Tracing originator of message won’t break encryption: MietY

The Ministry of Electronics & Information Technology (MeitY) has reiterated that its intent to track the first originator of messages of social media intermediaries will not break or weaken encryption.

This was clarified in the frequently asked questions (FAQs) released by Minister of State for MeitY Rajeev Chandrasekhar on Monday. The document explained the nuances of the due diligence to be followed by intermediaries as part of Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

In a question on detection of the first originator of the message in the messaging platforms compromising end-to-end encryption, MeitY has clarified that it is to “obtain the registration details of the first Indian originator of the message”.

“The electronic replica of the message will be shared by the requesting agency along with a lawful order. A typical principle of detection is based on the hash value of the unencrypted message, wherein identical messages will result into a common hash (message digest) irrespective of the encryption used by a messaging platform. How this hash will be generated or stored needs to be decided by the concerned SSMI (significant social media intermediary), and SSMI are free to come up with alternative technological solutions to implement this rule,” the FAQs say.

The FAQs have been prepared in response to general queries received by MeitY, and are limited to Part II of these Rules, which are to be administered by MeitY.

Chandrasekhar said India was one of the foremost countries to harness the power of technology for primarily three objectives — transforming lives of people, creating and expanding economic opportunities by expanding digital economy, and developing capabilities in strategic areas.

This FAQs, consisting of 28 questions, attempt to respond to queries on these rules in a simple and easily understandable manner for a common user and also for intermediaries.

An intermediary with over 5 million registered users in India would be considered an SSMI, according to the rules, which were notified in February and went into force in May.

Expanding on the definition of a social media intermediary, as defined in the original rules, the FAQs said this includes those who facilitate “socialisation/social networking, including the ability of a user to increase their reach and following, within the platform via specific features like “follow”/“subscribe” etc,” “offer opportunity to interact with unknown persons or users,” and have the “ability of enabling virality of content by facilitation of sharing. Virality, in this context, means the tendency of any content to be circulated rapidly and widely from one internet user to another”. Business Standard