The information technology ministry this week reportedly proposed an amendment to rules under section 79 of the Information Technology Act.
This move, unsurprisingly, follows a notice issued to WhatsApp in July 2018, warning it against ‘abetting’ fake news as a ‘mute spectator’ through its end-to-end encryption technology, which could potentially invite legal action.
The Information Technology [Intermediaries Guidelines (Amendment)] Rules 2018 will insert a new rule 3(5), introducing traceability on online platforms, breaking this encryption in order to retain information including messages on WhatsApp.
The proposed amendment will also require intermediaries to coordinate and respond to government queries within 72 hours in case it is directed through an appointed nodal authority in order to ensure compliance with the law.
What to regulate – the fake news conundrum
Amid concerns raised by the judiciary and civil society about fake news on social media, the government has intervened to trace the origins of such content which deliberate misleads or misinforms public opinion.
The proposed amendment, however, falls short on several counts.
Without a clear understanding of what speech is ‘unlawful’, the amendment enables agencies to target groups and individuals based on mere suspicion and without confirming if the content is actually illegal. While Article 19(2) lays down reasonable restrictions on free speech, the understanding of fake news within free speech jurisprudence remains murky.
If the proposed purpose is to weed out fake news, it is imperative to first attempt to define or characterise it, rather than to preemptively censor speech. The large-scale implementation of this decision may lead to self-censorship and the muzzling of dissent, completely antithetical to democratic practice.
The proposed amendment, in this regard, seems to put the cart before the horse.
Who should regulate online content?
Beyond inquiring into what content the government intends to regulate, one needs to contemplate – who should regulate harmful content? Before the proposed amendment is given effect, there is a need to determine whether permitting government agencies to examine content is more desirable than self-regulation by intermediaries themselves.
The lynching of a series of individuals and alleged child-abductors by mobs based on false content circulated on WhatsApp led to an uproar and substantial public debate, and a belated realisation on the need for an improved framework for curbing fake news and its circulation.
However, adopting an alternative framework in the form of increased scrutiny of the executive over online content raises even greater concerns.
Serious privacy concerns
Why? Firstly because the relationship between privacy and free speech cannot be overstated. In the absence of privacy, each component of free speech – conceptualisation, expression and dissemination – integral to the exchange of ideas is compromised.
Disturbingly, the amendment may have a chilling effect on discourse, for even those within the confines of the law. While security hawks stonewall opposition with the ‘Nothing to hide, nothing to fear’ argument, the idea that only those responsible for nefarious activities need to hide from law enforcement is contrary to both common sense and public experience.
The attack on and arrest of activists, cartoonists and satirists has been the hallmark of State action on dissent for longer than one can imagine. While it sounds true that law-abiding citizens need not fear law enforcement, but often, the search through online history of socially respectable persons leads to denuding certain intimate aspects of their personality which they would rather preserve from public scrutiny.
The question therefore is not one of legality alone, but of intrusion and the right to one’s safe space. To ensure confidentiality of such accidentally obtained information is no more than a moral responsibility under the current law.
While rules under the IT Act contain few safeguards against such intrusion, they are neither adequate nor independent, as the Act itself relies on the ordinary Criminal Procedure for its enforcement. To protect fundamental liberties such as privacy, the need of the hour is the implementation of the Data Protection Act, not ad- hoc amendments to the existing law – an approach that has been failing us for decades now.
Data intrusion in the absence of data protection
Earlier this year, spurred on by the Supreme Court’s decision on the Right to Privacy – in which several judges remarked on the lack of a data protection framework in India – an expert committee set up under the chairmanship of Justice (Retd.) B.N. Srikrishna formulated the Draft Data Protection Bill.
The Bill addresses the crucial issues of data retention and purpose limitation, but is yet to receive parliamentary approval. With the Data Protection Bill yet to be tabled, it makes little sense to change an existing regulation – especially with the shadow of the 2019 elections looming large, and the likelihood of an increase in political chatter in coming months.
This amendment doubles the data retention period without any justification. Further, according to the draft, the purpose for which the data is demanded is to trace the individual or group from which the ‘unlawful’ content originated. This undermines the opacity of online platforms, especially private chats, allowing the state to demand any content it deems ‘unlawful’ to be handed over.
The call to ‘proactively employ technology’ for such identification with the burden upon the intermediary runs against the platform privacy model ensured through end-to-end encryption, which WhatsApp-like platforms operate on. Not only would this affect their business (user privacy being their USP), it would also lay bare all user data before the State before the legality of any particular content is settled.
Freedom of association and minority rights
Online platforms such as WhatsApp groups chats provide a safe harbour for people to virtually assemble at one place and express themselves, facilitating the freedom to assemble and associate, a constitutional guarantee under Article 19(1)(c). The proposed amendment could undermine this guarantee by hindering people from mobilising on groups.
This could disproportionately impact minorities, such as Dalits and Muslims, for whom social media can be a safe harbour enabling the assertion of their identity. Take for instance, the all India strike carried out Dalit groups in response to the SC judgement imposing preconditions on the arrests of public servants under the SC/ST Atrocities Act, 1989.
Despite the absence any central leadership, the marches were still federated, strung together using WhatsApp. Undermining end-to-end encryption, however, can lead to further marginalisation through intrusion into their personal space where attempts to curb Dalit expression (use the word ‘Dalit’, for instance) are part of our reality.
The unchecked proliferation of fake news on social media platforms poses a challenge for any government. From lynchings based on WhatsApp forwards to the innocuous dissemination of falsehoods about the secret lives of political figures, ‘fake news’ is a many-headed demon. A simplistic formulation for tackling it seems erroneous at the least.
Without any public dialogue or regard for the complexity of the issue, the government has jumped in the bandwagon to identify fake news, trace its source and penalise the perpetrator. In one fell swoop, it undoes the standards set by the DP Bill, despite its shortcomings, and rolls back to the archaic regulatory model of yesteryears.
The concerns for speech rights and privacy are not unfounded. These regulations, read along with last week’s MHA circular, hint at an expanded surveillance network within the nation. The ramifications of this escape nobody.
When the government decides to systematically intrude upon the private lives of its citizens, the line between the personal and the political no longer remains clear.
Agnidipto Tarafder is an Assistant Professor at The West Bengal National University of Juridical Sciences (NUJS), where he teaches a course in the Law of Privacy.
Siddharth Sonkar is a penultimate year student of the same institution with a keen interest in law and technology.
Published in arrangement with TheWire.in