October 23, 2023
Good morning. On account of Ayudha Pooja, we are taking a day off today. We will not be publishing this newsletter tomorrow. See you on Wednesday!
In today’s either/view, we discuss whether the government should have access to the first originator of messages. We also look at the panic surrounding plastic rice in Goa, among other news.
📰 FEATURE STORY
Should the government have access to the first originator of messages?
End-to-end encryption (E2EE) is a method of secure communication that prevents third parties from accessing data while it is transferred from one system or device to another. However, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 imposed upon certain social media intermediaries the obligation to enable the identification of the first originator of certain messages should the government demand so.
While such a demand tears apart the basic principles of E2EE, it has been justified by the Indian government in the name of national security. But the legality of such a law and complaints of technical feasibility by intermediaries notwithstanding, is such a potential tool for mass surveillance morally justifiable in a democratic country?
Context
Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules were brought into effect in February of 2021. Among other things, the legislation defined SSMIs or Significant Social Media Intermediaries as intermediaries with more than 5 million registered users or any other intermediary the government designated as presenting a material risk of harm to the state security or the sovereignty or integrity of India.
Sub-rule 2 of Rule 4 of the legislation, prescribes additional due diligence to be observed by these SSMIs. It specifies that SSMIs providing primarily messaging services should enable the identification of the first originator of information when it is required either by a court through a judicial order, or an order passed by a ‘competent authority’ as per the Information Technology (Procedure and Safeguards for interception, monitoring, and decryption of information) Rules, 2009.
This identification of the ‘first originator’ of a message goes against both the process and the principles of E2EE which has been a cornerstone of messaging applications. In E2EE, the data is encrypted on the sender’s system or device, and only the intended recipient can decrypt it. As it travels to its destination, the message cannot be read or tampered with by an internet service provider (ISP), application service provider, hacker, or any other entity or service. However, the then Electronics and IT Minister Ravi Shankar Prasad had described the law as a “soft-touch oversight” mechanism to deal with issues such as the persistent spread of fake news, abuse of these platforms to share morphed images of women and contents related to revenge porn.
The law and others like it the world over have caused a debate between the privacy of users and the government’s claims of “public interest, order, and national security”. Interestingly, most efforts to force service providers to build backdoors or provide other methods to access user messages have been from the Western world. This is because laws in countries like China, Russia, and Turkey have outrightly banned E2EE.
The rules’ proposals initially recommended two levels of encryption for messages. Each message would be encrypted as is currently the practice. Additionally, the originator’s information would be encrypted and tagged with the message when it is forwarded. The intermediary platform would hold the key to decrypt the originator’s information and would use the key to reveal the originator’s information for a particular message in response to an authorised order. In addition, users would have to mark a message as “forwardable” or “non-forwardable” as a means of indicating consent to assuming responsibility as an originator. If a user originated a message and marked it as “forwardable,” their information would get linked with that message. But if they marked a message as “non-forwardable” and someone nevertheless forwards it, then the forwarder would become the originator of the message.
Naturally, the technical load led to the rules being challenged by WhatsApp in the Delhi High Court. WhatsApp (and many free speech activists) claims that these requirements will force it to break E2EE, as well as the privacy principles underlying it, and infringe upon the fundamental rights to privacy and free speech of the hundreds of millions of citizens using it to communicate privately and securely.
VIEW: Nation First, Always
Governments’ desire to view citizens’ communications for stated national security or societal benefit is not a new concept. Soon after the rollout of commercial internet, the US National Security Agency (NSA) introduced the Clipper chip, an encryption device with an acknowledged backdoor for government access. Following the events of 9/11, Congress had passed the Patriot Act which made it easier for the US government to monitor Americans by expanding the authority to monitor phone and email communications. In 2018, the ‘Five Eyes’ governments (the US, UK, Canada, Australia, and New Zealand) demanded that service providers create customised solutions to help them monitor their citizens or else face legal hurdles. Brazilian courts, on the other hand, compelled WhatsApp to shut down after it refused to provide extensive information like IP addresses, customer information, geo-location data, and physical messages.
The Indian requirements in comparison are very mild. The provision itself provides that an order shall only be passed when the content relates to the sovereignty, integrity, and security of India, public order, rape, sexually explicit material, or child sexual abuse material. There is also the additional rider that no such order shall be passed where other less intrusive means are effective in identifying the originator of the information. The provision also clarifies that the platform shall not be required to disclose the contents of the message, any other information related to the first originator, or any information related to its other users.
There is also the aspect that 52% of Indians receive their news from WhatsApp. The content and messages spread on these platforms can potentially be harmful as repeated incidents of mob lynchings have shown. Thus, such measures also become important to maintain order and apprehend such perpetrators who sow discord.
The much-cited Right to Privacy in India is, like all fundamental rights, subject to reasonable restrictions. As long as the government can be trusted to use the knowledge gained only for the defence of the nation, the public is compensated for the costs of diminished privacy in increased security from threats like terror attacks.
COUNTERVIEW: Literally 1984
Critics of the rules argue that asking intermediaries to record first originators is ‘ultra vires’ or beyond the powers accorded to the government under the Information Technology Act, 2000. In addition, most of these orders (to reveal the first originator) are likely to be issued by sycophantic bureaucrats rather than coming from judicial officers. For such orders, the law provides no legal structure to guarantee or even scrutinise an incompetent or mala fide claim by an investigating agency.
Another glaring point would be that terrorists are unlikely to be using WhatsApp or any other SSMI to coordinate terror attacks. Revelations of terror doctrines such as those recovered from Bin Laden’s stronghold show him strongly advising others to not use technology for communication as it is open to interceptions.
On the other hand, once message decryption backdoors are legalised, they become permanent weaknesses in the system that can be exploited by hackers. Authoritarian governments have historically overstepped their bounds and trampled on civil liberties when political expediencies arise using laws meant for terrorists on domestic dissenters.
Allegations of Pegasus and implanting evidence on the Bhima Koregaon accused do not inspire confidence in the government’s credibility. It is also not difficult to imagine that with time, the scope of targeted messages evolves from “I plan to undermine the Indian State” to “I don’t like the XYZ government.”
There is also the fact that the government already has a vast array of other monitoring methods that they can use in legitimate investigations. Platforms already provide the government with a host of ‘basic subscriber data’ allowing them to trace users using phone numbers, names, device info, last connection, IP and email addresses, and web-client data. The government also has other legal powers such as wiretapping, geo-location, and physical surveillance of suspects as and when required.
Instead, identification of first originators requires weakening the privacy of millions of Indians to trace a few potentially bad actors, for whom the law remains unclear and inept to charge and find guilty.
Reference Links:
- Identifying first originator of info undermines privacy, free speech – The Economic Times
- New Intermediary Rules in India Imperil Free Expression, Privacy and Security – Centre for Democracy and Technology
- Govt announces new social media rules to curb its misuse – The Hindu
- India responds to WhatsApp, says no intention to violate right of privacy – Mint
What is your opinion on this?
(Only subscribers can participate in polls)
a) The government should have access to the first originator of messages.
b) The government should not have access to the first originator of messages.
🕵️ BEYOND ECHO CHAMBERS
For the Right:
What the name games at the Narendra Modi Stadium tell us about India today
For the Left:
Gandhi: a flawed feminist?
🇮🇳 STATE OF THE STATES
Conserve Yamuna floodplain (Delhi) – The National Green Tribunal has appointed a high-level committee for an action plan to conserve the O-II zone of the Yamuna floodplain. The committee will look into removing encroachments from the zone and submit its report by January 30, 2024. Thousands of hectares of the floodplain are in the 22 km stretch of the Yamuna falling in Delhi from Wazirabad to Palla.
Why it matters: In July, the river’s level had broken previous records and reached 208.6 metres, flooding low-lying areas. Delhi often floods due to unauthorised construction on the floodplain. The Delhi Development Authority’s (DDA) 2041 master plan divides the O zone into Zone O-I and Zone O-II. The former is highly encroached and makes up only about 35% of the entire floodplain.
Plantation brand (Kerala) – The state government will set up a Kerala brand for the plantation sector to increase production and revenue. The government has already initiated several projects on this front. If a plantation is 10 acres above the stipulated area for commercial crops, it will be allowed to set up a fruit park. The state will provide a ₹3 crore grant for this.
Why it matters: The state accounts for 46% of the total plantation area in India. It’s also the first to establish a dedicated plantation directorate under the Department of Commerce and Industries and give the sector industry status. Small-scale farmers wanted fruits like avocado and rambutan to be included under plantations and more land for cultivation.
Spotting the tiger (Odisha) – The state government has formed five teams to spot the Royal Bengal Tiger captured in a trap camera at the Mahendra forest range. Photos of the cat were captured by cameras installed in the nearby areas of Santoshpur near Gandahati. Officials will also ask nearby residents to not let their domestic animals roam free and to not venture into the forests in the evening.
Why it matters: A video of a tiger roaming on the border near Gunupur in Rayagada district went viral on social media in August. Locals discovered the carcass of a cow, suspected to be the tiger’s doing. Officials think it’s the same tiger that may have migrated to the Gajapati district. The news comes as the state forest department began its tiger census in the state.
Plastic rice panic (Goa) – There has been some panic among locals after news spread on social media of plastic rice being sold in fair-price shops in the state. The state government had to clarify that this was false and that only fortified rice was being sold. The Department of Civil Supplies and Consumer Affairs clarified that the fortified rice kernels are made with rice powder and mixed with micronutrients.
Why it matters: There have been previous instances of the Civil Supply Department supplying rice infested with maggots, mites and fungus to ration card holders. A check of the godowns by the Food and Drug Administration refuted the latest news about plastic rice. The rice sold in the fair price shops is certified by the Food Corporation of India and is only sold through the public distribution system.
NRC uncertainty (Assam) – The National Register of Citizens (NRC) has been in limbo since 2019 when the final list of citizens was published. Now, the state government has sacked members of the Foreigners’ Tribunals (FT), who handle NRC cases. The members approached the Supreme Court, and the state said they didn’t have any work and were relieved of their duties. The state also said they received approval from the Centre about the decision.
Why it matters: The Foreigners’ Tribunals (FT) is a quasi-judicial body. Members are similar to judges. These additional FTs were meant to deal with the cases of 19.06 lakh people who were left out of the NRC list. The BJP government has been demanding the names in the final draft list be re-verified in 20% of the border districts and 10% of the remaining ones. The state government has filed an affidavit with the Supreme Court asking for a re-verification of the NRC.
🔢 KEY NUMBER
$410 billion – A report titled “How India Travels” from Booking.com and McKinsey stated that Indians will spend $410 billion in travel expenditure by 2030. This would make India the fourth-largest global spender.