21st Aug 2024 New Delhi, Delhi, India As the Delhi High Court starts hearing the writ petitions filed against the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules 2021), the Internet Society (ISOC) has released a comprehensive brief that analyzes the ‘traceability’ mandate contained in the IT Rules 2021, and its implications for digital security, businesses, people, and the national economy.
One of the most contentious aspects of the IT Rules 2021 is the requirement for significant social media intermediaries offering messaging services to implement traceability measures, compelling them to identify the first originator of messages, particularly on platforms utilizing end-to-end encryption (e2ee) like WhatsApp, Signal, and iMessage.
ISOC’s brief addresses several challenges associated with traceability. It discusses how proposed methods like the Kamakoti proposal, hashing, and metadata analysis could weaken encryption, affecting the security of e2ee. The brief also examines the impact on user privacy, especially for those relying on secure communications, and considers how traceability might conflict with privacy expectations in end-to-end encrypted environments.
Additionally, ISOC highlights potential security and technical challenges, including the handling of sensitive data and the feasibility of the proposed solutions. The brief further explores the legal and technical complexities of digital attribution, noting the difficulties in ensuring accurate identification while maintaining security and privacy.
The brief also considers how traceability could affect different user groups and businesses, particularly in sectors where secure communications are critical. ISOC emphasizes the importance of considering the broader impact on the digital economy and user trust in online services.
Neeti Biyani, Senior Advisor – Policy and Advocacy states, “India is witnessing rapid digitization and a significant expansion of its digital economy. In this context, people, businesses, and the administration need more security—not less. The traceability requirement in the IT Rules 2021 impacts security, confidentiality, cost, citizens’ rights, commercial trust, and investment—and may prove ineffective when deployed at scale. The government must lend its support to robust security standards.”