The telecom regulator is working on a set of recommendations for the Department of Telecommunications (DoT) to regulate the so-called over-the-top (OTT) service providers. Once the recommendations are accepted by DoT, apps such as WhatsApp may have to register themselves, and potentially allow “lawful interception” of communication sent or received through their platforms.
The move comes at a time when regulatory pressure is building up globally on service providers for access to messages even as they claim these are encrypted and they themselves do not have access.
“Currently, OTTs aren’t subject to lawful interception. This brings the question of regulatory imbalance between telecom players, which have to adhere to lawful requests of enforcement agencies for interceptions, and OTTs which don’t give, saying the communication is end-to-end encrypted. We are finding out more about the international practices. What is being followed outside, the same should be provided to the Indian government as well,” a senior TRAI official told The Indian Express, on condition of anonymity.
Globally, the US Department of Justice has made fresh arguments for access to encrypted communications. According to a report by The New York Times dated October 3, US Attorney General William P Barr, jointly with his British and Australian counterparts, has written to Facebook CEO Mark Zuckerberg, pointing out that companies should not “deliberately design their systems to preclude any form of access to content even for preventing or investigating the most serious crimes”.
In the FAQ page on its website, WhatsApp explicitly states: “We will search for and disclose information that is specified with particularity in an appropriate form of legal process and which we are reasonably able to locate and retrieve. We do not retain data for law enforcement purposes unless we receive a valid preservation request before a user has deleted that content from our service”. It also says that in the ordinary course, WhatsApp does not store messages once they are delivered.
WhatsApp’s claim of not having access to user messages has put regulators in a fix. “We are studying the possibility of registration of OTT service providers. Once we have decided, we will recommend to the DoT. Lawful interception is prescribed under Telegraph Act. There is a process for this, and something similar to that process will need to be prescribed for OTTs as well but currently, they claim they don’t have any communication because there is end-to-end encryption. They only claim to have a log of messages but not the message itself,” the TRAI official cited above, said.
The Indian Telegraph Act, 1885 states that on occurrence of any public emergency, or in the interest of the public safety, the Central government or a state government can take temporary possession – for so long as the public emergency exists or the interest of the public safety requires the taking of such action – of any telegraph established, maintained or worked by any person licensed under the Act.
While the government is clear it can demand access to message logs for law enforcement purposes, it is not relying on the Telegraph Act to solve the problem of communication access. In an interview with The Indian Express, Minister of Law & Justice, Communications and Electronics & IT Ravi Shankar Prasad indicated that technology companies should be responsible for figuring out a solution to the traceability problem.
“Facebook, WhatsApp, Google all have a good market in India. But if their system is being abused for violence, mob-lynching, terrorism, communalism, etc knowledge of its origin is important. Our dialogue is ongoing (about traceability of messages) and my reply is very simple – the problem of technology can only be solved with technology. I have made it very clear that if situation of abuse arises, they have to answer to a lawful authority where the mischief originated. The problems of the virtual world have to be solved in the real world and how can that be addressed with the antiquated Telegraph Act,” Prasad said.
The Supreme Court is, meanwhile, hearing a transfer petition of a case on traceability of WhatsApp messages originally filed in the Madras High Court. The case includes aspects such as government’s policy towards social media companies like Facebook, possibility of tracing messages on end-to-end encrypted services like WhatsApp for law enforcement purposes, and the privacy concerns of traceability. The Supreme Court has also asked the IT ministry to submit a status of the intermediary rules being prepared by the government. The next hearing in the Supreme Court is on October 22.