Telecom Regulatory Authority of India (TRAI) recently recommended that over-the-top (OTT) players like Facebook, WhatsApp, Google, Viber, Telegram etc. do not need to be brought under any form of regulatory framework, will in no way stop the government from drafting intermediary guidelines and data protection laws aimed at governing them.

This is significant because the intermediary guidelines would make it mandatory for apps like WhatsApp to trace the origin of messages if they create law and order problems.

Officials said that the TRAI recommendations only relate to an aspect of regulatory framework which deals with licensing, payment of any statutory charges to the government, and provision for legal interception, areas which would have brought them on a par with telecom operators.

Intermediary guidelines and data protection laws are areas where the content part comes under some sort of regulation, which is quite different from the areas on which the TRAI has submitted its recommendations, officials said.

On September 14, the TRAI had submitted its recommendations regarding OTTs which ruled out bringing them under any form of regulatory framework, stating that market forces should be allowed to respond to the situation.

The regulator also rejected the need for any regulatory interventions in respect of issues related with privacy and security of OTT services at the moment, adding that market developments need to be monitored and if required an intervention can be made at an appropriate time.

Officials said this was in the context of the issue flagged by the telecom operators some five-six years back demanding that OTTs be brought under a regulatory framework under what they called “one service one rule”.

The government would continue to demand and put in laws under which OTTs like WhatsApp need to provide the tools to trace the origin of messages. Such provisions would be incorporated in the intermediary guidelines that are currently being formulated.

Though messages on WhatsApp are end-to-end encrypted and cannot be read by WhatsApp, the company can trace the origin of the messages through source code. Source codes are used in mobile phones and e-mail networks to trace messages. While in phone networks it is called call data record, in e-mails it is called internet protocol data record (IPDR).

“Every message, be it via SMS, e-mail, or WhatsApp, has a source code and a destination code, and can be traced via it. This can happen without breaking either the encryption or privacy policy,” a technology expert told the news source.

However, for such traceability there needs to be a domestic entity that is bound by local laws mandating how long the data needs to be stored by the company concerned. Currently, there’s no policy on local data storage and for what time period data needs to be stored when it comes to OTTs.

Traceability is required in cases where messages create law and order problem, communal hatred, etc. In such cases the law enforcement agencies need to find out from where a notorious message originated to take appropriate legal steps.

The government is also in the process of formulating an overall data protection law that would lay down specifically what kind of data is to be stored within the country. This exercise would continue and not be impacted in any way by the TRAI recommendations.