WhatsApp petition deserves to be rejected at admission stage itself.

WhatsApp has filed a petition in the Delhi High Court challenging the Intermediary guidelines of February 25, 2021 in a 224 page document, a copy of which is presented here.

The petition was expected and Naavi.org had indicated the possibility even on February 25th and suggested that the Government should make its moves before a stay is granted. 

However the Government waited for the whole 3 months without any action and now WhatsApp has taken advantage of the entire three months which was available to it for taking action and now filed the petition. It could be a strategy to act only when required and could have been a strategy to attack the Indian Government from a second flank while it is already busy in its fight against Twitter in another flank.

The Prayer in the petition is 

a) To restrain the Government of India from taking any coercive steps under Rule no 4(2) of the order of February 25th.

b) Grant of ex-parte ad-interim stay on the operation of the impugned rule

The rule 4(2) states as follows:

“A significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer resource as may be required by a judicial order passed by a court of competent jurisdiction or an order passed under section 69 by the Competent Authority as per the Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009, which shall be supported with a copy of such information in electronic form:

Provided that an order shall only be passed for the purposes of prevention, detection, investigation, prosecution or punishment of an offence related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, or of incitement to an offence relating to the above or in relation with rape, sexually explicit material or child sexual abuse material, punishable with imprisonment for a term of not less than five years:

Provided further that no order shall be passed in cases where other less intrusive means are effective in identifying the originator of the information:

Provided also that in complying with an order for identification of the first originator, no significant social media intermediary shall be required to disclose the contents of any electronic message, any other information related to the first originator, or any information related to its other users:

Provided also that where the first originator of any information on the computer resource of an intermediary is located outside the territory of India, the first originator of that information within the territory of India shall be deemed to be the first originator of the information for the purpose of this clause.”

Petition allegations that are not sustainable

Now the petition of the WhatsApp makes the following allegations.

  1. Introducing a treaceability requirement for end-to-end encrypted services will lead to breaking of such encryption and thus compromising the privacy of individuals making use of such services for their private communications”. (Based on the SFLC note submitted to MIT)
  2. “Where speakers in the offline context were assured a limited degree of secrecy and obscurity in their communications, the proposed measure [to enable the identification of the first originator of information] renders encrypted and therefore secret communication impossible.” (Based on Centre for Communication Governance at National Law University Delhi note submitted to MIT).
  3. To be clear, traceability is incompatible with end-to-end encryption. Encryption as a service is used by journalists and whistleblowers to legitimately protect their privacy and in that is an enabler of the right to privacy and the freedom of expression. Apart from protecting privacy, encryption also makes communications more secure and helps ensure integrity of information.” (unidentified note no MIT/79/087 submitted to MIT)
  4.  This [tracing] obligation also undermines the use of encryption technology, which ensures that content is not accessible to the intermediary or third parties.” (COAI submission to MIT

It may be noted that all the above references are related to the public comments submitted in 2019 to the then published draft notification from which selective comments have been quoted. The petition has deliberately omitted submissions such as that of FDPPI, (MIT 79/016) a copy of which is available here . The entire set of comments are available here .

The endorsements given above are from people outside of WhatsApp and they are not privy to the technology used by WhatsApp. 

Since WhatsApp receives the message from some originating device on its server, the server does note the device identity of the incoming message. Then it forwards it to the next device. In the meantime it counts if the same message is forwarded 5 times. If it can do so, then it means that WhatsApp knows what is the message being forwarded and from whom. 

It is clear that the recording of the origination and counting the number of forwards  does not undermine the content encryption and hence the views expressed above are not sustainable. WhatsApp is aware that these views are incorrect but is quoting it in its petition to mislead the Court. 

Reference to Puttaswamy Judgement

The petition makes reference to the Puttaswamy judgement and debates the Legality, Necessity and Proportionality aspects. 

WhatsApp says that there is no statute requiring that the intermediaries need to identify the origin of the message and it cannot be introduced through subordinate legislation.

WhatsApp perhaps expects that every procedural aspect of compliance should be part of the statute. In such a case ITA 2000 would be bigger than the Indian Income Tax act or Companies Act. It is one of the objectives of ITA 2000 to prevent offences. Sending false information through any media, written or electronic to induce social unrest or affect national security is an offence under IPC read with ITA 2000 and Indian Evidence act. The procedural guidelines have to come through notifications and the argument of WhatsApp is unacceptable. 

As regards the necessity and proportionality the guideline specifies that it can be used only in certain circumstances which need to be recorded and will be subject to judicial scrutiny on post facto basis.

For identifying the first Indian originator in a chain, WhatsApp can maintain the data of Indian customers in an Indian server so that the import of data can be identified without difficulty. This will also serve the Data Localization requirements.

WhatsApp argues that compelling the platform to change its structure for compliance is not legal. By this kind of argument, we can say GDPR should not ask companies to implement “Privacy by Design” since it would be necessary to change the current architecture. 

WhatsApp also argues that ITA 2000 preamble says that that there is an intention to achieve “Uniformity of the law” and there is no other global law requiring traceability and hence India cannot introduce such a law. The petitioner does not know that this was in reference to the legal recognition to be given to electronic documents and not to say that India will pass only such laws which USA or another Government passes.

It is shameful that the learned counsels who have drafted the petition thinks that India does not have the right to pass a law which is different from laws of other countries. 

The logic presented by WhatsApp is therefore completely untenable and looks childish. The same arguments are repeated again and again to make the document run 224 pages.

The fundamental issue here is whether the Government of India has the right to notify a regulation under an existing Act which was enacted in 2000, amended in 2008. WhatsApp is one of the parties which has a vested interest in diluting the due diligence. 

By refusing to accept the regulation even though the power to demand the identity of the originator is highly restricted as per the reasonable exceptions under Article 19(2), WhatsApp is challenging the sovereign powers of the Government of India. The technical difficulties in compliance are fake claims and even if present cannot be an excuse to comply with the law.

It is unclear why WhatsApp needed 3 months to realize that they will not be able to comply and did not come up with this petition immediately after February 25th. Was it because raising the issue in the Court was an after thought and prompted by Twitter? in which case it will be part of a conspiracy towards the regime change. There is therefore a suspicion that WhatsApp wants to be a supporting platform of efforts to destabilize the Indian Government through distribution of anonymous fake messages through the platform as it has happened on many occasions.

The intention of WhatsApp in approaching the Court on the last day of the 3 month dead line is therefore suspect. 

The petition is speculative since the Company has not sufferred any damage on account of the proposed notification. The Government of India is under no obligation to provide a safe harbor under Section 79 on an unconditional basis. If the company does not want to comply, with the due diligence requirements, it will be free to do so by giving up the protection available under Section 79 which would be available for organizations that would be compliant with the due diligence.

As regards WhatsApp being the champion of Protecting the Privacy of Indian citizens, the track record of WhatsApp is indicative that it collects personal information in the form of profiles, tracks the messaging behaviour and shares it with Face Book for monetization in a deceptive manner. In its recent Privacy policy change it has not provided any grievance redressal option in India and wants to do business in India without accountability.

If any person in India sends a message through WhatsApp which is 

“related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, or of incitement to an offence relating to the above or in relation with rape, sexually explicit material or child sexual abuse material, punishable with imprisonment for a term of not less than five years:

the Right to Privacy as a fundamental right is not applicable since the above provision comes under Article 19(2) of the Constitution. 

Hence the argument that the notification infringes the constitution of India is not valid and has to be rejected forthwith.

If in any specific case where the Government asks for the information about the originator of a message appears prima facie unreasonable, disproportionate, WhatsApp is having a right to approach the Court and seek a stay. 

In view of the above the petition does not deserve to be admitted particularly with any interim stay. 

We hope that the Court will take a view of the petition in the context where the international social media giants like Twitter and Face Book/WhatsApp wants to take control of the news narratives in India and manipulate the public opinion for a regime change.

I hope the Government of India brings to the notice of the Court the conspiratorial aspects of this petition.

P.S: Meity has issued a press note and a  notice  to the intermediaries to explain its stand. Ministry of I& B has also issued a press note.

Naavi

Previous Reference Articles:

New Intermediary Guidelines- February 25, 2021

The New Digital Media Regulation and the New Media War: March 2, 2021

Can Twitter be tamed under ITA 2000?..February 12, 2021

Twitter high on Technology Intoxication…February 3, 2021

Quit Twitter..February 4, 2021

Let Indians go for a “Twitter Silence” and move over to “Tooter” or “Koo”

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

6 Responses to WhatsApp petition deserves to be rejected at admission stage itself.

  1. hrishikesh bedi says:

    Comparing ‘Privacy by design’ of GDPR and ‘End-to-End’ Encryption in architecture is like comparing the technology used in creating mobile devices and technology used to create desktops, Built by same people while creating a product but completely different rules of creation, implementation and potential problems. It equivalent to saying that one should look into ways to consume detergents as they kill the virus of Covid-19.
    Secondly, the whole point of whatsapp is to enable the customers to receive messages directly, there are no servers involved for communication.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.