“I am keeping a record of everything. You are all being watched. Your activities are being closely monitored.”

(Starting February 5th, Citizen South will be out on Fridays, rather than on the weekend.)

WhatsApp feels the heat in India

WhatsApp, the Facebook-owned instant messenger service and source for family/political gossip and intrigue the world over, continues to find itself in hot water over its new terms of use and privacy policy. As we know, the past few weeks have seen Facebook/WhatsApp face a global backlash after millions of its users discovered that not only will said terms of use and privacy police have to be accepted if they want to continue using the app, but that they will not be able to opt-out of sharing their data with Facebook (which acquired WhatsApp in 2014) come May 15th (it was originally February 8th, but the backlash led to the drastic pushing back of the date).

When WhatsApp first started sharing information with Facebook in 2016, users were able to opt out at that point, with the privacy policy at the time including the following paragraph:

If you are an existing user, you can choose not to have your WhatsApp account information shared with Facebook to improve your Facebook ads and products experiences. Existing users who accept our updated Terms and Privacy Policy will have an additional 30 days to make this choice by going to Settings > Account.

A considerable number of users did* so at the time, and WhatsApp will reportedly still honour that opt-out for said users - but tough luck if you didn’t at the time.

The backlash has been swift, with Signal and Telegram seeing millions of new download - with a tweet by Elon Musk providing a boost - and along with the change in the data sharing date, Facebook has been frantically trying to reassure people (online and via newspaper adverts) that their data and messages will be fine (whatsapp’s end-to-end encryption for messaging, provided by the people behind Signal, will remain in place).

WhatsApp’s faux pas has not gone unnoticed by governments, either, with the Government of India - the nation being WhatsApp’s largest user base at approximately 400 million - calling on WhatsApp to rescind their proposed privacy policy update. In a letter sent to WhatsApp’s Global Head Will Cathart, the Indian Ministry of Electronics and Information Technology said that,

The proposed changes raise grave concerns regarding the implications for the choice and autonomy of Indian citizens. Therefore, you are called upon to withdraw the proposed changes.

This was followed up on January 19th with comments made by Ravi Shankar Prasad, the Indian IT Minister, at a virtual event:

Be it WhatsApp, be it Facebook, be it any digital platform, you are free to do business in India. But do it in a manner without impinging upon the rights of Indians who operate it... the sanctity and privilege of personal communication must be maintained…I know there will be pressure for sharing this (data), but, this is plainly unacceptable, let me be very clear on it.

Rest of World, an online global tech magazine that looks beyond the Global North, looked at the impact on the ground in India, and pointed to comments by Indian tech entrepreneurs and politicians who noted that the new policies do not apply to the European Union (due to GDPR). Digital rights organisations such as India’s Internet Freedom Foundation have urged citizens to move away from WhatsApp is possible, providing information in a variety of Indian languages.

Ironically, Indian businesses - who should in theory be pleased about the proposed policy changes - are also worried. As this tweet and embedded article by Indian journalist Digbijay Mishra points out, it is not usual for businesses to use WhatsApp's business-oriented APIs to contact their customers directly (this is also the case elsewhere in the Global South, including Pakistan), and vice versa, with sensitive information - including eg, bank transfer details - being shared.

This past week also saw Facebook executives answering questions from members of an Indian parliamentary panel regarding the privacy policies and their potential impact on Indian citizens, with the company expected to provide written answers later.

A legal petition against WhatsApp and Facebook over the updated policies, brought before the Delhi High Court, saw the court refusing to issue notices to the companies, arguing that WhatsApp is a “private app” and that people are free to use. January 25th will see the court hear the case in more detail, however, so stay tuned.

As Mishi Chaudhry, the New York-based Legal Director of the Software Freedom Law Center pointed out to Buzzfeed, “If you spent $22 billion acquiring something, sooner or later, shareholders want you to monetize that asset.” The Instagram and Facebook platforms have been able to generate substantial revenue for Facebook - WhatsApp? Nil. The privacy policy and terms of use changes are inevitable in that regard, given that they are designed to make it easier for the app to “become a payment service and a shopping portal, yet another aspect of your life that will be covered by Facebook’s data collection efforts”, according to Devdutta Mukhopadhyay at the Internet Freedom Foundation, interviewed by Buzzfeed for the same report.

To quote digital rights activist Evan Greer, Fight for the Future Deputy Director, Facebook’s “business model is surveillance. Never forget that.”

“Criticism must be constructive”

The Government of India may claim to calling truth to foreign corporate power when it comes to the digital rights of its citizens, but at a local level, it is a different story.

On January 21st, in the eastern state of Bihar, Inspector General of Police Nayyar Hasnain Khan, of the Economic Offenses (sic) Wing, wrote a letter to the Principal Secretaries of all government departments, with the assertion that,

It has regularly been coming to light that certain persons and organisations have been making offensive comments through social media and Internet against government, honourable ministers, MPs, MLAs and government officials as well, which is against prescribed law and comes under cyber crime laws. For this act, it seems appropriate to take action against such organisations and individuals.

Khan, whose division of the police deals with cybercrimes, went on to write that the Secretaries were,

all requested to inform the Economic Offences Wing with details about any such act so that suitable legal action could be taken against those organisations/individuals after investigation.

According to a report by The Hindu, the letter has been condemned by opposition parties with Awadhesh Kumar, leader of the Communist Party of India, asserting that the government is “resorting cybercrime rules to hide corruption charges made against it and also to gag those who raise questions on it”.

Perhaps trying to stave off further criticism, the Additional Director General of Police, according to The Hindu report, tried to ease concerns by telling the media that

Criticism is healthy for democracy but criticism must be constructive and the language used must fall within the norms of decency. This advisory was issued keeping in mind rumours and factually incorrect information involving the use of offensive and defamatory language on social media as these come under punishable IT Act.

The language here has echoes of that uttered by the government and police forces in Indian-administered Kashmir, as I wrote last December. The Internet Freedom Foundation is right in asserting that the letter “will restrict the fundamental right to free speech & expression”, by incurring a potential chilling effect. As indicated in Freedom House’s Freedom on The Net 2020 report, India’s current ranking of 51/100 is a decline from 55/100 - not exactly stellar territory for one of the world’s largest democracies. Although Section 66A of the Information Technology Act 2000 - which criminalises “offensive language” - has been scrapped, the language of Bihar’s IGP shows that the sentiment of cracking down on speech that authorities is still alive and well.

IFF Tracks The Section 66A Zombie

Though regularly ruled to be unconstitutional, the most recent case being by the Indian Supreme Court in 2019, Section 66A of India’s Information Technology Act 2000, continues to live on, with the Internet Freedom Foundation discovering its usage long after the 2015 Shreya Singhal decision.

As a result, on January16th IFF and Civic Data Lab announced the launch of Zombietracker.in, an internet platform that “monitors cases charged under Section 66A of the IT Act”. According to IFF, quoting Apar Gupta and Abhinav Sekhri in their 2018 study, they describe ‘“the continued use of the unconstitutional provision as a “Legal Zombie”’, hence the (admittedly rather cool) name.

At present, the tracker has recorded 1,988 cases registered under Section 66A, with 799 pending, 1,189 disposed and 236 “with judgement”. The website is a fascinating tool for following the afterlife of this piece of legislation, and how it continues to aid the criminalising of free digital expression from beyond the grave.

Nepal: “Even ministers are not immune.”

On January 7th, The independent Nepali magazine The Record published ‘Somebody might be listening’ - a long read that looks at concerns at growing and unchecked surveillance on ordinary Nepali citizens, as well as members of the Nepali parliament. The article and its interviewees point fingers at KP Sharma Oli, the current Prime Minister of Nepal, who dissolved parliament last December 20th and who was kicked out of his own party today, citing two remarks allegedly made by Oli: one during a cabinet meeting in early 2019:

I am keeping a record of everything. You are all being watched. Your activities are being closely monitored.

and another in June of last year:

Don’t forget that there is also a law that allows the tapping of phone conversations. Even ministers are not immune.

According to the article, furthermore,

Fears that the Oli administration could be surreptitiously tapping phones received much more credence on December 29, when Barsha Man Pun, who had just resigned as Minister for Energy, openly alleged that Oli was illegally listening in on the conversations of his rivals in the ruling Nepal Communist Party and leaders of the opposition.

This adds an additional dimension to the article’s discussion about the proposed Special Service Bill, which according to The Record aims to give security expanded powers and would, “among other measures, allow security agencies to tap anyone’s phones without first requiring a court order.” Approved in May 2020 by the Upper House of Nepal’s parliament - but which appears to be in a form of stasis due to Prime Minister Oli’s dissolution of parliament - the bill has come under serious concern due to Article 10 in particular, which, according to The Record,

broadly allows security agencies to collect personal information from private citizens, including conversations, video, and digital communication, over any means of communication, including social media. Article 10 (2) further allows any investigating official to collect this information simply upon approval from the chief of the investigating organisation — not a court of law. 

It is unclear whether Oli’s removal from the (and his) ruling Nepal Communist Party will have an impact on his rule or on whether the Special Service Bill will be advanced, dissolved parliament or not, but it continues an authoritarian trend that critics and former supporters of Oli have pointed to as having developed in his time in office. As The Record article notes,

The constitutional right to privacy has so far prevented private citizens from being surveilled without prior permission. But the Special Service bill could soon change that. 

*To check: go to Settings in the mobile WhatsApp app, and then choose “Request account info”. Once you’ve received the zipped file, open it up in a browser and scroll down to “Data Sharing Opt-Out.”