WhatsApp Threatens to Exit India- Encryption vs IT Rules 2021
In this post, we delve into the intricate legal and technological battle unfolding between WhatsApp and the Indian government. Examining the clash between encryption principles and India's IT Rules 2021, we explore the implications of WhatsApp's threat to exit India if forced to compromise encryption. From interests of privacy and national security to the arguments presented in the courtroom, this blog navigates the complexities of the case.
Suraj
5/14/20243 min read
“As a platform, we are saying, if we are told to break encryption, then WhatsApp goes,” the lawyer, Mr. Tejas Karia, appearing for WhatsApp told the Delhi High Court.
IT Rules 2021 in Question
After the enactment of Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules) by India's Ministry of Electronics and Information Technology (MeitY) to regulate digital media platforms in India, several cases were filed in Bombay, Madaras and Delhi High Court challenging these new rules. IT Rules 2021 requires the messaging app to trace chats and make provisions to “identify the first originator of information”, which essentially means breaking the “end-to-end” encryption policy.
The impugned Rule 4(2) has been reproduced here:
“Additional due diligence to be observed by significant social media intermediary 2 [and online gaming intermediary] (2) A significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer resource as may be required by a judicial order passed by a court of competent jurisdiction or an order passed under section 69 by the Competent Authority as per the Information Technology…”[1]
End-to-end Encryption Policy
Paraphrased from the official website[2]:
WhatsApp ensures that only the sender and receiver of messages can read or listen to them by using end-to-end encryption. This means that user messages, photos, videos, voice messages, documents, status updates, and calls are all securely protected from being accessed by unauthorized parties.
Security is a top priority for WhatsApp and a key feature it offers. Since adding end-to-end encryption in 2016, keeping digital information safe has become increasingly important. WhatsApp cannot view the content of encrypted messages or listen to calls because encryption and decryption happen only on the users' devices.
Meta vs Union of India
The IT Rules’ provision of identifying the “first originator of information” comes in contradiction with the encryption policy of Meta-owned WhatsApp. For collective hearing, the Hon’ble SC, through its vested powers, transferred the pending cases from Bombay and Madaras HC to the Delhi HC.
While the central govt. is adamant about its opinion of strengthening national security and reducing the spread of fake news (which can also be understood from the recent commotion around the “fact check unit”), WhatsApp has stated a few arguments to defend itself and also to potentially ask the court to declare in their favour by pronouncing Rule 4(2) of the IT Rules 2021 as unconstitutional.
The lawyer has stated that privacy of users is the biggest concern for WhatsApp. Even WhatsApp itself has no ability to see the content of messages or listen to calls that are end-to-end encrypted. Invasion of privacy is a ground taken by WhatsApp to urge the court to declare the impugned rule as unconstitutional. Secondly, it has been argued that the IT Rules 2021 were introduced without any consultation. Thirdly, to identify the first originator, WhatsApp will be required to store millions of chains of messages for years to come which is quite a difficult request.
What did the Delhi HC say?
The matter was heard on 25th April 2024 by a division bench of the Delhi High Court comprising Chief Justice Manmohan and Justice Manmeet. Lawyers of both sides represented their case. The bench asked Mr. Karia if any other country had set any precedent in the matter to which Mr. Karia replied in a negative, “Not even Brazil” he said. Finally, the bench ordered that the matter be listed for hearing on August 14 to await the transfer of all other petitions challenging several aspects of the 2021 IT Rules to it pursuant to a Supreme Court order.
What are the looming issues?
In our opinion, there are many issues that will be clarified by the Hon’ble Court, but to list a few:
1. What provisions of IT Rules 2021 are unconstitutional and need to be severed?
2. Under what circumstances can end-to-end encryption be broken?
3. What other ways are available to ensure social security besides breaking end-to-end encryption?
Conclusion/ Summary
WhatsApp threatens to leave India if forced to break encryption under IT Rules 2021, mandating chat tracing. The Delhi High Court hears the case, debating privacy versus national security. WhatsApp argues against Rule 4(2), stating invasion of privacy and lack of consultation. The court orders further hearings for pending petitions. Key issues include the constitutionality of IT Rules, circumstances for encryption breaches, and alternative security measures. The case reflects global debates on digital privacy and regulation.
References
[1]. https://www.meity.gov.in/writereaddata/files/Information%20Technology%20%28Intermediary%20Guidelines%20and%20Digital%20Media%20Ethics%20Code%29%20Rules%2C%202021%20%28updated%2006.04.2023%29-.pdf
[2] https://faq.whatsapp.com/820124435853543/?helpref=hc_fnav
