As the Delhi High Court begins reviewing petitions against the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Internet Society (ISOC) has published a detailed report analysing the 'traceability' requirement within these regulations.
The report assesses its potential impact on digital security, businesses, individuals and the national economy. A key point of contention in the IT Rules 2021 is the mandate for major social media platforms that provide messaging services to implement traceability measures.
This requirement obliges them to identify the original sender of messages, particularly on platforms that utilise end-to-end encryption (e2ee), such as WhatsApp, Signal, and iMessage.
ISOC's report highlights various challenges related to traceability. It discusses how proposed solutions, including the Kamakoti proposal, hashing techniques, and metadata analysis, could compromise encryption, thereby jeopardising the security of e2ee communications.
The analysis also addresses concerns regarding user privacy, particularly for individuals who depend on secure messaging, and how traceability could clash with privacy expectations in encrypted environments.
Furthermore, ISOC points out potential security and technical hurdles, such as the management of sensitive data and the practicality of the suggested solutions. The report delves into the legal and technical complexities of digital attribution, emphasising the difficulties in ensuring accurate identification while safeguarding security and privacy.
The implications of traceability for various user groups and businesses are also examined, especially in sectors where secure communication is vital. ISOC stresses the importance of understanding the broader effects of the digital economy and the trust users place in online services.
