“Ripple effects of these provisions will have a devastating impact on freedom of expression, privacy and security,” Internet company Mozilla said.
(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
The Indian government recently notified new rules on how digital and social media platforms should operate in the country. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, tweaks protection available to social media and OTT companies, and expands their compliance obligations. The Electronics and IT Minister Ravi Shankar Prasad, while announcing the rules, said it is a “soft-touch oversight mechanism”.
Among the several ramifications the new rules will have on “significant social media intermediaries”, (a new term to classify large platforms), one prominent area that will be hit most hard is end-to-end encryption.
“These rules will harm end to end encryption, substantially increase surveillance, promote automated filtering and prompt a fragmentation of the Internet that would harm users while failing to empower Indians,” Udbhav Tiwari, Public Policy Advisor at Mozilla, said in blog post.
He notes that the “ripple effects of these provisions will have a devastating impact on freedom of expression, privacy and security.”
Currently, messaging platforms like WhatsApp do not store source data. But, the newly issued rules mandate that, at the request of law enforcement agencies, platforms must trace ‘first originator’ of any message. This means, these platforms must store sensitive information or break end-to-end encryption protocol, a change that will weaken overall security.
The tracing part gets even more complicated in situations where the message originates outside India. In such cases, the ‘significant intermediary’ must identify the first originator within India, a mandate that makes “the already impossible task more difficult,” Tiwari said.
This change in tracking message origins “will weaken overall security, harm privacy and contradict the principles of data minimisation,” endorsed in MietY’s draft data protection bill, he added.
An Open Letter
In 2019, Mozilla, along with GitHub and Wikimedia foundation, wrote an open letter to the IT Minister on the government’s proposals on intermediary liability. In the letter, it said the proposed rules will transform “internet from an open platform for creation, collaboration, access to knowledge, and innovation to a tool of automated censorship and surveillance of its users.”
It also noted that the rules would place a “fatal burden” on many online intermediaries and start-ups as they will require an expensive filtering infrastructure and an army of lawyers.
And, for large corporations, the rules will incentivise them “to over-censor and take down lawful content in order to avoid the threat of liability and litigation.”
While the final rules contain some improvements from the 2018 draft such as limiting the scope of some provisions to large social media firms, user and public transparency requirements, and due process checks and balances around traceability requests, in its overall scope, the rules are “a dangerous precedent for internet regulation and need urgent reform,” Tiwari notes.
The new rules are already binding law, and provisions for large social media firms will come into force by around end of May 2021.