“We believe there is no need for a licensing framework for Internet-based services, including modern communication services. Any licensing framework for Internet-based services will stifle innovation and growth, and raise significant barriers to entry—especially for startups and independent apps,” the Global Encryption Coalition’s Steering Committee said in response to Telecom Regulatory Authority of India’s (TRAI) consultation on the regulation and selective banning of online communication platforms.
One of the key ideas explored in this consultation paper was that of licensing communication apps and bringing them under the regulatory framework to promote a competitive landscape for the benefit of consumers and service innovation. However, based on what the Global Encryption Coalition’s Steering Committee says, it would accomplish the opposite.
What is the Global Encryption Coalition?
The Global Encryption Coalition is an organization that, “promotes and defends encryption in key countries and multilateral fora where it is under threat. It also supports efforts by companies to offer encrypted services to their users.” Its steering committee includes the Center for Democracy & Technology, Global Partners Digital, Internet Freedom Foundation, Internet Society, and Mozilla.
Licensing would lead to disruption of services:
Licensing would impose a very heavy regulatory burden on internet-based services, the steering committee says. It argues that if a licensing regime is imposed internet companies would have to ensure that their licenses are maintained and up to date. So if the license isn’t up to date, platforms wouldn’t be able to provide their services. Thus, licensing would “impact user accessibility and could potentially cause disruption of services, thereby resulting in significant economic losses and a fractured business environment in India.”
End-to-end encrypted (e2ee) platforms can’t be regulated like telcos:
Under the Indian Telegraph Act 1885, which telecom companies have to comply with, the government can intercept messages transmitted or received by any telegraph. If the same regulatory framework is applied to communication platforms, they would be expected to allow government interception of messages, just like telcos. To this, the steering committee argues that e2ee services provide distinct services and serve separate purposes from telecommunication services and shouldn’t be regulated the same way as telcos currently are. “Providers of e2ee services cannot decrypt and access the contents of the communications they carry,” its submission states.
Article continues below , you might also want to read:
“Lawful interception’ of messages is not only impossible on e2ee platforms but is also incompatible with e2ee–since service providers themselves cannot access the communication between sending and receiving parties,” the steering committee says. It explains that e2ee communication platforms could pull out of India if the regulatory regime does not protect this method of securing communications.
“It would not be a surprising result, considering the withdrawal of Virtual Private Networks (VPNs) from India such as Nord, Proton, Surfshark etc. following the onerous CERT-In Directions released in 2022,” its submission mentions. It argues that unless the regulatory regime recognizes the impossibility of intercepting e2ee messages providers would be compelled to weaken security or not offer e2ee services at all. The steering committee explains that several businesses in India are built on e2ee services like WhatsApp and that if e2ee services are asked to weaken their defenses or stop encryption, it “would be detrimental to the safety, security, privacy and livelihood of users, businesses, and governments worldwide.”