"If you are being surveilled for even breathing then know that it's not a free nation-state you are living in".
On August 24 2017, the Hon'ble Supreme Court unanimously adjudicated the right to privacy as a fundamental right of every individual enshrined under Article 21 of the Indian Constitution. The court exclaimed that privacy is a form of fundamental right, freedom, or liberty protected and enshrined under the ambit of Article 21 of the Indian Constitution, which states that "no person shall be deprived of his life or personal liberty except in accordance with procedure established by law."
The case became a landmark judgment that has the muscle to challenge significant legal provisions in India.
One such legal provision is the new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, promulgated by the government of India on February 25. The notification provided by the government made it imperative for social media handles like Facebook, Twitter, and Whatsapp to comply with the norms so stated, latest by May 25, 2021.
The new guidelines were brought to judicial scrutiny by Whatsapp, challenging in the Delhi High Court on the new IT rules for social media intermediaries, which required the messaging app to 'trace' chats and make provisions to identify the first originator of the information, contending that they are violative of the right to privacy and are unconstitutional.
Among other things sought by Whatsapp LLC, it pleaded before the Hon'ble High Court in its 224-page petition to declare Rule 4(2) of the Intermediary Rules as unconstitutional, ultra vires to the IT Act, and illegal. Party to the petition, the MeitY [Ministry of Electronics and Information Technology], stated that the traceability provision under the guidelines is unconstitutional and against the fundamental right to privacy.
Among the plethora of rules mentioned under the guidelines, mentioned below are some significant ones that are violative of the fundamental structure of the constitution:
Part I of the IT rules primarily define words, whereas Parts II and III detail real compliances and requirements. The regulation of intermediaries, particularly social media intermediaries, is the subject of Part II.
According to Rule 4 of the IT Rules, 2021, the term "significant social media intermediary" is designated to social media handles having 50 lakhs registered users or more. The government can impose the same regulations on any other intermediary if it satisfies the magnitude of "a material risk of harm." Further, the magnitude for satisfying the material risk of harm is vague and gives discriminatory powers to the government.
As if it was not already annoying to have pop-up notifications and emails from our social handles. As per the new guidelines under Rule 3(c), every intermediary must send its users periodic emails stating not to do anything illegal or else the account will be terminated.
The new rules have made the compliance rules even more excessive. The Grievance Officer has to acknowledge complaints within a twenty-four-hour time frame and resolve them within fifteen days [as per Rule 3(2)(a)(i)].
The SSMI [Significant Social Media Intermediaries] is required to have a complete grievance redressal team, having three officers: Chief Compliance Officer, Resident Grievance Officer, and Grievance Officer
A resident grievance officer of an SSMI shall inform a user before removing the content posted by the concerned user, to provide them with an opportunity to contest such action, and provide the complainant with the reasons for the decision made in response to their complaint [Rules 4(6)]and 4(8)].
As per the new Rules, intermediaries must complete the takedown process under Section 79(3) of the IT Act within thirty-six hours.
Among other things, the data retention span has been increased to 180 days as per the new rules for inquiry reasons [Rule 3(1)(h)].
The new rules require the significant social media intermediaries to permit their users to 'voluntarily verify' their accounts.
Under Section 69A of the IT Act [Rule 4(2)], if a court of competent jurisdiction or a competent authority requests the intermediaries of social media must allow tracking of the originator/initiator of information on their site.
Rule 4(4) also calls for AI censorship, i.e. Automated Censorship. Among other things, this shall include automated systems or other processes that proactively identify information portraying any act or simulation in any form of nudity or publicly obscene images and videos (rape videos and photos, child pornography etc.).
The most prominent defect in the latest guidelines is that they stand in strong contention to Article 21 and Article 19 of the Indian Constitution.
The voluntary verification by social media users can lead to mandatory verification, like in various other technologies that initially started on a voluntary verification basis. This will further have a direct impact on the anonymity and privacy of the users.
Without a data protection regulation, the intermediaries will gather data from our government IDs without any oversight from a regulating entity, such as a Data Protection Authority, to ensure that it is only used for authentication purposes.
Taking a look at the step to end the end-to-end encryption will not only violate one's privacy but also lead to government overreach.
For instance, according to the Intermediaries Rules, the traceability/discoverability ordain may only be passed for cases of 'serious offences.' However, these categories are open-ended and vague. Similarly, the term "public order" is open-ended and, while executing, has no upper limit.
While the Intermediaries Rules states that the significant social media shall not disclose any content related to the electronic messenger or any other sort of information related to the first originator of any information, the Information Technology Decryption Rules, on the other hand, include the power to make demands for message content. The government can decrypt any end-to-end encryption and learn everything about the transmitter and their content when used together.
Automated censorship has a significant risk of leading to function creeps in the surveillance department. At times during criminal investigations, there have been instances where surveillance has been used for excessive infiltration.
The Rules also violate the notion of data limitation, i.e. the principle that firms should not collect more data than necessary to fulfil their purpose.
The 180 days of storing data also stand in violation of the "right to be forgotten." The Data Protection Bill of 2018 ("New DP Act") presented the notion of an individual's "right to be forgotten." However, this legal right is at present not available in India under the prevailing IT structure. The concept of right to be forgotten was first stated in the case of Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos, Mario Costeja González. There is a need to have proper data protection legislation. An exemplary factor is the GDPR of the EU.
To sum up, the legality of the matter involving the guidelines in dispute is complex and is a direct violation of the fundamental rights of the citizens. India, in the last seven years, has witnessed a considerable amount of obstacles and restrictions. The broadband speed of our nation is officially the slowest in the world. The population of India is a remarkable asset for the boost in the digital service sector. However, the poor technical structure assisted by the government's frequent internet shutdowns has made a deterrent impact on the growth of this sector. It has been estimated that the internet shutdown in India in 2020 alone has cost India ₹2 crores per hour. Top10VPN, which monitors global internet access, describes India as the most restrictive of its citizens' access to the internet.
The newly issued Rules can also be seen as a restrictive measure by the government to curb the right to criticise via the citizens' freedom of speech and expression. Amidst an unprecedented pandemic regulation of critical medical resources, information has been vital for many needy and emergency stricken people. However, in the enlightening words of Poul Henningsen: "Democracy can only be Measured on the Existence of an Opposition." Furthermore, the very existence of opposition and freedom of speech is the essence of our democratic nation.
The very essence of a democratic state is the right to cast opinions and raise our voice against the government to create checks on its powers. By constant censoring and surveillance, the very right of the opposing party members, differing individuals are cast under the scrutiny of the government. During a regime under which any dissenting opinion is labelled as "anti-national" and the person as "terrorist" or "Pakistani", such guidelines only add fuel to the fire.
While the end product of the petition is for the court to decide that it is the basic structure that is in question and, as rightfully decided in the landmark case of Keshavananda Bharati, and reiterated from time to time, no provision can exist and shall be held ultra vires if it abridges the basic structure of the Indian Constitution.