Mayday Alert: 14 mobile apps banned, no blocking order released. #WhatTheBlock

In May 2023, 14 mobile apps that provided end-to-end encrypted and peer-to-peer messaging services were reportedly banned. Reasoned blocking orders and a pre-decisional hearing were reportedly not provided to these apps. IFF filed a series of RTI applications to seek more information.

tl;dr

On May 1, 2023, it was reported that 14 mobile applications (apps) that provided end-to-end encrypted (E2EE) messaging services, enabled peer-to-peer (P2P) messaging, etc., were banned purportedly on the basis that they were being used by terrorists in Jammu & Kashmir (J&K). A subset of these apps are open source applications. News reports indicate that reasoned blocking orders and a pre-decisional hearing were not provided to these 14 mobile apps. Denial of these rights violates Shreya Singhal v. Union of India and  Section 69A Information Technology Act, 2000 (IT Act, 2000). Moreover, ambiguity exists around the territorial scope and extent of the ban, as it is unclear if the ban is applicable and enforceable across India or just in J&K. Complete and absolute bans on mobile apps are a disproportionate restriction on the right to freedom of speech and expression. In efforts to advance transparency, IFF filed a series of Right to Information (RTI) applications with the Ministry of Electronics and Information Technology (MeitY), Ministry of Home Affairs (MHA), and J&K police to obtain the blocking order, an exhaustive list of the banned apps, and to seek more information regarding it.

Background

As per media reports, following a recommendation by the MHA, the Union Government instructed service providers to ban 14 apps under Section 69A of the IT Act, 2000. The applications were purportedly blocked as they were being used by “terrorists and their supporters to communicate with their on-ground workers (OGW) in J&K”. In the absence of a blocking order, there isn’t enough authentic information to clarify if the ban is applicable and enforced throughout India, or is just limited to the jurisdiction of J&K, as suggested by some media reports (link, link). It was also stated in a media report that J&K Police officials had initially recommended the popular messaging platform Snapchat as the 15th app for the ban, but the MHA and the MeitY ultimately did not ban it.

The following table compiles the list of these 14 apps,  mentions the type of service provided by them (E2EE, P2P, open source), states the approximate numbers of app downloads as per the data available on the Android App Store, and mentions the country in which the app is based. Of the 14 blocked apps, 7 are E2EE messengers, 9 have had over 1 million downloads so far, and 5 are based in the United States. Upon hearing of this ban, we reached out to our community to assess the scope of the ban as well as to determine if the apps were accessible. Based on the anecdotal information received by us, it seems that the apps were accessible and working, although we expect that this could change depending on how and when the orders are enforced.

S. No.

Apps

Type of service provided

Approximate number of downloads as per the data available on Android Play Store

Based 

1.

IMO

Messenger

1B+

United States

2.

Zangi
(Secret Phone Inc)

E2EE
Messenger


10M+

United States

3.

Wickr Me (Amazon/ AWS hosted)

E2EE
Messenger

10M+

United States

4.

MediaFire

Messenger

10M+

United States

5.

Second line

(Dingtone Communications)

For a secondary phone number 

5M+

United States

6.

Element
(New Vector Limited)

E2EE Messenger, open source

1M+

United Kingdom

7.

Threema (Paid)

E2EE
Messenger, open source

1M+

Switzerland

8.

Briar
(Briar Project)

P2P
Messenger, open source

1M+


9.

Nandbox

Messenger

1M+

Canada

10.

Enigma

E2EE
Messenger

100K+

China

11.

SafeSwiss

E2EE
Messenger

100K+

Switzerland

12.

BChat
(Beldex International)

Messenger

100K+

Seychelles

13.

Crypviser

E2EE
Messenger

10K+

Germany

14.

Conion

Messenger, TOR based

10K+

United Kingdom


Reactions on the app bans

The banning of these 14 apps, several of which provided essential services such as encrypted or P2P platforms for messaging, sets a very worrying precedent. Such a ban, ordered in the absence of any hearing or blocking order, denies users the right to use these services. This may not only affect the day-to-day tasks and livelihood of users, but also restrict access to such services for users who rely on them for secure communication. These users may include journalists, activists, whistleblowers, etc.

On May 05, 2023, encrypted messaging platform Element released a statement on their website, sharing their displeasure with the Ministry’s decision to block their company. As per their statement, Element did not receive any prior notice of the decision to ban the app. The UK-based company speculates that the lack of a representative in India led to the approval of Element’s ban. They assert that they never compromise on end-to-end encryption or user privacy, and have even responded to the Indian authorities, in a “constructive fashion”, in the past. The company also endorses the encrypted nature of its app, stating that undermining E2EE is “an attack on people’s basic human right to privacy and security of communications”. The company expressed its inclination to engage with the Indian Union Government to resolve this situation, in a way that respects their users’ and company's commitment to secure and private communications.

The Free Software Community of India (FSCI) – a collective of FOSS users and developers – has also released a statement, recording their displeasure with the banning of P2P open-source messaging apps Briar and Element. FSCI stated that the supposed reason for the ban is the reported lack of and the inability to contact the representatives in India, for seeking more information as is mandated by the Indian law. FSCI noted that this reported rationale behind the ban points to the Union government’s limited understanding of how P2P software and federated apps function. The community stressed the vital role played by these apps in facilitating communication during disasters and also pointed to its common use in workplaces for communication purposes. Referring to the existence of numerous anonymous alternative apps that terrorist organisations can utilise to fulfil their objectives, FSCI underlined that banning these apps is unlikely to achieve its intended purpose.

Blocking apps without a hearing

It appears that none of the mobile applications were provided with a blocking order or hearing. The failure to issue a blocking order severely compromises the fairness of the process, while also depriving individuals of their right to challenge the exercise of power under Section 69A of the IT Act, 2000. The constitutional validity of Section 69A and the Information Technology (Procedure & Safeguards for Blocking for Access of Information by Public) Rules 2009 (Blocking Rules, 2009) was upheld in Shreya Singhal v. Union of India, on the condition that blocking can only occur through a reasoned order after complying with several procedural safeguards, including a hearing.

Furthermore, Section 69A cannot be deployed to block smartphone applications, as it is limited to blocking individual pieces of information and content.

Restrictions on freedom of speech and expression must be narrowly tailored and can only be imposed on the specifically enumerated grounds under Article 19(2). Restrictions imposed under Article 19(2) must be reasonable and proportionate. While the sovereignty and integrity of India and national security are legitimate grounds to restrict freedom of speech and expression, it is unreasonable and disproportionate to ban an entire mobile application, if only a subset of its users are engaging in terrorist activities.

Right to Information applications filed by IFF

We filed a series of RTIs with MeitY, MHA and J&K Police to gather more information about the ban.

1. We enquired about the territorial scope of the ban-whether its application and enforcement is limited to J&K or pan India.

2. We requested a list of the mobile application which were banned by MHA and MeitY as well as the list of mobile applications recommended to be banned by the J&K Police to MHA and MeitY

3 We requested copies of the blocking order and recommendations leading to the ban.

4. Additionally, we asked about the basis for identifying the applications as being used by terrorists, and if they were given any notice, opportunity for hearing, or appeal prior to the ban.

Transparency in disclosures of the actual blocking orders as well as the detailed, clear reasoning behind such blanket bans may help affected parties seek remedies if they believe that the actions are not justified. This further raises concerns around the general lack of accountability as well as MeitY’s non-adherence to due process of law and the procedural safeguards established under Blocking Rules, 2009 as well as Shreya Singhal vs. Union of India.

It is important to highlight additional concerns which arise as a result of such unpredictable bans. These concerns include but are not limited to, the restriction of the right to receive information, hindered ability to use such services, and negative impact on innovation, reputation, and growth. We firmly believe that such bans stifle innovation and are harmful to the growing technological ecosystem of the country.

We have previously written to MeitY, following the ban of Tik Tok arising from a Madras High Court order in 2019, stating that such wholesale ‘app bans’ are reactionary, absolute prohibitions, and disproportionate. We expressed our concern that ‘app bans’ may slowly emerge as a standard practice and that this has worrying implications beyond specific companies and applications to the rights of internet users in India. In a statement we released in July 2020, after the Union government banned 59 mobile applications, we expressed our concern about the legality of the blocking process. Our concerns persist as per our reading of Section 69A, it does not extend to directions for blocking smartphone applications but instead is limited to individual pieces of information and content. This continues a worrying precedent and tremendous expansion of the power to block web services in India. Our stance remains the same even today. We request the Government of India to publish official, legal orders and make proper disclosures, with respect to its blocking orders.

Important Documents

  1. RTI Application with reference no.DITEC/R/E/23/00567 filed with MeitY dated May 10, 2023 (link)
  2. RTI Application with reference no. DITEC/R/E/23/00566 filed with MeitY dated May 10, 2023 (link)
  3. RTI Application with reference no. MHOME/R/E/23/01883 filed with MHA dated May 10, 2023 (link)
  4. RTI Application with reference no. IFF/RTI/2023/008 filed with J&K police dated May 10, 2023 (link)
  5. Statement on the ban of 59 apps dated May 1, 2020 (link)Statement on the TikTok Ban dated April 4, 2019 (link)

Edited on May 11, 2023.

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

2
Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

3
IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!