Days after the ministry of home affairs (MHA) issued a notification authorising 10 central agencies to intercept, monitor, or decrypt digital communications, the Indian Express newspaper has reported today (Dec. 24) that the government is seeking to propose amendments to the Information Technology (IT) Act. The new changes seek to trace and access “unlawful” online content, the paper reported.
The proposed amendments, which have been published by the Internet Freedom Foundation (IFF), a New Delhi-based digital advocacy organisation, stipulate that an online platform must comply with any “lawful order” to provide information or assistance within 72 hours of receiving it from “any government.” The amendments also require that encryption be broken to trace the origins of messages.
The popular instant messaging platform WhatsApp, which uses end-to-end encryption—meaning the company itself cannot read users’ communications—seems to be a prime target of these amendments.
Privacy experts, many of whom had sounded the alarm last week after the MHA notification, are now doing so once more. The proposed amendments are “basically a top-down solution which is being pushed proactively by the government without involving technologists or having an open public consultation,” Apar Gupta, director of IFF, told Quartz.
The WhatsApp problem
WhatsApp, which has at least 200 million users in India, has been the subject of intense government pressure for many months now. Misinformation spread on the platform has been linked to violence, including over two dozen lynchings.
Civil-society critics have cautioned against penalising WhatsApp or other online platforms for the content that is shared on them, even when it is dangerous. Asking companies to break end-to-end encryption, some say, would threaten user privacy and free speech.
With the proposed amendments, the government seems to be seeking major technical changes in WhatsApp, as well as other platforms that use encryption. “With the requirement of traceability, end-to-end encryption deployment will either need to be substantially altered or completely done away with,” Gupta said. “It requires product-level changes in a way which impacts the existing security of the encryption protocols which are deployed.”
Far-reaching effects
But the draft rules threaten to affect all online platforms operating in India, and not just WhatsApp. The proposed amendments, the Indian Express reported, were discussed by an official of the ministry of electronics and information technology (MeitY) with representatives of Google, Facebook, WhatsApp, Amazon, Yahoo, Twitter, ShareChat, India’s market regulator Securities and Exchange Board of India (SEBI), and the Internet Service Providers Association of India.
However, MeitY’s communications coordinator reportedly said he had “no knowledge” of the meeting being held.
Gupta says that the draft rules threaten to promote online censorship, making online intermediaries the arbiters of what constitutes legal content. This may result in online platforms overusing error-prone automated tools in order to take down posts in time, resulting in “vast swathes of content being blocked or removed,” he said.
Those who are concerned about internet misinformation, Gupta added, should instead “urge the govt to start an open process and conversation with experts on how it can be tackled, and not allow it to use their concern and their genuine worry to expand powers to undermine privacy and place a China-like censorship system in India.”