India IT rules – Did govt. soften its stance on data encryption rules?

India IT rules - Did govt
Share on facebook
Share on twitter
Share on pinterest

Ever since the government introduced the new IT rules – Information Technology (Guidelines For Intermediaries And Digital Media Ethics Code) Rules, 2021 – back in May, there has been plenty of pushback from many stakeholders, including the messaging and social media platforms. Some of the provisions in the rules have also been questioned in court by entities like WhatsApp and Twitter.

Amidst all this, the Ministry of Electronics and Information Technology (MeiTY) has come out with 28 Frequently Asked Questions to provide clarity on the issues of applicability, due diligence provisions and penalties pertaining to significant social media intermediaries (those with over 50 lakh users) in the IT Rules.

At the release of the FAQs, Minister of State (MoS) for IT Rajeev Chandrashekhar said the government is expected to release another document on the Standard Operating Procedures for the rules.

Encryption can stay. Or can it?

On the specific issue of the encryption of messages – a major bone of contention, especially for WhatsApp – the government in the FAQs said the intent of the traceability rule for messaging platforms “is not to break or weaken the encryption in any way but merely to obtain the registration details of the first Indian originator of the message.” 

This can assuage some taut nerves at the WhatsApp office in India.

The electronic replica of the message (text, photo or video, etc.) will be shared by the requesting agency along with a lawful order, the government added. 

The FAQs went into technical details of detection based on the ‘hash value’ of the unencrypted message.

“How this hash will be generated or stored needs to be decided by the concerned SSMI (significant social media intermediary), and SSMI are free to come up with alternative technological solutions to implement this rule,” the FAQs added. 

The rationale of this requirement is that if the intermediary has to convey to its users not to upload or share a particular type of content as part of its terms of use, it should have the capability of determining so. “Otherwise, the platform loses its own capability to enforce its own terms of usage.”

More rules may be in the offing

“The government will keep issuing new rules as required,” the Minister said. “In cyber jurisprudence there needs to be a culture of rule based accountability.” Cyber space cannot be a space where laws cannot reach, he added.

The reaction to the the FAQs has been positive. “We appreciate the government’s efforts in bringing more clarity on the 2021 IT Rules. We look forward to studying the FAQs,” a Meta (Facebook) spokesperson said.

The new IT intermediary rules enforced earlier this year aim to bring, among others, greater accountability for big tech companies, including Twitter and Facebook. The rules require social media platforms to remove any content flagged by authorities within 36 hours and set up a robust complaint redressal mechanism with an officer being based in the country. 

Social media companies are required to take down posts depicting nudity or morphed photos within 24 hours of receiving a complaint. Significant social media companies also have to publish a monthly compliance report disclosing details of complaints received and action taken as also details of contents removed proactively.


Subscribe to our Newsletter

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Share this post with your friends

Share on facebook
Share on google
Share on twitter
Share on linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *