The recently notified Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which cover social media intermediaries as well as the digital news and OTT Platforms, have raised several red flags.
Under these rules, the social media platforms are required to preserve data for 180 days – double the time period prescribed earlier – ostensibly for investigative purposes. The data has to be preserved even after a user has deleted their accounts, require the rules. They also provide for government and courts to force the platforms to identify the originator of specific information, even though it is still unclear how this kind of identification will be verified.
It is important to note that, in the absence of a data protection law and any kind of oversight on how surveillance operates in India, these requirements have a vast potential for abuse at the hands of intrusive state machinery. Used together with Information Technology Decryption Rules, the rules will allow the government to break any type of end-to-end encryption to gain knowledge of who sent what messages and also get to know its contents. The requirements will also break existing protocols for the deployment of end-to-end encryption that has been built through rigorous cybersecurity testing over the years.
The rules have come at a time when several litigations are challenging the government over its stance on surveillance and privacy. Excessive governmental control over digital news, OTT content and other such areas require much more deliberations and wide-scale consultation with the experts and different stakeholders.
Students Islamic Organisation of India (SIO) demands that the government immediately withdraw these rules and initiate broad-based consultations and deliberations before redrafting them. We further urge civil society to constantly engage in dialogue on the subject of digital privacy and freedom of expression.