Regulating WhatsApp and other social media: How to improve security without infringing on privacy | opinion$Comment | Hindustan Times
Today in New Delhi, India
Oct 20, 2017-Friday
-°C
New Delhi
  • Humidity
    -
  • Wind
    -

Regulating WhatsApp and other social media: How to improve security without infringing on privacy

Social media such as WhatsApp, in the last decade, has become a sort of force multiplier for terrorists and other violent extremist groups in terms of communication. This has been further complicated with the introduction of encryption for communications over the internet. What could be a workable mechanism in the context of growing legitimate security demands and the march of technology?

opinion Updated: Jun 12, 2017 16:21 IST
Since April 2016, when Whatsapp incorporated end to end encryption for all messages sent via the app, the matter of  finding a workable balance between privacy and security has become the concern of many stakeholders.
Since April 2016, when Whatsapp incorporated end to end encryption for all messages sent via the app, the matter of finding a workable balance between privacy and security has become the concern of many stakeholders.(REUTERS)

The terrorist attacks in London last weekend have resulted in a strong demand from British PM Theresa May for cyberspace and social media to be regulated. Just after the terrorist attack in Westminster on March 22 this year, UK Home Secretary Amber Rudd had said that WhatsApp and other services cannot provide “a secret place for terrorists to communicate with each other.” Recently, the European Union Justice Commissioner for Human Rights Věra Jourová had alluded to proposing three or four plans in June this year that would require encrypted communications to provide law enforcement access to encrypted data with a swift and reliable response in a mix of voluntary and mandatory options. Just a year ago, the US Justice department wanted Apple to unlock the iPhone of one of the terrorists involved in the San Bernardino shootings in December 2015 and Apple refused to do so and fought a court order asking its compliance. The impasse was settled with the FBI managing to get into the iPhone with the help of an unidentified third party. Likewise government requests for users data to Google from across the world are quite high in numbers and according to the latest biannual Google transparency report, it received 45,000 government requests for user data worldwide between July and December 2016, with 31,000 of them coming from outside the US.

Clearly a situation has emerged where the balance or imbalance between privacy and security concerns are hitting us right in the face and there is no clear solution. Social media in the last decade has become a sort of force multiplier for terrorists and other violent extremist groups in terms of communication. This has been further complicated with the introduction of encryption for communications over the internet. While encryption is a legitimate tool for ensuring privacy and security for the network and its users, it has also offered opportunities for terrorists and criminals to hide many of their nefarious activities and potential evidence. Their emergence has made terrorists reduce their recourse to code languages and steganography, which allowed at least some form of tracing possibilities. Since April 2016, when Whatsapp incorporated end to end encryption for all messages sent via the app, the matter of finding a workable balance between privacy and security has become the concern of many stakeholders.

The situation is no better in India. Already a public interest litigation case on the Whatsapp privacy policy is being heard by a five- judge constitution bench in the Supreme Court of India and most of the substantial issues are being discussed including the vexed issue of privacy vs security. The department of telecom in its deposition in early April this year mentioned to the apex court its plan to put in place a regulatory mechanism for OTT platforms. In the current situation, OTTs are treated as ‘intermediaries’ under section 79 of the Information Technology Act (IT Act) 2008 but not under the Telegraph Act 1869 and thus remain out of licensing purview. The thumb rule for intermediaries is “due diligence” and they have no role in the inception, transmission and reception of any content, to be exempted from any legal liability. On many occasions, OTTs have taken refuge under their stated terms and conditions (that have been harmonised more around the US system) to delay passing on information or specified content. Even the oft repeated plea to keep content on servers located geographically within the country of operation has been met with resistance.

So what are the solutions and is there a workable mechanism in the context of growing legitimate security demands, the march of technology and the past response from OTTs? The scenario for creating a special window for law enforcement or judicial access could be definitely thought of with provision for specific accesses without providing blanket access. Clearly cyberspace has to remain a free medium and not become a surveillance domain to allow all forms of surveillance in the name of security. Meanwhile the EU Justice Commissioner’s expected points could help the discourse move in a more focused direction.

Subimal Bhattacharjee advises and writes on issues of defence and cyberspace policy.

The views expressed are personal.