The move to regulate OTT apps has surfaced all over again — raising privacy concerns at a time many of these apps have tightened encryption protocols to deter any invasion. Two years ago, Trai said there was no need to regulate these apps.
In a report as late as Sept 2020, Trai had concluded no regulatory interventions were required in respect privacy and security of OTT services at the moment. The regulator said market forces may be allowed to respond to the situation without prescribing any regulatory intervention.
However, developments shall be monitored and intervention, as felt necessary, shall be done at appropriate time. But the department of telecommunications (DoT) has now asked the Telecom Regulatory Authority of India (Trai) to come up with a framework to regulate OTT communication apps such as WhatsApp, Signal and Google Meet, which offer free voice amid messaging services using the mobile data of telecom operators.
Privacy experts have said any content interception — data and voice — would have to be within the framework of the Constitution. Telecom operators have been pressing for “same service, same rule” ahead of the launch of 5G services. A telecom player has to meet the service quality prescribed by Trai, otherwise there are fines and other regulations: this has been the bone of contention as free voice calls and messages over the internet at times clog the telecom player’s network.
N. S. Nappinai, Supreme Court advocate and founder of Cyber Saathi, said: “If the regulation limits itself to non-content data gathering it may still not impact privacy negatively provided of course that due process is mandated for any form of access.” “Any attempt or regulations warranting content interceptions have to carry very high thresholds for prior permissions and proportionality,” she added.
Karnika Seth, cyber law expert, said: “Any rules the DoT makes will have to be scrutinised so that it does not violate the right of privacy of citizens upheld as a fundamental right in Justice K.S. Puttaswamy case. Also drafting the same ought not to transgress into a domain which falls within Meity (Ministry of Electronics and Information Technology) scope of power to make rules.”
“While logs of IP and user account may be shared for identification of a user in cases being investigated, encrypted content therein may not be available technically or legally. The drafting of such framework will have to be within the confines of privacy law in the country.”
Experts said the regulator in its recommendation of 2020 had endorsed encryption technologies. “Imposition of any requirements to get the details of communication in an intelligible form or clear text would either lead to change in the entire architecture of such OTT services which might not provide same level of protection as offered today or would require to introduce provisions which may make the agents involved in the communication vulnerable to unlawful actors,” Trai said.
“No regulatory interventions are required in respect of issues related with privacy and security of OTT services at the moment,” the telecom regulator said. In 2008, the DoT has sent back a recommendation of the Trai on internet telephony for review. The issue was again raised by the telecom operators in 2016-17, with net neutrality discussed by the regulator and the government. However, the government did not impose any restriction on call and messaging services.
The telecom industry has been demanding a level playing field between the OTT players and themselves saying the free voice and messaging services through the internet impact their revenues. Analysts pointed out that there should be a single convergence act to regulate various services such as OTT messages and voice calls, DTH and OTT content.