India's IT Rules: What Facebook, WhatsApp, IG Compliance Reports Tell Us
Reports indicate willingness to comply with due-diligence requirements & legal requests for information from State.
Facebook, Instagram and WhatsApp published their first monthly compliance report mandated by the new IT Rules that came into force on 26 May. The rules require with over five million users platforms (known as ‘Significant Social Media Intermediaries’) – to publish compliance reports every month, mentioning the details of complaints received and action taken. The current reports capture information for the period from 15 May to 15 June, 2021.
While the reports throw up interesting insights into actions taken regarding harmful content, the reports themselves come amidst Facebook-owned WhatsApp’s legal challenge to parts of the IT Rules itself.
It is noteworthy that the mandated compliance report—under section 4(1)(d)—and WhatsApp’s legal challenge to the traceability of messages requirement—under section 4(2)—both fall under the same section of the Rules. They are both part of the “Additional Due Diligence” requirements of Significant Social Media Intermediaries like Facebook, Instagram and WhatsApp.
This piece explores three major aspects of the monthly compliance reports.
First, the contents of the reports and analysis the major findings.
Second, analysis of the report in the context of Facebook’s legal battle against the controversial Rules.
Third, the broader message the company is sending through the publication of these periodic compliance data.
What The Numbers Say
Facebook and Instagram released their reports in two parts. On 2 July, Facebook and Instagram’s reports published data on the action taken on content seen as ‘harmful’ and in violation of the platforms’ community standards. The report on 15 July contained information about complaints received from users and action taken on those complaints.
Complying with these two aspects of the compliance requirements, here are some key insights drawn from the data published by Facebook, Instagram and Twitter.
Complaints Received by Multiple Platforms in a Month
i) Facebook and Instagram’s machine learning AI tools have a success rate of over 99 percent in proactively identifying spam, sexual activity/nudity, self-harm, violent/graphic content, terrorist propaganda. (See Table 1 above.)
ii) In comparison, the Facebook and Instagram’s AI tools are ineffective in identifying bullying and harassment. At Facebook, only 36.7 percent of the 1.18 lakh instances were proactively identified by the platform’s automated AI tools. Similarly, at Instagram only 43.1 percent of the 1.08 lakh instances of bullying and harassment were identified by the platform on its own.
iii) WhatsApp banned 20.11 lakh accounts registered with Indian phone numbers for abusing the private messaging service’s rules on automated or bulk messaging.
iv) Complaints or grievances filed directly by users on Facebook, Instagram and WhatsApp’s are very low. In the period between 15 May and 15 June, Facebook received only 646 complaints. The platform has over 250 million users in India. Similarly, WhatsApp, with a user base of over 350 million in India received 345 complaints in the same period.
Compliance Report Based on Section 4(1)
The compliance report is based on the requirement of section 4(1)(d) of the IT Rules. According to the rule, large platforms like Facebook, Instagram, WhatsApp, Twitter, YouTube, and others are required to “publish periodic compliance report every month mentioning the details of complaints received and action taken thereon”.
They are also mandated to publish the “number of specific communication links or parts of information that the intermediary has removed or disabled access to in pursuance of any proactive monitoring conducted by using automated tools or any other relevant information as may be specified.”
In complying with this requirement, Facebook has continued a practise it was anyway carrying out since 2018.
While the earlier reports about content restrictions were published every six months ie twice a year – typically Jan-June and July-December periods, the new reports are monthly.
In publishing the reports, Facebook and its companies seek to highlight their efforts at transparency and a measure of accountability towards the laws of the country and their users.
The Contentious Section 4(2)
However, the very next sub-section, 4(2) is one that WhatsApp decided to take to the Delhi High Court on 25 May, alleging it would “break end-to-end encryption and fundamentally undermine people’s right to privacy.”
According to Rule 4(2), “A significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer resource.”
In other words, platforms like WhatsApp are required to introduce traceability of the texts so that the first sender of a particular text can be identified. This appears to endanger the central privacy feature of the private message app: end-to-end encryption.
Apart from the privacy breach of users, there are two specific shortcomings of the traceability requirement that the Internet Freedom Foundation highlights in its blog:
It has been shown to be vulnerable to spoofing where bad actors can falsely modify the originator information to frame an innocent person.
The originator of the message has no control over who forwards the content, or how many times it is forwarded, or in which fora.
Encryption becomes even more important now as more of our lives involve our personal data being aggregated and analysed at a scale that was never possible before.
The Message in the Reports
The broader message the Facebook, Instagram and WhatsApp appear to be sending to their users as well as the Union government and lawmakers is that they care about user safety and have been proactive in dealing with violations of the platforms’ rules.
In publishing the reports, the platforms have also indicated willingness to comply with due-diligence requirements as intermediaries and with legal requests for information from the State.
In other words, they aren’t opposed to the list of requirements as a whole. Therefore, while Facebook-owned WhatsApp is willing to fight for user privacy and protect end-to-end encryption, it is also ready to cooperate with transparency and due-diligence requirements as part of their role as intermediaries.
Published at 30-45 day intervals, the reports in themselves are expected to provide detailed picture of the kind of complaints users make, the nature of violations the platforms encounter, and the type of activities that they need to be far more proactive about.
(Sushovan Sircar is an independent journalist who reports on technology and cyber policy developments. His reports explore stories at the intersection of internet and society, covering issues of privacy, surveillance, cybersecurity, India’s data regime, social media and emerging technologies. He tweets @Maha_Shoonya. This is an opinion piece, and the views expressed are the author’s own. The Quint neither endorses nor is responsible for them.)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.