Recently the Government of India set some ground rules on Information Technology which aims to regulate social media and OTT platforms The Guidelines for Intermediaries and Digital Media Ethics Code Rules, 2021 primarily focus upon mediators which are social media sites in a basic sense. The new IT Rules ensures that data is not unlawfully disclosed and that the data should be monitored regularly by adhering to the rule of law. The Intermediary Rules have replaced the Information Technology (Intermediaries guidelines) Rules, 2011 and specified a number of conditions that social media companies like Twitter, Facebook and others had to comply with. Centre has made it mandatory for intermediary social media platforms to identify the originator of unlawful messages and take down such messages in a particular time frame. The government’s new guidelines impose a high level of responsibility on social media platforms in order to achieve safe harbour protection.

What is the need for such rules?

According to the Government of India, these rules were introduced to address concerns such as spreading of fake news, the misuse of social media platforms to post morphed photos of women and content related to pornography. The larger objective was to maintain order, harmony and peace among the general public. Additionally, this was also in accordance with the Supreme Court orders to frame some essential guidelines to curb child pornography videos, rape imageries, videos and sites which showcase such content on their platform.

It is critical that millions of social media users be provided with a proper platform for resolving their issues in a timely way in order to combat social media abuse and misuse. These rules are implemented to give a voice to the others who are subject to abuse. He stated that these companies are operating in India and are following the rules of America which will not be acceptable in India.

The government has claimed that these rules have only been passed for the protection of the people and for the prosecution of an offence related to the sovereignty and integrity of India. These rules were implemented because a huge number of morphed images, pornography videos have become a source of social media and it is due to these specific circumstances that it is imperative that there is a properly framed system to find out the persons, institutions or bodies who are the originators of such content or messages.

Major Concerns Of IT Companies

The Controversial IT rules have been in talks for a long time now and many companies have started to comply with it, yet many large platforms like Facebook, Twitter are still facing difficulties and are working to comply with it without specifying any timeline. These companies have their own concerns. Recently twitter said that “the Indian government may seek to suppress critical and dissenting opinions in India on its platform with these rules.”

WhatsApp also made a statement that these rules may require them to break E2E encryption which will not only affect the Indian users but may have Global Consequences. It also claimed that E2E encryption forms the backbone of the apps providing messaging services and also these companies will have to end their verification process which could have a drastic effect on user’s privacy, this will also make the data vulnerable to attack from hackers.

Protecting the data of users and preventing crimes is a universal priority but preventing the dissemination of child sexual abuse material on internet is also an important goal. All the major Governments around the world demand for weaker encryption by the Tech giants. The five eyes Security Alliance claims the matter to be of public safety and the Worlds Law enforcement agencies are advocating Facebook as the source and solution to all the world’s child pornographic issues.

IT Laws On Tracing Originator in India

According to sub-rule 3 of the rule 5 of Information Technology Rules 2021, “A significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer resource as may be required by a judicial order passed by a court of competent jurisdiction or an order passed under section 69 by the Competent Authority”. This section gives the government the authority to intercept, monitor or decrypt any information from any of the Social Media companies.

However, This rule also comes with its own limitation and states that it can be passed only for the purpose of “prevention, detection, investigation, prosecution or punishment of an offence related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, or of incitement to an offence relating to…” It further states that while complying with an order for identifying the originator the company need not disclose the message or any information related to the originator or its users. The rules also state that if the first originator is outside the territory of India then the person who first received the information in India will be deemed as the First Originator.

Tracking the First Originator is of immense importance not only in India but around the world as the law enforcement agencies have raised major concerns about viral forwarded messages disseminating fake news, hate speech and other inappropriate content. However, every achievement comes with a sacrifice. In the present implementation the new IT rules will make the public data vulnerable to the third parties. And it should be noted that for this too, Government is trying its best to prevent the misuse and have implemented safeguards.

Laws on Tracing Originator Around The World

India is not the first country to regulate social media platforms nor it is the first country to compel such firms to use AI to censor information before getting the Government involved. Almost all the major countries like the US, France and Russia have sought to restrict Encryption.

The Russian Government mandates all the platforms to acquire a license to develop encryption facilities and The Federal Security Service has the authority to force the disclosure of any information required to decrypt encrypted communications. In the United States, decryption is not compulsory but all the telecoms are required to be able to intercept communication and provide them to the Government. France mandates all the companies using encryption services to decrypt the data within 72 hours and provide it to the Government as and when required.

Furthermore, many countries have their own rules and regulations regarding Internet content regulation. For example, Germany has very stringent laws for Internet content regulation. In USA also all electronic communication is regulated by the specified authorities which is governed by a certain set of rules, no doubt are in line with the freedom of speech and expression but they still have control over the electronic communication apps. India is not the only one to put regulations on social media platform, Australia has also proposed to issue a 48-hour mandate by which social media apps are compelled to take down content that spreads hate or any pornographic material, (if ordered to do so by the competent authority). Therefore, one might say that in today’s digital world, Governments aim to set boundaries where freedom does not get converted into ‘excessive freedom’, entailing consequences. This comparative analysis shows that one should not blame the government entirely for this action instead the IT companies should work together alongside the government to reach a middle ground.

Can Traceability Be Achieved Without Compromising End To End Encryption?

Whenever we talk about traceability the question arises as to whether it is possible to trace the first originator without breaking the End-to-End encryption. The Government claims that "The intermediary regulations are not asking for encryption breaking for identification but merely the ability to tag the very first message, which should be possible without actually disclosing the content." But all the previous efforts to provide traceability without breaking end-to-end encryption have been found to be prone to spoofing, in which bad actors can alter the origination information to falsely incriminate an innocent individual. Furthermore, it should be noted the First originator has no influence over who forwards the message, how many times it is forwarded, or where it is forwarded. However, experts are still working in this area and trying to achieve compatibility between the two.

Recently WhatsApp has filed a suit against the new IT rules in the Delhi high court and claimed that allowing the government to track First Originator will be a disaster towards the privacy of every individual on which the government has released a statement stating that they respect the individuals privacy and have no intentions to violate it. WhatsApp will be compelled to disclose the origin of a particular message only when it is required to prevent a serious offence which will attract a jail term of more than 5 years.


The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) rules 2021, might have profound consequences for user privacy and social media platforms. The companies might have to rework their encryption models to trace the originator but it is pertinent to note that the ultimate aim of the government is to punish those criminals who have deemed a threat to National Security or on Harsh Crimes which create a deep impact on the overall well-being of society.

The government has claimed that they have adopted various measures and are working tirelessly to avoid misuse of the information through third-party apps. Hence, we believe that this protest should end and the Social Media platforms should comply with the new IT policy and help the Government in reducing crime and punish the offenders inciting violence through false information. Prior to these rules the IT rule 2009 was enacted which did not have any restrictions on any social media platform but they were not able to maintain enough peace and harmony on the digital platform. This was the reason why the government came up with more stringent laws in the present form. The way-forward in India lies upon the judicial scrutiny of these laws and their acceptance by the IT companies. In the end no matter what is the final decision, the primary concern of both the parties should be to secure citizens online whereby simultaneously protecting their Rights.

Image Source: Inc 42

This article has been authored by Modit Mendiratta And Tanishq Sharma. They are students at Gujarat National Law University, Gandhinagar.