IT RULES 2021: THE DIGITAL CONUNDRUM

Posted byLaw & Tech TimesPosted inEditor's ColumnTags:

This blog is authored by Shereen Moza and Aditya Srivastava, Associate Editors, at Law and Tech Times, RGNUL.

Keywords: Intermediaries, Fundamental Rights, End-to-End Encryption, Data Retention, First Originator of Information.

Recently, several writ petitions were filed under the jurisdictions of Madras High Court, Bombay High Court, Kerala High Court and Delhi High Court regarding the ongoing legal tussle straddling the constitutionality of the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 which substituted the Intermediaries Rules, 2011. The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, were notified by the Central Government in February 2021, under the provisions of its parent act, The IT Act, 2000. The impugned Rules were challenged on the consonance of their provisions with the Constitutional freedoms. The United Nations Commission on International Trade Law produced a Model Law on Electronic Commerce in 1996, which encouraged its adoption. 

Critical analysis of the impugned provisions is a subject of dire importance, which the blog entails to dive into the depths of.

End-To-End Encryption 

Part II of the Impugned rules arbitrarily classify certain social media platforms as significant social media intermediaries. These intermediaries providing primarily messaging services are mandated under Rule 4(2) to enable the identification of the first originator of the information, ostensibly in accordance with Section 69 of the IT Act 2000, on their platform. This induces traceability as a prerequisite for breaking the end-to-end encryption on such platforms. 

End-to-end encryption (E2EE) is a system of communication that ensures that individuals who are communicating are the only ones who can read the messages. Social media platforms such as Whatsapp, Signal, Telegram, etc. have pioneered such encryptions on their platforms to ensure reliability and privacy to users. Personal data, as a consequence, is safeguarded against the highest tenable security standards in consonance with the fundamental right to privacy of users. 

These platforms retain minimal user data for facilitating electronic information exchange. Traceability would legally oblige such platforms to retain and analyse data as part of the multitude of two-way communications being facilitated through the platforms every individual day. This will mandate the platforms to retain data beyond their ambit and capacity, essentially for the obligation endowed by the Rules and providing such information to the law enforcement agencies.

The aforementioned Rule compromises and violates the enshrined right to privacy of users by mandating the breaking of the end-to-end encryption. Consequently, traceability, as per the Rules, breaks end-to-end encryption and would severely undermine the privacy of billions of people who communicate digitally. Whatsapp had filed a plea in the Delhi High Court in May 2021 challenging that Rule 4(2) of the IT Rules 2021 mandating the breaking of end-to-end encryption does not pass the tests enshrined under Art. 21 of the Constitution decided in the well-known landmark judgment of Justice K. S. Puttaswamy (Retd.) v. Union of India, is manifestly arbitrary in violation of Art. 14, is violative of the Right to Freedom of Speech and Expression and Sections 79 and 69A of the Information Technology Act which entail the exemptions of NSP’s being liable and the power of the controller to decrypt information respectively.

WhatsApp contended that the provision of ‘traceability’ as encapsulated in the Rules would not be effective in achieving the goal of finding the originator of a particular message because people generally see content on websites or social media platforms and then copy and paste them into chats. The context of the message then drafted or created is impossible to ascertain.

Data Retention and Freedom of Speech

The UN Special Rapporteur on Freedom of Expression addressed the issue of vested authority in unaccountable private intermediaries in its 2018 Report on Online Content Regulation. The study admits that, while the lure of regulation is obvious in light of genuine State concerns such as privacy and national security, the process of adopting regulations involves hazards to freedom of speech putting enormous pressure on organizations to delete information in an effort to avoid liabilities. According to the empirical study undertaken by the Centre for Internet and Society, intermediaries were excessively compliant in taking down censorship requests, oblivious to the authenticity of such demands seriously hampering the Freedom of Expression of individuals. In addition to that, as per Rule 3(1)(h), the period allocated to data retention has been increased and therefore the intermediaries are now expected to store data for six months for apparent investigative purposes. This data is expected to be stored even if the user deletes their account. In the landmark case of Romesh Thapar v. State of Madras, the court ruled that if the state’s justification for restricting free speech and expression in the name of “public safety” was too broad, the restrictions would be declared unconstitutional. In the lack of data privacy legislation and any form of control on how surveillance functions in India with landmark precedents it is critical to evaluate the consequences immediately.

Right to Privacy

Recently giants like Whatsapp have questioned the constitutionality of the IT Rules, 2021 owing to the “traceability clause” in the impugned rules confronting how it will be detrimental to the privacy of users across the platform. Under the impugned laws, the encryption (which essentially keeps the data inaccessible to outside parties) will be broken as the data will go under surveillance. Post which, the government through this new “traceable database” can now identify the sender of the alleged unlawful message. Therefore, as discussed, will additionally give the Government prominent power to monitor activity at the cost of user privacy.

The Right to Privacy is an intricate component of the Right to Life and Personal Liberty provided by Article 21 and as a part of the freedoms granted by Part III of the Constitution, and it is to be safeguarded by the Indian Constitution. In the landmark case of Justice K. S. Puttaswamy (Retd.) v. Union of India, the verdict established that privacy is a fundamentally inalienable right inherent in human dignity and liberty under Article 21 of the Indian Constitution. Therefore, the aforementioned rules are so broadly stated that it leaves ambiguity in determining exactly what the social media intermediary must undertake in order to determine the original source of information which will certainly have an impact on privacy since social media intermediaries will most likely use tools that are unconcerned about privacy in order to comply with the jurisdiction of the law posed in such a short time frame.

Furthermore, the Supreme Court in the Puttaswamy judgment also established communicational privacy, informational privacy and associational privacy. Stringent violation of these standards is being perpetuated by breaking of the end-to-end encryption and is antithetical to the fundamental freedoms. The provision under Rule 4(2) is arbitrary and does not satisfy the three-pronged test laid down in the Puttaswamy judgment. Moreover, the lack of judicial oversight widens the scope of misuse of such data along with endowing exorbitant power to the government prone to arbitrary measures. This leaves the question of the draconian access of the government in moderation, the breakage of everyone’s personal conversations in order to reach the first originator and the infringement of fundamental rights unanswered.

Conclusion

Freedom of Speech and Expression and Right to Privacy are the fundamental tenets of democracy but it is also necessary to acknowledge the right balance between drawing restrictions and fundamental rights which, now, has been a constant debate in the purview of the digital world. Giants like Twitter, Whatsapp that hold enormous amounts of data, the Government that is trying to ascertain the reasonability of restrictions and the users in the middle that are worried about the consequences stand in a constant tussle awaiting an optimum result. While the IT Rules, 2021 were designed to maintain digital sovereignty, the question that is left unanswered is whether this maintenance can be at the alleged cost of infringement of a user’s fundamental rights. 

SOURCES:

  1. Velankanni Royson, Censorship, the Centre for Internet and Society (2008).
  2. Rep. on Content Regulation, U.N. Doc. A/HRC/38/35 (2018). 
  3. Yogesh Kolekar, Essentials Of Information Technology Law (Notion Press 2015).
  4. Justice K. S. Puttaswamy (Retd.) v. Union of India, W.P. (Civil) No. 494 of 2012, (2017) 10 SCC 1.
  5. Romesh Thapar v. State of Madras, 1950 AIR 124.

Image Credits: Pixels Free Photo

Leave a comment

Design a site like this with WordPress.com
Get started