WhatsApp versus Govt of India : The pursuit for privacy

WhatsApp has moved the Delhi High Court against India’s new and stricter IT rules that require instant messaging platforms to aid in identifying the ‘originator’ of messages. The Writ Petition challenging the Constitutional validity of the rules, which came into force on May 26, 2021, was filed on May 25, 2021.

In the meanwhile, as reported in media, a WhatsApp spokesperson has said, “Requiring messaging apps to ‘trace’ chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people’s right to privacy”. The spokesperson further added that the messaging platform had consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of its users.

What Do the IT Rules of 2021 Aim at?

The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, were notified on February 2021, giving the intermediaries three months to comply. The rules state that the intermediary providing messaging services will ‘enable the identification of the first originator of information on its computer resource, following a judicial order passed by a court of competent jurisdiction or order passed under Section 69 by the competent authority as per the IT Act. The rules state that “an order will be passed only for the purposes of prevention, detection, investigation, prosecution or punishment of an offence related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign states or public order or of incitement to an offence relating to the above or in relation with rape, sexually explicit material, punishable with imprisonment for a term of not less than 5 years’’.

The Union government and WhatsApp have been at loggerheads over the issue of tracing the origin of fake and/or unlawful messages for over 2 years now. WhatsApp has consistently refused to comply with the government’s demand, stating that such a move will undermine the privacy of WhatsApp users.

While the Indian government is keen to implement the new IT Rules the Texas Senate in the USA, on Thursday approved a bill that would prohibit social media companies with at least 100 million media users from blocking, banning or discriminating against a user base on their viewpoint or their location within Texas. This seems to be an outcome of the rhetoric about silencing conservatives ramped up following the 2020 election, when platforms including Facebook and Twitter removed former President Donald Trump’s account for inciting violence during the January 6 U.S. Capitol insurrection. Hence Republican politicians have long been targeting technology giants accusing them of an anti-conservative bias silencing free speech. In a congressional hearing in October 2020, #Facebook CEO, Mark Zuckerberg told lawmakers that “ Democrats often say that we don't remove enough content, and Republicans often say we remove too much”.

The Case Against WhatsApp

The protagonists of the campaign for traceability argue that WhatsApp and other social media platforms need to be controlled in order to trace the origin of their messages. WhatsApp they say is being enormously misused in India to spread misleading, false, derogatory, malicious, mischievous messages and so such messages need to be traced to facilitate due legal action against the perpetrators.

According to one BBC report, WhatsApp had become “a vehicle for misinformation and propaganda” where both the governing Bharatiya Janata Party (BJP) and the major opposition, “Congress party’’ were accused of “spreading false or misleading information” ahead of the 2019 general election [Kevin Ponniah, WhatsApp: The ‘Black Hole’ of Fake News in India’s Election, BBC News, April 6, 2019, https://bbc.in/3oPIdN8 ]. After the suicide bombing against Indian security forces in Kashmir in 2019,  “a message had begun circulating on WhatsApp groups across the country. It claimed that a leader of the Congress Party, the national opposition, had promised a large sum of money to the attacker’s family, and to free other ‘terrorists’ and ‘stone pelters’ from prison if the state voted for Congress in the upcoming parliamentary elections. The message was “aimed at painting the BJP’s main national challenger [the Congress Party] as being soft on militancy” in the disputed territory of Kashmir [ Misinformation Is Endangering India’s Election, The Atlantic, Apr. 1, 2019, https://bit.ly/3wuPNz6 ]. Another incident of fake news highlighted by news reports of Voice of America involved an attempt to show that the BJP was “indulging in warmongering for electoral gains [ Anjana Pasricha, Fake News Inundates India Social Media Ahead of Election, Voice of America, April 3, 2019, https://bit.ly/2QWwbFa]

Further, an article by Snigdha Poonam & Samarth Bansal mentioned that, “India is facing information wars of an unprecedented nature and scale. Indians are bombarded with fake news and divisive propaganda on a near-constant basis from a wide range of sources, from television news to global platforms like Facebook and WhatsApp. But unlike in the United States, where the focus has been on foreign-backed misinformation campaigns shaping elections and public discourse, the fake news circulating here isn’t manufactured abroad. Many of India’s misinformation campaigns are developed and run by political parties with nationwide cyber-armies; they target not only political opponents but also religious minorities and dissenting individuals, with propaganda rooted in domestic divisions and prejudices. The consequences of such targeted misinformation are extreme, from death threats to actual murders in the past year, more than two dozen people have been lynched by mobs spurred by nothing more than rumours sent over WhatsApp”. [Misinformation Is Endangering India’s Election, The Atlantic, Apr. 1, 2019 "https://bit.ly/3wuPNz6"]

In my blog of 9th May 2020, I had reported that mass circulation of fake news on WhatsApp had turned into a tragedy that led to a virtual stampede of migrants jostling to leave Mumbai. I had written that, “In a repetition of what happened in Delhi weeks ago, thousands gathered near Bandra station in Mumbai after a rumour that long-distance trains were running. Hundreds of migrant workers swarmed onto streets near Mumbai’s Bandra railway station and demanded facilities to return home. This happened two days after the state government extended the lockdown in areas under its jurisdiction, and just hours after Prime Minister Narendra Modi made a similar announcement extending the nationwide lockdown. The gathering of so many people at one place defeated the objective of ‘social distancing’, which is considered key in preventing the spread of COVID-19. The Maharashtra authorities have claimed that a WhatsApp rumour regarding trains sparked the gathering.” [‘Fake News, Misinformation & Rumourmongering During Pandemic’, " https://bit.ly/3fk2iIe"]

Those in favour of ‘tracing’ a particular message on private messaging services want more . They say that the present regulations are not sufficient and proportionate to trace the original messenger and hence the rules under the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, will go a long way to help the investigative agencies to unearth the perpetrators.

WhatsApp’s case Against Traceability

In the meanwhile, WhatsApp on its webpage has dealt with the issue: “What is traceability and why does WhatsApp oppose it?” by stating that, “Some governments are seeking to force technology companies to find out who sent a particular message on private messaging services. This concept is called “traceability.”Technology and privacy experts have determined that traceability breaks end-to-end encryption and would severely undermine the privacy of billions of people who communicate digitally. Reasonable and proportionate regulations for an increasingly digital world are important, but eroding privacy for everyone, violating human rights, and putting innocent people at risk is not the solution. WhatsApp is committed to doing all we can to protect the privacy of people’s personal messages, which is why we join others in opposing traceability”.

While dealing with “How does “traceability” break end-to-end encryption?” the WhatsApp web page states:

“WhatsApp deployed end-to-end encryption throughout our app in 2016, so that calls, messages, photos, videos, and voice notes to friends and family are only shared with the intended recipient and no one else (not even us). “Traceability” is intended to do the opposite by requiring private messaging services like WhatsApp to keep track of who-said-what and who-shared-what for billions of messages sent every day. Traceability requires messaging services to store information that can be used to ascertain the content of people’s messages, thereby breaking the very guarantees that end-to-end encryption provides. In order to trace even one message, services would have to trace every message. That’s because there is no way to predict which message a government would want to investigate in the future. In doing so, a government that chooses to mandate traceability is effectively mandating a new form of mass surveillance. To comply, messaging services would have to keep giant databases of every message you send, or add a permanent identity stamp like a fingerprint to private messages with friends, family, colleagues, doctors, and businesses. Companies would be collecting more information about their users at a time when people want companies to have less information about them”.

Further while throwing a question to itself, “Can WhatsApp work with law enforcement without traceability?, the WhatsApp webpage clarifies that “WhatsApp respects the important work law enforcement does to keep people safe. Our dedicated team reviews and responds to valid law enforcement requests. We respond to valid requests by providing the limited categories of information available to us, consistent with applicable law and policy. We also have a team devoted to assisting law enforcement 24/7 with emergencies involving imminent harm or risk of death or serious physical injury. We consistently receive feedback from law enforcement that our responses to requests help solve crimes and bring people to justice. It’s also important to understand that depending upon the nature of their investigations, law enforcement officials have multiple investigative tools, and may obtain information from many sources, including different companies, other governments, or from users’ devices. More information about how we work with law enforcement can be here "https://bit.ly/2RQVOYe".

A news report in Indian Express states that it is learnt that in its plea WhatsApp is relying on ‘Justice Puttuswamy V Union of India’  to argue that the traceability provision is unconstitutional and against people’s fundamental right to privacy as underlined by the Supreme Court decision. 

Justice K. S. Puttuswamy Case vis-a-vis WhatsApp’s Plea :

In the most celebrated judgment in Justice K.S. Puttuswamy (Retd.)  V. Union of India, (2017) 10 SCC 64, the issue of privacy was discussed in light of the Unique Identity Scheme. The question before the Court was whether the right to privacy is guaranteed under the Constitution, and if it is, the source of such right, given the fact that there is no express provision for privacy in Indian Constitution. The Attorney General for India had argued that privacy is not a fundamental right. Ultimately, the Court left the question to be deliberated by a larger Constitutional Bench since the earlier judgments that denied the existence of the right to privacy were given by Benches larger than those which decided the cases where right to privacy was accepted as a fundamental right. Finally, the matter was decided by a Bench of the Supreme Court comprising of nine Judges, holding that there is a fundamental right to privacy in the Indian Constitution.

This judgment marked a departure from the prior jurisprudence in its clear and unambiguous declaration that there is a fundamental right to privacy under the Constitution of India. This judgment is significant as the ‘right to privacy’ was conceptualised as a right in itself, for the first time. While, in the other cases, earlier right to privacy was used to protect specific interests, such as privacy from night-time police visits in Kharak Singh case - (1964) 1 SCR 332, or privacy from telephone tapping in PUCL matter, AIR 1997 SC 568. This judgment suggested a “menu” of tests that can be used to contemplate how the limits and scope of the constitutional right to privacy could be determined in future cases. The test laid down by the Supreme Court to identify whether any State action violates the fundamental right to privacy is to check (a) the existence of a “law”, (b) a “legitimate State interest” and (c) the requirement of “proportionality”. The Court also reiterated four sub-tests of proportionality adopted in a 2016 decision in ‘Modern Dental College and Research Centre v. State of Madhya Pradesh,(2016) 7 SCC 353’, to decide proportionality of a State action.

The tests require: (a) the interference must have a legitimate goal (legitimacy stage), (b) it must constitute a suitable mean of achieving the goal (suitability stage), (c) there must not be any less restrictive but equally effective alternative (necessity stage) and (d) the measure must not have a disproportionate impact on the right holder (balancing stage). As such, State actions restricting the right to privacy would amount to a violation of fundamental right if such action do not pass the aforesaid tests.

The nine-judge bench judgement of the Supreme Court delivered by Justice Dr. Dhananjaya Chandrachud has held that privacy is a constitutionally protected right which not only emerges from the guarantee of life and personal liberty in Article 21 of the Constitution but also arises in varying contexts from the other facets of freedom and dignity recognised and guaranteed by the fundamental rights contained in Part III of the Indian Constitution. The judgment also rejected the submission that privacy is a privilege of the few. In the backdrop of all this the moot question now is: ‘Does the traceability requirement under the new IT Rules meet the test in one of the most landmark judgements of independent India - Justice K.S. Puttuswamy (Retd.) V. Union of India?

The author of this article, Rajiv Chavan, is a Senior Advocate & former President of Advocates Association of Western India (2013-2015 & 2015-2018) 

Disclaimer: The views and opinions expressed within this article are the personal opinions of the author. The facts, analysis, assumptions and perspective appearing in the article do not reflect the views of Republic TV/ Republic World/ ARG Outlier Media Pvt. Ltd.