What is Traceability? Why did WhatsApp sue Indian govt over Traceability & what's the row?

After the three-month deadline given by the Ministry of Electronics & Information Technology (MEITy) to accept the new IT guidelines concluded on May 25, messaging app WhatsApp moved the Delhi High Court expressing its inability to comply with the clause of 'traceability' under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules. In fact, WhatsApp in its statement also expressed that the clause of traceability added by the government of India will be undermining people's fundamental right to privacy. However, the government of India in its statement stood firm on the traceability clause and clarified its stance on people's privacy saying the requirement of tracing origin of flagged messages under the new IT rules is for prevention and for investigation of 'very serious offences' related to the sovereignty of India or public order. Amid all this, the question everyone is asking is 'What is traceability?'

What is traceability? Why is Whatsapp's traceability important?

WhatsApp on Wednesday knocked on the doors of the Delhi High Court against the Centre's recently imposed IT Rules that would require the messaging services to 'trace' the origin of particular messages sent on the service. WhatsApp through its spokesperson said, "Requiring messaging apps to trace chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people's right to privacy."

"We have consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of our users. In the meantime, we will also continue to engage with the Government of India on practical solutions aimed at keeping people safe, including responding to valid legal requests for the information available to us," added the WhatsApp spokesperson. 

End-to-end encryption is a system of communication where only the communicating users can read the messages. In principle, it prevents telecom providers, Internet providers, and even the provider of the communication service, i.e. WhatsApp – from being able to access the cryptographic keys needed to decrypt the conversation. As per experts, implementation of Traceability would force private companies to collect and store who-said-what and who-shared-what for billions of messages sent each day. This will require platforms to collect more data than they need, solely for the purpose of turning it over to law enforcement agencies. 

What is Whatsapp's issue with 'traceability' in India's IT guidelines?

When the concept of 'traceability' was first proposed in early 2019, a number of organizations wrote to the Indian government about how such a provision would violate the privacy of Indian users. The IT rules published by the government India earlier this year, in addition to calling for “traceability” risk criminal penalties for non-compliance. Globally, WhatsApp has consistently opposed legal action that would break end-to-end encryption - for example, it is currently before the Supreme Court of Brazil on a similar matter. Furthermore, as per sources, Traceability as WhatsApp understands it at the moment would not be effective in finding the originator of a particular message because people commonly see content on websites or social media platforms and then copy and paste them into chats, and it would also be impossible to understand the context of how it was originally shared. This, however, is subjective.

Government's clarification on WhatsApp's 'traceability' problem

The government on Wednesday clarified that it respects the right to privacy and that the requirement of tracing the origin of flagged messages under the new IT rules is for prevention and investigation of "very serious offences" related to the sovereignty of India or public order. In a statement, the IT Ministry termed WhatsApp's last moment challenge to the intermediary guidelines as an unfortunate attempt to prevent norms from coming into effect.

The UK, US, Australia, New Zealand, and Canada require social media firms to allow for the legal interception, it said, adding, "What India is asking for is significantly much less than what some of the other countries have demanded. Therefore, WhatsApp's attempt to portray the Intermediary Guidelines of India as contrary to the right to privacy is misguided," the official statement said.

The statement further added that IT Minister Ravi Shankar Prasad has stated that the government "is committed to ensure the Right of Privacy to all its citizens but at the same time it is also the responsibility of the government to maintain law and order and ensure national security."

"Such requirements are only in case when the message is required for prevention, investigation or punishment of very serious offences related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, or of incitement to an offence relating to the above or in relation with rape, sexually explicit material or child sexual abuse material," the statement added. As for the specific doubts that have been expressed over how this may entail a violation to the Right to Privacy, the government has upheld that this right comes with reasonable restrictions, and that in such circumstance that it requires to trace the origin of a message, the relevant legal warrant would be produced. Furthermore, it has questioned WhatsApp about its own recent and controversial privacy policy update wherein businesses must agree to WhatsApp's right to data-sharing with Facebook.

Centre's new guidelines for social media & traceability

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 were framed by the Centre on February 25 in exercise of powers under section 87 (2) of the Information Technology Act, 2000 and in supersession of the earlier Information Technology (Intermediary Guidelines) Rules 2011. The rules came into effect from May 26.

Under the new rules, social media platforms will have to have a grievance redressal mechanism, they will also have to name a grievance officer who shall register the grievance within 24 hours and disposal in 15 days. The government had said that if there are complaints against the dignity of users, particularly women - about exposed private parts of individuals or nudity or sexual act or impersonation, etc - social media platforms will be required to remove that within 24 hours after a complaint is made. As per the guidelines, first, the social media platforms will have to have a chief compliance officer residing in India responsible for ensuring compliance with the act and the rules. 

With the new social media rules, platforms will be required to disclose 'trace' the first originator of a mischievous tweet or message which could be in relation to the sovereignty of India, the security of the state, relations with foreign states, rape, etc. 

Second is a nodal contact person who should reside in India for 24X7 coordination with law enforcement agencies. Also, social media platforms have to appoint a resident grievance officer who shall perform the grievance redressal mechanism as indicated. They also will have to publish a monthly report about the number of complaints received and the status of redressal. 

Meanwhile, Facebook and Google have assured the Government of India it would comply with the new set of rules. 

(Image Credits: PTI / Pixabay)