India likely to force Facebook, WhatsApp to identify the originator of messages
New Delhi is inching closer to recommending regulations that would require social media companies and instant messaging app providers operating in the nation to help law enforcement agencies identify users who have posted content — or sent messages — it deems questionable, two people familiar with the matter told TechCrunch.
India will submit the suggested change to the local intermediary liability rules to the nation’s apex court later this month. The suggested change, the conditions of which may be altered before it is finalized, currently says that law enforcement agencies will have to produce a court order before exercising such requests, sources who have been briefed on the matter said.
But regardless, asking companies to comply with such a requirement would be “devastating” for international social media companies, a New Delhi-based policy advocate told TechCrunch on the condition of anonymity.
WhatsApp executives have insisted in the past that they would have to compromise end-to-end encryption of every user to meet such a demand — a move they are willing to fight over.
The government did not respond to a request for comment Tuesday evening. A WhatsApp spokesperson declined to comment. Sources spoke under the condition of anonymity as they are not authorized to speak to media.
Scores of companies and security experts have urged New Delhi in recent months to be transparent about the changes it planned to make to the local intermediary liability guidelines.
The Indian government proposed (PDF) a series of changes to its intermediary liability rules in late December 2018 that, if enforced, would require to make significant changes millions of services operated by anyone, from small and medium businesses to large corporate giants such as Facebook and Google.
Among the proposed rules, the government said that intermediaries — which it defines as those services or functions that facilitate communication between two or more users and have five million or more users in India — will have to, among other things, be able to trace the originator of questionable content to avoid assuming full liability for their users’ actions.
At the heart of the changes lies the “safe harbor” laws that technology companies have so far enjoyed in many nations. The laws, currently applicable in the U.S. under the Communications Decency Act and India under its 2000 Information Technology Act, say that tech platforms won’t be held liable for the things their users share on the platform.
Many stakeholders have said in recent months that the Indian government was keeping them in the dark by not sharing the changes it was making to the intermediary liability guidelines.
Nobody outside of a small government circle has seen the proposed changes since January of last year, said Shashi Tharoor, one of India’s most influential opposition politicians, in a recent interview with TechCrunch.
Software Freedom and Law Centre, a New Delhi-based digital advocacy organization, recommended last week that the government should consider removing the traceability requirement from the proposed changes to the law as it was “technically impossible to satisfy for many online intermediaries.”
“No country is demanding such a broad level of traceability as envisaged by the Draft Intermediaries Guidelines,” it added.
TechCrunch could not ascertain other changes the government is recommending.