India’s government wants to make it mandatory for platforms like Facebook, WhatsApp, Twitter, and Google to remove content it deems “unlawful” within 24 hours of notice, and create “automated tools” to “proactively identify and remove” such material.
It also wants tech companies to build in a way to trace the source of the content, which would require platforms like WhatsApp to break end-to-end encryption.
India’s Ministry of Electronics and Information Technology (MeitY) published the proposed rules on its website following a report on Monday by the Indian Express revealing the government’s proposal to modify the country’s primary IT law to work them in. The report comes days after India’s government seemingly authorized 10 federal agencies to snoop into every computer in the country last week.
The proposed measures have provoked concerns from privacy activists who say they would threaten free speech and enable mass surveillance.
Just went through alleged draft for changes to section 79 of the IT Act. This is a worrying change in the rules: what was meant to provide safe harbour enabling the internet to function being used as an enabling mechanism for govt to seek data on users from them, and precensor
This means private companies @facebook @twitter will use opaque technology to proactively CENSOR people from expressing themselves through speech, photographs, books, movies if they 'think' it is indecent, immoral, disrupts public order, defame people, hurt Indian sovereignty. +
The proposals would also require any platform with more than 5 million users in India to appoint a “person of contact” for “24x7 coordination with law enforcement agencies and officers”, keep a record of all “unlawful activity” for 180 days (or indefinitely if mandated by a court), and send monthly notifications to every user informing them that the platform can “remove non-compliant information” immediately and kick the user off.
A MeitY official discussed modifying India’s IT law to work in the new rules with representatives from at least seven tech companies including Google, Facebook, WhatsApp, and Twitter in a confidential meeting last week, reported the Indian Express.
If the proposals were to go ahead, it “would be a tremendous expansion in the power of the government over ordinary citizens, eerily reminiscent of China’s blocking and breaking of user encryption to surveil its citizens,” the Internet Freedom Foundation, a digital advocacy organization based in New Delhi, wrote on its website.
“[On] the face of it, [the government seems] to be contemplating pro-active censorship and breaking encryption with traceability,” Apar Gupta, an Indian Supreme Court lawyer and cofounder of the Internet Freedom Foundation, told the Indian Express. “They will make the internet a corporal environment, damaging the fundamental rights of users.”
The MeitY, Facebook, Google, and Twitter did not respond to BuzzFeed News’ request for comment.
WhatsApp, which has more than 200 million users in India, and will be among the largest companies affected should the proposed rules go into effect, declined to comment.
The company has repeatedly pushed back against the Indian government’s demands to build in message traceability, after angry mobs who fell for rumors and hoaxes that spread through the app killed more than 30 people in the country this year. “We believe that building ‘traceability’ into WhatsApp would undermine end-to-end encryption and the private nature of WhatsApp, creating the potential for serious misuse,” a WhatsApp spokesperson told BuzzFeed News earlier this year, adding that the company would not weaken the privacy protections it provides worldwide.
Sources familiar with WhatsApp’s thinking told BuzzFeed News that just a few months ago, it seemed India was preparing to support the most robust national privacy frameworks in the world, referring to a comprehensive data protection framework that a government committee formulated earlier this year that is yet to receive parliamentary approval.
It’s not clear, said these sources, whether India will now choose to be a leader in privacy or mass surveillance.
If India does work these rules into its IT law, it would have precedent: Earlier this month, Australia passed a controversial encryption bill that would require technology companies to give law enforcement agencies access to encrypted communications, saying that it was essential to stop terrorists and criminals who rely on secure messaging apps to communicate.