WhatsApp is at risk in India. So are free speech and encryption.
India is WhatsApp’s biggest market. It’s also suddenly one of the company’s biggest threats.
Regulators in India, where both WhatsApp and parent company Facebook have more than 200 million users, are proposing what amounts to a radical change to the country’s internet privacy and liability laws.
The new set of rules, first published in late December and still under consideration, would require, among other things, that internet companies proactively screen user posts and messages to ensure that people don’t share anything “unlawful.” It’s an attempt by the Indian government to hold technology companies accountable for the content that appears on their platforms — content that can be misleading, create confusion, and has even led to real-world violence in India.
But the new rules would also create something else: A system where technology companies are suddenly the gatekeepers to what can be shared online. It would be up to Facebook — or Twitter or WhatsApp or YouTube — to determine what content is acceptable and what content is “unlawful” before it’s ever even shared.
The new rules would be “a sledgehammer to online free speech,” wrote Apar Gupta, the executive director of the Internet Freedom Foundation, an international nonprofit in India.
The rules would force tech companies to make technical changes. Companies that don’t have technology to monitor content would need to build it (though one issue with the proposed Indian rules is that it’s unclear, for now, what the punishment will be for failing to comply).
WhatsApp, for example, encrypts all of its messages so the company can’t read them, which makes it impossible for WhatsApp to monitor user posts. It would likely have to eliminate encryption to comply with a law like this.
Not everyone thinks this is a bad idea.
“A lot of the people defending WhatsApp in this particular context … they say WhatsApp doesn’t kill people, people kill people,” said Prashant Reddy, a resident fellow at the Vidhi Centre for Legal Policy, a nonprofit political think tank in India, in an interview with Recode. “But the fact is, WhatsApp enables people to do this at a much larger scale.”
But creating headaches for tech companies isn’t the biggest issue: The future of internet privacy and encryption is suddenly on the line for the world’s second-largest country, and digital rights advocates are terrified that privacy will lose out. These new rules could open the door to widespread government censorship and surveillance.
“I think honestly the biggest [technology] story around the world is India trying to bring these intermediary guidelines,” said Jayshree Bajoria, a researcher with the nonprofit organization Human Rights Watch, in an interview with Recode. “We are talking about China-style surveillance here.”
The end of end-to-end encryption?
This proposed law, known colloquially as Intermediary Guidelines, isn’t specific to WhatsApp. If passed, it would apply to all internet companies that host, publish, or store user information, including social networks, messaging platforms, and even internet service providers.
Understanding WhatsApp’s problems in India, though, is key to understanding why a law like this is suddenly on the table.
WhatsApp, the private messaging service that Facebook bought in 2014 for $19 billion, is incredibly popular in India. More than 200 million people use the app every month, in part because WhatsApp has traditionally been simple and reliable in markets where internet connectivity is weak.
One of WhatsApp’s key features is end-to-end encryption. Enabling that level of encryption means that messages sent using the app are only visible to the message’s sender and receiver. WhatsApp can’t read them and therefore can’t reproduce them if ever required to by government or law enforcement agencies. And if the company can’t read them, it can’t proactively monitor them, either.
But WhatsApp also has a content issue in India. The app has become a vehicle for widely distributing misinformation and fake news — in some cases, false stories that have gone viral on WhatsApp have led to actual offline violence and deaths. In 2017, rumors of a band of child kidnappers made the rounds on WhatsApp, sparking an angry mob that ultimately killed four innocent men, according to the New York Times. Later, three more men were killed by another mob. There was no evidence any of the men were actual kidnappers.
WhatsApp has been in discussions with Indian officials for months about how to stop information like this from spreading; one approach has been limiting peoples’ ability to forward messages to a large number of groups at one time. But policing content is a real challenge, given WhatsApp’s encryption, and a real concern, given that India’s national elections are just months away. WhatsApp has become a central service for spreading campaign-related news and updates, and is a key part of the campaign strategy for politicians.
The new proposed rules would eliminate that encryption challenge, but at a real cost. They would require companies in India with more than 5 million users to make a number of changes, including incorporating the company in India and maintaining an office in the country, with a physical address.
But the two most important and concerning rules are related to censorship and encryption.
The first is that tech companies would be required to hand over any information demanded of them by government or law enforcement agencies, and would also need to “enable tracing out of such originator of information on its platform.”
In other words, tech platforms need to be able to trace content back to the original users who shared it on the platform to begin with. You can’t do that if content and messages are encrypted.
The second is that tech companies “shall deploy technology based automated tools” — like artificial intelligence algorithms — with the purpose of “proactively identifying and removing or disabling public access to unlawful information or content.”
In other words, tech companies will be required to use algorithms to scan user posts and prevent them from sharing anything deemed “unlawful.”
Many tech companies, such as Facebook and YouTube, do some form of this monitoring today, but that’s to catch content like child pornography or copyrighted music. Indian regulators are asking companies to also search for things that are much harder to define, like content that is “grossly offensive” or “blasphemous.” Some of this was once considered illegal in India, but a law forbidding “grossly offensive” content was deemed unconstitutional in 2015 by India’s Supreme Court.
These new proposed rules include a long list of content that wouldn’t be permissible, an apparent attempt to reinstate some of that content censorship.
“[Beyond] breaking the end-to-end encryption requirement, which is horrible, there are other horrible proposals also in these proposed changes,” said the IFF’s Gupta in an interview with Recode. He’s worried that the new rules would “turn the internet in India into an incredibly censored place.”