In response to a question in the Lok Sabha on whether the government had any plan to introduce a mechanisms to trace ‘rogue’ WhatsApp messages, the Ministry of Electronics and Information Technology (MEITY) reiterated that an amendment to the IT Act would do just this.
Stating that WhatsApp would be considered an intermediary under the definition of the IT Act, MEITY said that they had “proposed to amend Information Technology (Intermediaries Guidelines) Rules, 2011 notified under section 79 of the IT Act, 2000” with the proposed amendments to mandate intermediaries “to enable traceability of the originator of the information which is expected to curb circulation of rogue messages.”
The proposed amendments were published by MEITY on December 12, 2018. If enacted, they would require intermediaries like WhatsApp to, within 72 hours of communication by lawful order, “provide such information or assistance as asked for by any government agency or assistance concerning security of the State or cybersecurity.”
In addition, intermediaries with more than 50 lakh users in India must have a “nodal person of contact and alternate senior” for 24x7 coordination with law enforcement agencies.
In October, the government told the Supreme Court that the process to notify the new rules would likely be completed by January 15, 2020.
The traceability of WhatsApp messages has long been a point of contention for the government, as the Facebook-owned company uses end-to-end Advanced Encryption Standard (ARC) 256-bit encryption for messages sent on its platform.
Over fears of fake news and false information being spread through WhatsApp, the government has been keen to get providers like WhatsApp to identify the ‘originator’ of a message. But, in June, WhatsApp told the Madras High Court that it was impossible to track the sender of a message due to its end-to-end encryption.
In August, 2018, the Department of Telecom asked telecom operators and internet service providers who it could block apps like Whatsapp, Facebook, Telegram and Instagram among others.
MEITY also responded to a question on the Personal Data Protection Bill, regarding whether it had received the Justice B.N. Srikrishna report on the proposed categorisations of personal data. According to MEITY, “The committee in its report and the draft bill, proposed to categorise personal data into personal data, sensitive personal data and critical personal data. On the same lines as proposed by the Committee, it is proposed to categorize personal data into three categories of personal data namely personal, sensitive personal and critical personal data.”
It added that the committee’s report and a draft Personal Data Protection Bill were being processed as well as consultations and open feedback on it, adding that it was proposed that the bill be tabled in Parliament.
MEITY also said that there was no proposal to link Aadhaar with social media accounts. The Ministry also responded to a question on whether efforts were being made to block pornography from being shared on social media, to which MEITY said social media sites, as intermediaries, were required to inform their users not to upload obscene or pornographic content. In addition, steps have already been taken to curb the spread of child pornography, with the government asking ISPS to work out an arrangement with the Internet Watch Foundation (IWF)—a UK list of CSAM websites/webpages—“on a dynamic basis and block access to child pornography webpages/websites.”