If WhatsApp Doesn't Regulate Itself, Parliament May Have to Step In

WhatsApp needs to go beyond cosmetic fixes. One option is to exclude it from the immunities under Section 79 and fasten strict liability for content transmitted on its services.

In the words of a wordsmith on Twitter, the argument of those defending WhatsApp for the fake news-inspired lynchings sounds eerily similar to the Americans defending their right to bear arms.

Simply put, “WhatsApp doesn’t kill people, people do”. The only logical conclusion to this argument is that WhatsApp is not to blame for the misuse of its services by those responsible for the lynching of at least 25 people. The solution according to them is that the government should focus on improving law enforcement. The concern of those defending WhatsApp is that any attempt to regulate the platform will lead to an erosion of privacy that the service currently offers.

While these people do have a point, it is also necessary to understand that lynchings are only the most visible aspect of the fake news epidemic on WhatsApp. As more Indians use WhatsApp, the problem of fake news is going to become much more complex. The effects of such an epidemic are not completely understood since the world has never experienced the spread of fake news on an encrypted service that governments cannot crack.

WhatsApp encryption service

At the core of the debate is WhatsApp’s seemingly impenetrable end-to-end encryption which ensures that even WhatsApp cannot monitor communications on its services. For privacy activists, encrypted communications services have tremendous social value in a country like India where the law does not afford Indian citizens strong privacy rights in the face of mounting mass surveillance.

The flip side of encryption is that it is a convenient device for companies, like WhatsApp, to evade any accountability while at the same time allowing them to reap profits. Encryption allows service providers to legitimately claim that they have no actual or constructive knowledge about the content being transmitted on their services thereby insulating them from legal liability. That argument does have legal merit but the question that Indian policymakers must debate is whether such a position in law is the most appropriate public policy for a country like India where millions are getting on to the internet for the first time and when it is amply clear that reform of police forces is a long-term project expected to take decades?

Legal liability and immunity

Traditionally under tort law, a person offering a new product or service is liable for flaws in the product or the manner in which it is used provided that the person selling such a product or service has either real or constructive knowledge of the flaws or possibility of misuse of the product. For example, if a manufacturer makes a new car and the car has an accident because of a design flaw, the manufacturer can be held liable for damages and perhaps criminal negligence.  

As a matter of public policy, the law can carve out certain immunities from legal liability. A recent example of such immunity is the Civil Nuclear Liability Act, 2010 where parliament capped the liability of nuclear service providers to 300 million SDR, even if the damage caused by a faulty reactor is much higher. Similarly, service providers like airlines have their liability capped for lost luggage or accidents that cause death. The logic of liability caps is to reduce financial risk of certain businesses in order to make them more viable in a manner that benefits society. Lower risk means lower insurance premiums which means lower fares for consumers.  

Liability of communication services

In the context of communication products and services, the equation is slightly more complicated.

Postal services and telephone service providers are not expected to conduct surveillance on their customers but then again these are personal communications between individuals and ones that can be easily surveilled by the government. Internet platforms like Facebook, YouTube and Twitter are on a different footing because the information posted by users on these platforms is publicly visible and are not private in any sense. This means the administrators have knowledge of the information that they are hosting and that triggers legal liability for illegal content. However, these platforms have limited legal immunity in the form of Section 79 of the Information Technology Act. As enacted, Section 79 offered these platforms legal immunity if they took down content within a period of 36 hours of being informed.

As I’ve explained earlier in these pages, the Supreme Court has given these platforms more immunity than allowed by parliament and it is time for the parliament to step in and restore the balance.

WhatsApp is very different from these existing platforms. It started off as a personal messaging service between individuals before graduating to “group chats” consisting of 256 people. To that extent, WhatsApp is now a mass communication service and not just a personal messaging service. The law has never treated personal communication services on par with mass communication services, be it newspapers, cable TV, direct-to-home broadcasting or the internet. In the case of mass communication services, the law has always had some form of regulation either ex-ante or ex-post or usually a combination of both because mass communication services have real potential to cause public disorder. An example of such regulation is the broadcast licences required by television and radio stations within India. Any act that may be in violation of the law could result either in private lawsuits before the courts or executive sanctions for violating the terms of the licence.

While services offered over the internet have not been subject to ex-ante regulation, Section 79 and judicial blocking orders are a form of ex-post regulation. Therefore, regulating mass communication services is not without precedent.

Since WhatsApp has literally chosen to look away from its content by encrypting it and not saving messages, the only option open to parliament is to exclude it from the immunities under Section 79 and fasten strict liability to WhatsApp for content transmitted on its services regardless of whether the service had any knowledge of the content it was carrying. This would not be an exceptional move since the doctrine of strict liability is not new to Indian law. Such liability standards are affixed to those handling hazardous material or in cases of criminal law, to those found in possession of prohibited substances under the NDPS Act. The strict liability doctrine was created precisely for these situations where proving knowledge or intent is close to impossible.

Hoisting such liability on WhatsApp will have consequences in that the service will be forced to either redesign its system in a manner that requires it to track messages, while protecting privacy or alternatively, cease to offer its services for Indian users. The latter is unlikely to happen given that the company is planning the rollout of a payment service that will earn it potentially billions in future revenue.

The challenge thus is to balance privacy as a legal right with other competing interests, such as the rights of the victims. Even the Supreme Court in its recent privacy judgment has been categorical that the right to privacy is not absolute and the state may curb privacy to maintain public order. This is a matter for parliament and it would be odd if India let WhatsApp get away with laughable tweaks such as a ‘forwarding tag’ or promises to educate Indians on fake news.

If the private sector refuses to regulate itself, parliament will have to step in and regulate it.  

Prashant Reddy T. is an assistant professor at the National Academy for Legal Studies and Research (NALSAR), Hyderabad and is co-author of Create, Copy, Disrupt: India’s Intellectual Property Dilemmas (OUP)