The WhatsApp case concerns you, the average Internet user. So here are some things you need to know, Telecom News, ET Telecom
In the courts there is the doctrine of necessary and appropriate parties, without whose presence a case cannot be properly decided. This comes to mind in WhatsApp’s legal challenge to central government IT rules, as this matter inevitably concerns you, the average internet user.
The IT rules, which were notified on February 25, 2021, bring additional compliance for social media businesses with more than 5 million users. It includes an obligation to implement a technical system called “traceability”. This ties the identity of the message sender to the message and went into effect on May 26, 2021.
This prompted WhatsApp to appear in Delhi’s High Court, causing a media maelstrom. This case has obvious implications for the privacy and cybersecurity of around 400 million users. To understand the implications, let’s start with the first principles of the technical and legal impacts of traceability.
Given the likelihood that you are a WhatsApp user, you might have seen a prominent notice when you open it: Your messages are protected with end-to-end encryption. This is a technology that uses a technical design called a signal protocol and ensures that your messages cannot be read by WhatsApp during transmission. This not only prevents access to your messages by third parties, but also protects you against a whole range of cybersecurity risks. Encryption helps keep your conversations private and secure.
It is the government’s claim that allows for a whole range of illegalities. For example, misinformation that leads to mob lynching or reprehensible actions such as sharing non-consensual sexual images of women and minors. Officials say the solution to this problem is to find out the identity of the people who first compose these messages and who are the authors.
The “traceability” proposal has its supporters. Professor Kamakoti from IIT Madras argued that it could be implemented with a few simple tweaks. However, Professor Prabhakar of IIT Bombay argues that there are risks and a lack of utility in its deployment. He says, “The effectiveness will probably be limited.”
The problem is that even minor changes in a message, such as capitalization or a single punctuation, create a completely new data entry, thus undermining the sender’s tracing purpose. For large viral messages delivered thousands of times, this will happen frequently when people forward messages by adding their own comments.
This technical and common sense criticism is supported by an Internet Society report. This report, the work of around fifty experts, highlights potential cybersecurity problems linked to the implementation of traceability. He says that once WhatsApp and platforms like Signal and Telegram incorporate traceability, cybercrimes like identity theft, financial fraud, surveillance and social profiling are likely.
In August 2017, the Supreme Court of India reaffirmed the fundamental right to privacy and set out clear principles on how it can be legally restricted when there is a justifiable need. A restriction on privacy requires parliamentary law that has a constitutional purpose and is proportional. This means that the least restrictive measure will be implemented and that all alternatives which do not infringe on privacy or restrict it in the least restrictive way possible should be explored. This helps to maintain the balance between a fundamental right and a reasonable restriction, where individual freedom is safeguarded.
However, as explained above, due to technical risks, traceability is more of a too broad measure. As the Internet Society warns: “Service providers would be forced to access the content of users’ communications, which would significantly reduce the security and privacy of a system for all users and expose national security to a risk. greater risk. ” Seen in this light, WhatsApp’s HC petition articulates a goal that supports the right to privacy.
While some press reports last weekend indicated that WhatsApp would not downgrade services for users who agree to the change, most users have already been pressured enough to click “I agree.” In its challenge, the Union government correctly opposed this change in privacy by WhatsApp which allowed user consent.
These legal battles are important. And, for nearly 740 million Indian internet subscribers, it is important that they understand that neither WhatsApp nor the government fully supports their basic right to privacy. We must expect less from WhatsApp than our government. WhatsApp is a technology company. Our government, however, has the primary responsibility to protect our constitutional rights.
What is the solution? A deliberate regulatory framework in the public domain and in Parliament. One who identifies clear harms and creates solutions including technical aspects and privacy impacts. However, in the meantime, what seems most likely is that the duty to protect our privacy will fall on our constitutional courts.