Proposed IT Rules Could Break End-to-End Encryption to Trace ‘Unlawful Content’
Just days after the government sent out a controversial notification reiterating its powers to snoop on any computer in the country, it is seeking responses from social media platforms on a proposed set of rules that will make it mandatory for them to identify or remove “unlawful” content. The move, which could have serious freedom of speech implications, is already becoming a cause of concern among the netizens as these rules may force social media platforms to break end-to-end encryption. After an Indian Express report published the details of discussions between the government and various social media platforms over these rules, the government insisted that “no decision had been taken yet.”
The government is reportedly considering amendments to rules under the Section 79 of the Information Technology (IT) act to make it compulsory for the social media platforms to “proactively” deploy technology that would enable identification or removal of any content deemed “unlawful.” The Internet Freedom Foundation, an organisation advocating for a free and open Internet in India, has shared the Draft Intermediaries Guideline Rules under Section 79 of IT Act, India.
“The Intermediary shall deploy technology based automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content,” the draft rules say. The intermediaries here refer to the online platforms.
The proposed rules also require the platforms to enable tracing of the original source of such content, which would mean disabling end-to-end encryption when the content is being transmitted through apps like WhatsApp Messenger and Telegram. “The intermediary shall enable tracing out of such originator of information on its platform as may be required by government agencies who are legally authorized,” added the draft rules.
The proposed rules also extend the data retention period “of unlawful activity” to a minimum of 180 days. Further, the government agencies can extend the retention period to as long as they deem fit.
Additionally, the proposed rules mandate online platforms have to respond to any government queries regarding the illegal content within 72 hours. Further, on being notified by the government agencies or a court order, the platforms have to remove or disable access to any content that is deemed illegal immediately, but no later than 24 hours. The rules also state that platforms with over 50 lakh users in India must have a permanent registered office in India with a physical address, appoint a nodal person of contact in India for 24×7 coordination with law enforcement, and be incorporated under the Companies Act, 1956 or the Companies Act, 2013.
“This is being done in the backdrop of mob lynching incidents that saw the killing of innocent people on the basis of rumours,” official sources told NDTV. Discussions are currently at the level of officers and no decision has been taken on the ministerial level, the sources added.
According to the Express report, an official from the Ministry of Electronics and Information Technology as well as others from the Cyber Law Division met with the representatives of Google, Facebook, WhatsApp, Amazon, Yahoo, Twitter, ShareChat, SEBI, and The Internet Service Providers Association of India on Friday to discuss the draft rules. The meeting lasted just over an hour and the online platforms have been given till January 7 to respond on the proposal.
The government called assertions that the proposed rules are an attack on the freedom of speech “objectionable”. “The limited goal is to identify source of the rumour-mongering in order to stop mob lynching. This year, such demands were raised in different quarters after increasing incidents of mob lynching due to child kidnapping rumours were spread on social media and specifically on WhatsApp,” it added.
The social media and messaging platforms have typically been averse to disabling or breaking end-to-end encryption citing the need for user privacy and security. Just last week after the reports about the increasing cases of child porn distribution on their platform, the WhatsApp had dismissed the possibility of weakening the end-to-end encryption to make it easier for monitoring the flow of such content. It would be interesting to see here whether these platforms give in to the demands of the Indian government or stick to their existing positions.
The government has clarified that it does not want the online platforms to break end-to-end encryption but only wants them to trace the origin of illegal content, sources said. It has asked platforms to come up ways to just do that. WhatsApp is said to have assured the government it was working on a technology solution.
The Internet Freedom Foundation, has expressed concerns over the proposed rules. “At IFF we believe there are better ways to check misinformation and threats to Indian elections. These can be achieved as per our fundamental rights guaranteed under the Constitution. The instant proposals seen alongside the recent MHA notification activating the 2009 interception rules is taking India close to a Chinese model of censorship,” the organisation wrote on its website.