Wednesday, December 25, 2024
154,225FansLike
654,155FollowersFollow
0SubscribersSubscribe

Encryption versus Privacy

The number of disputes between the government and technological companies is increasing. One controversial and contemporary dispute is between the Indian government and WhatsApp. This conflict relates to the Information Technology Rules, 2021, which mandate the company to share or trace the originator of a message. But, the regulation goes against the end-to-end encryption rules of the tech company

By Mahak Jain and Ashit Srivastava

In today’s rapidly changing digital world, technology is continuously evolving. At the same time, it is also causing a threat to data protection and security of its users. Due to this, the number of disputes between the government and the technological companies is on the rise as highlighted by the dispute between the Indian government and WhatsApp, owned by Meta, regarding access to its encryption system. In more than 180 countries, WhatsApp has more than two billion users, with India having the highest number of users in the world. WhatsApp is not ready to compromise with the privacy of its users. End-to-end encryption is the key element of privacy features that safeguard the messages of the users so that only senders and recipients can access their contents.

The Information Technology Rules, 2021, of the Indian government mandates that messenger platforms identify the “first originator” of messages in response to a request from a law enforcement agency. In the Delhi High Court, WhatsApp argued that the enforcement of this rule will violate the user’s right to privacy and  defeat the purpose of end-to-end encryption. The key part of this debate is safeguarding user’s data and privacy. In addition to freedom of speech and expression, one of the fundamental rights protected under Article 19 of the Constitution of India, and the right to privacy, protected under Article 21 of the Constitution of India, the purpose of Information Technology Rules, 2021, was also questioned. If WhatsApp implements this rule, it will affect it socially as well as economically. Most of the users will no longer be willing to use its services, as their data will be under surveillance which also affects WhatsApp’s finances.

The proceedings delve even deeper into what might be considered the reality of living in a highly advanced technological society with a multitude of legal frameworks and constant change. Indian authorities claimed to be acting to protect social order and ensure national security, while on the opposite side, WhatsApp—which is widely recognised for its smooth communication and strong end-to-end encryption support—claimed to protect the data privacy of its users.

According to Rule 4 (2) of the Information Technology Rules, 2021, it is mandatory for social media companies that provide messaging services to disclose the originator of a message in response to a court order or other request from a relevant authority. The Rule has enumerated the grounds for which the traceability clause should be invoked. It reads: “Provided that an order shall only be passed for the purposes of prevention, detection, investigation, prosecution or punishment of an offence related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, or of incitement to an offence relating to the above or in relation with rape, sexually explicit material or child sexual abuse material, punishable with imprisonment for a term of not less than five years.”

Instead of being thought of as just one feature among many that can be employed or not based on the situation, encryption should be seen as a way to shield people’s private information from unauthorised access and surveillance. WhatsApp showed its unwavering dedication to upholding users’ rights to privacy by refusing to compromise on encrypted messaging. The stance taken by international campaigners in favour of digital freedoms and individual privacy is uniform.

The Indian government’s Information Technology Rules, 2021, also raise concerns about government regulation of social media intermediaries and their involvement in digital areas. Regulations are necessary for the following issues: hate speech, misinformation, and internet harassment. These restrictions must, however, be carefully constructed to ensure that they respect fundamental rights without going beyond what is required, nor do they exceed legal boundaries or widely accepted standards respecting privacy, etc. To accomplish fairness, the important concepts here are justice according to previously announced laws, applying equally to governors and governed persons, and holding them accountable through open and transparent methods. This is because individuals should constantly work to fulfil their rights before such systems are implemented.

In addition to being a legal disagreement, the Delhi High Court case involving WhatsApp and the Indian government also represents broader conflicts in our era of computers between political authority and individual liberties. The rules and regulations made by any authority must be based on democratic principles, human rights, and the rule of law. If it does not follow our constitutional as well as democratic principles, we will not be able to take advantage of any of its possible advantages without losing sight of the thing that makes us uniquely human—our freedom.

A careful reading of the relevant rule of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, will be relevant to this issue. Rule 4 (2) of the IT Rules read: “shall enable the identification of the first originator of the information on its computer resource as may be required by a judicial order passed by a court of competent jurisdiction or an order passed under Section 69 by the Competent Authority as per the Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009, which shall be supported with a copy of such information in electronic form: Provided that an order shall only be passed for the purposes of prevention, detection, investigation, prosecution or punishment of an offence related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, or of incitement to an offence relating to the above or in relation with rape, sexually explicit material or child sexual abuse material, punishable with imprisonment for a term of not less than five years: Provided further that no order shall be passed in cases where other less intrusive means are effective in identifying the originator of the information”

The main provision does provide that the government shall have access to first originator of the message, in case the subsequent conditions are fulfilled. From a sociological viewpoint, it does make sense, knowing the amount of misinformation/disinformation being spread, in some cases leading to mob-lynching or disruption of public order. The question is what is the best means possible to curb this social evil, a means that is adequate and proportional at the same time, in simpler terms, fulfilling the objective as well as is less intrusive to interfere with the rights of the individual. This brings the angle of “proportionality” into play. “Proportionality” as a doctrine is tremendously exploited and consolidated in the German constitutional jurisprudence. Reference of this doctrine can also be seen in the Indian cases of KS Puttaswamy-I (2017), and more elaborately in the opinion of Justice (retd) AK Sikri in KS Puttaswamy-II (2018) and in the case of Modern Dental College vs State of Madhya Pradesh (2016). A deeper reading of the doctrine can be seen in the writings of Robert Alexy and Mattias Kumm.

The doctrine literally demands a judicious test of the law to test whether the means adopted by the government to invade any right is proportional to the objective sought to be achieved by the law. Or are there any other less intrusive means possible to achieve the objective, if there is a less intrusive means possible to achieve the objective, then in such a case, the means adopted in the law will be held unconstitutional. So, if the objective of Rule 4 (2) is to prohibit the circulation of the misinformation/disinformation, hate speech (possibly causing disruption of public order) is tracing of the first originator of the message, the only means possible?

Everyone deciphers the government’s point of view that encryption can also be exerted to conceal unlawful activity. Fake news, hate speech and violent content have been identified as some of the threats to national security and social cohesion that could easily thrive in anonymity. The disappearance of the source coincides with the suspicions of their involvement with the group under investigation, highlighting the inherent dangers of the internet. However, there are serious problems with the solution—traceability. For example, if all WhatsApp messages become traceable to their originator, it will possibly create a chilling effect on the users of the service, with the knowledge that their messages are being read or observed.

The government needs to find other alternatives for safeguarding the individual’s rights and national security. Some of these are:

  • Digital Literacy: By promoting education, individuals will be able to identify and disprove misleading information on social media platforms. It will also help in promoting critical thinking and responsible online behaviour by which users can take action on their own in case of any cybercrimes.
  • Counter-Narrative Strategies: Balance good narratives with hate speech and improve media literacy to prevent the spread of negative information. Promoting a culture of tolerance is important for the development of independent media enterprises.
  • Inspiration from other countries: The critical analyses of the methods and approaches adopted by other countries may help us in developing a balanced approach for the security and protection of the users.

For instance, telecom companies must retain certain customer data in Germany for a pre-determined amount of time, and access to such data can only be obtained through a procedure approved by the court. This effectively balances the goals of national security with the protection of individual liberties, such as the protection of data privacy.

In other countries also there are a lot of disputes between privacy and security. Some countries have adopted strict regulations while others have opted for a more balanced approach to safeguard both the interests of personal data privacy and national security.

This dispute can only be resolved by striking a compromise that protects people’s fundamental rights, including the right to privacy, freedom of speech and expression while also considering the legitimate security concerns of the state. The collaborative approach and smart strategy will be able to provide a long-lasting solution that respects the principles of an open and free internet while ensuring everyone’s safety  and security. 

—Mahak Jain is a second year student at Dharmashastra National Law University, Jabalpur, while Ashit Srivastava is an assistant professor there

spot_img

News Update