Digital Sovereignty

Photo:SNS


Hearing a petition seeking restoration of a doctor’s blocked WhatsApp Messenger account, a Supreme Court Bench comprising Justices Vikram Nath and Sandeep Mehta recently advised her, “There’s this indigenous app called Arattai…use that. Make In India!” These judicial remarks, seemingly casual, reflect a deeper concern about India’s digital sovereignty. “Arattai,” Tamil for “conversation,” is a Made-in-India messaging app hosted on Indian servers. It gained popularity following endorsements from senior Cabinet Ministers and has now crossed one crore downloads.

For over a decade since the era of chargeable Short Message Service (SMS), global platforms have monopolised our private conversations, expanding from text to multimedia messages and even video calls, all for free; Some say there is no free lunch. Foreign-hosted apps pose a critical legal issue for Indian users, public servants in particular. When they communicate through these servers, they may risk violating the Public Records Act, 1993. Section 4 explicitly prohibits “taking out of India any public records of the Government,” including digital records. Section 9 even prescribes imprisonment of up to five years for such violations. Few have been charged, and the practice remains widespread.

The National Informatics Centre (NIC) launched Sandes as an indigenous alternative, but it has not gained much traction among the general public. At the heart of modern messaging is End-to-End Encryption (E2EE), which ensures a message is encrypted on the sender’s device and decrypted only by the recipient, protecting data both in transit and at rest. WhatsApp (about 3 billion Monthly Active Users (MAUs)), Apple’s iMessage (1 billion MAUs) and Signal (70 million MAUs) apply E2EE by default.

Snapchat (432 million MAUs) uses E2EE for 1:1 ‘Snaps’ (photos and videos), but not text messages. Telegram’s chats are server-encrypted, readable by the platform, except “Secret Chats.” X (237 million MAUs), Facebook Messenger (1 billion MAUs), and Instagram DMs (part of Insta’s 3 billion MAUs) are rolling out default E2EE. E2EE is like locking a box containing a few rupees with a golden lock; the protection often exceeds the value inside. Even a casual “good morning” message receives military-grade encryption. Championed by privacy advocates as a cornerstone of digital freedom of expression, E2EE has become a double-edged sword. Criminal messages also get this protection, whether it is someone harassing a woman by sharing her intimate image or video without consent, or coordinating extortion. This prevents law enforcement from intercepting communications in real-time or decrypting stored messages, even for serious crimes like digital fraud, terrorism, and sexual exploitation. Technology-Facilitated Gender-Based Violence (TFGBV) has surged.

In April, in Varanasi, a 19-year-old woman was allegedly raped, filmed, and blackmailed with threats of social media circulation, leading to her gang rape by 22 others. In June, a Kolkata law college student faced similar threats of her assault videos being circulated on social media to coerce her from reporting a sexual assault. Platforms with E2EE react only when a user files a complaint, post-crime. Though WhatsApp’s reactive model led to 99.67 lakh accounts being banned in January alone, this approach is not preventative. By contrast, YouTube uses AI and human oversight to proactively detect and remove objectionable content quickly. The Supreme Court had earlier ordered review of obscenity regulations for social media and OTT platforms, in a PIL filed by Uday Mahurkar and others, in April. This raises a crucial question: does absolute, unqualified privacy serve the public interest?

Arattai responds with a balanced encryption middle ground. Voice and video calls use E2EE, but text messages and media do not. Indian law is evolving to address the challenges. The Information Technology Rules, 2021, require platforms to remove unlawful content swiftly and to trace the “first originator” of such content. Telegram recently agreed to provide user data (IP addresses) in response to legal requests. However, WhatsApp is challenging in the Delhi High Court the “traceability” mandate. Further, the Digital Personal Data Protection Act, 2023, to be enforced soon, grants citizens the “Right to be Forgotten.” The Data Protection Board can order erasure of personal data, with fines up to Rs 50 crore for non-compliance. E2EE platforms face a fundamental challenge here, as they cannot erase any specific content. Their only recourse is to block an account, to prevent future sharing. This is now part of a global debate.

The USA’s “Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks (Take It Down) Act,” the UK’s Online Safety Act, and the European Union’s proposed “Chat Control” law are pushing for similar measures to scan even E2EE content. Platforms often boast about sender privacy but neglect the privacy of the recipient. Read receipts, features like blue checkmarks or “Seen” labels let senders know when their messages have been read. They come at a cost, creating an expectation of immediacy. A culture of instant replies has emerged, creating a constant, low-grade anxiety and an implicit demand to stay perpetually alert. This serves the commercial interests of platforms, which are designed to keep users glued to screens. The typing indicator is a classic example. Snapchat offers no option to disable read receipts. WhatsApp provides a setting to turn them off, but only for 1:1 chats, not for group messages, where senders can always see who has read their messages.

This creates a sense of surveillance, especially in work environments where employees may feel obligated to respond at all hours, undermining work-life balance. Even family members may feel hurt when a message is read but not immediately answered. The slower, more forgiving pace of email and SMS, where same-day or next-day replies were the norm, has now been replaced by an expectation of instant reply.

The right solution is offered by Signal, a non-profit platform. Its read receipts setting, when disabled, applies universally to all chats, 1:1 and group, helping users reclaim some autonomy. It is time for the commercial social media platforms, including Arattai, to rethink read receipts and let users opt out of the guilt and urgency these features quietly impose. Arattai is a step toward building an indigenous communication ecosystem that is both lawful and humane. India’s pursuit of digital sovereignty calls for a thoughtful balance between privacy and public safety.

(The writer is a transparency and equality advocate and author. The opinions are personal)