to make sure the condition doesn’t go into effect and that its employees aren’t held criminally liable if they don’t comply.

It said that the Centre’s “traceability” requirement, which would require WhatsApp to assist the government in identifying the sender of a specific message, infringed on citizens’ constitutional right to privacy.

A necessity to ‘trace’ private messages, according to civil society and technical experts around the world, would shatter end-to-end encryption and lead to serious abuse. WhatsApp said in a statement, “We are committed to protecting the privacy of people’s personal messages and will continue to do everything we can within the laws of India to do so”.

In 2018, India requested WhatsApp to make technical improvements to allow the source of a message to be traced. The proposal came at a time when WhatsApp was struggling to keep misleading information from spreading in India, where the spread of such information has resulted in several real-life casualties.

Its recommendation, however, did not become law until this year. The demand for traceability is part of the Centre’s sweeping IT rules, which also force social media companies to appoint several officers in India to address on-the-ground concerns and give authorities more discretion over removing offensive material.

Technology and privacy experts have found that traceability compromises end-to-end encryption, jeopardising the privacy of billions of people who communicate online. Reasonable and proportionate rules are necessary for an increasingly digital society, but destroying everyone’s privacy, abusing human rights, and placing innocent people in danger is not the answer. In a blog post, WhatsApp stated, “We are committed to doing everything we can to protect the privacy of people’s personal messages, which is why we join others in rejecting traceability.” 

The move by WhatsApp was exceedingly unusual. Over the years, Facebook has developed a tight relationship with New Delhi, to the point where it has been that it did not take action on some politician’s offensive posts because it feared it would harm its business in India, the world’s second-largest internet market.

Jayanth Kolla, the chief analyst at consultancy firm Convergence Catalyst, said, “We have never seen a company challenge the Indian government for seeking information.” “We’ve seen firms fight back in the past, but they’ve never looked into legal options.”

WhatsApp is already embroiled in a legal battle with the Indian government in the same court over its new privacy policy, as New Delhi tries to force the Facebook-owned company to withdraw new terms.

Last year, India banned over 200 Chinese apps, including TikTok, which named India its largest overseas market at the time of the suspension. The apps were banned in India because they constituted a threat to the national security and defence of India.

None of the Chinese companies sued the Indian government, on the condition of anonymity to win a court action in India against the government when national security reasons are concerned. 

Stance of WhatsApp against new IT Rules

The new IT Rules violate rights

• It violates the basic right to privacy by failing to meet the Supreme Court’s three-part criteria of legality, necessity, and proportionality.
• It infringes on the fundamental right to freedom of expression and speech.
• The obligation to identify the first source of the material is in violation of its parent statute, Section 79 of the Information Technology Act of 2000.

Undermines privacy

Requiring intermediaries like WhatsApp to identify the first source of information in India on their network jeopardises the privacy and security provided by end-to-end encryption.

It’s impossible to know which message will be the subject of a tracing order. As a result, the corporation will have to have the ability to identify the first originator of every message delivered in India for the rest of its existence.

Breaking encryption

End-to-end encryption is defined by WhatsApp as communications that remain encrypted from the sender’s device to the recipient’s device, with no third parties, including WhatsApp’s parent firm Facebook, having access to the content in between.

End-to-end encryption is incompatible with traceability, and this requirement compromises the utility of encryption technology. Because of the intermediate standards, WhatsApp is forced to abandon its core premise of end-to-end encryption.

It stated that it is unaware of any jurisdiction that compels intermediaries to enable the identification of the first originator of information on end-to-end encrypted messaging services, even if doing so necessitates fundamentally modifying their systems.

Data minimisation principles are violated when corporations are required to maintain more data for each message set in India on their platform. It doesn’t specify a time limit, thus WhatsApp can keep this extra data for years after the message was sent.

Nothing in the IT Act shows that Parliament intended for respondents to be able to demand significant social media intermediaries (SSMIs) in order to identify the first source of information in India.

In India, there are around 400 million WhatsApp users. Approximately 90% of WhatsApp conversations are transmitted from one person to another, with the bulk of groups consisting of fewer than ten people.

Non-functionality of end-to-end encryption 

WhatsApp also outlined why traceability will not work in a thorough blog post, claiming that breaking end-to-end encryption (E2E) will compromise user privacy and impede free speech and expression on the platform. WhatsApp’s E2E encryption is enabled by default for all messages.

Furthermore, WhatsApp would have to re-engineer the program specifically for India, which it will not do. If WhatsApp were required to follow the laws, it would have to develop a version of the programme that supports traceability but does not use E2E encryption.

While WhatsApp supports “fair and appropriate legislation,” it cannot accept “eroding privacy for everyone, breaching human rights, and putting innocent people in danger,” according to the company’s blog.

Data collection through traceability

WhatsApp makes it plain in its blog post that in order to track down the sender of any message, it will need to retain a history of all messages. Due to the E2E encryption, WhatsApp cannot read a user’s texts.

It claims that tracing even one message entails tracing all messages on the network and that they will have to put a “permanent identifying imprint” or “fingerprint” on each message. This will be the equivalent of a widespread surveillance programme, according to the report.

No foolproof traceability

Experts on WhatsApp and the internet have stated that tracking is not infallible. Furthermore, tracing the originator becomes harder when users forward or copy messages. According to WhatsApp, it may be required to “turn over the names of people who shared something even if they did not create it, shared it out of concern, or sent it to check its accuracy,” which could result in human rights violations as innocent people may be caught up in investigations or face imprisonment.

Furthermore, even if WhatsApp messages are fingerprinted, these methods are not infallible and can be easily imitated. WhatsApp also claims that “traceability” goes against core law enforcement and investigation norms.

The stance of Google and others on the new social media rules

Not just WhatsApp, Facebook, or Twitter, but all social media intermediaries and businesses are affected by the new IT standards. This also applies to Google, which is a key player in the market.

Sundar Pichai, the CEO of Google, said in a statement that the business will follow all laws. “Of course, it’s early days, and our local teams are highly involved. In every country where we operate, we always follow local laws and cooperate cooperatively. We have clear transparency reports, and we highlight when we cooperate with government requests in our transparency reports,” he said, according to PTI.

WhatsApp’s parent firm, Facebook, is battling the new IT restrictions with a lawsuit. “We are working to adopt operational processes and increase efficiencies in accordance with the IT Rules. A Facebook representative stated, “Facebook remains dedicated to people’s ability to freely and safely express themselves on our platform.”

Twitter has also made a statement regarding the IT guidelines on its platform. “We, along with many others in civil society in India and around the world, are concerned about police intimidation methods in response to enforcement of our global Terms of Service, as well as essential components of the new IT Rules,” according to the statement.

Significant social media intermediaries (those with more than 50 lakh Indian users) must now appoint a resident grievance officer, a chief compliance officer, and a nodal contact person, according to the new standards. All personnel must be Indian citizens, according to the rules.

Response of government to the Whatsapp lawsuit

The government stated that it respects people’s right to privacy, and that the new IT regulations’ necessity to trace the origin of flagged messages is for the prevention and investigation of “extremely serious offences” involving India’s sovereignty or public order. WhatsApp’s last-minute objection to the intermediate guidelines, according to the IT Ministry, was an irresponsible attempt to prevent the rules from taking effect. “What India is asking for is much less than what some of the other countries have required,” it stated that the UK, US, Australia, New Zealand, and Canada all want social media companies to enable legal interception.

“As a result, WhatsApp’s attempt to portray India’s Intermediary Guidelines as incompatible with the right to privacy is wrong,” according to the official statement.

The government acknowledges that the ‘Right to Privacy’ is a fundamental right and is committed to providing it to its residents, according to the statement.

The government “is committed to ensuring the Right of Privacy to all its citizens, but it is also the government’s job to preserve law and order and for national security,” according to IT Minister Ravi Shankar Prasad.

“None of the steps proposed by India would have any influence on the normal working of WhatsApp in any way whatsoever, and there will be no impact on the common users,” Prasad added. When WhatsApp is obliged to reveal the origin of a specific message, the government respects the right to privacy and has no intention of violating it.

“Such requirements apply only when the message is required for the prevention, investigation, or punishment of very serious offences relating to India’s sovereignty and integrity, security, friendly relations with foreign states, or public order, or incitement to an offence relating to the above or in relation to rape, sexually explicit material, or child sexual abuse mat”

WhatsApp’s reluctance to comply with the new IT laws has been dubbed a “clear act of defiance” by the Ministry of Electronics and Information Technology (MeITY). Furthermore, it has stated that the right to privacy would be subject to reasonable limitations and that social media companies will only be required to reveal the source of a message in certain circumstances and in response to a court order.

The government also questioned WhatsApp’s commitment to user privacy, noting that the business intends to “share all of its customers’ data with its parent corporation, Facebook, for marketing and advertising purposes.”

The government claims that identifying the first source is only done in exceptional cases and that they do not intend to follow all messages. A social media intermediary could be required to trace the originator of a message, tweet, or post under the guidelines “only for the purposes of prevention, investigation, punishment, etc. of inter alia an offence relating to the sovereignty, integrity, and security of India, public order incitement to an offence relating to rape, sexually explicit material, or child sexual abuse material relating to rape, sexually explicit material, or child sexual abuse material relating to rape etc.

Conclusion

According to privacy campaigners and legal experts, WhatsApp is likely to find it difficult to get through the latest privacy policy amendment, given two regulatory warnings and at least two court lawsuits.

Although WhatsApp has insisted that the service is end-to-end encrypted and that it does not share any personal information with Facebook, it has announced that the latest version will allow it to use some of Facebook’s “business interactions” for advertising purposes.

This explanation, however, is unlikely to be accepted by the IT Ministry, according to analysts, because the government has stated unequivocally that the new privacy policy update is “invasive”.

Although WhatsApp has decided not to impose limits, for the time being, the platform has left the door open for future action by stressing that its current stance is merely temporary until the federal government introduces the Personal Data Protection (PDP) Bill.

The PDP Bill would make it illegal for apps and platforms to acquire, handle, or share users’ personal and sensitive data. However, the law is not set to take effect anytime soon. When it does, the central government must ensure that tight restrictions are in place.

References

• https://www.medianama.com/wp-content/uploads/2021/05/WhatsApp-v.-Union-of-India-Filing-Version.pdf 
• https://techcrunch.com/2021/05/25/whatsapp-sues-india-government/ 
• https://www.gktoday.in/current-affairs/why-whatsapp-sue-indian-government/ 
• https://indianexpress.com/article/explained/govt-vs-whatsapp-on-privacy-policy-7325019/
• https://economictimes.indiatimes.com/tech/trendspotting/explained-government-rules-on-whatsapp-the-controversy-around-it/articleshow/83035150.cms 
• https://indianexpress.com/article/technology/tech-news-technology/whatsapp-vs-indian-government-over-new-social-media-rules-7-points-to-note-7332708/ 
• https://www.indiatoday.in/technology/features/story/twitter-facebook-whatsapp-vs-indian-govt-new-rules-case-in-delhi-hc-and-other-key-points-you-must-know-1807066-2021-05-26 
• https://timesofindia.indiatimes.com/gadgets-news/indian-government-responds-to-whatsapps-lawsuit/articleshow/82977579.cms 
• https://thekootneeti.in/2021/05/27/whatsapp-files-a-lawsuit-against-the-government-claiming-that-new-digital-rules-would-put-an-end-to-user-privacy/ 

---

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.