Experts Fear For Privacy, End-to-end Encryption
By Aishwarya Jagani
America’s tech giants have felt the sting of the Indian government’s crackdown on online speech, pushing back against tough new IT regulations over privacy and surveillance concerns — while scrambling to maintain access to one of the world’s major growth markets.
The increasingly tense dispute has played out in public in recent days, with Prime Minister Narendra Modi appearing to stifle the social media platforms that conveyed intense criticism of his government’s handling of a deadly second-wave of the COVID-19 pandemic.
Modi has explained the strict new IT measures as crucial for national security and public health. Others said the measures were a bold move to slow the growing power of Big Tech — notably WhatsApp, the Facebook-owned messaging service with more than 390 million active users in India.
Dissent has also grown: T.M. Krishna, the celebrity singer, writer and activist, on Thursday joined a range of journalist groups and digital protection experts in denouncing the new government regulations for violating Indians’ constitutional right to privacy.
In March, an open letter from 10 global privacy advocates, including Access Now, the Electronic Frontier Foundation (EFF) and Human Rights Watch, described the new rules as “digital authoritarianism.” In a blog post, the EFF’s Katiitza Rodriguez wrote: “These rules threaten the idea of a free and open internet built on a bedrock of international human rights standards.”
Forced to Comply
Silicon Valley has hit back as well, protesting that India’s new rules would force companies like Twitter, Facebook, WhatsApp, Instagram and Google to comply with state-sponsored mass surveillance and censorship.
Under the new regulations, which came into effect on May 25, messaging apps like WhatsApp and Signal would be forced to break the end-to-end encryption that protects the sender and recipient from outside readers.
On May 26, WhatsApp filed a lawsuit to block the Indian government’s regulations, citing a violation of privacy rights in India’s constitution. The case, described as unprecedented by a foreign tech company, invoked a 2017 High Court case ruling that privacy was a fundamental right enshrined in India’s constitution.
The new rules, according to a WhatsApp statement, represented “profound and serious harms for digital news media.” Privacy experts in India and around the world have called the new regulations an attack on privacy and a serious threat to end-to-end encryption.
A major concern of the tech giants’ is traceability, which would force messaging platforms to disclose the “first originator” of a tweet or message. Another worry was a standing order to remove all content flagged by authorities within 36 hours, including what the government classifies as misinformation about the pandemic.
Additionally, three senior positions in each Indian branch of the foreign company — chief compliance officer, liaison officer and grievance officer — must be held by citizens of India.
Even so, WhatsApp’s lawsuit came as a shock to many. Parent company Facebook has reportedly worked closely with the Indian government in recent years, even taking flak for allegedly going lightly on incendiary posts by Indian politicians.
The Modi administration has so far stuck to its hard-line on national security and public safety.
“The government respects the Right of Privacy and has no intention to violate it when WhatsApp is required to disclose the origin of a particular message,” the Ministry of Electronics and Information Technology said in a statement after the WhatsApps lawsuit.
Encryption Under Attack
Namrata Maheshwari, a policy fellow at Access Now, the New York-based digital rights group, said the traceability required to secure “first originator” content would force end-to-end encrypted services to fundamentally re-design their architecture.
“The core promise of privacy and security of such messaging platforms would be compromised, leading to a chilling effect on free expression,” said Maheshwari in a statement to Digital Privacy News.
“A defining feature of end-to-end encrypted services, such as WhatsApp and Signal, is that no party other than the sender and the intended recipients, including the service provider, can access the content or discern who sent which message to whom.”
The EFF said the government’s claim that the new rules would not disrupt the normal functioning of WhatsApp was “bizarre,” according to a statement from the San Francisco digital rights group.
“Encryption is one of the most powerful tools individuals have for maintaining their digital privacy and security in an increasingly insecure world,” said Karen Gullo of the EFF.
“Attacks on encryption are already coming from governments around the world, from Australia to India to Singapore to Kazakhstan.”
Pavan Duggal, a Supreme Court advocate who has worked on cases involving Google, Twitter and Facebook, said the WhatsApp lawsuit was a bold move in the state-tech dynamic now playing out in India’s halls of power.
Duggal said he did not consider the new IT guidelines authoritarian or anti-privacy.
“Using encryption for a legitimate purpose is not an issue with sovereign governments,” he told DPN. “It is the misuse of encryption for cybercriminal activities that governments around the world are seeking to regulate.”
The escalating dispute appears to be heading for the Indian courts, where it is notoriously difficult to win a case involving national security.
“In a number of other cases and lawsuits, service providers have argued over the constitutionality of India’s existing legal provisions,” Duggal said.
“But we have not yet seen a large tech company like WhatsApp ever filing such a suit and winning.”