WhatsApp moves HC against new IT rules
NEW DELHI: Citing “dangerous invasion of privacy” and threats to free speech of its 400 million users in India, WhatsApp has moved the Delhi high court seeking the squashing of a rule framed by the Union government that obligates social media intermediaries to identify the first originator of a message upon an order by a competent court or executive authority.
The petition filed in the high court claims that enforcement of rule 4(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, will break WhatsApp’s end-to-end encryption and the privacy principles underlying it, besides impermissibly infringing upon users’ fundamental rights to privacy and freedom of speech.
WhatsApp has requested the high court to ensure no criminal liability is imposed on it for not complying with the provision, which, it contends is, “unconstitutional, illegal” and beyond the purview of the Information Technology Act.
The Union government in a statement on Wednesday defended the rules and called WhatsApp’s “last minute challenge” a “clear act of defiance meant to keep the guidelines from coming into effect”. The government also stated that while it respects the right to privacy, no fundamental right, including the right to privacy, is absolute.
Rule 4(2), which comes into effect from Wednesday, makes it mandatory for social media intermediary providing messaging services to trace the originator of a message if required by a court or a competent authority under Section 69A of the IT Act. While the rules clarify traceability order may only be passed for serious criminal offences, some categories such as “public order” are relatively broad in operation.
“Requiring messaging apps to “trace” chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break
end-to-end encryption and fundamentally undermines people’s right to privacy,” a WhatsApp spokesperson said.
“We have consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of our users. In the meantime, we will also continue to engage with the Government of India on practical solutions aimed at keeping people safe, including responding to valid legal requests for the information available to us,” this person added
A person in the company aware of the technicalities involved said the tracing feature sought by the government is unlikely to be practical since people also copy-paste messages, and that bad actors can separately spoof or modify information in a way that could lead to people being framed.
In its petition before the high court on the IT rules, WhatsApp has claimed that the new set of guidelines is “unconstitutional”, for it tramples upon privacy of users apart from being “manifestly arbitrary” and in breach of the principle of data minimisation.
“This [the traceability feature] would require petitioner to build the ability to identify the first originator of every communication sent in India on its platform, as there is no way to predict which message will be the subject of such an order seeking first originator information. This eliminates the right of the hundreds of millions Indian citizens using WhatsApp to maintain the privacy of their messages, which is antithetical to end-to-end encryption and the core privacy principles underlying it,” the company stated in its petition.
It added that since the provision does not require an approval of a court, it is clear that the power is without judicial oversight and hence, there is no “guarantee against arbitrary State action”. If WhatsApp adds these features, the company said, it could put journalists and civil and political activists at risk.
Taking another ground to challenge Rule 4(2), WhatsApp has said that the provision was not backed by any statutory power since Section 79 of the IT Act only allows the Union government to prescribe “due diligence” guidelines that intermediaries must observe to maintain their exemption from liability for third-party content.
“However, Impugned Rule 4(2) seeks to impose obligations that fall far outside ‘due diligence’, as it forces fundamental alterations to WhatsApp by breaking end-to-end encryption and changing the fundamental nature of the service that people love and use today in India and across more than 100 countries,” it maintained.
The petition sought annulment of the rule also on the ground that it ran counter to the intent of the IT Act which sought to promote “uniformity of the law” with other nations with respect to “alternatives to paperbased methods of communications”. Raman Chima, Asia Pacific policy director at Access Now, said WhatsApp needs to do better in its practices to protect and safeguard the interests of its users — including reconsidering its data sharing with Facebook and changes to its privacy policy. “The present legal challenge does reflect [WhatsApp is] prioritising safeguarding its users’ security and privacy from an overbroad, unlawful, and dangerous government mandate.