[This is the second part of a two-part post analyzing the Draft Indian Telecommunication Bill, 2022. It is authored by Intisar Aslam, a second-year student at National University of Study and Research in Law, Ranchi. This first part can be found here]
Decryption: Preventing Cyber Frauds or Invading Privacy?
The Draft Bill requires OTT Communication Services platforms such as WhatsApp, which are end-to-end encrypted, to obtain licenses and decrypt the transmitted messages as and when the government requires. This is plausible as the Draft Bill mandates the government to decrypt messages in the interests of the “sovereignty, integrity, and security of the nation.” Such a provision will enable the government to obtain and read any information or messages transmitted between two or more people or organizations. Another sharp attack on encryption is through Sections 4(7) and 4(8) of the Draft Bill. The provisions state that the licensed entity shall have to “unequivocally” identify its users and disclose such identity to the receiver of the message sent by any user. Although this provision is a long-awaited step to prevent cybercrimes, it is an unwarranted attack on the security and privacy of every user. This is synonymous with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 that came into force last year which provided for tracing the first originator of content on a social media platform.
Further, the Draft Bill stipulates that these OTT Platforms shall have to obtain Know Your Customer (KYC) details of their customers in order to continue using their services. Thus, the users shall be subjected to the threat of invasion of their privacy from both sides: The Government may intercept the messages, and there arises the possibility of sharing KYC details with third parties by any OTT Platform. The State action, in furtherance to these provisions, shall also be incongruent with the Proportionality Test laid down in the K.S. Puttaswamy v. Union of India. It stated that “an invasion of life or personal liberty must meet the threefold requirement of legality, which postulates the existence of law; need, defined in terms of a legitimate State aim; and proportionality which ensures a rational nexus between the objects and the means adopted to achieve them.” In the present case, the government claims that furnishing KYC Details to the OTT Platforms is to achieve one of their objectives of ensuring cyber-security and to recognize the user. Here, the aim of the government may be legitimate, however, as a whole, it fails to pass the test of proportionality as a rational nexus cannot exist when the furnishing of KYC Details to the OTT Platforms poses a grave threat to the privacy of the users. Thus, the means adopted to ensure cyber security (the object) are not suitable. This would rather contribute to data theft in the digital world.
Therefore, it is a lose-lose situation for consumers and, hence, these provisions are not only in violation of Article 21 and Article 19(1)(a) of the Indian Constitution, but are also grossly inconsistent with the democratic principles of the country. The Data Protection Committee of Experts, headed by BN Srikrishna, had also pointed out the dire need for the enactment of legislation and judicial guidelines on surveillance. However, the Parliament has adopted a one-size-fits-all approach in drafting the Telecommunications Bill.
The Telecom Regulatory Authority of India: Regulatory or Recommendatory in Nature?
The Telecom Regulatory Authority of India (“The TRAI”) is a statutory body established in 1997 under Section 3 of the Telecom Regulatory Authority of India Act, 1997 (“The TRAI Act”). The intent and purpose of the said Act were to set up a body that could “regulate,” promote, and ensure the growth of the telecom sector of India. On the contrary, the Telecommunications Bill seeks to provide wide-ranging powers to the government concerning licenses, registration, and authorization. Section 3(2)(a) read with Section 3(1) of the Draft Bill provides “exclusive privileges” to the government for the issuance of licenses for rendering telecommunication services. In addition to this, Section 3(2)(b) and Section 3(2)(c) places the power of registration and authorization, for telecom infrastructure and wireless equipment respectively, in the hands of the government. Earlier, the TRAI was equipped with the power to issue licenses to such companies providing telecommunication services.
Secondly, the Draft Bill removes the statutory mandate on the government to furnish information and documents sought by the TRAI for making recommendations. The government, when dissatisfied with the recommendations made by the TRAI, shall no longer be required to send back the recommendations for reconsideration in terms of any modification or alteration. Therefore, the Draft Bill completely dilutes the power given to the TRAI under Section 11(1) of the TRAI Act. It is evident that, with the “reforms” brought in the Draft Bill, the TRAI has been reduced to a mere “recommendatory body” or a ‘Telecom Recommendatory Authority of India’. Thus, it is on the verge of becoming a defunct authority to a major extent. To revive it, a whole new attire must be given to it in the form of an independent regulatory body. Firstly, the appointment of the chairperson and other members of this body must be free from the control of the Central Government. Secondly, as discussed above, the independent committee to oversee the Internet Shutdown must be set up as one of its wings. The independence of TRAI and the Chairperson will not only ensure that there is lesser corruption but will also prevent the government from misusing its powers. Thus, to regulate and flourish the Telecom Sector of India, TRAI 2.0 is the need of the hour.
Conclusion
The Draft Bill on Telecommunications is a welcome step in numerous ways – spectrum assignment back to the government in case of bankruptcy of a telecom company, repeal of archaic legislation, designation of the new purpose of the Telecommunication Development Fund (TDF), etc. However, certain provisions of the Draft Bill are in stark violation of the Indian Constitution, civil rights and liberties, and the democratic principles of the country. The OTT Communication Services, especially WhatsApp, are the linchpin of the Digital Economy and Telecom Sector. The telecom sector contributes to 8% of the total GDP in India. To subject them to licensing may have serious repercussions including but not limited to stifling innovation, growth of the economy, GDP, and FDI inflows, eventually harming the aims of Startup India. The efforts of enacting the Bill as legislation would be fruitless if it addresses one concern and simultaneously gives rise to another. To conclude, India must take a leaf from the European Union’s General Data Protection Regulation (GDPR) by adopting a comprehensive data protection framework to address these gaps.