Taking on global tech giants without a backup plan

30th April 2024
Taking on global tech giants without a backup plan

By Anand Parthasarathy

Last week in the Delhi High Court, counsel for the popular instant messaging app WhatsApp said:   if as required under the  Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 [updated as on 6.4.2023] it was compelled by the Indian government  to  trace chats on demand and to do this,  break its end-to-end encryption, that would undermine the user’s privacy and kill Whatsapp’s core value proposition.

No such requirement  exists anywhere in the world, the lawyer added saying “it means millions and millions of messages will have to be stored for a number of years,"

In any case, privacy was Whatsapp’s core value proposition. Worldwide.   The company would rather Quit India  -- and   give up  its estimated   490 million  users,  its largest user base in the world.

"As a platform, we are saying, if we are told to break encryption, then WhatsApp goes."

The challenge to the Indian rules by  Whatsapp’s owners Meta ( formerly Facebook)   was adjourned till August – but  India’s official unease over some of the world’s most  popular social media tools and apps   hangs over her  half a billion or more Internet   users and over a billion  app-hungry smartphone owners like a disruptive cloud.

It has been a continuing series of pinpricks which the government projects as national security priorities and global big tech finds in conflict with individual privacy and freedoms.

Just weeks ago  in February  X (formerly Twitter)  was ordered to  take down  an unstated number of posts  by and on behalf of the farmers protesting in the states of Punjab, Haryana and the national capital, under threat of fines and imprisonment of their officials in India. This was a repeat of the scenario in February 2021,  and X now owned by ElonMusk, complied – under protest: “ We will withhold these  accounts and posts in India alone, however we disagree with these actions’.

More recently in March this year, as I had reported in an earlier column, came a government order, that all generative AI models, including ChatGPT-like Large Language Models (LLMs) if deployed in India would need official permission – an instant reaction to the response provided by Google’s Gemini AI tool to a question: Is (PM) Modi a fascist?  Since Gemini had other rough edges,  it admitted to the tool being a work in progress and got away with a figurative rap on the knuckles.

In the case of Apple, its interfaces on behalf of its consumers have been somewhat nuanced after some governments reportedly  objected.  Apple periodically sends alerts to its iPhone and other Apple device users when it perceives a threat to them. This is Apple's way of alerting and helping users who may have been targeted by state-sponsored attackers.

Earlier this month,  it sent out  another   alert in some 90-plus countries  warning select  Apple device owners that  the attackers are likely targeting these individuals because of who they are or what they do, and advises them on how to protect themselves, including activating the ‘Lockdown Mode’ feature on their iPhones.  In an earlier instance in October last, Indian media reported that some prominent politicians and journalists who had been thus warned, found that their phones had been infected with Pegasus, a spyware crafted in Israel and said to be sold only to governments.

Here is the interesting part: This time Apple substituted the phrase “state sponsored attackers” with “mercenary hackers”. The Hindu in its report suggested that the change came after a report of pressure from Indian the   government   to give authorities deniability for any hacking attempts on political leaders, journalists and activists who may have been alerted.

Sorry,  no VPN here
Even as far back as 2022, India introduced into law a requirement that services offering Virtual Private Networks or VPNs must store the related user data for five years. This was to include such things like user name, email ID, phone number, the IP address used, the subscription details including time, duration and usage patterns.

 VPNs have become a very common privacy feature in both consumer and enterprise Internet and many net security subscriptions bundle it with other services like anti-virus. Making information like this available to the government would violate the very purpose of using a VPN – and unsurprisingly, rather than comply, all international services which offered VPNs, withdrew them entirely from India-based customers and for good measure uprooted their servers and relocated them outside India.   At a stroke, hundreds of millions of Indian users were denied a key privacy and security feature. Just to give one example: if you own a Samsung phone it comes with built-in VPN. But it won’t work as long as you are in India.

 

What is the precise security threat perception of the Indian government and whether it indeed warrants rules and requirements hardly in force elsewhere is a topic for another day. The point I would make is this:   Even with data and Internet markets among the biggest in the world, it is unrealistic to expect global players to scoop out and throw away key unique selling  propositions of their products, just so they can operate in India. 

China has banned Whatsapp and Google and X/Twitter and got away with it, you say? True, but they had their homegrown Chinese language alternatives in positions of strength -- before they killed the competition. For Whatsapp, they had WeChat; for Google, it was Baidu and when Twitter was banned, the Chinese just moved to Weibo.   Though privacy or security was not a factor, that other biggie, Amazon, just folded its tent and left China in 2019 – because the Chinese overwhelmingly patronised their own e-comm site, Alibaba.

 

Will Whatsapp make good on its threat to leave India if ordered to break its encryption? Will Elon Musk oblige   willingly or otherwise, the next  time he is asked to take down X posts in India?   Too soon to tell.

But for the land which boasts of having invented aspects of statecraft  and codified them  at the hands of Kautilya aka Chanakya as far back as the 4th century BCE,  one lesson  stays true – from ArthaShastra to MBA:  When you take a corporate duel to  the point of destruction, have a backup plan.