Lawsuit says controversial new laws are unconstitutional and violate the right to the preservation of privacy
The WhatsApp legal challenge is the latest escalation of a battle between big tech companies which have a huge and growing user base in India Photograph: Sajjad Hussain/AFP/Getty Images
The Guardian-Hannah Ellis-Petersen in Delhi
WhatsApp has sued the Indian government over new internet laws which the company says will “severely undermine” the privacy of their users.
The new IT laws, which have been described as oppressive and draconian, give the Indian government greater power to monitor online activity, including on encrypted apps such as WhatsApp and Signal. They were passed in February but were due to come into effect on Wednesday.
Under the laws, encryption – which keeps communications on the app private and inaccessible to outside parties – would have to be removed from WhatsApp in India and messages would have to be put into a “traceable” database. The government would then be able to identify and take action against the sender if any content was ruled “unlawful”.
The move marks one of the first times that WhatsApp, an encrypted messaging app owned by Facebook, has filed a lawsuit against a national government. The company has also clashed with the government in Brazil over similar privacy concerns which led to the service being shut down multiple times.
WhatsApp, which has more than 400 million users in India and is a fundamental tool of communication across the country, said it would not store the data of its users and infringe their privacy. The company filed a lawsuit in the Delhi courts on Wednesday on the basis the new laws are unconstitutional and a violation of citizen’s right to the preservation of privacy, as mentioned in a 2017 supreme court ruling.
“Some governments are seeking to force technology companies to find out who sent a particular message on private messaging services. This concept is called ‘traceability’,” said WhatsApp in an online statement. “WhatsApp is committed to doing all we can to protect the privacy of people’s personal messages, which is why we join others in opposing traceability.”
The legal challenge is the latest escalation of a battle between big tech companies which have a huge and growing user base in India, and the Indian government, led by the prime minister, Narendra Modi, which has brought in increasingly heavy-handed measures to regulate the online sphere, which is seen as a space for dissent.
In a petition heard in the Delhi high court on Wednesday morning, a lawyer for WhatsApp said: “A government that chooses to mandate traceability is effectively mandating a new form of mass surveillance.
“In order to trace even one message, services would have to trace every message. There is no way to predict which message Indian government would want to investigate in the future.”
In a strongly worded response, the Indian government called the WhatsApp lawsuit a “clear act of defiance” and accused the company of a last-minute “unfortunate attempt” to prevent regulations from coming into effect.
The government denied any constitutional infringements, calling the laws a “reasonable restriction” on the right to privacy. The ministry for information and technology said that widely circulated WhatsApp messages had led to riots and lynchings in the past, and so it was in the “public interest that who started the mischief leading to such crime must be detected and punished … Hence the role of who originated the message is very important.”
This is not the first time tensions have arisen between WhatsApp and the Indian government. In 2019, the finger was pointed at the Modi government after WhatsApp claimed that Indian journalists, scholars and activists were among users targeted with spyware which meant their personal information could be accessed remotely.
WhatsApp alleged that NSO Group’s software had been used to target the users and filed a lawsuit against the Israeli firm in the US. NSO Group has previously denied the claim and has said it ought to be immune from such lawsuits because its clients are foreign governments and it is they which are responsible for deploying the software.
The company has argued that its government clients are only meant to use its technology against terrorists and criminals, and it is not privy to who is targeted by its surveillance tools. The Indian government has denied any responsibility.
On Wednesday, the government wrote to all social media companies operating in India and demanded a response on how they were complying with the new IT laws.
The Modi government has already clashed repeatedly with Twitter, demanding that the site remove anti-government tweets related to the farmers’ protests earlier this year and more recently tweets which criticised the government’s handling of the pandemic.
Twitter has complied with some requests and made certain posts unavailable to view inside India, but refused to comply with others. Facebook and Instagram were also recently instructed to remove anti-government posts mentioning coronavirus, on the basis they could cause “panic”.
Under the new IT rules, social media companies have to remove content within 36 hours of a legal order and have to appoint an Indian-based “compliance officer” to deal with any complaints. The laws also apply to online media, and have been described as further muzzling of the media in India.
On Monday, the Delhi police, who are under the control of the home ministry, arrived at the empty Twitter offices in Delhi late at night in what was initially described as a “raid”. It was later clarified as a legal notice being served to the company, after a tweet by a politician from the ruling Bharatiya Janata Party (BJP) was labelled as “manipulated media”. The tweet was of a document which evidence had shown was faked.