The world is moving toward an era of ‘digital spheres’, which is more technologically connected than earlier periods of human history. Among the countries that have increasingly been connected, India has emerged as having amongst the fastest and largest internet users in social and digital media, inevitably being part of the Digital India initiative of the Government of India (GoI). The impact of the COVID-19 pandemic saw an increase in digitization activities across the world, one which has seen an exponential rise in India as well. An important facet of this ‘digitalization drive’ is the cons that emerge with it, especially the implications on the (cyber)security of a nation, and (data)privacy of its citizens.
The report by the Committee of Experts under the Chairmanship of Justice B. N. Srikrishna titled A Free and Fair Digital Economy Protecting Privacy, Empowering Indians found that the intrusions and breaches to privacy have serious implications on economic, social or physical damages, not just for the individual, but for the country as well. Why should citizens forego the right to privacy, established in India during the Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors. in 2018, and thereby enshrined in the Indian Constitution? What do India and its citizens gain to forego the rights established through the Supreme Court of India judgement to a company like Facebook with an international record of privacy violations? The US Senate hearings on 2016 elections focused on dealing with similar problems, viz.a.viz. The Cambridge Analytica incident and the impact on the democratic process due to access, use and monetization of citizen data by private companies and actors.
Besides identity theft and other related cybercrime against individuals, this can (and have in many cases) lead to threats of cyberwarfare, cyberespionage and cyberterrorism-related activities, creating challenges to the country. The prominent target of cyberattacks often focuses on the vulnerabilities in critical national infrastructure (CNI), including dams, power grids, banking sector, healthcare, energy sector, IT and other sectors. At times, ‘national security advocates’ have often argued that ‘the privacy argument’ is a fluke, and doesn’t necessarily impact the nation. But this has been changing ever since nations have increasingly realised the need and demand for cyber sovereignty and data residency.
An important challenge is the largely unprotected data of citizens (and the country) accessible to foreign multinational companies, agencies and/or rival nation-states. An important lesson in the aftermath of the US elections 2016 and the Cambridge Analytica incident is the threat from psychological warfare tactics and techniques on Indian electoral voters. This will increase the instances for destabilization of the whole nation, and in turn, will have serious national security implications. When the country is increasingly becoming vulnerable to the threats of cyberattacks and data incursions from foreign nation-states, digital radicalization, and cyberterrorism, the potential dangers of a foreign company like WhatsApp determining the use of data of Indian citizens are unlimited. This can be a potential tool by external forces to destabilize the nation.
Alternatives to WhatsApp
An important alternative that has emerged recently to WhatsApp is the Signal app. It was suggested as an alternative by major players and stakeholders in the field, like Elon Musk (Tesla and SpaceX), Edward Snowden (Whistleblower), Jack Dorsey (Twitter chief). Signal was developed by Moxie Marlinspike and supported by Brian Acton, the WhatsApp co-founder, who left WhatsApp due to an issue with the monetization model followed by his former company. The developers of Signal ensured that it was open-source and non-profit, making it a viable alternative to WhatsApp. An emerging argument that Facebook can buy Signal after it has enough customers doesn’t apply here. This is mainly because any (potential) buyer company cannot copyright anything that is open-source. Further, multiple alternatives can be created using open-source.
Additionally, another app that has become increasingly prominent in the market is the Telegram app. There have been mentions about secret chat features of Telegram, one which has also been put forth as a good option to keep your privacy intact. Though, the normal chat options of Telegram seemingly doesn’t seem to have as many security-cum-privacy privileges as Signal. A major hindrance to the use of these apps, it seems, is the need to popularize them. WhatsApp has a huge market in India, an estimated 300 to 400 million users, which is very hard to capture in a short span of time. Many other private apps that are considered a good alternative for WhatsApp include Discord, Bridgefy, Kik, Snapchat, Skype, Keybase, Viber, and Threema.
An alternative to WhatApp has emerged with the release of SANDES, an instant messaging application by the Government of India (GoI), on 19 March 2021. It is currently limited to users verified by the GoI and yet to be open to the public. The app, also displayed as the Government Instant Messaging System (GIMS), was developed by the National Informatics Centre (NIC) and the Ministry of Electronics and Information Technology (MeitY) of the GoI. According to the app, the privacy and data policy of the app is determined by the existing rules and regulations in India, though it is yet to be tested in the public. Currently, the app is integrated with NIC email, DigiLocker and e-office. It is an important step taken under the Digital India Programme, Make in India and Aatma Nirbhar Bharat. Unlike WhatsApp, the login option provides flexibility in using either mobile number or email, and the transfer of multimedia and files are much larger than that is available with WhatsApp. It has similar characteristics, especially features related to encryption and privacy of that of the Signal app, and is expected to be open to the public.
The Way Forward
This is a huge relief, with respect to all the concerns coming through various social media platforms with #WhatsAppprivacypolicy #privacy #dataprivacy etc., one which has been seriously examined by the government. Currently, the GoI should particularly focus on the positive directions and steps to take, with a long-term view on the implications as well. The directions (reported) so far, as within a democracy, in this case, is line with the public opinion. Currently, all company- and business users, based- and located in India have informed its users not to use WhatsApp to share, discuss or transfer company details, information or secrets amongst or within itself, as this could be problematic. India should bring forth a policy similar to GDPR, or through upcoming STI policy or independently.
There is a need to have WhatsApp India established to store, manage and deal with any data located in/from India. This can protect cyber sovereignty, data residency, privacy and security issues; and is in line with Supreme Court directions under the Puttuswamy case. Further, a nation-wide awareness initiative, currently through the National Digital Literacy Mission and other literacy campaigns, should increasingly focus on data privacy, security and protection. A stern action in that direction, one which is pro-privacy and pro-security, will have a (positive) impact on the country, socially, economically and more important politically, within the physical and digital world.