To stop terrorists using WhatsApp, govt needs information, but vital to ensure search doesn’t get as open-ended as Sec 66A was.
It is easy to believe the government is in the process of setting up a police state when, after news of how it has authorised 10 agencies to snoop into anyone’s computer, the media has reported its plans to put in place guidelines that will force ‘intermediaries’—like a WhatsApp—to both decrypt messages as well as to help trace their origin/path. It turns out the first story, while correct, was just the government formalising what was there in the Information Technology (IT) Act since 2009; while the need to intercept or decrypt messages was part of Section 69 of the IT Act of 2000, the guidelines on tracing the origin/path of messages is part of a draft that is up for consultation right now. To that extent, while it is true the media is guilty of misinterpretation, it is equally true that the government should have briefed people on the measures/plans so that there was no misinterpretation.
There are, as always, two sides to the story, both of which are equally important. For one, just as the law allows phone tapping today, when a large part of the action moves to encrypted calls/messaging platforms like WhatsApp and Telegram, it is only natural that the government wants to access it in as much of real time as possible. If a terrorist is passing on information on the likely bombing of a metro station, the government of the day can hardly wash its hands off the case by saying it couldn’t possibly have tried to access the information as it was on WhatsApp since accessing that was, in a fundamental sense, a breach of privacy that was reinforced by the Supreme Court (SC) when it ruled that the right to privacy was a fundamental right or when it, earlier, struck down Section 66A of the IT Act.
There is, of course, the issue of whether platforms/intermediaries like WhatsApp can even comply with the directives. Section 69 of the IT Act talks of the need to intercept, monitor and decrypt messages, but in the past, WhatsApp, and BlackBerry before that, have maintained that they have no master key for decryption as the encryption takes place at the level of the phone. In which case, these platforms will have to both come up with a solution and also examine as to whether disclosing such information—assuming they can access it—is in keeping with their business model/USP. Once you get past that, you realise what the government is proposing is very open-ended and open to abuse.
The draft guidelines that are being debated right now talk of content that is grossly harmful, harassing, blasphemous, defamatory, obscene etc; much of this is subjective and open to interpretation/abuse to curb any form of dissent and criticism; in the past, such blanket powers have been grossly abused by the government. Section 66A of the IT Act that the SC struck down seemed reasonable in wanting to punish anyone “for sending offensive messages through communication service, etc” since these messages included spreading hatred or criminal intimidation. Yet, two girls in Mumbai were arrested under this section for criticising the shutting down of Mumbai after the death of Shiv Sena leader Bal Thackeray; the SC, rightly, said 66A was too open-ended and open to abuse.
So, while the government is within its rights to want to know the contents of messages and to trace them, it needs to ensure there isn’t the kind of gross abuse there was of Section 66A or even the sedition law (124A of the IPC) in the past; it is also possible that Section 79 of the IT Act that SC came down on is being violated by putting new obligations on the likes of WhatsApp. The only way to meet the needs of the state while ensuring no abuse takes place is a robust ongoing review mechanism—through a panel—involving not just government but also the judiciary.