WhatsApp has filed a plea in the Delhi High Court challenging the "traceability" provision of the Information and Technology Rules, 2021. According to the IT Rules, WhatsApp and other social media intermediaries have to provide for "identification of the first originator of the information".
WhatsApp submits that Impugned Rule 4(2) should be struck down on the grounds that it (i) violates the fundamental right to privacy guaranteed under Article 21 of the Constitution; (ii) violates the fundamental right to freedom of speech and expression guaranteed under Article 19 of the Constitution; (iii) is ultra vires the parent statutory provisions, Sections 69A and 79 of the IT Act, as well as the intent of the IT Act itself; (iv) is "manifestly arbitrary" in violation of Article 14 of the Constitution; and (v) violates the principle of data minimization.
Compelling WhatsApp to build a system to trace the first originator will put dissenting journalists, civil or political activists at risk for fear of persecution. Clients and attorneys could become reluctant to share confidential information on WhatsApp, the plea further read.
WhatsApp's plea was filed on May 25, the deadline by which social media platforms, including digital news outlets, were directed to adhere and comply with the new IT Rules that were notified on February 25 earlier this year.
According to Section 4(2) of IT Rules, a significant social media intermediary providing services primarily in the nature of messaging shall "enable the identification of the first originator of the information" as may be required by a judicial order passed by a court of competent jurisdiction.
The rules further say that if the first origination is found to be outside the territory of India, the first originator of that information within the territory of India shall be deemed to the first originator of the information for the purpose of this clause.
Even as WhatsApp becomes the first major tech company to challenge the IT Rules, digital news platforms like The Wire, The News Minute, Quint, and LiveLaw have challenged various provisions of the same in the high courts of Delhi and Kerala.
Also Read: Delhi HC Issues Notice on The Quint Challenge to 'Draconian' IT Rules
Traceability clause will break end-to-end encryption
WhatsApp said the traceability requirement clause forces them to break its "end-to-end encryption on its messaging service", violating the privacy principles underlying it while infringing upon the fundamental rights to privacy and free speech of its users.
WhatsApp said it would have to "build the ability to identify the first originator of every communication sent in India on its platform, as there is no way to predict which message will be the subject of such an order seeking first originator information." Compelling WhatsApp to do the same thus undermines the privacy and security provided by end-to-end encryption, the plea said.
Also Read: Keep Media Free Of All Executive Control: DigiPub To Government
WhatsApp's end-to-end encryption facilitates free speech
WhatsApp allows government officials, law enforcement, journalists, members of ethnic or religious groups, scholars, teachers, students, and the like to exercise their right to freedom of speech and expression without fear of retaliation, the plea said. WhatsApp also allows doctors and patients to discuss confidential health information with total privacy, enables clients to confide in their lawyers with the assurance that their communications are protected, and allows financial and government institutions to trust that they can communicate securely without anyone listening to their conversations.
WhatsApp added that the threat that anything someone writes can be traced back to them takes away people's privacy and would have a chilling effect on what people say even in private settings, violating universally recognized principles of free expression and human rights.
"For example, (i) journalists could be at risk of retaliation for investigating issues that may be unpopular; (ii) civil or political activists could be at risk of retaliation for discussing certain rights and criticizing or advocating for politicians or policies; and (iii) clients and attorneys could become reluctant to share confidential information for fear that the privacy and security of their communications are no longer ensured," the petition read.
Since its founding, WhatsApp has been "committed to providing a private and secure space where users can freely communicate without fear of third parties reading or listening to their most private thoughts," the plea further read. Consistent with that commitment, it has "spent years building and implementing a state-of-the-art end-to-end encrypted messaging service that allows people to communicate privately and securely."
End-to-end encryption ensures that every communication sent on WhatsApp, both messages and calls can only be decrypted by the recipient. No one else, not even Petitioner, can read or listen to encrypted communications or determine their contents," it added.
IT Rules beyond the scope of the parent IT Act
WhatsApp submits that there is no law enacted by Parliament that expressly requires an intermediary to enable the identification of the first originator of information in India on its end-to-end encrypted platform or otherwise authorizes the imposition of such a requirement through rule-making. The impugned rule that seeks to impose such a requirement is not a valid law as it is subordinate legislation, passed by a Ministry and not Parliament, WhatsApp added.
According to Section 79 of the IT Act, an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him.
Section 79 only allows the Central Government to prescribe the "due diligence" that intermediaries must observe to maintain their immunity. Compelling an intermediary to fundamentally alter its platform to enable the ability to identify the first originator of information in India falls far outside "due diligence"," the plea added.
"The preamble of the IT Act provides that the intent of the statute is to achieve "uniformity of the law" with other countries. Petitioner is not aware of any country that requires intermediaries to enable the identification of the first originator of information on end-to-end encrypted messaging services, even if it means fundamentally changing their platforms to do so," it further read.