Supreme Court should mandate addition of the Verified and Unverified status to Social media accounts

There is a debate presently going on in the Supreme Court of India about the responsibilities of the Social Media Companies such as FaceBook and Twitter in preventing “Fake Accounts” and “Fake News”.

It is beyond question that Fake news is a menace which should be stopped. It is actually in the interest of these service providers such as Facebook, Twitter and WhatsApp that they introduce a system that prevents fake news as a means of preserving the trustworthiness of their platform.

We know that due to Phishing, any e-mail or a phone call from a Bank is not trusted by the customer. Even if the call is genuinely from a Bank, today we will consider it as a fraudulent call. This situation should not come to social media also.

Some of the Social Media companies are resisting the request of the Government to take steps to prevent fake news by complaining that any attempt to identify the originating source of a message is an infringement of the privacy rights of the person accused of sending such messages.

In the past Courts have provided an excessive credibility to the Social Media by

a) Considering the forwarding of messages as an endorsement of the content

b) Clicking “Like” button or Re-Tweeting as an endorsement of the content

c) The Double Tick in Whats App as a delivery confirmation of a message and Double blue tick as an acknowledgement of receipt (Even when there is no Section 65B Certificate)

This excessive reliance by the Judiciary is itself the reason for  increasing the possibility of the socialmedia being used for planting fake stories .

Fake Message Prevention needs technical measures both at the time of creation of the account and also when an objectionable message is sent.

The Social Media should therefore be mandated to observe some general security practives such as the following:

  1. At the time of opening of a social media account, the details of registrant along with the meta data such as the IP address, Device ID (eg: IMEI number, Bios ID) must be captured by the service provider and preserved until at least 3 years after the account is closed. In case of any legal dispute arising on the account, the information should be considered as “Evidence” and archived permanently.
  2. At the time a message is sent which is suspected to be “False” if the law enforcement demands the origin of the message, then the social media manager needs to produce the information such as the Mobile Number or IP address, the registered address of the account holder etc.
  3. Quite often the Social Media companies hold out an excuse that content is encrypted end-to end  and any request of the law enforcement requires “Decryption” which technically may be not feasible.It is difficult to believe this contention since law enforcement requests are only for the information about the originator of the message and not the message per-se. It is only after a person who has a copy of the message filing a complaint that the investigation is taken up. At this time, the content is already known and there is no need for WhatsApp to provide the content.The previous messaging device ID is not part of the encryption but is only part of the meta data. Hence there is no reason to accept the contention of these companies that they are not in a position to provide the details as asked.
  4. The request for decryption may come only when there is a demand under Sec 69 of the ITA 2000 which can be invoked under very limited cases and only when national interest is involved. There are sufficient checks and balances in law to prevent misuse.If some law enforcement personnel misuse the provisions and intercept without authority, the Act considers such interception as “Unauthorized Access” under Section 66 of ITA 2000.  Hence there is no reason why these companies should be allowed to avoid cooperating with the law enforcement making a request using the due process. The data localization requirement under PDPA has actually originated because the Google and FaceBook donot cooperate with the law enforcement and provide the information required by the police. Supreme Court should not allow these companies to bully their way through and avoid responding to the genuine law enforcement requests.

Linking of Aadhaar

If prevention of creation of Fake Accounts is a necessity, then the means of ensuring this could be insisting on the “KYC” of the customer at the time of opening of social media accounts.

Face Book, Google as well as WhatsApp want to use their members to transfer money through the accounts to “Friends” and “Contacts”.

If therefore the identity of account holders is not verified properly these accounts become conduits of unaccounted transactions. 

FaceBook in particular is dangerous because they are promoting their own Crypto Currency (Libra) and will be a direct threat to the economy providing a conduit for black money legitimization.

If therefore the Government wants a good KYC using Aadhaar or PAN Card , Digital Signature Certificate etc., as the basis, it is a fair request.

Since the Supreme Court has not been in favour of private sector using the “Aadhaar” for KYC purpose, these agencies can make use of “Virtual ID” or “Offline Verification methods”.

Presently, Twitter has a “Blue Tick” facility to mark accounts which have been “Verified”. Similar verification can be introduced for other social media accounts also.

Even if  Verification  is not made mandatory if a provision is available,  a majority of Indians would opt to have the “Verification Tick” as a prestigious tag.

At the same time, those who opt out may be given a “Red Cross tick” to show they are “Unverified”.

In due course, the  “Identified” account holders will be in majority and push the “Fake Account holders” to the category of “Untrustworthy accounts”. In a way this will automatically segregate the “Blue Ticked Verified Account holders” from the “Red crossticked unverified account holders”.  This will reduce the incidene of fake news substantially without any further effort.

Since “Consent” could be a basis for many other “Sharing of Sensitive Information” as per PDPA, there is no reason why we should not allow account holders voluntarily submitting their Virtual Aadhaar IDs to get their ID verified at the time of opening of their Social Media accounts.

When the Supreme Court hears the petitions in this regard, it should therefore take into account the above suggestions and help in improving the credibility of the Social media.

Naavi

This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.