Social media norms: Sources of media must be traced, says Supreme Court

The government’s efforts to make popular messaging app WhatsApp come up with a methodology to trace the origin of messages which threaten law and order got a firm backing from the Supreme Court on Tuesday.

Expressing concern over the origin and spread of fake messages on social media platforms such as WhatsApp and Facebook, the SC gave three weeks to the government to apprise it about the status of intermediary guidelines and give definite timelines to frame a law to tackle the misuse of social media.

As is known, the government is in the process of framing guidelines for such intermediaries and has been in constant dialogue with senior executives of WhatsApp to put in place a process to trace the origin of fake messages.

So far, WhatsApp has maintained it cannot do the same as messages shared on its platform are end-to-end encrypted and cannot be broken because that would tantamount to invading individual privacy.

However, the SC did not accept any such argument and said, “We just cannot get away by saying that we don’t have the technology. If there is a technology to do it, there ought to be a technology to stop it.”

While messages on WhatsApp are end-to-end encrypted and can’t be read by WhatsApp, technology experts maintain that the company can trace the origin of the messages through source code.

Source codes are used in mobile phones and e-mail networks to trace messages. While in phone networks it is called call data record, in e-mails it is called Internet Protocol data record (IPDR). “If a grievance officer is there, upon a complaint the source code of the message can be traced. Every message, be it via SMS, e-mail or WhatsApp, has a source code and a destination code, and can be traced via it. This can happen without breaking either the encryption or privacy policy,” a technology expert told FE.

However, for such traceability there needs to be a domestic entity which is bound by local laws mandating how long the data is stored by the company concerned. Currently, there’s no policy on local data storage and for what time period. Though WhatsApp cooperates with investigating agencies upon a complaint, globally too, it is not regulated as to how long it needs to store data.

Since on Tuesday a bench led by justice Deepak Gupta asked the Centre to file an affidavit within three weeks detailing framing of statutory guidelines for sharing of information by social media platforms with law enforcement agencies without compromising individual privacy and protecting the sovereignty of the State, a clear-cut regulatory framework is expected to be put in place within a defined time limit. “Originator (of fake messages) must be traced. At the same time, sovereignty of the nation and the privacy of individuals should be maintained.

Neither we, nor a high court can decide. It is for the government to come up with a policy,” the SC said.
“It is dangerous the way the technology is going. After the last hearing I researched and found I could buy an Ak-47, on the dark web, in 30 minutes,” Justice Gupta said, adding, “I was telling someone I want to give up my smartphone”.

Solicitor General Tushar Mehta told the SC that discussions and debates on the draft rules are going on. However, it would not be possible to fix a time-frame for notifying the rules. He agreed that it was necessary to “balance public interest with privacy”.

The SC’s observations came during a petition filed by Facebook and WhatsApp seeking the transfer of cases seeking the mandatory linking of social media profiles with Aadhaar number or any other government-authorised identity proof that are currently pending at the high courts of Madras, Bombay and Madhya Pradesh.