The government and Big Tech need to meet halfway

India’s new IT minister, Ravi Shankar Prasad, has warned social media companies against misuse of their platforms for terrorism and communalism. The statement highlights a divisive debate between national security advocates and privacy proponents. A balanced approach is needed, with tech companies and law enforcement agencies moderating their stances to ensure both security and privacy.

This article was first published in The Mint. You can read the original at this link.

In one of his first statements while taking office as the new IT minister of the country, Ravi Shankar Prasad warned social media companies that they would do well to take steps to prevent their platforms from being misused for acts of terrorism and communalism. He acknowledged the need to protect freedom of speech and expression, but was at pains to point out that all freedoms come with reasonable restrictions. While the message was clear, the statement, in its apparent dichotomy, represents one of the most divisive issues in the internet policy space today.

Ranged on one side of the debate are advocates of national security who point out that terrorists, anti-national organizations and criminals use the internet to communicate with each other, and that unless law enforcement agencies have the ability to listen in on these conversations, they simply will not have a chance to prevent these crimes from happening. At the very least, they argue, these agencies will need access to records of past conversations in order to be able to investigate crimes that have occurred and gather the evidence needed to put the perpetrators behind bars.

Opposing this point of view are the privacy advocates, who say that security is almost always just a justification that the government uses to violate personal privacy, pointing to numerous examples of the excesses committed by law enforcement agencies to prove their point—from the use of surveillance powers to spy on past and present spouses to going on wild fishing expeditions to dig up dirt on those with whom their political superiors had an axe to grind. They argue that even when requests are made pursuant to legitimate security concerns, they tend to be framed in sweeping, over-broad language requesting more information than is actually necessary.

Both sides have a point. No right, however fundamental, can ever be unfettered. And yet, fetters, when applied too tightly, choke freedoms to the point where they become utterly meaningless. If we were to have any chance of finding a resolution, both sides are going to have to come down from the extreme positions to which they are currently holding fast.

For their part, internet companies need to acknowledge that while most of their subscribers use their platforms for legitimate purposes, there are many who take advantage of the anonymity that their services provide to commit heinous crimes. Even though the communications services that these companies offer help preserve the fundamental liberal values on which our society is based, it is not acceptable for them to simply turn a blind eye to the atrocities committed using the infrastructure they provide. As responsible organizations, they must continuously work to find ways to limit the misuse of their platforms, instead of simply throwing their hands up at every law enforcement request they receive by citing privacy as a get-out-of-jail-free card.

Law enforcement agencies, on the other hand, need to acknowledge that, no matter how serious the offence, they are operating in a constitutional democracy and even when it comes to tracking down heinous criminals, there are some lines they cannot cross. They have to stop thinking of privacy as a minor inconvenience that can be conveniently overlooked in the interests of bringing criminals to book—especially when it comes to invoking broad surveillance powers that impinge upon the fundamental rights of thousands of innocent people. This means that they need to consciously limit the information requests they make to only that information which is necessary and proportionate in the context of their investigation. Not only would this be in line with international standards, it is what the Supreme Court in its nine-judge Right to Privacy judgement has required them to do by stating that the violation of an individual’s privacy is only permissible if necessary and proportionate.

Does this mean that some criminal elements will be able to continue to use these new technologies to evade the long arm of the law? Perhaps it does. But that is a price that we, as a society, have agreed is worth paying in order to ensure that the privacy of innocent individuals is not sacrificed unless absolutely warranted.

Both sides have come to the debate with valid points. However, there can be no lasting solution to this problem unless they both are willing to back down from their present publicly-held positions. Large technology companies will need to be more responsive to the legitimate requests of law enforcement agencies, providing them information rather than giving them the runaround. It is possible that, at times, this could conflict with their obligations under the laws of their home jurisdiction, or the other countries in which they operate, but there needs to be a genuine effort to find solutions that work.

Indian law enforcement agencies, on the other hand, need to get out of the habit of making broad requests designed to hoover up as much information as possible in the hope of finding useful data. Instead, they must start appropriately moderating their information requests, seeking only limited information for specific and clearly articulated purposes. This will require education—particularly among the rank and file of the investigation agencies—and that education must necessarily be encouraged from the top. One hopes that even in the early days of its tenure, the IT ministry goes about setting the right example.