Monitoring WhatsApp: Privacy vs law and order

Steps taken to prevent misuse of the platform have to be balanced with data privacy and security concerns, say experts.

The government recently asked instant messaging platform WhatsApp to “comply with Indian laws”, “bring in accountability” and “facilitate enforcement of law” to prevent the spread of fake news and rumours.

Legal experts agree that the government is well within its sovereign rights to ask any IM platform to comply with the law of the land or any such regulation which is necessary to maintain law and order.

But, several experts disagree over whether it is a good idea to ask a communication platform to monitor, report and filter any misuse; this may well go against the grain of the data privacy and protection regime currently in the works.

“The government is pretty strong in its legal standing asking the IM platform to comply with Indian laws,” says cyber law expert Pavan Duggal.

The IM platform is treated as an intermediary under Section 2(1)(w) of the Information Technology Act, 2000. Further, under Section 79 of the Act, such IM platform is mandated to exercise due diligence while discharging its obligations under the law, says Duggal.

This law is applicable to all legal entities whether they are physically located in India or not, so long as their computers, computer systems or networks are physically located in the country, experts add.

Cyber lawyer Prashant Mali points out that the government also has the option to invoke Indian Penal Code Section 268 of causing public nuisance or under abetment of crime mentioned under S 153A or S 295A of the Code. “WhatsApp by not regulating hate content sometime abets the same,” he says.

But many legal experts feel asking an instant messaging platform to don the job of the government and law-enforcement is a misplaced notion.

“Asking them (IMs) to assume more powers with absolutely little enforceable accountability or transparency is a recipe for disaster,” says Prasanna S, a lawyer actively involved in the shaping the data privacy regime.

“Asking a communications platform provider to proactively alert law enforcement authorities is a huge infraction of citizens’ right to communications privacy.”

According to another lawyer Raman Jit Singh Chema, any demand by the government for “traceability” of messages without specific new legal provisions may not survive the test of constitutionality.

Some experts find it disturbing that the government’s discussions on this issue with the instant messaging platform have been behind closed doors and not through the Cyber Regulatory Advisory Committee established through the Information Technology Act.

“Seeking to place a filtering or mass surveillance obligation on internet intermediary services is immensely dangerous,” says Chema.

Duggal too agrees that India needs to revisit the entire issue of intermediary liability to provide more effective remedies to affected persons.

“For that, India needs to have a fresh look at Section 79 of the IT Act, 2000,” he says.

Salman Waris, partner at law firm TechLegis, fears that efforts by the government to prevent spread of fake news through IM platforms may lead to the breach of individual privacy.

WhatsApp has been resisting the demand for traceability of messages citing that lack of end-to-end encryption may result in data privacy concerns. Experts say it is not clear whether the government is seeking such a feature absolutely or only for certain message trails involving objectionable content.

“Technically, implementing such a feature is possible. But it would have to be done balancing the data privacy concerns and, keeping in mind the overall digital security which may come to risk if the safeguards such as end-to-end encryption are relaxed,” says Punit Dutt Tyagi, executive partner, Lakshmikumaran & Sridharan. A balance needs to be achieved between the powers which are allowed under the IT Act and data privacy, in general.

Moreover, such powers should be exercised only for a limited/definite time period in order to curtail circulation of certain types of content which are either related to fake news or involve messages intended to incite violence, adds Tyagi.  

What could further shape the narrative for IMs platforms are the soon to be released recommendations by the Telecom Regulatory Authority of India on regulations governing Over-The-Top service providers.

The recommendations of the B N Srikrishna Committee on data privacy and protection regime will also influence the thinking of policymakers, say experts.