- Social Media

Aadhaar and Social Media | It’s a delicate balance between security and privacy

Representational Image

Vikram Koppikar

The ongoing tussle between Aadhaar linkage and privacy now boasts of a star cast bigger than a Bollywood blockbuster. The latest parties to hop aboard are social media giants Facebook, WhatsApp and the Madras High Court.

On August 19, the Supreme Court of India (SC), continued hearing of the matter relating to the inter-linking of social media accounts with Aadhaar numbers. Facebook, in a petition to the SC, had requested the transfer of similar cases pending with Madras, Bombay and Madhya Pradesh High Courts to the apex court.

This case had originally been filed in 2018 as a PIL by Antony Clement Rubin and Janani Krishnamurthy that sought an identity proof as mandatory for the purpose of authentication while obtaining any e-mail or user account. Rubin, an animal rights activist, filed the petition when he received derogatory messages on his social media profile due to his involvement with the Jallikattu Monitoring Committee.

The petitioners had put forth rationale such as “curbing cybercrime” and “intermediary liability” in filing such petitions. However, Justice S Manikumar of the Madras High Court dismissed these notions while reiterating findings in the Aadhaar judgment, which held that Aadhaar linkage with social media would be a privacy breach.

What remains as the key issue of the debate is the “traceability” of social media posts or forwards, given that companies such as WhatsApp proclaim end-to-end encryption of messages shared using their platform, thereby circumventing any hope of traceability. The petitioners have enlisted views of IIT Madras Professor V Kamakoti, who has put forth a report on how the traceability conundrum can be handled. Prof Kamakoti, in his submission to the court has suggested that traceability can be achieved without undermining WhatsApp’s end-to-end encryption. The petitioners have countered Prof Kamakoti’s findings and a detailed debate is awaited in further hearings.

The demand for traceability, it appears, is not limited to this ongoing judicial tussle. The Intermediaries Guidelines (Amendment) Rules] 2018 propose traceability obligations on the intermediary. Rule 3(5) of such guidelines state: “(5) When required by lawful order, the intermediary shall, within 72 hours of communication, provide such information or assistance as asked for by any government agency or assistance concerning security of the State or cyber security; or investigation or detection or prosecution or prevention of offence(s); protective or cyber security and matters connected with or incidental thereto. Any such request can be made in writing or through electronic means stating clearly the purpose of seeking such information or any such assistance. The intermediary shall enable tracing out of such originator of information on its platform as may be required by government agencies that are legally authorised.”

Compliance with the “tracing” requirements of this clause will require doing away with the encryption benefits of message providers such as WhatsApp. In August 2017, a nine-judge SC bench in K S Puttaswamy versus UOI (Union of India) (the privacy judgment), held the right to privacy as a fundamental right guaranteed under the Constitution of India; and the proposed tracing requirements appear to contravene such judgment.

The United States’ Patriot Act, enacted in 2011, provide far-reaching powers of investigation to government agencies with a view to curbing terrorism. The Act contained provisos for National Security Letters, a subpoena (without clearance from a judge) issued upon an Internet/telecom service provider, requiring it to allow access to the subject’s telephone and e-mail records.

In 2004, the American Civil Liberties Union (ACLU) filed a lawsuit, contending unconstitutionality of the NSL provisions (18 U.S.C. § 2709). The lawsuit contended that the section prohibited the subject of such subpoena from being notified and was a violation of his First and Fourth amendment rights under the US Constitution. The court granted the plaintiff’s motion, agreeing that the NSLs violated the Fourth Amendment because their use “effectively bars or substantially deters any judicial challenge to the propriety of an NSL request”.

Traceability requirements as debated under the lawsuit and as proposed under the draft guidelines suffer from the same lapse as in the above-mentioned proviso of the Patriot Act — There is no obligation upon the service provider to inform the creator of the message of any investigative action, thus breaching the creator’s privacy. It remains to be seen how this potentially landmark judgment will handle the delicate balance between privacy and national interests.

[“source=moneycontrol”]