CHAPTER 5: CONCLUSION AND SUGGESTIONS

5.1 Conclusion

Technology Law is a new and growing field with a massive potential which will bring new opportunities and solutions on the table, like significantly reducing the cost and time of administration of justice, and the reduction in the justice gap.1 A great example of this India is the “Tele-Law programme” by Department of Justice.2 It is an effective and reliable e-interface and pre-litigation mechanism. It aims to connect needy and marginalized persons, in need of legal advice, through Para Legal Volunteers with Panel Lawyers via video conferencing/ telephonic facilities.

We started this journey by knowing how many internet users are here in India, and how many of those use a smartphone. The number of smartphone users and daily active internet users are increasing in India day by day. Every day, more and more people are using the internet, but the laws which are required to protect those internet users are lacking.

Through this paper, we understood the importance of the Right to Privacy, we understood how it is in danger, and how does the violation of the Right to Privacy is a human rights issue.

In Chapter 2 we also studied the evolution of privacy laws in India, and for this, we relied upon various court judgements. Then in the next chapter we understood how social media companies and Big Tech companies use our personal data for their profits, and we also studied the disadvantages of this current business model, where an individual's personal data is the raw material. At the end of Chapter 3, we explored various privacy respecting alternatives which we can use to claim our digital rights and protect our online privacy. We also learned how we can combat misinformation and fake news.

In Chapter 4 the researcher mentioned various laws related to right to privacy and technology around the world and in India. In this chapter, the researcher mainly covered the following countries; USA, Germany, United Kingdom, Spain, and India. The researcher also compared these laws and explained how governments in these countries intercept our personal communications. Through this, we learned the various legal mechanisms around the world and learned how they work.

In India a law was enacted called the Telegraph Act, 1885, this law regulated the procedure on how the government agencies can intercept the communications of the people, and how the agencies can tap their phone calls. The privacy implications which arose were dealt in People’s Union for Civil Liberties v. Union of India case.3 In this case, the Supreme Court of India ruled that telephone tapping is a serious invasion upon an individual’s privacy. However, lawful interception can be carried out under certain circumstances mentioned in the wiretapping provision. This kind of law interception has to be carried in conformity with certain guidelines, which will act as a check on indiscriminate wire-tapping by the law enforcement agencies. It also directed the government to make rules and procedures for carrying out lawful interception of communication. In addition to that, it also laid down the basic guidelines for such interception.

As per the procedure, a review committee is required to review the orders to intercept the communication of the people regularly. However, RTI reports show that this is generally not the case, and because the review committee is not doing their job properly, the privacy and liberty of the people are at risk. The lack of action by the review committee results is unregulated and unlawful actions by the authorities.

Then in the year 2000, the government enacted the Indian Information Act, 2000. Over the following years, the Act was amended with the current requirements of the time.

The Indian Information Technology Act, 2000 deals with the issues relating to payment of compensation (Civil) and punishment (Criminal) in case of wrongful disclosure and misuse of personal data and violation of contractual terms respecting personal data. This Act does have a provision to punish offenders who disclose private information, which is a good sign. However, there will be no data which can be leaked, if there is no data collected in the first place. In Chapter 4 the researcher highlighted the questionable and less than ethical business models of some Big Tech companies. These companies collect an enormous amount of data from their users, and they do this legally. The users of these services accept the terms and conditions and the privacy policy of their companies before using their services or products. Very few read those terms and conditions and the privacy policy before signing up for a service. Occasionally, the terms and conditions and the privacy policy are written in vague terms on purpose.

Last year when WhatsApp changed their terms and conditions and the privacy policy, many people questioned the change and raised their voices, many started to leave WhatsApp and started joining other messaging platforms.4 Signal and Telegrams were the two apps which gained maximum amount of WhatsApp refugees. For Signal, the load on their servers were so much that their servers crashed for a day.

The exodus that took last year shows how much the current generation values their privacy and is willing to take steps to protect it. However, it was not enough because this mass shift only sent WhatsApp to its damage-control mode. WhatsApp postponed its policy update (so most people forgot about it again), and released a blog post explaining how user privacy is important to them. WhatsApp's users even saw a status message from WhatsApp of a banner explaining the users ‘how private and secure WhatsApp is’. WhatsApp also responded with advertisements in the local newspapers claiming that WhatsApp respects user privacy.

With this research, the researcher intend to understand few important topics as mentioned in the first chapter under the heading “Objective of the Study”. Over the duration of this entire research, the researcher was able to achieve those objectives. This research paper explains the meaning of right to privacy, studies the evolution of privacy laws in India, how companies exploit user data and how misinformation affects our society and lastly how to protect our digital rights.

5.2 Suggestions

Companies use vague terms all the time, which as a result confuses the public, and they are never questioned about it. Our laws are falling behind and are allowing big companies to exploit the public. Apart from vague terms in their terms and conditions and the privacy policy, companies also use dark patterns to confuse users and to exploit them. There is no law in India which regulate terms and conditions and the privacy policy of the companies, and which also ban the use of dark patterns. But first understand the vague language used in terms and conditions and the privacy policy of the companies, and for this let us take WhatsApp as an example.5

5.2.1 Does WhatsApp Protect And Secure Your Personal Messages? Let’s Find Out.

1. We can’t see your personal messages or hear your calls, and neither can Facebook: Neither WhatsApp nor Facebook can read your messages or hear your calls with your friends, family and co-workers on WhatsApp. Whatever you share, it stays between you. That’s because your personal messages are protected by end-to-end encryption. We will never weaken this security, and we clearly label each chat, so you know our commitment.6

In theory, WhatsApp chats are end-to-end encrypted. WhatsApp, Facebook, or anyone in between, cannot read your messages. I say ‘in theory’ because there is no way of proving that. WhatsApp is a closed sourced proprietary software. A closed source software can be defined as a proprietary software distributed under a licensing agreement to authorised users with private modification, copying and republishing restrictions.

In simpler words, the source code is not shared with the public for anyone to look at or change. Closed source is the opposite of open source. Thanks, Wikipedia! So, we can’t know what is going on behind the code. It is also quite likely that there is a backdoor in the WhatsApp source code, leaking all your sensitive data to governments, hackers, advertisers and the highest bidders.

Even with the encryption in place, and assuming that it’s not a scam, WhatsApp regularly asks its users to make a security copy of their chats in the cloud, a copy that, by the way, is not encrypted and is indeed examined by, for example, Google Drive. So, like the Pompeii inhabitants, we are having our mistakes frozen and analysed forever.

This is why we should use an open sourced software.

2. We don’t keep logs of who everyone is messaging or calling: While traditionally, mobile carriers and operators store this information, we believe that keeping these records for two billion users would be both a privacy and security risk, and we don’t do it.

This is hard to believe. Isn’t WhatsApp collecting ‘metadata’ (that too, unencrypted) on its users?

Metadata is data about your actual data.7 It can be used to know a lot about you, like;

  1. With whom you’ve been in contact, when and where.

  2. When you are awake and when you go to sleep.

  3. Which doctor you go to.

  4. To whom you write a lot and to whom not at all.

  5. When you are at work.

  6. When you are sick and, when and where you go on a vacation.

From this type of data, WhatsApp/Facebook can create a profile about you, which they can sell to advertisers.

3. We can’t see your shared location and neither can Facebook: When you share your location with someone on WhatsApp, your location is protected by end-to-end encryption, which means no one can see your location except the people you share it with.

That’s true because everything you share is protected by end-to-end encryption. Nobody can read your messages except the recipient. This does not mean that WhatsApp or Facebook cannot collect your location data.

WhatsApp and Facebook cannot see your ‘shared location’. But both of them can see your current location because it’s as easy as looking at the signal of your mobile phone and finding out where it is coming from.

4. We don’t share your contacts with Facebook: When you give us permission, we access only the phone numbers from your address book to make messaging fast and reliable, and we don’t share your contacts lists with the other apps Facebook offers.

WhatsApp does not share your contact lists with other apps Facebook offers,” and
“WhatsApp does not share your contact lists with Facebook.”

There is a difference between the two statements, a clear example of vague language to confuse people on purpose.

5. Groups remain private: We use group membership to deliver messages and to protect our service from spam and abuse. We don’t share this data with Facebook for ads purposes. Again, these personal chats are end-to-end encrypted, so we can’t see their content.

Groups remain private, really? A bug discovered on WhatsApp said otherwise. Over 400K, private WhatsApp group invite links are exposed to search engines.8 Your WhatsApp groups may not be as secure as you think they are.9

5.2.2 Dark Patterns

Deceptive design patterns (also known as “dark patterns”) are tricks used in websites and apps that make you do things that you didn't mean to, like buying or signing up for something. When you use websites and apps, you don’t read every word on every page – you skim read and make assumptions. If a company wants to trick you into doing something, they can take advantage of this by making a page look like it is saying one thing when it is, in fact, saying another. You can defend yourself by learning about deceptive design.10

If you’re an Instagram user, you may have recently seen a pop-up asking if you want the service to “use your app and website activity” to “provide a better ad experience.” At the bottom, there are two boxes: In a slightly darker shade of black than the pop-up background, you can choose to “Make ads less personalized.” A bright blue box urges users to “Make ads more personalized.”

There’s now a growing movement to ban dark patterns, and that may well lead to better, more thoughtful consumer protection laws and technology laws. It is important for India as well to keep their laws updated with time and new technology. Dark patterns have for years been tricking internet users into giving up their data, money, and time. But if some advocates and regulators get their way, they may not be able to do that for much longer.11

Dark patters are defective by design, and yes, it is a design problem. The way software programmers or companies design their services or products can fall into any of the two categories. Good design and bad design. Dark patters are an example of bad design, they are intentionally designed to confuse users, or to make them do something without their knowledge. In contract law, there are few essentials elements which are required in an agreement to make it a valid contract. One of those essential elements is 'free consent'.

Section 14: ‘Free consent’ defined. Consent is said to be free when it is not caused by:"

  1. coercion.

  2. undue influence.

  3. fraud.

  4. misrepresentation.

  5. mistake.

Now, if we see the definition of fraud, as given in section 17 of the Act. As per section 17 (4) a fraud is any act fitted to deceive, and dark patterns are, in fact, deceiving people. Let us understand dark patterns with the help of some examples, and we will see if they are deceiving or not.

1. Confirmshaming

Confirmshaming is the act of guilting the user into opting in to something. The option to decline is worded in such a way as to shame the user into compliance. The most common use is to get a user to sign up for a mailing list, and it is often found in exit intent modals and other pop-ups. In the screenshot below, Google uses confirmshaming to discourage users from opting out.


image.png

Fig 5.1: An example of confirmshaming.13

2. Disguised ads

Adverts that are disguised as other kinds of content or navigation, in order to get you to click on them. Softpedia is a popular software download site. One of their sources of revenue is display advertising. They often run advertisements that look like a download button, tricking users into clicking on the ads rather than getting the thing they wanted. In the screenshot below, the real download link is at the top left of the page. The disguised ads are highlighted in red.

image.png

Fig 5.2: An example of disguised ads.14

3. Hidden terms

In this example, you can see a hidden checkbox.