WhatsApp data to govt? Mechanism needed to ensure citizen’s rights and privacy

By: |
Published: January 24, 2020 4:40:26 AM

Even in the case of phone taps, the Justice Srikrishna panel has said India “lacks sufficient legal and procedural safeguards to protect individual civil liberties”.

While a WhatsApp has consistently claimed it cannot trace messages, some cyber experts claim it can share meta-data; but meta-data also reveals a lot of other information about individuals.While a WhatsApp has consistently claimed it cannot trace messages, some cyber experts claim it can share meta-data; but meta-data also reveals a lot of other information about individuals.

Chance are, when the government submits its final ‘intermediary guidelines’ to the Supreme Court later this month—meant for social media firms like Facebook and messaging services like WhatsApp—it will further tighten and reiterate some of the existing ones, like the tracing/origin of messages such as those on WhatsApp. The government needing such information in certain cases is understandable. Theoretically, for instance, WhatsApp forwards talking of a group of Muslims planning to slaughter cows can result in communal violence; so the government needs to know from where the messages originated. And, it would help the Delhi Police immensely if the originators of several WhatsApp messages in the recent JNU attacks can be traced. Logically speaking, if the government can trace/tap phone calls today, there is no reason why this should not extend to newer forms of messaging/communications. Indeed, in October last year, the US Attorney General, the UK secretary of state, and the Australian home minister, among others, wrote to Facebook, asking it to ensure that the police get lawful access to its content for precisely the same reason of maintaining law and order; firms like Apple and Facebook have also been petitioned by the US not to encrypt certain type of data—Apple has just dropped a plan to allow iPhone users to fully encrypt their data backup on the iCloud—as this could hurt their investigations.

The problem, however, is what this does to the privacy of individuals, which, the Supreme Court has ruled, is a fundamental right. While a WhatsApp has consistently claimed it cannot trace messages, some cyber experts claim it can share meta-data; but meta-data also reveals a lot of other information about individuals. Also, while the government is, right now, not asking for messages to be decrypted—WhatsApp and others say they do not have any decryption keys—the existing intermediary guidelines suggest it may do so soon. Section 9 of the guidelines say the intermediary must use tools for “proactively identifying and removing … unlawful information and content”; a WhatsApp or a Telegram is already being asked to monitor content that is supposed to be secret/encrypted.

Even in the case of phone taps, the Justice Srikrishna panel has said India “lacks sufficient legal and procedural safeguards to protect individual civil liberties”.

Despite there being an elaborate procedure being in place to authorise phone taps, ensuring a lot of thought goes into the taps, Srikrishna talks of the “review committee (having) an unrealistic task of reviewing 15,000-18,000 interception orders in every meeting”. The Personal Data Protection Bill tries to put in place a framework for this, with a Data Protection Authority looking after this and companies putting in data encryption standards to prevent its misuse, but the Bill says that none of this will apply to government agencies if ‘public order’, ‘security of the state’, ‘sovereignty and integrity of India’, etc are being affected.

Essentially, while the government has, in its intermediary guidelines as well as the personal data protection Bill, laid out very broad conditions under which it can ask for data, the safeguards for privacy haven’t really been spelled out.

There has to be an independent mechanism to monitor breach of privacy—maybe a SC-monitored process—and to see what the government is doing with the data it is collecting. Google had, last November, said that 500 Indians were targeted by ‘government-backed attackers’ using Pegasus software, and Pegasus, in turn, had said it only sold its software to governments; was this done by following due process, and for what purpose? In its Puttaswamy judgment on privacy being a fundamental right, the SC had talked of all intercepts needing to meet the tests of “necessity, proportionality and due process”; while examining the revised intermediary guidelines, the SC has to reiterate this.

Get live Stock Prices from BSE and NSE and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Next Stories
1Integrity pact against corruption: An effective tool or a paper tiger?
2Uttar Pradesh taking progressive steps in Ease of Doing Business and Ease of Living
3Success for PM Modi’s Demonetisation and GST move? Here’s what data analytics suggests