An industry body representing big tech names such as Meta, Apple, Alphabet and Amazon has opposed the draft Indian Telecommunications Bill, stating that provisions of the bill can now force messaging platforms such as WhatsApp and Signal to break encryption and disclose messages to the government in response to surveillance orders.
The Asia Internet Coalition (AIC) said this last week in their comments on the draft telecom bill to Ashwini Vaishnaw, minister of communications, and urged the government to keep over-the-top (OTT) service providers such as WhatsApp and Signal out of the ambit of the bill, and also to “reconsider the Draft Bill in its entirety”. Moneycontrol has reviewed the representation.
The representation read, “OTT communication service providers such as WhatsApp, Signal etc., which practice the privacy protecting process of End-to-End encryption (E2EE), may now also be required to not transmit, or intercept or detain or disclose any message or class of messages to the officer specified in the surveillance request/order.”
The concern is mainly around Clause 24(2) of the bill, which expands the scope of surveillance to “telecommunications services or telecommunication network”. In the definition sections of the bill, telecommunication services are defined as OTT communication services, internet-based communications, internet and broadband services, and so on.
The threat to encryption
In the letter, the AIC pointed out that under the current unified licence framework, licensees are prohibited from employing bulk encryption equipment in their network.
“The draft bill does not provide any clarity on whether with the proposed licensing framework, the terms under the UL framework also become applicable to OTT service providers,” the representation signed by AIC managing director Jeff Paine read.
This lack of clarity, the AIC explained, may inhibit OTT service providers from implementing encryption methods to enhance security.
“Further, requiring OTT service providers to break encryption, for example, to enable interception is likely to weaken the security measures deployed by them, and in turn worsen the problem the Government is trying to address – i.e., tackling cybercrime,” the letter read.
Earlier, the draft bill, and specifically provisions related to OTT and its ramifications on encryption, garnered criticism from digital rights groups such as Access Now, Internet Freedom Foundation and others.
AIC further reasoned that encryption methods were necessary as it helped increase the trust of users and also maintain online privacy.
“Diluting encryption mechanisms may have detrimental consequences for OTT service providers as it may result in a dilution in users’ trust in any given OTT provider and in their service. Further, users may potentially shift to other services if OTT services can no longer provide them with the assurance of security and privacy,” the letter read.
‘Strips away right to anonymity’
Further, the industry body whose other members include LinkedIn and Spotify, among others, pointed out that the requirement of the draft bill to identify users using a verifiable mode of identification was concerning.
This too, the body said, will dilute encryption mechanisms.
“These provisions essentially strip away the users’ right to stay anonymous and puts an obligation on service providers to identify, with complete assurity, every user. Such a broad and excessive requirement, in the absence of data protection law, fails to prioritise user safety and security should accordingly be removed,” the representation read.
Surveillance measures concerning
Separately, the industry body also criticised the provisions of surveillance that have been included in the draft bill.
Under Chapter 6 of the Indian Telecommunications Bill, 2022, titled ‘Standards, Public Safety, and National Security’, the central government has introduced provisions to take up surveillance or suspend networks.
The Centre or a state government, or any officer authorised by these governments, in the interest of “sovereignty, integrity or security of India, friendly relations with foreign states, public order, or preventing incitement to an office” can issue orders for surveillance or network shutdowns in writing.
The industry body pointed out that terms such as ‘public safety’ and ‘emergency’ were vague and that the proposed provision lacked any judicial oversight.
“‘Public emergency’ or ‘interest of public safety’ may be used as grounds to authorise surveillance or order internet shut-downs as well,” the letter read.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
