The debate on 'Right to Privacy' and 'Right to Freedom of Expression and Speech' has reared its head in the courtroom again, as WhatsApp filed a petition challenging the new IT rules, stating it could dilute its ‘end-to-end encryption’ protection to users.
WhatsApp moved court after the deadline for enforcement of the new IT rules ended on Tuesday, 25 May.
Responding to WhatsApp's lawsuit, the Ministry of Electronics and IT in a statement on Wednesday, 26 May, said that the government respects the 'Right to Privacy' and has no intention to violate it.
Meanwhile, tech giants Google and Facebook said they aim to comply with the digital rules.
It is interesting to note that while Facebook has agreed to comply with the IT rules, WhatsApp which is also owned by Facebook has decided to slap a legal notice to the Indian government.
Different Stance on IT Rules
When it comes to compliance of IT regulations, WhatsApp and Facebook should be considered as separate entities. This is because Rule 4(2) IT Rules, 2021 mandates all Significant Social Media Intermediaries (SSMI) providing messaging services to ensure originator traceability.
Kazim Rizvi, Founding Director of The Dialogue explains that this mandate is applicable only on platforms like WhatsApp and Signal, and not on Google and Facebook.
"It can be challenging for Facebook or Google to integrate their global model as per the new rules, but they are trying to comply. On the other hand, the traceability mandate expects the messaging platform WhatsApp to find out who had sent a particular message on their platform. This is a technical concern," Rizvi told The Quint.
According to industry experts, there is no known method to implement this mandate without weakening end-to-end encryption which would render the populace susceptible to cyber attacks and risk their privacy.
Meanwhile, the government contends that this directive will be applicable only in the event of serious offences related to the sovereignty of the country, or grave sexual offences.
On the other hand, WhatsApp alleges that compliance to this directive may lead to breaking the end-to-end encryption of messages which might result in invasion of privacy for 450 million WhatsApp users in India.
Rule 4(2): The Game Changer
The Quint found out that WhatsApp mentioned Rule 4(2) at least 68 times in the petition filed in the court.
Satya Muley, an advocate at the Bombay High Court, explains that Rule 4 (2) of these intermediary guidelines require social media intermediaries like WhatsApp to identify the first originator of the message that is sent on its platform.
This means identifying and revealing the identity of an original sender of a particular message to the statutory authorities on their request. Furthermore, there is a provision of criminal liability and punishment on the social media intermediaries for non-compliance of these new rules.
Muley believes that with Rule 4 (2) being introduced, it means that WhatsApp will have to breach its end-to-end encryption.
According to WhatsApp, this will be against its fundamental offering of a communication mode which is fully private and vehemently guards the right to freedom of expression, which are also enshrined in the Article 19 and 21 of the Constitution of India.
"If WhatsApp keeps a track of first originator of a message, then it will have to keep a track of every message and every sender which will translate into dangerous invasion of privacy of its users."Satya Muley, Advocate, Bombay High Cout
Why Google and Facebook Aim to Comply
Facebook and Google have agreed to work towards complying with these regulations, because these applications don't use an end-to-end encryption model.
End-to-end encryption ensures that every communication sent on WhatsApp, both messages and calls, can only be decrypted (read and listen) by the recipient. No one else, not even WhatsApp can read or listen to encrypted communications or determine their contents. Users can freely communicate without fear of third parties reading or listening to their most private thoughts.
Sandip Kumar Panda, Co-Founder and CEO InstaSafe, told The Quint that Facebook promised end-to-end encryption on its messenger and Instagram Direct applications, but that project looks unlikely till 2022.
In future if Facebook and Google plan to deploy end-to-end encryption it might be extremely difficult for both the platforms, as they will have to build an architect that can trace each chat without breaking the encryption which is quite unlikely.
Shahir Muneer, Founder and Director, Divo, a musical digital media platform said that WhatsApp won't comply because they will have to change the entire architecture of their app which might not be possible in few days, weeks or even months.