Two cases in Delhi High Court, both Centre vs WhatsApp, have user privacy at their heart. However, in each of these cases, both sides have made arguments that are diametrically opposite to what they have argued in the other case, throwing up inherent contradictions in the positions they have taken.
The Centre has argued that WhatsApp is indulging in anti-user practices by obtaining “trick-consent”, and alleged that its entire existing user base is being made to accept the terms and conditions before the pending Personal Data Protection Bill becomes law.
In the second case, WhatsApp has argued that the Centre’s new IT intermediary guidelines that require significant social media platforms to provide traceability of first originator of unlawful messages is a “dangerous invasion of privacy”, and poses “a threat to free speech”.
While WhatsApp wants the new rules quashed, the Centre has argued that the rules pertaining to tracking the first originator are an example of “reasonable restriction” to which the “fundamental right to privacy is subject”.
The Centre’s stand in at least one of the cases seems “driven more by convenience than conviction”, given that the arguments in the other case “runs contrary to, or even materially dilute” the stance taken in the other, something that applies equally to the other side (WhatsApp) as well, a legal expert said.
What can potentially queer the pitch for the two parties is that both cases are before the same court, and arguments are likely to run parallelly.
On May 25, WhatsApp moved Delhi High Court against the Intermediary Rules, which became effective on May 26. While the Union Government is yet to file its response to the lawsuit, it has put out a press release, which says traceability is essential to “curb the menace of fake news”.
WhatsApp in its challenge in court has argued that breaking of encryption could put at risk groups such as journalists and civil or political activists.
Contrarily, in asking messaging apps with more than 50 lakh users to introduce traceability, the government itself could be at odds with protection of informational privacy. — the Delhi High Court decision could mark the first real-world test of the fundamental right to privacy upheld by the Supreme Court in its 2018 Puttaswamy (privacy) judgment.
In that judgment, the Supreme Court identified informational privacy as the one of the nine fundamental privacies, and that “which reflects an interest in preventing information about the self from being disseminated and controlling the extent of access to information”.
While the government argues that Section 4(2) of the Intermediary Guidelines, which lays down the provision for mandating traceability, has been “developed as a last resort measure, only in scenarios where other remedies have proven to be ineffective”, it leaves open the enforcement or provision of proof of less intrusive means used prior to seeking messaging traceability.
WhatsApp has said there is no way to predict which message a government would want to investigate in the future. “In doing so, a government that chooses to mandate traceability is effectively mandating a new form of mass surveillance. To comply, messaging services would have to keep giant databases of every message you send, or add a permanent identity stamp — like a fingerprint — to private messages with friends, family, colleagues, doctors, and businesses,” it said.
The Facebook-owned messaging app, in its filing to court, also said that it defines “end-to-end encryption as communications that remain encrypted from a device controlled by the sender to one controlled by the recipient, where no third parties, not even WhatsApp or our parent company Facebook, can access the content in between. A third party in this context means any organization that is not the sender or recipient user directly participating in the conversation”.
While WhatsApp has argued that the updated policy is applicable only for business messages, the provision for sharing data with Facebook undermines the encryption policy since WhatsApp “considers chats with businesses that use the WhatsApp Business app or manage and store customer messages themselves to be end-to-end encrypted”.
It also gives businesses the ability to choose Facebook to securely store messages and respond to customers.
In response to a query, WhatsApp said in a statement: “We will not limit the functionality of how WhatsApp works in the coming weeks. Instead, we will continue to remind users from time to time about the update as well as when people choose to use relevant optional features, like communicating with a business that is receiving support from Facebook. We hope this approach reinforces the choice that all users have whether or not they want to interact with a business. We will maintain this approach until at least the forthcoming PDP (Personal Data Protection) law comes into effect”.
The Ministry of Electronics & IT did not respond to an e-mail query.