Encrypted chat app Signal is also likely to be liable under the Information Technology Act and the provision of safe harbour in it is unlikely to be applicable to it due to the non-compliance, they added
End-to-end encrypted messaging application Signal is not in compliance with the new social media and intermediary guidelines, officials aware of the matter said. The privacy-focused app is also likely to be liable under the Information Technology Act and the provision of safe harbour in it is unlikely to be applicable to it due to the non-compliance, they added.
The officials said the app, developed by the Silicon Valley based nonprofit Signal Foundation, has not shared the details of a compliance officer with the government under the new guidelines.
Signal is a significant social media intermediary as it has over five million users in the country.
The new guidelines also mandate such as Signal and WhatsApp to share the details of the first originator of a message. WhatsApp has challenged the clause related to the new guidelines saying it is at odds with end-to-end encryption.
“Signal has not complied with the guidelines. Services like iMessage do not fall under the traceability clause since the significant social media intermediaries in the nature of messaging services have to comply,” said an official, requesting anonymity.
HT reached out to Signal for comments but did not receive a response immediately.
At least eight parties have contested the new rules in several high courts, saying they are beyond the scope of the Information Technology Act they have been formulated under.
Twitter, too, has faced off with the government over its failure to comply with the new guidelines. The guidelines mandate social media companies to appoint compliance officers, nodal officers, and grievance redressal officers.
Signal became the most downloaded on the Apple App Store in March as WhatsApp faced privacy concerns. It was one of the most downloaded apps on Google Play Store on Monday.
Namrata Maheshwari, Encryption Policy Fellow, Access Now, a digital civil rights organisation, said Signal cannot comply with the traceability requirement without weakening end-to-end encryption. “For example, Signal’s end-to-end encryption currently has a privacy-enhancing feature called ‘forward secrecy’ which ensures that the chain of a message on its platform cannot be tracked.” Maheshwari said if Signal is forced to change its service to comply with “these unlawful, disproportionate rules”, it would undermine privacy and security for its many users in India. “The main problem remains that these rules contain an unclear mandate on messaging services to facilitate surveillance that undermines encryption and enables potential misuse and selective application–which are concerns now being adjudicated by Indian courts.”