Decrypting the intermediary norms
Arguments on data decryption have fuelled a debate on primacy of national security over individual privacy
Arguments on data decryption fuelled a debate on primacy of national security over individual privacy
GEETIKA SRIVASTAVA writes
The Supreme Court last week allowed the petition filed by Facebook Inc to transfer all cases concerning regulation of social media, pending in three different high courts, to itself. This marks the beginning of a decisive phase for the legal interpretation of intermediary guidelines, as well as the resolution of contentious issues surrounding data decryption. Experts say the next 2-3 months could potentially have far-reaching implications for tech businesses in the country.
The bone of contention has been interpretation of the IT [Intermediaries Guidelines (Amendment) Rules] 2018, which lays out certain conditions for social media intermediaries operating in India. These have been fiercely contested by the social media giants, on multiple grounds.
One of the most contentious issues is that of data decryption, which would allow the Centre to trace the origin of content that could be fake news, hate speech, or linked to terror.
The Centre’s stance is in alignment with Section 69 of the Information Technology Act, 2000 (IT Act), based on which an intermediary is supposed to provide ‘all facilities and technical assistance’ to the government to decrypt data. The same was supplemented by the IT Rules, 2009 under Section 2(g), which states that these decryption facilities must be provided by such platforms to the ‘extent possible’.
Facebook Inc has argued that messages on its mobile application Whatsapp are secured by end-to-end encryption. The technology works like this: Once users sends a message, they genbe a mass surveillance threat.
As the Centre has only prescribed a limit of 72 hours to take down a post that it deems as “threatening public health or safety” (which many have argued is a vague term), it could prove to be quite onerous for social media platforms.
In the Shreya Singhal case, the Apex Court had laid down that it was against precensorship and any kind of blanket ban. “Actual knowledge of the content being illegal needs to be established,” says Simranjeet Singh, partner at Athena Legal.
Companies argue that the guidelines pose problems for smaller businesses as well as start-ups. While the IT Act is silent, the draft Rules say intermediaries with over 5 million users must be locally incorporated. This, along with the fact that the Rules seem to have an extra-territorial application, have been argued to be violations of the parent Act. “The government must keep in mind that Rules, being secondary legislation, cannot override the main legislation, which is the IT Act,” says Pavan Duggal, advocate, Supreme Court.
Such Rules may also act as a barrier to the markets. Further, stringent decryption mechanisms are extremely hard to set up for start-ups. “These Rules may affect venture funding in India, and could also pose risks to start-ups trying to establish their businesses with limited resources,” says Manuj Garg, co-founder of myupchar.com.
The case, therefore, boils down to proportionality, as laid down in the Puttaswamy case. The Centre says it will come up with the final guidelines in another couple of months. Whether the guidelines turn out proportional to the threat, is what remains to be seen.