The public has until 31 January to comment on a draft set of rules in India that could result in big changes to online security and privacy.
The Indian government published the draft Information Technology [Intermediary Guidelines (Amendment) Rules] 2018, also known as the “Intermediary Rules” for public comment.
When it comes to the Internet, intermediaries are companies that mediate online communication and enable various forms of online expression.
The draft Intermediary Rules would change parts of the Information Technology Act, 2000 (the “IT Act”), which sets out the requirements intermediaries must meet to be shielded from liability for the activities of their users. The draft rules would also expand the requirements for all intermediaries, which are defined by the Indian government and include Internet service providers, cybercafés, online companies, social media platforms, and others. For example, all intermediaries would have to regularly notify users on content they shouldn’t share; make unlawful content traceable; and deploy automated tools to identify and disable unlawful information or content, among other new requirements.
Here’s some more background:
- News reports are citing a number of concerns about the draft rules. Ours centers on their potential impact on the use of encryption.
- Encryption is the process of scrambling or enciphering data so it can be read only by someone with the means to return it to its original state. End-to-end encryption is the most secure form of encryption available, in which only the sender and intended recipient can read the message.
- Although you might not realize it, you rely on encryption every day. It protects you while you browse the web, shop online, use mobile banking, or use secure messaging apps.
- By requiring the deployment of automated tools to identify and disable unlawful information or content on their platforms, the proposals in the draft Intermediary Rules could require intermediaries to break their end-to-end encryption or otherwise risk becoming liable for the activities of their users.
- This weakens the technology meant to keep our private information private. That means it’s easier for anyone, anywhere, to access our stuff. And, with all intermediaries impacted by this decision, end-to-end encryption it’s not just messaging applications like WhatsApp or Signal affected, but also secure Voice over IP (VoIP) services, some cloud storage services, and much more.
- We believe strong encryption is critical to the Internet and should simply be how things are done. We’re working to ensure encryption is available for everyone and it becomes the default.
If you want to make your voice heard on these draft rules, now is the time. The deadline to submit comments to India’s Ministry of Electronics and Information Technology (MeitY) is 31 January to:
- gccyberlaw[at]meity[dot]gov[dot]in
- pkumar[at]meity[dot]gov[dot]in
- dhawal[at]gov[dot]in