‘China model of censorship’: Proposal to trace online content sparks concern
Only a few weeks ago the Australian govt had passed a similar law that forces tech companies to hand over encrypted messages
The Indian government has proposed draft amendments to a law governing online content which would require social media platforms to trace the originator of a message, use “automated tools” to proactively detect and remove “unlawful information” and set up a business entity in India.
The proposed rules sparked concerns among privacy activists. “These draft changes which are being mooted rather than checking misinformation will introduce a China model of censorship,” the Internet Freedom Foundation (IFF), a privacy rights organisations, said in a tweet.
The Ministry of Electronics and Information Technology (MeitY) has prepared the draft Information Technology (Intermediary Guidelines) Rules 2018 to replace the rules notified in 2011 under the Information Technology Act, 2000. Intermediary refers to platforms such as Facebook and Twitter.
The move was triggered by concerns raised by Rajya Sabha members in July this year about the “misuse of social media and propagation of fake news causing unrest and violence”—especially referring to incidents of mob lynchings driven by rumours circulated on WhatsApp.
The rules were placed for public consultation after the Indian Express first reported they were being discussed by the government and online platforms in “confidential” meetings. The report led to outrage and speculation among Netizens that apparently led to the public release of the draft rules. People can submit comments to the ministry by January 15, 2019.
NN Kaul, a media advisor to IT Minister Ravi Shankar Prasad, rejected that the meetings were secretive. “Meetings with private bodies are never secret,” he said.
“The consultation process is still on. There is no question of any rules being drafted as of now. Only after January 15, when the public opinion reaches us, will we start thinking in terms of amendments that are needed,” Kaul said. “We are having a review of the guidelines. In the process, we consulted industries and some of the states. Now we have put this up for public.”
A key proposal of the new rules, ensuring traceability, would require messaging apps like WhatsApp and Signal to break the built-in end-to-end encryption.
In platforms that have enabled end-to-end encryption, only the sender and receiver of a conversation can see the messages that are exchanged. The platforms have no way of viewing end-to-end encrypted messages, meaning companies will be forced to either rewrite software or install backdoors to gain access to the messages.
The move comes weeks after the Australian government passed a similar controversial law that forces technology companies to hand over encrypted messages, even if end-to-end encrypted, to law enforcement agencies, a first in the world.
“This has important consequences for everyday users of online services and should also be seen in the context of the MHA notification which activates a 2009 rule which hold the power to direct, ‘decryption’,” IFF said.
“We do not have any proper parliamentary oversight or judicial check on surveillance and the latest draft rules, if they go through, would be a tremendous expansion in the power of the government over ordinary citizens eerily reminiscent of China’s blocking and breaking of user encryption to surveil its citizens,” the privacy advocacy group wrote on its website.
Five major changes have been proposed to the Intermediary rules.
First, the traceability requirement. “The intermediary shall enable tracing out of such originator of information on its platform as may be required by government agencies who are legally authorised,” as per the draft rules. Platforms will be required to furnish information within 72 hours of a request by a government agency.
Second, any platform with more than five million users in India or specifically notified by the government will be required to register a company and have a permanent registered office in India. Such firms will also be required to appoint a nodal person of contact in India to coordinate with law enforcement agencies.
Third, platforms will be required to preserve information for at least 180 days (an increase from 90 days) for investigation purposes
Fourth, the platforms will be required to “deploy technology based automated tools” for “proactively identifying and removing or disabling public access to unlawful information or content.” The IFF said that the pro-active filtering “would result in widespread takedowns without any legal process or natural justice,” which would shift the “duty of the state to a private party.”
Fifth, the platform shall inform its users on a monthly basis about the rules and regulations of the platform, and warning for immediate termination in case of violation.
Congress spokesperson Abhishek Manu Singhvi said that violating the privacy of people has become a norm for the Narendra Modi government.
“Be it a journalist whose ‘sources’ for a particular story can now be traced; be it any opposition leader whose strategy or discussions shall now become open to government scrutiny; be it bureaucrats or officers who do not often toe the ruling political party’s line; or be it businessmen whose ‘ease of doing business’ shall now be hampered by harassment; or be it ordinary citizens whose private conversations shall now become a ‘decrypted’ file in government’s offices. Nobody will have the fundamental Right to Privacy and all this will only lead to an Inspector Raj!” Singhvi said.