WhatsApp, the Facebook-owned social media platform, faces the heat with the government announcing in Parliament its desire to conduct an audit of its security features raising a question mark as to what’s up with WhatsApp. The Union government has said it will finalise and also notify rules for social media and digital media platforms by January 2020.
It is learnt that the draft rules are ready. And notification of new the Information Technology Intermediaries Guidelines (Amendment) Rules, 2018 is likely to be completed by 15 January 2020. The statement, made by Union Minister for Communications, Electronics and Information Technology Ravi Shankar Prasad, follows an uproar over revelations that spyware manufactured by an Israeli firm was installed in the instant messenger using ‘vulnerabilities’ in its system to snoop on Indians, mostly journalists and human rights activists.
The Union government has said it will finalise and also notify rules for social media and digital media platforms by January 2020. The draft rules are ready, the government told the
Supreme Court, but these need to be discussed with other ministries and also vetted by the law ministry.
In an affidavit filed in the Supreme Court, the ministry of electronics and information technology said that considering the “complexity of the matter and the significant impact it entails on the functioning of all stakeholders, including netizens, various government departments/ministries, social media platforms, messaging platforms, websites and mobile apps etc”, a conscious and bona fide decision was taken by the respondent ministry to call for further inter-ministerial consultation so that effective, robust and comprehensive rules, covering all aspects of matter can be framed.
And notification of new the Information Technology Intermediaries Guidelines (Amendment) Rules, 2018 is likely to be completed by 15 January 2020.” The government’s filing was a response to a September 24 instruction by the apex court, asking it to file an affidavit within three weeks on the timeline for drafting regulations for social media companies.
The government has since faced charges of illegal espionage on its own citizens. Sometime back a CBI probe was ordered into the Facebook-Cambridge Analytica controversy after it was revealed that the personal data of Indian citizens had been used without consent to influence voters. On September 24, the court also said the rules should strike a balance between state sovereignty and an individual’s privacy.
Stressing the importance of having these guidelines, the affidavit said: “Internet has emerged as a potent tool to cause unimaginable disruption to the democratic polity, it was felt that the extant rules to be revised for effective regulation of intermediaries keeping in view the ever growing threats toindividual rights and nation’s integrity, sovereignty, and security.” This is how social media platforms have evolved in India an elsewhere. Orkut was replaced by Facebook because of superior features, and WhatsApp overtook SMS for communication. Instagram has changed the way we communicate with the world.
The Centre has also informed Parliament that it was “empowered” to intercept, monitor and decrypt digital information within the ambit of the law. The minister of state for home affairs G. Kishen Reddy told in Lok Sabha “Section 69 of the Information Technology Act, 2000, empowers the central government or a state government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted, any information generated, transmitted, received or stored in any computer resource in the interest of the sovereignty or integrity of India.” He added “Section 5 of the Indian Telegraph Act, 1885, empowers lawful interception of messages on occurrence of public emergency or in the interest of public safety. This power of interception is to be exercised as per provisions of law.”
Regulatory mechanisms are welcome to take care of national, business and individual sensitivities, but these should not be used by the government for snooping. On its part, WhatsApp should strive to ensure secrecy of its data. The Union cabinet has given its approval to the Personal Data Protection Bill that seeks to lay down a legal framework to preserve the sanctity of “consent” in data sharing and penalize those breaching privacy norms.
In a first, the bill proposes social media platforms to create a mechanism so that for “every user who registers their service from India or uses their service from India, a voluntary verifiable account mechanism has to be made”, said a senior government official.
The provision puts the onus of creating the mechanism on the company. The provision is largely aimed at checking social media trolling.
The bill categorizes data into three categories — critical, sensitive and general. Sensitive data — financial, health, sexual orientation, biometrics, transgender status, religious or political beliefs. Critical data will be defined by the government from time to time and has to be stored and processed in India. Any data that is non-critical and non-sensitive will be categorized as general data with no restriction on where it is stored or processed. As at present there are no laws on the use of personal data and preventing its misuse, although the Supreme Court upheld the right to privacy as a fundamental right back in 2017.
In September 2018, the apex court affirmed Aadhaar’s constitutionality, saying the linking of the biometric-based identification card with PAN only involved minimal information to fulfil the larger public interest of the poor, who can use it to obtain benefits and subsidies. The judgment was a key step in firming up rules and regulations for data protection and privacy norms. Now the bill will be introduced in Parliament soon and companies will be given some time for compliance once it becomes law. In the interest of national security, certain agencies can have access to personal data for any investigation pertaining to offences.
The government has also dismissed Google Threat Analysis Group’s (TAG) recent report that said more than 12,000 warnings were sent to users across 149 countries against targets by government-backed attackers.
The search engine’s report had come in the midst of cases of snooping that rocked the nation, with the Centre asking Facebook-owned WhatsApp to strengthen security and prevent further breaches. Last month, reports said a security loophole in the messaging platform was used to spy on more than a hundred individuals in India.
Technology firms such as Google and Facebook are under immense scrutiny worldwide, including India, for spreading fake news, misinformation and breach of user privacy. The Cambridge Analytica scandal, the Pegasus spyware attack on WhatsApp and the growing misuse of social media platforms to spread misinformation have made governments world over, including in India, realise the need of strict guidelines to regulate these platforms.