WhatsApp moves Delhi HC against traceability clause in IT rules, calls it is unconstitutional
Introduction
Faced with a deadline to comply with the Indian government’s new rules for social media intermediaries, which needs them to make provisions for “identification of the first originator of the information”, Facebook-owned messaging platform WhatsApp has moved the Delhi High Court challenging this aspect of the new rules. The petition was filed on May 25, the final date of compliance alleging that the aforesaid clause is violative of a person’s right to privacy as enshrined in the Supreme Court judgment of KS Puttuswamy v. Union of India.
Whatsapp Arguments
The Whatsapp Spokesperson said that “Requiring messaging apps to ‘trace’ chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people’s right to privacy,”
He further added that “We have consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of our users. In the meantime, we will also continue to engage with the Government of India on practical solutions aimed at keeping people safe, including responding to valid legal requests for the information available to us,”
WhatsApp argues that “traceability inverts the way law enforcement typically investigates crimes”. “In a typical law enforcement request, a government requests technology companies provide account information about a known individual’s account. With traceability, a government would provide a technology company a piece of content and ask who sent it first,”
The post titled, ‘What is traceability and why does WhatsApp oppose it?’ says: “In order to trace even one message, services would have to trace every message. That’s because there is no way to predict which message a government would want to investigate in the future. In doing so, a government that chooses to mandate traceability is effectively mandating a new form of mass surveillance.”
Government Response
The Indian government said that it respects the “Right of Privacy” and has no intention to violate it when WhatsApp is required to disclose the origin of a particular message.
The statement released by the Ministry of Electronics and IT (MEITY) comes hours after the social messaging app filed a lawsuit in Delhi High Court challenging the government’s new digital rules saying the requirement for the company to provide access to encrypted messages will break privacy protections.
The statement added that “Such requirements are only in case when a particular message is required for prevention, investigation or punishment of serious offences such as sexually explicit content,” furthermore they said that, “The Government of India recognises that ‘Right to Privacy” is a Fundamental right and is committed to ensure the same to its citizens, Such requirements are only in case when a particular message is required for prevention, investigation or punishment of serious offences such as sexually explicit content,” the statement added.
However, it also added that as per all established judicial dictum, “no Fundamental Right, including the Right to Privacy, is absolute and it is subject to reasonable restrictions. The requirements in the Intermediary Guidelines pertaining to the first originator of information are an example of such a reasonable restriction.”
On this issue, IT minister Ravi Shankar Prasad has said, “the Government of India is committed to ensuring the Right of Privacy to all its citizens but at the same time it is also the responsibility of the government to maintain law and order and ensure national security.” He also stated that “none of the measures proposed by India will impact the normal functioning of WhatsApp in any manner whatsoever and for the common users, there will be no impact.”
Conclusion
The new 2021 IT Rules will now at least mandate reasons for such takedowns to be debated, and provided the three-tier grievance redressal mechanism works, it will provide material for the High Courts and Supreme Court to examine them, in the event Government actions are challenged. Intermediaries now have enhanced due diligence and monitoring burdens, and are also expected to continuously educate users on what can and cannot be posted. This will assist in establishing a trend of self-regulation, especially in relation to social media intermediaries, thanks to tools provided by artificial intelligence.
NEW SOCIAL MEDIA RULES TO CURB MISUSE OF SOCIAL MEDIA
Introduction
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (the “Intermediary Rules”) fundamentally change the way the internet will be experienced in India. Most notably, the Rules now will bring government control rather than regulation over digital news platforms and OTT video content providers. Several requirements under them suffer from unconstitutionality and undermine the free expression and privacy for millions of internet users in India.
On Feb 25, these rules were notified in the official gazette as the “Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021”. For convenience, let’s just call them the Intermediary Rules. The Intermediary Rules have replaced the Information Technology (Intermediaries guidelines) Rules, 2011 (or the 2011 Rules). In this post, we bring a much more in-depth and legal analysis of the Intermediary Rules breaking down the top five changes in each chapter that impact your digital rights.
Due Diligence Requirements for Intermediaries
The Rules came into effect on 25 February 2021. However, the provisions pertaining to due diligence requirements for significant social media intermediaries have been given a lead time of three months from the date of notification of the threshold of a significant social media intermediary (i.e. 25 February 2021) to implement the prescribed measures. Non-compliance with the provisions of the Rules may disqualify the intermediary from seeking exemption of liability under the IT Act and the intermediary may be liable to punishment under any law for the time being in force, including the IT Act and the Indian Penal Code 1860.
Furnishing information to the government: The Rules state that intermediaries must provide information for verification of identity or assistance to any lawfully authorised government agency for prevention, detection, investigation and prosecution of offences or for cyber security incidents, no later than 72 hours of receiving a written order.
Preservation of records: The Rules require intermediaries to preserve, maintain, and/or store the following information for 180 days: (a) any information that has been removed or access to which has been disabled under certain provisions of the Rules; and (b) user’s information regarding registration, after cancellation or withdrawal of such registration.
Disabling access: Intermediaries are not permitted to store, host or publish unlawful information which is prohibited under any law for the time being in force. In case such unlawful information is hosted, stored or published, the intermediary must remove or disable access to such information as early as possible, but within 36 hours of receiving a court order or being notified by a government agency.
Removal of/ disabling access to explicit content: The Rules require expeditious action from an intermediary to remove or disable, within 24 hours of complaint, access to any material exposing the private area of any person, material with any nudity or depiction of any sexual act or conduct, or impersonation in an electronic form. In addition, intermediaries must provide a mechanism for receipt of complaints from users to enable them to provide details in relation to such explicit content.
Grievance redressal: Under the Rules, intermediaries must prominently publish on website, mobile application or both- (a) the name and contact details of grievance officer and (b) the complaint mechanism. The grievance officer must acknowledge the complaint within 24 hours and dispose of it within 15 days and provide reasons to the complainant for any action / inaction.
Details to be published: Intermediaries must prominently publish rules and regulations, privacy policy and user agreement on its website, mobile based application or both. The users must be informed about types of information that are ‘objectionable’ which they shall not share, display, upload, etc. In addition to the types of objectionable information prescribed under the 2011 Rules, certain new types of information have been specified under the Rules. Therefore, intermediaries will have to consider revising the existing documents in this regard. Intermediaries must inform users at least once every year about (a) rules and regulations, privacy policy or user agreement and any changes thereunder; and (b) intermediary’s right to terminate user’s access or remove the non-compliant information from its platform in case of non-compliance with the rules and regulations, privacy policy or user agreement.
Other Diligence Requirements for Significant Social Media Intermediaries
Significance threshold: Social media intermediaries with fifty lakh (five million) registered users or more have been classified as significant social media intermediaries and are subject to additional due diligence requirements beyond those prescribed for intermediaries in general. However, the Government may require any other intermediary to also comply with the rules applicable to significant social media intermediaries if services of such intermediary impose a material risk to the sovereignty or integrity of India, security of the State, etc. While in practice this could prove to be more of an enabling provision for the Government, at this initial juncture it appears that even relatively smaller social media platforms, could be brought under the ambit of stricter compliances under the Rules.
Officers and contact address in India: All significant social media intermediaries are required to appoint:
Chief Compliance Officer;
Nodal Contact Person; and
Resident Grievance Officer,
each of whom are to be employees residing in India. The Rules also necessitate significant social media intermediaries to have a physical contact address in India published on its website or mobile application or both. These mandatory requirements for all significant social media intermediaries, not only has significant implications in terms of setting up infrastructure and deployment of resources and employees in India but may also have significant commercial and tax implications for such intermediaries. However, absence of a mandatory incorporation requirement does leave flexibility for foreign intermediaries who do not have an incorporated entity in India.
Active monitoring: In a departure from the 2011 Rules, significant social media intermediaries shall endeavour to deploy technology-based measures, including automated tools to identify information that depicts rape, child sexual abuse or conduct, or information that has previously been removed. The Rules also require maintenance of appropriate human oversight, and periodic review of such automated tools. The measures deployed are required to take into consideration the interests of free speech and expression, and privacy of users, including interests protected through the appropriate use of technical measures.
Compliance report: Significant social media intermediaries must publish a monthly report containing details of-
the complaints received;
action taken; and
number of links/ information removed or to which access is disabled,
pursuant to any proactive monitoring by using automated tools or any other relevant information as may be specified.
Identification of first originator of information: Significant social media intermediaries which provide messaging services will be required to enable identification of the first originator of information if required by a court order or an order passed under Section 69 of the IT Act. In case the originator is outside the Indian territory, the first originator in India will have to be identified. The Rules mention that the contents of the message are not required, but the identity of the originator is required to be disclosed.
Voluntary verification: The Rules impose an obligation on significant social media intermediaries to enable users who register for their services from India, or use their services in India, to verify their accounts by using any appropriate mechanism, including the active Indian mobile number of such users, to verify their accounts and to provide a visible mark of verification. However, it is specified that the verification cannot be used for any other purpose unless consented by the user.
Grievance redressal: The grievance redressal mechanism of a significant social media intermediary is required to enable tracking of the grievance/complaint through a ticket number associated with such complaint. The intermediary is required to provide reasons for any action/inaction. The proposed mandatory grievance redressal mechanism may entail considerable overhaul of the existing grievance redressal mechanism.
Removal of/disabling access to information: In case any objectionable information is removed by an intermediary on its own accord, following steps need to be taken –
ensure that prior to the removal/ disabling access, the user who created, shared, uploaded such content is notified of such removal/ disabled access along with reasons;
provide adequate and reasonable opportunity to the user to dispute the action and request for reinstatement of such access; and
resident grievance officer to maintain appropriate oversight over the dispute resolution mechanism.
RULES FOR OTT Platform & Digital Media
The government has called for a grievance redressal system for OTT platforms and digital news media portals as well. The government is also asking OTT platforms and digital news media to self-regulate and wants a mechanism for addressing any grievances.
While films have a censor board, OTT platforms will be required to self-classify their movies and content based on age. The content will have to be classified based on age appropriateness. The government wants the OTT players to classify films based on 13+, 16+ and those for adults and clarified it is not bringing any kind of censorship to these platforms.
There has to be a mechanism of parental lock and ensuring compliance with the same. Platforms like Netflix already have an option for a parental lock.
For publishers of news on digital media, they will be “required to observe Norms of Journalistic Conduct of the Press Council of India and the Programme Code under the Cable Television Networks Regulation Act thereby providing a level playing field between the offline (Print, TV) and digital media,” according to the government.
It also wants a three-level grievance redressal mechanism. This will include self-regulation by the publishers; self-regulation by the self-regulating bodies of the publishers and oversight mechanism.
The government wants digital media to appoint a Grievance Redressal Officer based in India who shall be responsible for the redressal of grievances received by it. The officer shall take decision on every grievance received by it within 15 days.
There may be one or more self-regulatory bodies of publishers. According to the rules, this body “shall be headed by a retired judge of the Supreme Court, a High Court or independent eminent person and have not more than six members.”
The body will have to register with the Ministry of Information and Broadcasting. This body will oversee the adherence by the publisher to the Code of Ethics and address grievances that have not been resolved by the publisher within 15 days.
Further, the Ministry of Information and Broadcasting shall formulate an oversight mechanism. It shall publish a charter for self-regulating bodies, including Codes of Practices and establish an Inter-Departmental Committee for hearing grievances.
Current Scenario
As per May 26, Indian microblogging platform Koo on Saturday said it has met the compliance requirements of the new guidelines for digital platforms.
A Facebook spokesperson noted that the company is working to implement operational processes and aims to comply with the provisions of the IT rules.
A Google spokesperson said the company has consistently invested in significant product changes, resources and personnel to ensure that it is combating illegal content in an effective and fair way, and to comply with local laws in the jurisdictions it operates in.
However, As per May, 26 both the companies have not yet accepted the rules laid by the central government.
On May, 26 WhatsApp moved the Delhi high court against the new rules announced in February for digital media companies, saying the requirement for them to adopt features such as traceability for identifying originators of messages violated the right to privacy under the Indian law and the company’s end-to-end encryption policy. It said the company does not believe traceability can be imposed in a way that cannot be spoofed or modified, leading to new ways for people to be framed for things they did not say or do.
Conclusion
The massive growth of digital platforms and social media in India has largely been fuelled by a moderate regulatory framework under the IT Act and 2011 Rules, with the online curated content space being largely unregulated. However, given the growing concerns around the information and content available over social media and content platforms across both, domestic, and foreign owned platforms accessible in India, detailed regulations for digital media from the Government were imminent.
With the digital space and technology constantly evolving world over, the regulatory framework for digital media will also develop further. Keeping this in perspective, it is imperative that stakeholders, policy makers, and Governmental bodies continue to engage in consultations and dialogue, to eventually achieve a regulatory landscape that is effective yet balanced for everyone.
The world around us is continuously evolving. The technology has laid down its foundations in every nook and corner of the world. In the present scenario of our country with ever-expanding technology ambiance, the admissibility of e-evidence has become the most germane issue. The advancement of technology brought a drastic change in the mode of communication of people.
Whatsapp chats, emails, text messages have become a prevalent mode of communication. Nowadays various electronic evidence such as DVD, hard-disk, SMS, mail site, etc is produced as evidence in court.
Applicability of law has to always resonate with technology advancement. The Indian computerized system began with the introduction of the Information Technology Act, 2000. This act inserted section 65A and 65B in the Indian evidence act 1872 which deals with the acceptability of electronic evidence in the court of law.
Meaning Of Evidence
The term evidence is defined under section 3 of the Indian evidence act 1872. Section 3 of the act includes the following
Every statement which the court allows to be made by witnesses pertaining to the matter under investigation, such explanations are said to be oral evidence
All documents including e-records produced in the court of law for its inspection, such documents are referred to be as documentary evidence.
Besides this, documentary evidence can be classified into two categories- primary evidence and secondary evidence. As per section 62 of the act, primary evidence means the original copy of the documents produced in the court for review. The legal definition of secondary evidence is given under section 63 of the act.
Secondary evidence is not the original document but those documents referred under section 63. It includes a copy of the original document, certified copies. Though a copy of a copy is not acceptable as evidence, those copies produced by mechanical process and copies of a copy compared with the original are admissible as secondary evidence.
Electronic Evidence
IT act 2000 was amended in the year 2016 to include digital/electronic evidence as admissible evidence. Section 2 (1) (t) of the above act gives the legal definition of the electronic record. The electronic record refers to data, data produced image or sound, and any document sent or received in electronic form or computer-generated electronic data. Electronic data that is transmitted or stored digitally is admissible under section 63 of IEA as secondary evidence.
Section 64 of the act mandates that the content of documents should be proved by primary evidence but section 65 lists few exceptions to it. Section 65 clause (a)(c) and (d) provides for the circumstances where secondary evidence pertaining to the documents is held to be admissible. As per section 65-A, the content of the e-record has to be proved according to the guidelines laid down in section 65-B.
Section 65A-B is special legislation different from the documentary evidence procedure laid down in sections 63 and 65. As per these sections, if the conditions listed below are complied by, then the data stored in electronic form which is printed/copied/stored or created by computer would be regarded as a document. Such documents would be admissible in the court of law without the need for an original copy or direct evidence.
Conditions for admissibility of computer-outputs are listed in section 65-B (2)-
The computer from which information of electronic record is obtained should have been regularly in use to save/process information for a regular activity carried by an individual having lawful control over it.
During feeding of information, the computer should have been working properly
Information in electronic-record should be of such nature that it is on a regular-basis fed into the computer during ordinary-activities.
Information contained in electronic-record should be a derivation or reproduction of the information stored/fed into the computer
Section 65-B(4) lists the conditions which need to be followed to record statement pertaining to the electronic record-
There has to be a certificate that recognizes the electronic record which contains the statement. That certificate –
Should describe the manner through which electronic-record is produced.
Mention all particulars of the device involved in such production
Should take care of conditions of Sec-65B(4)(explained above)
Signed by the responsible official which dealt with the operation of that device
Such certificate should also accompany the electronic record, for instance, computer printouts pertaining to which statement is sought to be given in evidence
Such safeguards need to be taken while dealing with electronic-evidence to ensure its authenticity.
Judicial Precedents Over Admissibility Of Electronic Records
The court in State (NCT of Delhi) v. Navjot Sandhu, dealt with the issue of admissibility of evidence of call records. The accused questioned the authenticity of the evidence and alleged that such evidence shouldn’t be held admissible as procedure laid down in section 65B clause 4 was not followed.
The court held evidence of call records to be admissible as they were taken from the computer by a mechanical procedure and certified by an official. The court observed that irrespective of following the conditions laid down in section 65B, a person is not proscribed to adduce secondary evidence under sections 63 and 65 of the Indian evidence act. The court held that merely because conditions of section 65B(4) are not fulfilled, that doesn’t bar adducing the same evidence under other provisions of the act.
Whether WhatsApp chats are primary evidence or secondary evidence?
In the case of Girwar Singh v. CBI, the court-appointed a committee to examine the veracity and authenticity of electronic evidence. It was found that the evidence submitted to the court was not a copy of the original document, but it was copied multiple times and on various devices. The court ruled that in this case, e-evidence was inadmissible.
Similarly, in the case of Vikas Garg v state of Haryana, the trial court relied on WhatsApp conversation to convict the accused of the offence of rape. Later on, Punjab and Haryana high court ignored the chats which were incontestable evidence of rape and abuse of the victim. Supreme Court stayed the bail application of the accused and the matter is still pending in the court.
Whether the condition of certificate u/s 65-B(4) mandatory?
Anvar P.V. Versus P.K. Basheer is one of the important judgments where the court discussed several issues regarding the admissibility of electronic evidence in the court of law. The court observed that secondary evidence stored in CD/DVD/drive is inadmissible u/s 65A and 65B unless it complies with the condition of the certificate mentioned in section 65-B (4).
Conditions mentioned in section 65-B(4) discussed above are necessary to comply to ensure the authenticity of the electronic evidence. The court further held that e-evidence submitted without certificate can’t be held admissible by oral evidence and not even by the statement of experts under section 45A of the act.
Electronic records could easily be affected, tampered with, changed, transposed, or damaged and so forth without such safeguards, the entire trial dependent on verification of electronic records can eventually lead to injustice. The court, in this case, ruled that secondary evidence of electronic evidence shall be entirely governed by section 65A-B of the act, and sections 63 and 65 have application in such cases.
In contrast to Anvar case the court relaxed the certificate condition of section 65-B(4) in case Shafi Mohammad v. Territory of H.P[5] in certain scenarios – a) when the device from which the document is produced is not in the possession of the party b) this condition being a procedural one could also be relaxed in the interest of justice.
The two contrasting positions regarding certificate were finally settled in Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal & Ors[6]. The court held that the condition of the certificate mentioned under section 65B (4) is mandatory for secondary evidence of electronic data to be admissible in court.
The court further reasoned that this condition is redundant if the original document is itself produced. If the device in which the original information is first stored is brought in the court, compliance with the conditions of section 65-B (4) is not necessary.
Few conditions to be satisfied for admissibility of WhatsApp chats as secondary evidence
As held in various Indian high courts, WhatsApp chats are considered to be electronic evidence and are admissible in court if the following conditions are satisfied-
The receiver should have received the message.
Cell phones should not have been damaged.
The sender should have the mens rea to send those messages.
Significance of blue ticks
In SBI cards and payment services Pvt. Ltd. v. Rohit Jadhav the court observed that if blue ticks are seen over the messaging app, it would be conclusive proof that the receiver has received the message and it would be considered legitimate evidence.
In another case Shamsudin Bin Mohd. Yosuf v. Suhaila Binti Sulaiman, the high court held that even in the case where most of the communication takes place on WhatsApp,there was an oral valid agreement between the parties.
Conclusion
Whatsapp chats are admissible as secondary evidence in the court of law if certain conditions as discussed above are satisfied. The Judiciary’s stance over the admissibility of electronic evidence is to ensure its credibility and evidentiary value as such evidence could be easily damaged or tampered with.
This progressive stance of courts is the outcome of recognizing the nature of the e-record itself. Current legislation and precedents regarding the admissibility of electronic evidence present a myriad of issues that still remains unresolved. Issues pertaining to the procedure of preserving them, ascertaining their veracity, finding original authors, retrieving them, are still being debated and a progressive precedent in this penumbral area is awaited.
The jurisprudence over the admissibility of electronic evidence is still in its nascent stage even after two decades since the IT act of 2000 was passed. The applicability of laws should resonate with the development of technology. It is expected that in recent years the present lacuna in law would be addressed by amendments and progressive judgments.
DISCLAIMER
The rules of the Bar Council of India prohibit law firms from soliciting work or advertising in any manner. By clicking on ‘I AGREE’, the user acknowledges that:
The user wishes to gain more information about Bhatt & Joshi Associates, its practice areas and its lawyers/advocates, for his/her own information and use;
The information is made available/provided to the user only on his/her specific request and any information obtained or material downloaded from this website is completely at the user’s volition and any transmission, receipt or use of this site is not intended to, and will not, create any lawyer-client relationship; and
None of the information contained on the website is in the nature of a legal opinion or otherwise amounts to any legal advice.
Bhatt & Joshi Associates is not liable for any consequence of any action taken by the user relying on material/information provided under this website. In cases where the user has any legal issues, he/she in all cases must seek independent legal advice.
