OTI Calls on Indian Government: Don’t Put Citizens’ Privacy at Risk

This week, the Indian Ministry of Electronics and Information Technology (MeitY) is expected to formally adopt amendments to its intermediary guidelines for internet communication providers. These new rules would require online platforms to monitor the content of users’ private communications and remove any content deemed illegal. Such a requirement could make access to strong encryption a near impossibility for Indian internet users, and would have broad-reaching repercussions across the internet.

Just last week, we joined (in our personal capacities) nearly thirty other cryptography and security experts in sending an open letter that addresses our concerns with the potential impact of the new MeitY guidelines. In March 2019, the Open Technology Institute also helped organize a letter on the topic on behalf of an international coalition of civil society organizations, following a call for public comments by the Indian government. We hope that MeitY will carefully consider the concerns raised in both letters.

As the letters explain, strong encryption is fundamentally important for the modern commercial internet. Encryption is what enables the integrity and security of business transactions, and plays a central role in protecting the cybersecurity of all of our devices and the services we use every day. Governments also rely on encryption daily for their own communications, and to protect the multitude of online services they provide to their citizens.

End-to-end encryption, in particular, is of vital importance to Indian citizens. Hundreds of millions of Indian internet users make use of end-to-end encrypted services every day to connect reliably and securely with family and friends, and to do business with colleagues around the world. Providers of end-to-end encrypted services cannot see or access the content of their customers’ private communications. These services enable people to have confidence in the privacy of their communications, as well as the identity of the participants in the conversation. However, by forcing intermediary providers to monitor the content that passes through their systems, the proposed amendments would make this sort of confidence impossible. Providers will be forced to create encryption backdoors, or otherwise weaken the security of their infrastructure to comply, and the days of truly encrypted communications will be over.

Concerns about encryption are not the only ones raised by these new regulations. As our March civil society coalition letter explained, the amendments also threaten freedom of expression. Others in civil society have outlined the potential burden the amendments would place on non-profit services, and the extent to which they would chill innovation in the booming Indian tech market. Therefore, regulatory changes with such a broad possible range of impacts deserve careful consideration.

Finally, as the world’s largest democracy, India is in a unique position to lead the world in responsibly addressing concerns about online content without threatening strong encryption or the human rights it helps to protect. We hope that MeitY will consider this important leadership role in their work.

Given the wide-ranging impacts of the proposed regulations, we encourage MeitY to proceed carefully and in dialog with interested stakeholders in India and around the world. We respectfully call on the Ministry to seek a delay in the promulgation of the regulations, and to release a new draft of their proposal for further comment and discussion.