The popular privacy-focused messaging app Signal is said to have broken India’s new social media and intermediary guidelines. According to the Hindustan Times report, which claims authorities familiar with the situation, the company is also likely to be accountable under the Information Technology (IT) Act, 2021. However, the provision of safe harbour in it is unlikely to apply to it due to non-compliance.
Social media companies with over five million users have been asked to appoint a Chief Compliance Officer (CCO), Nodal Officer, and Resident Grievance Officer to reduce complaints on citizens under the new IT guidelines introduced in the country last month.
According to the report, under the new guidelines, Signal has not submitted the details of a compliance officer with the government. As already noted, the company may lose the safe harbour immunity given by Article 79 of the IT Act if it has not followed the rules (if the companies follow laid rules). In addition, according to the law, a platform such as Signal is immune from punishment when users utilize its platform to share information, even if the content breaches local laws.
The new IT laws include a traceability clause that requires that platforms identify “the first originator of the information” if demanded by authorities for messaging services like WhatsApp and Signal. When Twitter failed to appoint the officials within the specified time, it faced a tense confrontation with authorities, and as a result, it lost indemnity owing to non-compliance. While Facebook has agreed, the company contends that the Ministry’s guidelines will breach WhatsApp’s end-to-end encryption.
Meanwhile, an anonymous government official told HT that Apple’s iMessage “do not fall under the traceability clause since the significant social media intermediaries like messaging services have to comply.”
To provide the Government with the requested data on the originator of a certain communication, a messaging provider that uses end-to-end encryption should breach encryption, making the platform highly vulnerable. When encryption is compromised, it will comply with the guidelines more vulnerable to government overreach and manipulation by criminal entities.