"Traceability Clause Of IT Rules Reasonable, Govt Expects Platforms To Use Mechanism That Guards Encryption, Protects User Privacy": Centre Tells Delhi HC

While defending the validity of traceability provision under Rule 4(2) of the Information Technology Rules, 2021, the Centre has informed the Delhi High Court that the Government expects platforms to use a mechanism that guards encryption and protects user's privacy.

The development came after an affidavit has been filed by the Ministry of Electronics and Information Technology in a plea moved by Whatsapp challenging the "traceability" clause mentioned under Rule 4(2) of the Information Technology Rules, 2021, as violative of a person's right to privacy enshrined in the Supreme Court judgment of KS Puttuswamy v. Union of India.

The Centre has stated that it is the duty of the platforms to evolve a mechanism and modify their existing architecture to ensure compliance to the Indian laws. 

"It is submitted that even if for arguments sake it is admitted that the existing technology does not allow identification of first originator as the petitioners claim, then it is the legal obligation of the petitioner to find a solution which can enable identification of first originator," the affidavit adds. 

Additionally, the affidavit also states that whatsapp collects users person information and shares it with Facebook and other third parties for commercial purposes and hence, they are not legally entitled to claim that it protects privacy. 

"It is respectfully submitted that rule 4(2) is constitutionally valid and contains adequate legal safeguards from any potential misuse by the Executive. Rule 4(2) does not affect user privacy or warrants breaking of end-to-end encryption as alleged in the writ petitions. It is respectfully submitted that collective security is essential to make people safe and allow them to enjoy privacy protections. Thereby, the responsibility of providing collective security can be achieved jointly by Government, LEA, Judiciary and Internet Platforms like WhatsApp, Facebook, etc. The IT Rules 2021 seek to achieve this larger social good," the affidavit reads.

Challenging the maintainability of the plea, the Centre has also submitted that Whatsapp, being a foreign commercial entity, does not have any place of business in India as it is engaged in the business of propagating information created by its' platform users.

In view of this, the affidavit states that the petition challenging Constitutionality of any Indian law is not maintainable at the instance of a foreign commercial entity and that both Article 32 and 226 are not available to Whatsapp for the reason of it being a foreign commercial entity for the purpose of challenging the constitutionality of any Indian law.

"The theory of a representative action is not applicable in the facts of the case, there is no fundamental right to anonymity under Part III of the Constitution," the affidavit reads.

The affidavit also adds that the Rule of traceability applies the least intrusive means for the purpose of identifying the originator of the information and is to be availed if all other options fail. 

It has also been stated that the IT Rules 2021 have been enacted to help the law enforcement agencies to identify the first originator of the information to prevent offences.

"The impugned Rule 4(2) is an embodiment of competing rights of citizens of India. The rule is designed with an object of preserving and securing Article 21 rights vulnerable citizens within the cyber space who can be or are Victims' of cyber-crime or crime propelled through cyber space. In that context the victim's Artide 21 right overwhelms and overweighs the right of the petitioner under Article 19(1)(a) and (9)," the affidavit reads.

Whatsapp's case is that the traceability clause will put professionals of risk including journalists who "could be at risk of retaliation for investigating issues that may be unpopular"; civil or political activists "for discussing certain rights and criticizing or advocating for politicians or policies" and clients and attorneys "who could become reluctant to share confidential information".

The company has also argued that the traceability requirement forces it to break end-to-end encryption on its messaging service and build the ability to identify the first originator for every message sent in India on its platform upon request by the government forever.

"There is no law enacted by Parliament that expressly requires an intermediary to enable the identification of the first originator of information in India on its end-to-end encrypted platform or otherwise authorizes the imposition of such a requirement through rule-making. While Impugned Rule 4(2) seeks to impose such a requirement, the Impugned Rule is not a valid law as it is subordinate legislation, passed by a Ministry and not Parliament, that is ultra vires its parent statute, Section 79," the plea read.

Relying heavily on the judgment of KS Puttuswamy v. Union of India, WhatsApp contends that the said requirement does not pass the tests enshrined under Art. 21 of the Constitution, is manifestly arbitrary in violation of Art. 14, is violative of the Right to Freedom of Speech and Expression and sec. 79 and 69A of the Information Technology Act.

Furthermore, stating that the requirement does not pass the necessity test, the plea reads thus:

"Impugned Rule 4(2) allows for the issuance of orders to identify the first originator ofinformation in India without judicial oversight, let alone prior judicial oversight, which means there is no "guarantee against arbitrary State action". Impugned Rule 4(2) therefore should be struck down as it is an unconstitutional invasion of the fundamental right to privacy."

Challenging the Rule as being violative of Freedom if Speech and Expression, the plea states that once citizens become aware that SSMIs have "built the ability to identify the first originator of information in India on their end-to-end encrypted messaging services", such individuals "will not feel safe to speak freely for fear that their lawful private communications will be used against them, thereby infringing their rights to privacy and free speech."

Case Title: Whatsapp LLC v. Union of India