Defi Security Growing Pains Continue with BitMart Breach

On December 6, 2021, crypto exchange BitMart – which bills itself as “The Most Trusted Crypto Trading Platform”, announced a security breach “mainly caused by a stolen private key that had two of our hot wallets compromised.”   A tweet from security analysis firm PeckShield first called attention to this hack days earlier.  According to Peckshield, the loss is around $196 million.  Interestingly, BitMart at first denied there was any hack – claiming it was “fake news”.

According to the BitMart Twitter release:  “At this moment we are temporarily suspending withdrawals until further notice.”  A Telegram “ask me anything” is scheduled for 8:00 p.m. est this evening.

Similar to what was done by other centralized crypto exchanges after a security incident, BitMart will use its own funds to compensate users impacted by the theft.   

The BitMart theft comes on the heels of a report by London-based consulting firm Elliptic revealing billions of dollars stolen from DeFi platforms.  According to Elliptic’s recently released report, the overall losses caused by DeFi exploits total $12 billion and of that amount, fraud and theft accounted for $10.5 billion, seven times the amount from last year.

Thefts hitting crypto exchanges such as BitMart and DeFi protocols such as Poly Network shine a light on the fact DeFi is largely driven by startups lacking cybersecurity maturity.   In contrast, the financial institutions that literally spend billions on cybersecurity want no part in helping DeFi projects; and more likely, welcome cyber incidents that tarnish DeFi’s reputation.  Until they reach a higher level of security and such incidents become less commonplace, DeFi projects will continue making platform users whole after a security incident – or risk a total collapse in the market for non-money laundering usage. 

Depending on their popularity, open-source products can be highly secure and DeFi should be no different. At some point in time – after decentralized protocols are adequately security tested and implemented and DeFi projects become fully independent and organic and not reliant on any centralized cloud solution or centralized servers, breaches such as the one that hit BitMart will be rare.  In other words, as the market and business opportunities for DeFi increase in scale and scope DeFi’s security profile will naturally evolve.

DeFi May Overtake Traditional Finance If Crypto Changes to 26 U.S.C. § 6050I Becomes Law

The day after the world’s largest NFT event concluded – a truly spectacular event, a bill criminalizing unreported digital asset transactions over $10,000 was sent for presidential signature.  Prior to passage, one blogger warned:  “The amendment to section 6050I is an affront to the rule of law and to the norms of democratic lawmaking. It was slipped quietly into a 2,700 page spending bill, allegedly as a tax measure to defray the bill’s trillion-dollar price tag even though section 6050I is in fact a costly criminal enforcement provision.”

While US bankers and financial institutions thought this provision would level the playing field or even knock DeFi out from the playing field, it may eventually have the exact opposite impact.  By way of background, the 1980’s era 26 U.S.C. § 6050I requires persons who engage in “a trade or business” and receive “more than $10,000 in cash in 1 transaction (or 2 or more related transactions)” to file a Form 8300 report containing the “name, address, and TIN of the person from whom the cash was received, the amount of cash received, [and] the date and nature of the transaction”. 

In the proposed amendment to this law, however, there is a new additional definition of “cash”, namely “any digital asset (as defined in section 6045(g)(3)(D))”.  The definition of “digital asset” is broadly defined as “any digital representation of value which is recorded on a cryptographically secured distributed ledger or any similar technology as specified by the Secretary.”.  Not surprisingly, existing exemptions for “cash received by financial institutions” and reporting organizations or for those transactions “occurring outside the United States” all remain intact.

If this law is signed “as is” – which is apparently likely, it will push a knife deep into the virtual heart of DeFi, NFTs and any other burgeoning alternative investment solutions targeting US customers.  The KYC and reporting requirements would presumably create insurmountable disadvantages.

Some bitcoin whales rejoiced given that hodlers don’t really care much about DeFi or NFTs – they just want to buy more bitcoin and anything that gives rise to anti-governmental sentiment is bullish for hodlers.  In fact, BTC rose to new heights on the news.

While in the short term DeFi and NFT platforms may have significant new hurdles if this bill is signed into law, in the long term it may have the opposite impact intended by the bankers who likely pushed for this financial reporting provision in an “Infrastructure Bill”. 

For one thing, no one country can kill something that is truly decentralized – whether it is China, India or the United States.  The whole point of decentralization is that it is not tethered to any country.  Mandating governmental centralized reporting is no different than pushing a child into a pool – the reality quickly becomes “sink or swim”.  If this bill gets signed, platforms may very well expedite their decentralization plans and US banks will be flanked by truly decentralized platforms they cannot control or influence and participants who would rather take more control over their financial future.  After a decade or two, traditional financial institutions may very well go the way of Sears.

UPDATE: November 16, 2021

On November 15, 2021, the Infrastructure Bill was signed into law. None of the major news outlets discussed the change to 26 U.S.C. § 6050I – with only a few discussing the changes impacting digital asset broker disclosures. One senator, however, introduced on November 16, 2021 a bill to repeal all of the Section 80603 digital asset provisions – including that one involving 6050I. With any luck, it will quickly be enacted into law. And, if not, there is still the potential that down the road this change will forever alter the financial institution landscape by accelerating implementation of DeFi.

World Phone vs. Facebook and WhatsApp

On October 7, 2021, World Phone served on WhatsApp its response in a writ Petition filed by World Phone in India. World Phone previously filed its reply to the Facebook submission on August 25, 2021.

The World Phone Rejoinder provides a detailed analysis of why the Court should bar the use of WhatsApp until the company complies with applicable Indian law. To that end, it is anticipated that the Court will grant the requested injunctive relief on or about December 6, 2021 as to both Respondent No. 3 (Facebook) and Respondent No. 4 (WhatsApp).

Relevant sections of this filed Rejoinder are extracted below.

In 2015 – long before Respondents No. 3 and 4 solidified their current monopoly positions in India, TRAI already recognized Respondents No. 3 and No. 4 were providing the top two mobile phone applications used in India. See Consultation Paper on Regulatory Framework for Over-the-top (OTT) services, para 2.39 at page 27 (27 March 2015) (Publicly available at https://trai.gov.in/sites/default/files/OTT-CP-27032015.pdf).

It is submitted that private monopolistic entities directly impacting the public interest are always subject to writ petitions. Zee Telefilms Ltd. & Anr v. Union of India & Ors., (2005) 4 SCC 649, para 158 (“A body discharging public functions and exercising monopoly power would also be an authority and, thus, writ may also lie against it.”) [emphasis added].  Given the strong public interest implicated by this Petition and Respondent No. 4’s exertion of monopoly power, the Petitioner’s writ Petition should proceed against all Respondents – including Respondent No. 4. 

The fact that the functionally equivalent Internet Telephony services of an Internet service provider (“ISP”) – an entity required to obtain a Unified License prior to providing such services, are provided by Respondent No. 4 un-hindered and without entering into a Unified License Agreement is well recognized and admitted by all Respondents.  Such unlicensed activity is in violation of Section 5 of the Indian Wireless Telegraphy Act, 1933; Sections 4 and 20A of the Indian Telegraph Act, 1885; Section 79 of the Information Technology Act, 2000; and the entire framework of the Telecom Regulatory Authority of India Act, 1997.

It is submitted that all such services  provided by Respondents No. 3 and No. 4 in India should be “licensed pursuant to an agreement with the Department of Telecommunications, Government of India (“DoT”)” notwithstanding,  considering such services “internet-based ‘over-the-top’ (“OTT”) services”.

It is submitted that the Respondent No. 3 by its own averments states that it provides unlicensed Internet Telephony Service/VoIP Calls.  Such Services are provided by the Petitioner by procuring a license from Respondent No. 2 and are governed by the Indian Wireless Telegraphy Act, 1933; the Indian Telegraph Act, 1885; the Information Technology Act, 2000; and the Telecom Regulatory Authority of India Act, 1997.  

It is further submitted that this uneven application has allowed Respondents No. 3 and No. 4 to dominate the market completely and totally – also damaging and putting out of business other Internet Telephony service providers who were once viable.  This market dominance has not gone unnoticed in the United States where an Amended Complaint was filed on 19 August 2021 by the US Federal Trade Commission. 

Respondent No. 4 currently publicly opposes the enforcement of any interception rule.  See “What is traceability and why does WhatsApp oppose it?” (Publicly available at https://faq.whatsapp.com/general/security-and-privacy/what-is-traceability-and-why-does-whatsapp-oppose-it) (“Some governments are seeking to force technology companies to find out who sent a particular message on private messaging services. This concept is called “traceability.” . . . WhatsApp is committed to doing all we can to protect the privacy of people’s personal messages, which is why we join others in opposing traceability.”) [emphasis added]No matter what Respondent No. 4 does or does not do in this regard, it is submitted that the applicable Rules of interception of communication is dwarfed by the applicable financial commitments and vigorous checks and balances required under the Unified License Agreement and associated regulations which Respondent No. 4 should adhere to given the Internet Telephony/VoIP services it provides. 

The Hon’ble Supreme Court has recognized that

“it can very well be said that a writ of mandamus can be issued against a private body which is not a State within the meaning of Article 12 of the Constitution and such body is amenable to the jurisdiction under Article 226 of the Constitution and the High Court under Article 226 of the Constitution can exercise judicial review of the action challenged by a party. But there must be a public law element and it cannot be exercised to enforce purely private contracts entered into between the parties.” Binny Ltd. v. V. Sadasivan, (2005) 6 SCC 657, para 32. 

It is submitted that the issues raised in this writ Petition concern existing legislation governing the services provided by the Petitioner and the Respondents No. 3 and No. 4.  Wherein the Petitioner is operating through the Unified License Agreement issued by Respondents No. 1 and No. 2, the Respondents No. 3 and No. 4 are providing the same services but circumventing the existing legislation and are completely unregulated/unlicensed.  This injustice can only be ruled upon by a Constitutional Court under Article 226 of the Constitution by the Hon’ble High Court and under Article 32 of the Constitution by the Hon’ble Supreme Court of India and not by the TDSAT.  Moreover, Petitioner submits that this Hon’ble Court respectfully should not rely on mere recommendations from TRAI.   

It is submitted that rather than simply ignoring applicable laws, other countries have sought to change their existing licensing regime.  For example, by suggesting that India should not be one of those countries having a licensing scheme for Internet Telephony such as “Korea, Singapore, Hong Kong, Philippines, Thailand, Ecuador, and Mexico”, Microsoft suggested a different approach:  “Microsoft respectfully requests that the TRAI propose a regulatory approach wherein PC to PC VoIP requires no license (and is permitted to be transmitted by ISPs over their networks, public or managed, without restriction), and that only two-way PC to PSTN calling (both inside and outside of India) requires a light-touch registration or minimal licensing obligation, accompanied by appropriate regulations deemed necessary to protect consumers or address a market failure.” Response To Telecom Regulatory Authority of India Consultation Paper, Microsoft Corporation India Private Limited, page 14 (September 2016) (Publicly available at https://www.trai.gov.in/sites/default/files/201609060217157734124Microsoft_Corporation_India_Private_Limited.pdf). 

Reliance JIO, suggested:  “The unrestricted Internet Telephony by the ISPs/ 0TTs may be allowed only if they migrate to the Unified License with Access services authorization or they offer this service under a commercial arrangement with an existing Access service provider.” Comments of Reliance Jio lnfocomm Limited on the issues raised in the Consultation Paper on Internet Telephony (VOIP) (Consultation Paper No 13/2016 dated 22.06.2016), 5 September 2016, at page 9 (Publicly available at  https://www.trai.gov.in/sites/default/files/201609060234264610172RJIO.pdf).  Further, Reliance JIO suggested that “[i]t should be the responsibility of the Access Service Provider offering Internet telephony in collaboration with the OTT provider or otherwise to ensure that the international internet telephony calls are terminated in India through a licensed ILDO.”  Id. at 13 [emphasis added]. 

Respondent No. 3’s current business partner, Reliance Jio, realized early on that a special “Facebook exception” was in its best interests.  See “Stop illegal routing of internet telephony calls:  COAI”, Economic Times (5 May 2016) (“The Cellular Operators Association of India (COAI) has urged the telecom department (DoT) to stop illegal routing of internet telephony calls, warning that a failure to do so would lead to a breach in telco licence conditions, pose security risks and cause sizeable losses to the national exchequer.   Newcomer Reliance Jio Infocomm is also a COAI member, but the GSM industry body in its letter said Jio held a divergent view on the matter.”) [emphasis added] (Publicly available at https://economictimes.indiatimes.com/tech/internet/stop-illegal-routing-of-internet-telephony-calls-coai/articleshow/52133359.cms).

Respondent No. 4 claims it is a “mere application provider” rather than Petitioner who is an “access provider”.  The submitted statement ignores Petitioner is most certainly both and to provide its Internet Telephony/VoIP services in India, Petitioner has fully complied with the existing applicable licensing regime for such services.  

Respondent No. 4 also submits that “the relevant regulatory authorities are seized of the issue and the consultation process is ongoing”. The Respondent No. 4 is misleading this Hon’ble Court wherein the reality is that the regulators have already spoken, and they will not do anything further to enforce the law as currently written. TRAI rather recommends that going forward “Market forces” should dictate a solution.   

Contrary to what is submitted by Respondent No. 4, there is no need for the creation of a new regime applying to “OTT services” and Petitioner is certainly not requesting the creation of such a new regulatory regime – especially given one is not needed.  The Petitioner through this writ Petition is only praying before this Hon’ble Court to enforce the Law/Regulations currently in place.

Respectfully, TRAI has long had an agenda to grow the Internet user base in India.  In 2010, TRAI recognized that the uptick in Internet users was below what was sought by it.  See  Recommendations on Spectrum Management and Licensing Framework, para 2.105 at page 104 (11 May 2010) (“Despite a token licence fee for ISP, the number of internet subscribers has grown from 5.14 million in September 2004 to only 15.24 million by the end of December 2009. Of this, the number of broadband subscribers is 7.83 million. These numbers are way below the target of 40 million and 20 million by the end of 2008 for internet and broadband subscribers respectively.”) (Publicly available at https://trai.gov.in/sites/default/files/FINALRECOMENDATIONS.pdf). To increase the number of Internet users in India, sometime after 2015, TRAI began tilting the scales in favor of OTTs and simply disregarded the current licensing regime when making recommendations.  These efforts have been very successful as shown by the hundreds of millions of customers Respondents No. 3 and No. 4 have accumulated since 2015. 

Without referencing the applicable laws and regulations, TRAI recently concluded:  “It is not an opportune moment to recommend a comprehensive regulatory framework for various aspects of services referred to as OTT services, beyond the extant laws and regulations prescribed presently. It may be looked into afresh when more clarity emerges in international jurisdictions particularly the study undertaken by ITU.”  TRAI Press Release Regarding Recommendations on “Regulatory Framework for Over-the-top (OTT) communication services” (14 September 2020) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/PR_No.69of2020.pdf). See also TRAI Recommendations on Regulatory Framework for Over-The-Top (OTT) Communication Services, para 2.4(iii) at page 8 (“Since, ITU deliberations are also at study level, therefore conclusions may not be drawn regarding the regulatory framework of OTT services. However, in future, a framework may emerge regarding cooperation between OTT providers and telecom operators.  The Department of Telecommunications (DoT) and Telecom Regulatory Authority of India (TRAI) are also actively participating in the ongoing deliberations in ITU on this issue. Based on the outcome of ITU deliberations DoT and TRAI may take appropriate consultations in future.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/Recommendation_14092020_0.pdf). 

The international ITU body, however, previously made it clear that it is not involving itself in India’s internal regulatory matters and is merely a spectator to such activities.  See ITU Economic Impact of OTTs Technical Report 2017, 5.2 India at 33 (“India is in the process of reassessing its rules on online services, including OTT services. . . . As noted in Section 4.2, voice and messaging services are permitted to be offered only by firms that hold a licence. Internet Protocol (IP) based voice and messaging services can also be offered by licensed network operators as unrestricted Internet Telephony Services; however, these services may not interconnect with traditional switched services. The dichotomy between regulated traditional services and largely unregulated OTT services leads to numerous anomalies.”) [emphasis added] (Publicly available at https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ECOPO-2017-PDF-E.pdf).   

As for the local ITU branch – the ITU-APT Foundation of India, that group has already sided with Respondent No. 4’s claim there is an “intelligible differentia” between its Internet Telephony services and Petitioner’s Internet Telephony services.  ITU-APT Foundation of India comments on TRAI OTT consultation (7 January 2019) at 3 (“The Consultation Paper (“CP”) draws parallels between the communication services offered by OTT service providers and TSPs.  However, we would like to submit that the services offered by them are widely different and cannot be compared.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/ITUAPT08012019.pdf).  

This position is not surprising given that according to the ITU-APT Foundation of India:  “Facebook’s, [sic] one of our valued corporate member[sic] announce a major investment in Reliance Jio that would facilitate the ailing telecom Industry. The two companies said that they will work together on some major initiatives that would open up commerce opportunities for people across India.” ITU-APT Weekly News Summary [emphasis added] (Publicly available at https://itu-apt.org/itu-letter.pdf).   

Rather than rely on ITU, TRAI should have considered more the deliberations of the Confederation of Indian Industry (CII) – which recognizes that OTT providers are already governed by the present licensing regime.  See CII Response to TRAI Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services at 6 (7 January 2019) (“Any new regulations for TSPs and OTTs should be considered taking into account the respective regulations govern the TSPs and the OTTs under the Telegraph Act, license, TRAI Act and the Information Technology Act. The Authority should consider new future fit frameworks that lightens the regulatory burden and adopts a progressive approach that allows all entities in the eco-system to proliferate and grow – offering maximum benefits to the consumers.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/ConfederationofIndianIndustry08012019.pdf).  CII has long been a major force in advocating what is in the best interest of Indian businesses – and does not care about the interests of US-based monopolies:  “The journey began in 1895 when 5 engineering firms, all members of the Bengal Chamber of Commerce and Industry, joined hands to form the Engineering and Iron Trades Association (EITA). . . . Since 1992, through rapid expansion and consolidation, CII has grown to be the most visible business association in India.” [emphasis added] (Publicly available at https://www.cii.in/about_us_History.aspx?enc=ns9fJzmNKJnsoQCyKqUmaQ==).

It is submitted that a comprehensive licensing regime is already in place which covers not only the interception rules, penalties, security issues but also governs the license fees and tariffs and mode to operate among others.  It is submitted that the stand of Respondent No. 4 in regards to interception rules and end-to- end encryption claimed to be covered under the IT Act and other rules, which it publicly opposes, is just like crumbs from a pie wherein the Indian Wireless Telegraphy Act, 1933; the Indian Telegraph Act, 1885; the Information Technology Act, 2000; and the Telecom Regulatory Authority of India Act, 1997 provide a complete pie and once it is brought under such laws Respondent No. 4 will have to comply with all the rules and regulations at par with the Petitioner.

Petitioner and Respondent No. 4 are indeed “equals” in that they provide the same Internet Telephony/VoIP service while are treated “unequally” by Respondents No. 1 and No. 2. It is submitted that only the Petitioner is required to comply with the licensing regime applicable for providing such telephony services.

Individual citizens forming a legal entity or juristic person can invoke fundamental rights. It is submitted that the ameliorative relief sought by the Petitioner is issuance of writ by this Hon’ble Court that the applicable laws and regulations are complied with and enforced upon the unregulated/unlicensed Internet Telephony/VoIP Service Provider Respondent No. 4 herein.

It is denied that the issues raised by this Petition are being “considered and decided by DoT and TRAI, the regulatory authorities with the expertise and experience to address such issues.”   It has been over five years since the issue of an uneven level playing field was raised with Respondent No. 2 as regards Respondent No. 4.    

Petitioner through this writ Petition is praying that the existing laws and regulations are fairly applied and enforced as to all companies no matter how large and powerful they are.  It is humbly submitted that if the unlawful conduct uncovered by this writ Petition is not addressed by this Hon’ble Court, Respondent No. 4 will likely forever be left unchecked to do what it likes in India.

It is submitted that on 19 November 2019, the Minister of Home Affairs was asked “whether the Government does Tapping of WhatsApp calls and Messages in the country” and responded without answering the question but implied it was “tapping of WhatsApp calls and messages” by referencing the same interception rule mentioned by Respondent No. 4 in its submission. Government Of India, Ministry Of Home Affairs, Lok Sabha, Unstarred       Question No: 351” (Publicly available at http://loksabhaph.nic.in/Questions/QResult15.aspx?qref=6696&lsno=17).   The Hon’ble Court has no way of knowing if Respondent No. 4 is helping law enforcement, exactly how Respondent No. 4 is helping law enforcement, or whether Respondent No. 4 could do more to help.

Whether or not Respondent No. 4 is consistent with its public pronouncements and does not actually access user accounts is actually of little importance – than that the Respondent No. 4 admittedly does not comply with the licensing requirements applicable to providers of Internet Telephony/VoIP services.   

It is denied that there is no financial loss to the national exchequer despite the complete failure to obtain any entry fee, payment of license fee, or goods and service tax from India’s largest operator of Internet Telephony services. A loss of income naturally results when licensing fees are not paid. See Cellular Operators Association of India (COAI) Counter Comments TRAI Consultation Paper on Internet Telephony Released, 22 July 2016, at 1 (“Internet Telephony provided by unlicensed entities besides being in violation of license will not only deprive the licensed operators of huge revenue but will also result in lesser payout to exchequer in the form of reduced license fee on revenues.”) [emphasis added] (Publicly available at https://www.trai.gov.in/sites/default/files/201609161151061091227COAI.pdf).   

It is denied that Respondent No. 4’s unregulated conduct actually “generates more revenue for the government by enhancing investments in data networks, and consequent increases in license fees.” [emphasis added].   Even the ITU-APT Foundation of India acknowledges that the infrastructure growth created by OTT providers happens in the USA and not in IndiaSee ITU-APT Foundation of India comments on TRAI OTT consultation (7 January 2019) at 5 (“It is estimated that OTT investments in infrastructure is fast growing, and the bigger OTT players invested 9% of their 2011-2013 revenues in networks and facilities in the US.  This trend can be replicated in India with the right regulatory environment which would recognize and incentivize greater investments rather than stifle the industry with arbitrarily applicable licenses.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/ITUAPT08012019.pdf).  Both the ITU-APT Foundation of India and Respondent No. 4 are wrong, however, given that Respondent No. 2’s failure to enforce existing laws has already created the “right regulatory environment” for the bigger OTT players.  It is also clear neither Respondent No. 3 nor Respondent No. 4 have any intentions of building networks or facilities in India given they have withdrawn their prior physical presence in India and currently neither even have any office in India.

It is submitted that the question is not whether a licensing regime should apply to OTT’s when the existing regime already does apply, but the real question is whether the existing laws and regulations will be regulated and enforced by Respondents No. 1 and No. 2. 

It is submitted that the contents of this Petition seeks liberty of the Court to enforce the laws as written. It is denied that the Petitioner is seeking from the Hon’ble Court to “displace” regulatory authorities  but only to enforce existing law and regulations which are applicable to all providers of Internet Telephony/VoIP services,  even those who claim to  ride on the telecommunications rails built and maintained by other companies. 

It is denied that the Respondent No. 4 was singled out in the writ Petition.  Unlike Respondent No. 4, other similar service provider like “Skype” have near zero market share compared to Respondents No. 3 and 4.   It is submitted that Skype was once the undisputed dominant provider in India but after its corporate parent Microsoft was sued in 2014 by Petitioner, Skype removed the ability to call within India from Skype to mobiles and landlines. In the relevant case, the Hon’ble Court in the United States found that Petitioner was better served filing a writ petition in India rather than in the United States. TI Investment Services, LLC, World Phone World Phone Internet Service Pvt. Ltd. v. Microsoft Corp., 23 F. Supp. 3d 451, 472 (D. N.J. 2014) (“The Courts of India are better positioned to determine whether their own national laws have been violated, and, if so, what the antitrust consequences, if any, are in their national market. If Plaintiffs wish to renew their suit, they should do so in the jurisdiction where they are alleged to have competed with Defendant, to have complied with regulatory laws, and to have suffered injury, and that is India.”).

It is further submitted that unlike Microsoft and even Google, Respondent No. 4 flagrantly violates existing regulatory prohibitions by, for example, allowing Indian users of its free “WhatsApp Business” utilize their landline phone numbers for messaging with customers. See WhatsApp Business App Android Download Page (“You can use WhatsApp Business with a landline (or fixed) phone number and your customers can message you on that number.”) (Publicly available at https://play.google.com/store/apps/details?id=com.whatsapp.w4b&hl=en_IN&gl=IN).  As recognized even by TRAI, such unlicensed services run afoul of the existing licensing regime.  See Consultation Paper on Regulatory Framework for Over-the-top (OTT) services, para 2.40 at page 28 (27 March 2015) (“Under the current telecom licensing regime, voice and messaging services can be offered only after obtaining a license. Apart from traditional voice and messaging, IP based voice and messaging services can also be offered by TSPs as unrestricted Internet Telephony Services, which are permitted under the scope of the Unified Access Service (UAS) license in terms of the UAS Guidelines dated 14th December 2005. Similar provisions exist for Cellular Mobile Telephone Service (CMTS) and Basic Service Licences. However, the scope of the Internet Services Licence was restricted to Internet Telephony Services without connectivity to Public Switch Telephone Network (PSTN)/Public Land Mobile Network (PLMN) in India.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/OTT-CP-27032015.pdf).   

It is denied that Respondent No. 4 can freely provide telecommunication services and ignore the Unified License Agreement because it relies on networks built by other companies. It is submitted that Respondent No. 4 at one point was building out its physical presence in India for regulatory reasons.  By way of background, on 6 April 2018, the Reserve Bank of India issued its Directive, Storage of Payment System Data, requiring that: “All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India.”  Directive on Storage of Payment System Data, 6 April 2018, (Publicly available at https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11244&Mode=0).    

Soon thereafter Respondent No. 4 announced the appointment of Abhijit Bose as head of “WhatsApp India”– WhatsApp’s first full country team outside of California . . . based in Gurgaon.” Respondent No. 4’s company statement is no longer available on its website but press accounts of this statement can still be found online.  “WhatsApp appoints Abhijit Bose as head of WhatsApp India”, The Economic Times of India (21 Nov 2018) (Publicly available at https://economictimes.indiatimes.com/tech/internet/whatsapp-appoints-abhijit-bose-as-head-of-whatsapp-india/articleshow/66735848.cms). According to Mr. Bose’s November 2018 statement recounted by the India Times:  “WhatsApp can positively impact the lives of hundreds of millions of Indians, allowing them to actively engage and benefit from the new digital economy.” Id. The India Times also reported in that article: “Apart from the traceability request, the government had had asked WhatsApp to set up a local corporate presence. . . .” Id. After finding a way to maneuver around the Reserve Bank of India’s 2018 Directive, on 6 November 2020, Respondent No. 4 announced the launch of its payment platform without having any “local corporate presence” that would store “data related to payments”See “Send Payments in India with WhatsApp”, WhatsApp Blog (6 November 2020) (Publicly available at https://blog.whatsapp.com/send-payments-in-india-with-whatsapp). As with Respondent No. 3’s massive build out of its physical presence in India, Respondent No. 4’s “company statement” regarding the building of “WhatsApp India’s” physical presence in India is no longer found on Respondent No. 4’s website.  

More importantly, as also with Respondent No. 3, Respondent No. 4 now no longer has any physical presence in India – despite the country being Respondent No. 4’s largest country market.  And, without Respondent No. 4 having any physical presence in the country, Mr. Bose – still apparently head of “WhatsApp India”, announced in July 2020:  “Our collective aim over the next two to three years should be to help low-wage workers and the unorganised, informal economy easily accesses three products – insurance, micro-credit and pensions.” See “Facebook’s WhatsApp to partner with more Indian banks in financial inclusion push”, Reuters Article, (22 July 2020) (Publicly available at https://www.reuters.com/article/us-whatsapp-india-idUSKCN24N24E.  It is further submitted that Respondent No. 4 – who already dominants in Internet Telephony, messaging, and mobile payments plans on dominating  in providing access to “insurance, micro-credit and pensions”. It is submitted that this blatant form of digital colonialism should respectfully be rejected  by way of this present writ Petition

Respondent No. 4 submits it need not comply with the Unified License Agreement despite providing “telecommunication services” simply because it uses for free the networks built by others.  The relevant regulatory authorities have been made aware of the matters set forth in the Petition for over five years without enforcing public laws and their own regulations and is why DoT is named as Respondent No. 2 in this matter.  Last year alone, Respondent No. 3 generated revenues of more than US$85 billion and profits of more than US$29 billion.  These numbers will grow exponentially as the “free” unlicensed products currently offered to Indians become further monetized by Respondents No. 3 and No. 4. 

Other than the present writ Petition, there is no available “statutory remedy” that would otherwise cause the enforcement of applicable law.  It is respectfully submitted that the Hon’ble Court should intercede to ensure equal protection under the law. It is further humbly submitted that if the Hon’ble Court does not intercede to stop the digital colonialism of Respondents No. 3 and No. 4, the same will go forward unabated. Considering the foregoing facts and circumstances, it is therefore respectfully prayed to this Hon’ble Court to kindly allow the prayer of relief sought by the Petitioner, in the interest of justice, including enjoining Respondent No. 4 from providing Internet Telephony/VoIP services until such time as Respondent No. 4 is in full compliance with the applicable requirements for providing such services in the Union of India.

Facebook’s Curious Outage

After a six-hour outage on October 4, 2021 that impacted 3.5 billion people relying on three monopolistic properties (Facebook, WhatsApp, and Instagram), Facebook blogged an update on October 5, 2021 regarding the cause:  “We want to make clear that there was no malicious activity behind this outage — its root cause was a faulty configuration change on our end. We also have no evidence that user data was compromised as a result of this downtime.” 

What sort of “faulty configuration change” would take down three separate massive online properties relying on servers and cloud services spread across the world?  According to one cloud provider:  “It was as if someone had “pulled the cables” from their data centers all at once and disconnected them from the Internet.”    Facebook is not disclosing any further details – the fact that it lost about $545,000 in U.S. ad revenue per hour is not sufficient to trigger disclosure given that this outage will likely have little long-term effect on its revenue growth.  Accordingly, only if another Facebook whistleblower steps forward will any real insight become public.

With any luck, on December 6, 2021, one tiny case in India will help pop the Facebook balloon once and for all.

$600 Million Loss Shines a Light on DeFi Security

On August 10, 2021, Chinese cross-chain DeFi platform, Poly Network, was apparently hit with the exploit of a smart contract vulnerability in its “EthCrossChainManager” contract impacting three separate chains, including two leading DeFi blockchains – Ethereum and Binance Smart Chain, and numerous cryptocurrencies.   This latest exploit is part of a major trend in security incidents involving DeFi platforms.

Poly Network developers quickly asked for help on Telegram to block transfer of the stolen assets:   “We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses.”  

In another August 10, 2021 post on Telegram, Poly Network also posted:  “If you are experiencing any difficulty due to the hack that just happened theres [sic] a compensation plan , connect your wallet and get your refund in minutes , our dev only lose but this did not affect any of our users.”  

It is not clear how this protocol platform would make all users whole.  

As a start, the ESL Poly Network team also posted the following open letter asking for the return of the stolen assets:

Not surprisingly, this plea was immediately derided:  “Imagine successfully stealing over $600m and have the people you stole from think there’s a chance you might be willing to return it with what amounts to a passive-aggressive post-it note on the fridge.”  

Notwithstanding the obvious desperation found in its letter, the Poly Network team may be on to something given this was apparently never really a “hack” – it was likely yet another person who exploited a vulnerability in a deployed smart contract.  As of August 11, 2021, $119 million in Binance pegged BUSD was returned by the hacker’s associated address to those 947,598 owners impacted by the exploit.  BUSD is a stablecoin used to trade crypto assets on the Binance chain.  And, another $134 million was also soon thereafter returned to other impacted owners.  According to Chainalysis, at total of $261 million in cryptocurrencies have been returned to date.

A review of the micro transactions found on Etherscan and BscScan indicates that the “hacker” has been testing literally thousands of ways to move the stolen assets.  In other words, the exploiter does not know what to do with the stolen booty.  A few posts back that up – including one where the “hacker” is allegedly asking for someone to instruct on how to circumvent miner scrutiny.

The “hacker” purportedly also posted:  “WHAT IF I MAKE A NEW TOKEN AND LET THE DAO DECIDE WHERE THE TOKENS GO.”  

As things continued going downhill, the claimed sole perpetrator of the exploit – again claiming such identity solely by virtue of using the perpetrator’s wallet address, allegedly came out as an innocent interloper:

Information posted in the form of a Q&A on an ETH transaction Private Note section goes into further detail:

It’s looking like these posts are all from the same exploiter.  A spreadsheet tracking the exploit – including related communications, can be found on Google docs.  Even if these posts are not genuine, chances are still high the exploit was performed by one or more persons who decided to offload some coin and ultimately decided to give back – as apparently already done to the tune of $261 million, whatever could not safely be absconded with using his/her/their current knowledge.  There were certainly many out there willing to provide the necessary crypto laundering assistance, but apparently the advice was not taken – the clearest signal this was committed by an “ethical” hacker.

Poly Network is at its essence an interoperability protocol used by and integrated with many DeFi projects so this exploit will have direct ripple effects well beyond the Poly Network.  The more indirect impact of this exploit is the slight chance it might be replicated elsewhere by others having the necessary domain knowledge to move stolen assets.  

The best way for investors to minimize the likelihood such failings will not impact them in the future is to seek out and only use DeFi platforms that rely on a holistic “security by design” architecture – something not easily found in a decentralized world. Not surprisingly, in a recent survey nearly 75% of institutional investors and wealth managers state that the security of virtual currencies is a “significant” hurdle stopping many individuals from entering the crypto asset space – let alone the more exotic DeFi domain where software vulnerabilities can still cause the exfiltration of $600 million in digital assets.  Beaches will always have little appeal to swimmers when there are known sharks in the water.

UPDATE: August 12, 2021

Except for $33 million in Tether stablecoins previously frozen by Tether, the entire amount taken was apparently returned. Reuters is reporting that this was done in return for an after-the-fact $500,000 “bug bounty”.

Amazon Shrugs Off Largest Privacy Fine Ever

On July 29, 2021, Amazon disclosed in a regulatory filing that it sustained what is the largest privacy-related fine ever issued for violating EU privacy rules – a massive €746 million ($886 million) fine.  Amazon barely mentions the fine in its latest quarterly report:  “On July 16, 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued a decision against Amazon Europe Core S.à r.l. claiming that Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation. The decision imposes a fine of €746 million and corresponding practice revisions. We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter.”

This disclosure is actually related to a 2018 action brought against Amazon due to its targeted ad efforts – hardly a new action where talk of pursuing a defense makes any sense. Simply put, it is unclear why the filing references a vigorous defense – that time has long passed. Amazon must now appeal what it previously defended and lost – which may end up working out for the company given in recent decisions courts have overturned GDPR privacy fines. Still, the CNPD ruling was appreciated by the privacy group that brought suit given it dwarfs the previous record EU privacy fine of €50 million handed down to Google.

Until this action runs its full appellate course, there is not much solace that plaintiffs should derive from the fine – especially given that Amazon has had three $100 billion quarters in a row and this significant fine can easily be shrugged off from a materiality perspective.

Proposed New York Privacy Law Making Progress

On May 24, 2021, Senator Thomas’ S6701 – the proposed New York Privacy Act, had its third reading before the Senate.  As recounted in its Legislative Intent section:  “Algorithms quietly make decisions with critical consequences for New York consumers, often with no human accountability.  Behavioral advertising generates profits by turning people into products and their activity into assets. New York consumers deserve more notice and more control over their data and their digital privacy.”  

To that end, the proposed law will provide New York consumers with certain new rights, including  “clear notice of how their data is being used, processed and shared; the ability  to  access  and obtain a copy of their data in a commonly used electronic format, with the ability to transfer  it  between  services;  the ability  to  correct  inaccurate  data and to delete their data; and the ability to challenge certain automated decisions.”  

If passed, this bill will become one of the strongest – if not strongest, consumer privacy law in the country and deserves to be carefully watched.  Even though this bill may still be lacking a progressive Right of Compensation, the proposed law includes a private right of action coupled with a consumer agency enforcement mechanism – a groundbreaking backstop that will protect consumers much more so than those few currently enacted consumer privacy laws lacking in a private right of action. 

Exchanges May Crack Down on Ransomware OFAC Risk

On April 22, 2021, Chainalysis published its findings on the OFAC sanctions violation risk tied to ransomware payments.  According to Chainalysis, 15% of ransomware payments paid in 2020 were at risk of OFAC sanctions.  Even though lower than the measured risk from 2016 – 2018, last year’s numbers remain an uptick from 2019.  

Chainalysis discovered ransomware victims paid out in 2020 more than $50 million worth of cryptocurrency to addresses that carried sanctions – with mainstream exchanges receiving “more than $32 million from ransomware strains associated with sanctions risks.”  Given the public market embrace of crypto exchanges, it is very likely those exchanges seeking greater regulatory scrutiny will eventually implement curbs to address the OFAC October 2020 advisory – eventually making it more difficult for smaller businesses to satisfy ransomware demands.

Ransomware Payments Should be Self-Insured

According to Chainalysis, payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds.  And, Palo Alto Networks – which claims to use data from ransomware investigations, data-leak sites, and the Dark Web, reports that the average ransom paid by companies in 2020 jumped 171% to more than $312,000.  Despite being around for many years, the rise of ransomware has largely coincided with the diminished value derived from compromised personal data.

The REvil ransomware-as-a-service operation now picks up the phone to add a threatening personal touch to its exploits:  “Calling gives a very good result. We call each target as well as their partners and journalists—the pressure increases significantly.”  According to a published March 16, 2021 interview with a representative of REvil – also known as Sodinokibi, the group has “big plans for 2021.”  

Probably the more interesting point made by this REvil representative was the answer to the following question:  “Do your operators target organizations that have cyber insurance?”  The answer is not much of a surprise:  “Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.”   This is the first confirmation from an actual ransomware gang that they target cyber insurance policyholders.

Articles from the Associated Press and ProPublica years earlier suggest that cyber insurers were inadvertently driving up ransomware attacks but neither outlet provided any hard facts to back up their supposition.  Indeed, a leading broker took the natural counterpoint:  “[A]lthough no one wants to support cyber criminals, organizations are forced to weigh the option of paying ransoms against the risk of operational disruptions that could last weeks or months and cost far more.”  

It was never hard to imagine, however, that buying cyber insurance actually places a target on those companies who buy it and do not likely have the security resources necessary to stop ransomware gangs – especially given carriers may be inadvertently providing a roadmap to their house.  Indeed, last year one major cyber insurer was purportedly targeted by the Maze ransomware gang.   And, as of March 2021, there were at least two ongoing investigations involving attacks on major cyber insurers. Unless things change, it will only get worse for insurers and brokers given they are the new holders of the crown jewels.

One tactic that can impede the current claims challenge facing the industry is building on what was recently begun by AIG – a thought leader in this space for over two decades.  In January 2021, AIG became the first lead cyber insurer to require ransomware co-insurance across the board – mandating that insureds share in paying a ransom payment.  Following this lead, the larger markets began hardening on price and their underwriting requirements.  Other markets immediately began to take advantage – only temporarily repairing the holes in the dike.   As pointed out by Inside P&C:  “The retrenchment of capacity and continued upward pricing pressure also continues a reordering of the market in which some of the largest names in US cyber insurance cede market share to upstart InsurTechs.”  

Despite the fact cyber insurer MGAs are heavily funded and are now grabbing as much market share as they can, they still use paper backed by the largest reinsurers in the world – who frankly probably care more about their own profits rather than the market growth strategies of unrelated companies.  In other words, any retrenchment may also eventually hit the MGAs when treaties get renegotiated.   

Retrenchment is a good idea but will not be enough to fully address the problem. The best way to solve this problem is to do exactly what the FBI has said for years – do not pay the ransom.  An October 2020 OFAC Advisory buttresses this “do not pay” advice by warning insurers against making ransomware payments to those on the OFAC list. In other words, law enforcement would prefer that ransomware payments not be made and it may ultimately be in everyone’s best interest if such payments are self-insured – making it much less likely they will actually be paid.

This is not K&R coverage where lives are typically at stake.  Once the ransomware gangs recalibrate knowing there is no available insurance payment, the incidents will resemble earlier times, namely demands that are less frequent and for lower amounts.  These threat actors want to go in and out as fast as possible given they know that the data itself likely has very little real value on the Dark Web – it’s the urgent threat of release that has exploitive value.  If there is no expeditious insurance payment, the actual value of the target diminishes.

Insurance dollars are actually better spent helping insureds bolster their security rather than the coffers of criminals – especially because even with a payment there is no guarantee that data would be properly decrypted or that a Dark Web release or sale would not take place. There is much that can be done to assist insureds improve their risk profile and better avoid ransomware exploits. Some very basic steps include developing trusted partner relationships with vendors and law enforcement before an incident takes place; retaining a security expert to evaluate the current readiness profile; providing consistent education and training of staff; and developing or updating a Business Continuity Plan.  

On a more technical level, full and incremental backups should be consistently performed like your company’s life depended on it; weak passwords of service accounts should be removed; system logs should be maintained and monitored; employee access to sensitive data and information limited; operating systems and applications timely patched; users with admin privileges evaluated to ensure passwords are strong and secure; system safeguards such as Windows Defender Credential Guard deployed; port connections monitored and unnecessary ones removed, etc., etc., etc.  The relevant protocols all have a common goal – harden security sufficiently so that the bear decides to run after the slower runner.  If everyone ends up becoming a fast runner, the hungry bear will eventually tire of the chase and just eat something else for food.

With a robust cyber insurance policy in place, most every resource necessary to assist a ransomware victim is already available to an insured. By focusing on these other valuable first-party coverages, improving an insured’s risk management profile, and curtailing ever increasing payouts to criminals, the industry will continue with its meteoric rise.

Cyber Insurance

UPDATE: March 25, 2021

On March 24, 2021, CNA publicly disclosed that it sustained a cybersecurity attack. As of March 25, 2021, the following is the only information found on its website:

UPDATE: May 10, 2021

The day before the Colonial Pipeline ransomware attack went public, global insurer AXA announced it would cease writing cyber-insurance policies in France that reimburse policyholders for ransomware extortion payments. This is hopefully the start of a much larger trend.

UPDATE: May 12, 2021

On May 12, 2021, security experts labeled as “absolute stupidity” comments regarding the payment of ransomware that were emanating from the White House. A few days prior, the White House’s Deputy National Security Adviser for Cyber, Anne Neuberger, had given the private sector a complete free pass regarding the payment of ransoms: “And they have to just balance off, in the cost-benefit, when they have no choice with regard to paying a ransom.” Unfortunately, this position directly contradicts the long-standing position of the FBI and numerous other government agencies.

Facebook’s Dominance in India May End in 2021

On April 19, 2021, arguments will be heard in a 2019 New Delhi action brought by World Phone Internet Services Private Limited, against Facebook, WhatsApp, the Government of India, and the regulator tasked with enforcing Internet telephony regulations in India.   World Phone is a licensed Indian provider of Internet telephony services.

India currently holds the honor of having the most Facebook and WhatsApp users worldwide.  Specifically, Facebook reached near 400 million users in India several months ago – which accounts for 28.4% of the entire country’s population.  And, WhatsApp is well beyond 400 million users given it last publicly disclosed that number three years ago.  Indeed, according to the Ministry of Electronics and Information Technology, WhatsApp now has 530 million users in the country.  

World Phone’s 2019 Petition alleges that Facebook messenger and WhatsApp are illegal services given they provide Indians with VoIP services without having the requisite underlying licenses or paying the required license fees and service taxes.  According to the Petition, licensed providers “have to adhere to various statutory regulations such as Quality of Service Regulations, Tariff Regulations and Consumer Protection Regulations. They also need to ensure emergency services, confidentiality of customer, privacy of communication, undergo regular audits and ensure proper lawful monitoring and interception.”  Facebook and WhatsApp comply with none of these regulatory requirements despite providing regulated services.  

Moreover, the Petition references the pertinent regulations that provide for “an amount of up to Rs. 50 Crore as penalty for any security breach caused due to any inadvertent inadequacy in the precautions taken by the licensee. If the security breach is caused as a result of a deliberate fault on the part of the licensee, then the penalty is an amount of Rs. 50 Crores for each breach. Besides penalty, criminal proceedings may also be initiated against the licensee. These measures keep the TSPs on their toes and ensure they adhere to the security and privacy requirements while providing Internet Telephony.”  Despite breaches that would have triggered these provisions, Facebook and WhatsApp have seen no regulatory enforcement actions filed against them.  

World Phone previously filed a similar legal action against Microsoft given its Skype product – India’s then dominant unlicensed VoIP service, caused World Phone harm by improperly competing without a license.  That action, however, was filed in the United States.  In a decision by Chief Judge Freda Wolfson of the District Court of New Jersey, the action was dismissed in May 2014 with World Phone explicitly directed to seek relief in India.  TI Investment Services, LLC, and World Phone Internet Services, Pvt. Ltd v. Microsoft Corporation, 23 F. Supp. 3d 451, 472 (D. N.J. 2014) (“If Plaintiffs wish to renew their suit, they should do so in the jurisdiction where they are alleged to have competed with Defendant, to have complied with regulatory laws, and to have suffered injury, and that is India.”). 

World Phone never needed to file suit in India given the subsequent appeal was settled between the parties.  Thereafter, Microsoft voluntarily chose to withdrew its unlicensed Skype services in India.  See NeoWin (October 6, 2014) (“Skype is either changing, or being forced to change, its strategy in India. The Microsoft service will no longer offer landline and mobile calls for Indian residents starting November 10th. This change came pretty much out of the blue and was announced by Skype on one of their support channels. . . Neither Microsoft nor Skype has offered any reason for this weird change but the company has offered to refund users who will be affected by this announcement.”); PC World (October 6, 2014) (“Skype appears to bow to Indian rules, ends in-country calls to local networks”); SIP Trunking Report (October 6, 2014) (“Some might argue the change has something to do with regulations that actually prohibit the use of VoIP services such as Skype to make calls on phones using the Internet.  . . . Since the law does not appear to have changed, some other consideration is at play.”).

In an Affidavit filed on July 20, 2020, there were two arguments made in opposition to World Phone’s application.  The first argument was that the Petition could not be decided because it was transferred to the Indian Supreme Court with other petitions involving Facebook and WhatsApp.  On its face, this argument made no sense given that the Transfer Order attached to the Affidavit did not list the World Phone Petition so the action was clearly not transferred.  Also, the transferred actions solely involve privacy issues.  Despite the fact those other matters also demonstrate the “digital colonialism” of Facebook and WhatsApp given they show how Indian users are treated differently from Europeans, they remain inapplicable to the World Phone Petition.

The second argument relied on a 2017 affidavit previously filed that claims the current regulatory body is “currently examining” over-the-top (OTT) services.  First, the services subject to the World Phone Petition are Internet telephony services and not mere OTT services.  And, despite it now being 2021, the agency still failed to address even the OTT services issues raised.  In fact, taking advantage of this longstanding lack of enforcement, WhatsApp is now moving aggressively to take advantage of its Indian market dominance in Internet telephony by moving into the desktop market.  

To defend against the World Phone Petition, Facebook and WhatApp hired two of the top attorneys in India – Mukul Rohatgi and Kapil Sibal.  Mukul Rohatgi – who is Facebook’s counsel, was in 2010 considered one of India’s top 10 lawyers.  He was also the 14th  Attorney General for IndiaKapil Sibal – who represents WhatsApp, formerly served as the head of various ministries over the years – beginning with the Ministry of Science & Technology, then the Ministry of Human Resource Development followed by the Ministry of Communications & IT, and the Ministry of Law & Justice.  To date, neither attorney has formally filed any papers with the Court.

No matter what is eventually filed by Facebook or WhatsApp, World Phone’s argument could not be simpler – there are no “checks and balances” available to protect Indian citizens from the digital colonization of Facebook and WhatsApp so its Petition is likely all that stands between Facebook and WhatsApp executing on its apparent digital colonialization plan and ultimate “data oligarch” control of the Indian population.

If successful, World Phone would cause the cessation of unlicensed Facebook messenger and WhatsApp services in India as well as the imposition of penalties for prior non-compliance.   To the extent Facebook chooses not to play regulatory ball, it may end up doing what it has done in China since 2009, namely just go dark.

UPDATE: April 22, 2021

On April 22, 2021, Justice Navin Chawla – the Justice who previously was hearing the World Phone case, ruled against Facebook and WhatsApp and dismissed their pleas challenging an Order from the Competition Commission of India (CCI) directing a probe into WhatsApp’s new privacy policy. Justice Chawla previously reserved judgment on the case.

A new Justice in the World Phone case – Justice Prathiba M. Singh, ruled on April 19, 2021 that Facebook and WhatsApp were required to provide a responsive affidavit within six weeks and World Phone had four weeks thereafter to respond. Moreover, a new hearing date of August 26, 2021 was set by the Court. For the very first time, Facebook and WhatsApp will now be required to articulate a defense to a case that on its face is indefensible.

UPDATE: October 6, 2021

Despite being required to provide their responsive pleadings by May 31, 2021 and retaining some of the top Indian lawyers to defend this action for over eight months, Facebook and WhatsApp both filed their responses on August 20, 2021 – less than a week before the scheduled hearing.  World Phone filed its reply to the Facebook submission on August 25, 2021.

On August 26, 2021, Justice Rekha Palli granted World Phone its request for more time to file the WhatsApp response. As well, she scheduled a new hearing for December 6, 2021. On October 7, 2021, World Phone will file its response to the WhatsApp affidavit.

UPDATE: October 7, 2021

World Phone served its WhatsApp response on all parties and with the Court. This Rejoinder provides a detailed analysis of why the Court should stay the use of WhatsApp until in complies with applicable law. To that end, it is anticipated that the Court will grant the requested injunctive relief on December 6, 2021 as to both Respondent No. 3 (Facebook) and Respondent No. 4 (WhatsApp).

Relevant sections of this filed Rejoinder are extracted below.

In 2015 – long before Respondents No. 3 and 4 solidified their current monopoly positions in India, TRAI already recognized Respondents No. 3 and No. 4 were providing the top two mobile phone applications used in India. See Consultation Paper on Regulatory Framework for Over-the-top (OTT) services, para 2.39 at page 27 (27 March 2015) (Publicly available at https://trai.gov.in/sites/default/files/OTT-CP-27032015.pdf).

It is submitted that private monopolistic entities directly impacting the public interest are always subject to writ petitions. Zee Telefilms Ltd. & Anr v. Union of India & Ors., (2005) 4 SCC 649, para 158 (“A body discharging public functions and exercising monopoly power would also be an authority and, thus, writ may also lie against it.”) [emphasis added].  Given the strong public interest implicated by this Petition and Respondent No. 4’s exertion of monopoly power, the Petitioner’s writ Petition should proceed against all Respondents – including Respondent No. 4. 

The fact that the functionally equivalent Internet Telephony services of an Internet service provider (“ISP”) – an entity required to obtain a Unified License prior to providing such services, are provided by Respondent No. 4 un-hindered and without entering into a Unified License Agreement is well recognized and admitted by all Respondents.  Such unlicensed activity is in violation of Section 5 of the Indian Wireless Telegraphy Act, 1933; Sections 4 and 20A of the Indian Telegraph Act, 1885; Section 79 of the Information Technology Act, 2000; and the entire framework of the Telecom Regulatory Authority of India Act, 1997.

It is submitted that all such services  provided by Respondents No. 3 and No. 4 in India should be “licensed pursuant to an agreement with the Department of Telecommunications, Government of India (“DoT”)” notwithstanding,  considering such services “internet-based ‘over-the-top’ (“OTT”) services”.

It is submitted that the Respondent No. 3 by its own averments states that it provides unlicensed Internet Telephony Service/VoIP Calls.  Such Services are provided by the Petitioner by procuring a license from Respondent No. 2 and are governed by the Indian Wireless Telegraphy Act, 1933; the Indian Telegraph Act, 1885; the Information Technology Act, 2000; and the Telecom Regulatory Authority of India Act, 1997.  

It is further submitted that this uneven application has allowed Respondents No. 3 and No. 4 to dominate the market completely and totally – also damaging and putting out of business other Internet Telephony service providers who were once viable.  This market dominance has not gone unnoticed in the United States where an Amended Complaint was filed on 19 August 2021 by the US Federal Trade Commission. 

Respondent No. 4 currently publicly opposes the enforcement of any interception rule.  See “What is traceability and why does WhatsApp oppose it?” (Publicly available at https://faq.whatsapp.com/general/security-and-privacy/what-is-traceability-and-why-does-whatsapp-oppose-it) (“Some governments are seeking to force technology companies to find out who sent a particular message on private messaging services. This concept is called “traceability.” . . . WhatsApp is committed to doing all we can to protect the privacy of people’s personal messages, which is why we join others in opposing traceability.”) [emphasis added]No matter what Respondent No. 4 does or does not do in this regard, it is submitted that the applicable Rules of interception of communication is dwarfed by the applicable financial commitments and vigorous checks and balances required under the Unified License Agreement and associated regulations which Respondent No. 4 should adhere to given the Internet Telephony/VoIP services it provides. 

The Hon’ble Supreme Court has recognized that

“it can very well be said that a writ of mandamus can be issued against a private body which is not a State within the meaning of Article 12 of the Constitution and such body is amenable to the jurisdiction under Article 226 of the Constitution and the High Court under Article 226 of the Constitution can exercise judicial review of the action challenged by a party. But there must be a public law element and it cannot be exercised to enforce purely private contracts entered into between the parties.” Binny Ltd. v. V. Sadasivan, (2005) 6 SCC 657, para 32. 

It is submitted that the issues raised in this writ Petition concern existing legislation governing the services provided by the Petitioner and the Respondents No. 3 and No. 4.  Wherein the Petitioner is operating through the Unified License Agreement issued by Respondents No. 1 and No. 2, the Respondents No. 3 and No. 4 are providing the same services but circumventing the existing legislation and are completely unregulated/unlicensed.  This injustice can only be ruled upon by a Constitutional Court under Article 226 of the Constitution by the Hon’ble High Court and under Article 32 of the Constitution by the Hon’ble Supreme Court of India and not by the TDSAT.  Moreover, Petitioner submits that this Hon’ble Court respectfully should not rely on mere recommendations from TRAI.   

It is submitted that rather than simply ignoring applicable laws, other countries have sought to change their existing licensing regime.  For example, by suggesting that India should not be one of those countries having a licensing scheme for Internet Telephony such as “Korea, Singapore, Hong Kong, Philippines, Thailand, Ecuador, and Mexico”, Microsoft suggested a different approach:  “Microsoft respectfully requests that the TRAI propose a regulatory approach wherein PC to PC VoIP requires no license (and is permitted to be transmitted by ISPs over their networks, public or managed, without restriction), and that only two-way PC to PSTN calling (both inside and outside of India) requires a light-touch registration or minimal licensing obligation, accompanied by appropriate regulations deemed necessary to protect consumers or address a market failure.” Response To Telecom Regulatory Authority of India Consultation Paper, Microsoft Corporation India Private Limited, page 14 (September 2016) (Publicly available at https://www.trai.gov.in/sites/default/files/201609060217157734124Microsoft_Corporation_India_Private_Limited.pdf). 

Reliance JIO, suggested:  “The unrestricted Internet Telephony by the ISPs/ 0TTs may be allowed only if they migrate to the Unified License with Access services authorization or they offer this service under a commercial arrangement with an existing Access service provider.” Comments of Reliance Jio lnfocomm Limited on the issues raised in the Consultation Paper on Internet Telephony (VOIP) (Consultation Paper No 13/2016 dated 22.06.2016), 5 September 2016, at page 9 (Publicly available at  https://www.trai.gov.in/sites/default/files/201609060234264610172RJIO.pdf).  Further, Reliance JIO suggested that “[i]t should be the responsibility of the Access Service Provider offering Internet telephony in collaboration with the OTT provider or otherwise to ensure that the international internet telephony calls are terminated in India through a licensed ILDO.”  Id. at 13 [emphasis added]. 

Respondent No. 3’s current business partner, Reliance Jio, realized early on that a special “Facebook exception” was in its best interests.  See “Stop illegal routing of internet telephony calls:  COAI”, Economic Times (5 May 2016) (“The Cellular Operators Association of India (COAI) has urged the telecom department (DoT) to stop illegal routing of internet telephony calls, warning that a failure to do so would lead to a breach in telco licence conditions, pose security risks and cause sizeable losses to the national exchequer.   Newcomer Reliance Jio Infocomm is also a COAI member, but the GSM industry body in its letter said Jio held a divergent view on the matter.”) [emphasis added] (Publicly available at https://economictimes.indiatimes.com/tech/internet/stop-illegal-routing-of-internet-telephony-calls-coai/articleshow/52133359.cms).

Respondent No. 4 claims it is a “mere application provider” rather than Petitioner who is an “access provider”.  The submitted statement ignores Petitioner is most certainly both and to provide its Internet Telephony/VoIP services in India, Petitioner has fully complied with the existing applicable licensing regime for such services.  

Respondent No. 4 also submits that “the relevant regulatory authorities are seized of the issue and the consultation process is ongoing”. The Respondent No. 4 is misleading this Hon’ble Court wherein the reality is that the regulators have already spoken, and they will not do anything further to enforce the law as currently written. TRAI rather recommends that going forward “Market forces” should dictate a solution.   

Contrary to what is submitted by Respondent No. 4, there is no need for the creation of a new regime applying to “OTT services” and Petitioner is certainly not requesting the creation of such a new regulatory regime – especially given one is not needed.  The Petitioner through this writ Petition is only praying before this Hon’ble Court to enforce the Law/Regulations currently in place.

Respectfully, TRAI has long had an agenda to grow the Internet user base in India.  In 2010, TRAI recognized that the uptick in Internet users was below what was sought by it.  See  Recommendations on Spectrum Management and Licensing Framework, para 2.105 at page 104 (11 May 2010) (“Despite a token licence fee for ISP, the number of internet subscribers has grown from 5.14 million in September 2004 to only 15.24 million by the end of December 2009. Of this, the number of broadband subscribers is 7.83 million. These numbers are way below the target of 40 million and 20 million by the end of 2008 for internet and broadband subscribers respectively.”) (Publicly available at https://trai.gov.in/sites/default/files/FINALRECOMENDATIONS.pdf). To increase the number of Internet users in India, sometime after 2015, TRAI began tilting the scales in favor of OTTs and simply disregarded the current licensing regime when making recommendations.  These efforts have been very successful as shown by the hundreds of millions of customers Respondents No. 3 and No. 4 have accumulated since 2015. 

Without referencing the applicable laws and regulations, TRAI recently concluded:  “It is not an opportune moment to recommend a comprehensive regulatory framework for various aspects of services referred to as OTT services, beyond the extant laws and regulations prescribed presently. It may be looked into afresh when more clarity emerges in international jurisdictions particularly the study undertaken by ITU.”  TRAI Press Release Regarding Recommendations on “Regulatory Framework for Over-the-top (OTT) communication services” (14 September 2020) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/PR_No.69of2020.pdf). See also TRAI Recommendations on Regulatory Framework for Over-The-Top (OTT) Communication Services, para 2.4(iii) at page 8 (“Since, ITU deliberations are also at study level, therefore conclusions may not be drawn regarding the regulatory framework of OTT services. However, in future, a framework may emerge regarding cooperation between OTT providers and telecom operators.  The Department of Telecommunications (DoT) and Telecom Regulatory Authority of India (TRAI) are also actively participating in the ongoing deliberations in ITU on this issue. Based on the outcome of ITU deliberations DoT and TRAI may take appropriate consultations in future.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/Recommendation_14092020_0.pdf). 

The international ITU body, however, previously made it clear that it is not involving itself in India’s internal regulatory matters and is merely a spectator to such activities.  See ITU Economic Impact of OTTs Technical Report 2017, 5.2 India at 33 (“India is in the process of reassessing its rules on online services, including OTT services. . . . As noted in Section 4.2, voice and messaging services are permitted to be offered only by firms that hold a licence. Internet Protocol (IP) based voice and messaging services can also be offered by licensed network operators as unrestricted Internet Telephony Services; however, these services may not interconnect with traditional switched services. The dichotomy between regulated traditional services and largely unregulated OTT services leads to numerous anomalies.”) [emphasis added] (Publicly available at https://www.itu.int/dms_pub/itu-t/opb/tut/T-TUT-ECOPO-2017-PDF-E.pdf).   

As for the local ITU branch – the ITU-APT Foundation of India, that group has already sided with Respondent No. 4’s claim there is an “intelligible differentia” between its Internet Telephony services and Petitioner’s Internet Telephony services.  ITU-APT Foundation of India comments on TRAI OTT consultation (7 January 2019) at 3 (“The Consultation Paper (“CP”) draws parallels between the communication services offered by OTT service providers and TSPs.  However, we would like to submit that the services offered by them are widely different and cannot be compared.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/ITUAPT08012019.pdf).  

This position is not surprising given that according to the ITU-APT Foundation of India:  “Facebook’s, [sic] one of our valued corporate member[sic] announce a major investment in Reliance Jio that would facilitate the ailing telecom Industry. The two companies said that they will work together on some major initiatives that would open up commerce opportunities for people across India.” ITU-APT Weekly News Summary [emphasis added] (Publicly available at https://itu-apt.org/itu-letter.pdf).   

Rather than rely on ITU, TRAI should have considered more the deliberations of the Confederation of Indian Industry (CII) – which recognizes that OTT providers are already governed by the present licensing regime.  See CII Response to TRAI Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services at 6 (7 January 2019) (“Any new regulations for TSPs and OTTs should be considered taking into account the respective regulations govern the TSPs and the OTTs under the Telegraph Act, license, TRAI Act and the Information Technology Act. The Authority should consider new future fit frameworks that lightens the regulatory burden and adopts a progressive approach that allows all entities in the eco-system to proliferate and grow – offering maximum benefits to the consumers.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/ConfederationofIndianIndustry08012019.pdf).  CII has long been a major force in advocating what is in the best interest of Indian businesses – and does not care about the interests of US-based monopolies:  “The journey began in 1895 when 5 engineering firms, all members of the Bengal Chamber of Commerce and Industry, joined hands to form the Engineering and Iron Trades Association (EITA). . . . Since 1992, through rapid expansion and consolidation, CII has grown to be the most visible business association in India.” [emphasis added] (Publicly available at https://www.cii.in/about_us_History.aspx?enc=ns9fJzmNKJnsoQCyKqUmaQ==).

It is submitted that a comprehensive licensing regime is already in place which covers not only the interception rules, penalties, security issues but also governs the license fees and tariffs and mode to operate among others.  It is submitted that the stand of Respondent No. 4 in regards to interception rules and end-to- end encryption claimed to be covered under the IT Act and other rules, which it publicly opposes, is just like crumbs from a pie wherein the Indian Wireless Telegraphy Act, 1933; the Indian Telegraph Act, 1885; the Information Technology Act, 2000; and the Telecom Regulatory Authority of India Act, 1997 provide a complete pie and once it is brought under such laws Respondent No. 4 will have to comply with all the rules and regulations at par with the Petitioner.

Petitioner and Respondent No. 4 are indeed “equals” in that they provide the same Internet Telephony/VoIP service while are treated “unequally” by Respondents No. 1 and No. 2. It is submitted that only the Petitioner is required to comply with the licensing regime applicable for providing such telephony services.

Individual citizens forming a legal entity or juristic person can invoke fundamental rights. It is submitted that the ameliorative relief sought by the Petitioner is issuance of writ by this Hon’ble Court that the applicable laws and regulations are complied with and enforced upon the unregulated/unlicensed Internet Telephony/VoIP Service Provider Respondent No. 4 herein.

It is denied that the issues raised by this Petition are being “considered and decided by DoT and TRAI, the regulatory authorities with the expertise and experience to address such issues.”   It has been over five years since the issue of an uneven level playing field was raised with Respondent No. 2 as regards Respondent No. 4.    

Petitioner through this writ Petition is praying that the existing laws and regulations are fairly applied and enforced as to all companies no matter how large and powerful they are.  It is humbly submitted that if the unlawful conduct uncovered by this writ Petition is not addressed by this Hon’ble Court, Respondent No. 4 will likely forever be left unchecked to do what it likes in India.

It is submitted that on 19 November 2019, the Minister of Home Affairs was asked “whether the Government does Tapping of WhatsApp calls and Messages in the country” and responded without answering the question but implied it was “tapping of WhatsApp calls and messages” by referencing the same interception rule mentioned by Respondent No. 4 in its submission. Government Of India, Ministry Of Home Affairs, Lok Sabha, Unstarred       Question No: 351” (Publicly available at http://loksabhaph.nic.in/Questions/QResult15.aspx?qref=6696&lsno=17).   The Hon’ble Court has no way of knowing if Respondent No. 4 is helping law enforcement, exactly how Respondent No. 4 is helping law enforcement, or whether Respondent No. 4 could do more to help.

Whether or not Respondent No. 4 is consistent with its public pronouncements and does not actually access user accounts is actually of little importance – than that the Respondent No. 4 admittedly does not comply with the licensing requirements applicable to providers of Internet Telephony/VoIP services.   

It is denied that there is no financial loss to the national exchequer despite the complete failure to obtain any entry fee, payment of license fee, or goods and service tax from India’s largest operator of Internet Telephony services. A loss of income naturally results when licensing fees are not paid. See Cellular Operators Association of India (COAI) Counter Comments TRAI Consultation Paper on Internet Telephony Released, 22 July 2016, at 1 (“Internet Telephony provided by unlicensed entities besides being in violation of license will not only deprive the licensed operators of huge revenue but will also result in lesser payout to exchequer in the form of reduced license fee on revenues.”) [emphasis added] (Publicly available at https://www.trai.gov.in/sites/default/files/201609161151061091227COAI.pdf).   

It is denied that Respondent No. 4’s unregulated conduct actually “generates more revenue for the government by enhancing investments in data networks, and consequent increases in license fees.” [emphasis added].   Even the ITU-APT Foundation of India acknowledges that the infrastructure growth created by OTT providers happens in the USA and not in IndiaSee ITU-APT Foundation of India comments on TRAI OTT consultation (7 January 2019) at 5 (“It is estimated that OTT investments in infrastructure is fast growing, and the bigger OTT players invested 9% of their 2011-2013 revenues in networks and facilities in the US.  This trend can be replicated in India with the right regulatory environment which would recognize and incentivize greater investments rather than stifle the industry with arbitrarily applicable licenses.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/ITUAPT08012019.pdf).  Both the ITU-APT Foundation of India and Respondent No. 4 are wrong, however, given that Respondent No. 2’s failure to enforce existing laws has already created the “right regulatory environment” for the bigger OTT players.  It is also clear neither Respondent No. 3 nor Respondent No. 4 have any intentions of building networks or facilities in India given they have withdrawn their prior physical presence in India and currently neither even have any office in India.

It is submitted that the question is not whether a licensing regime should apply to OTT’s when the existing regime already does apply, but the real question is whether the existing laws and regulations will be regulated and enforced by Respondents No. 1 and No. 2. 

It is submitted that the contents of this Petition seeks liberty of the Court to enforce the laws as written. It is denied that the Petitioner is seeking from the Hon’ble Court to “displace” regulatory authorities  but only to enforce existing law and regulations which are applicable to all providers of Internet Telephony/VoIP services,  even those who claim to  ride on the telecommunications rails built and maintained by other companies. 

It is denied that the Respondent No. 4 was singled out in the writ Petition.  Unlike Respondent No. 4, other similar service provider like “Skype” have near zero market share compared to Respondents No. 3 and 4.   It is submitted that Skype was once the undisputed dominant provider in India but after its corporate parent Microsoft was sued in 2014 by Petitioner, Skype removed the ability to call within India from Skype to mobiles and landlines. In the relevant case, the Hon’ble Court in the United States found that Petitioner was better served filing a writ petition in India rather than in the United States. TI Investment Services, LLC, World Phone World Phone Internet Service Pvt. Ltd. v. Microsoft Corp., 23 F. Supp. 3d 451, 472 (D. N.J. 2014) (“The Courts of India are better positioned to determine whether their own national laws have been violated, and, if so, what the antitrust consequences, if any, are in their national market. If Plaintiffs wish to renew their suit, they should do so in the jurisdiction where they are alleged to have competed with Defendant, to have complied with regulatory laws, and to have suffered injury, and that is India.”).

It is further submitted that unlike Microsoft and even Google, Respondent No. 4 flagrantly violates existing regulatory prohibitions by, for example, allowing Indian users of its free “WhatsApp Business” utilize their landline phone numbers for messaging with customers. See WhatsApp Business App Android Download Page (“You can use WhatsApp Business with a landline (or fixed) phone number and your customers can message you on that number.”) (Publicly available at https://play.google.com/store/apps/details?id=com.whatsapp.w4b&hl=en_IN&gl=IN).  As recognized even by TRAI, such unlicensed services run afoul of the existing licensing regime.  See Consultation Paper on Regulatory Framework for Over-the-top (OTT) services, para 2.40 at page 28 (27 March 2015) (“Under the current telecom licensing regime, voice and messaging services can be offered only after obtaining a license. Apart from traditional voice and messaging, IP based voice and messaging services can also be offered by TSPs as unrestricted Internet Telephony Services, which are permitted under the scope of the Unified Access Service (UAS) license in terms of the UAS Guidelines dated 14th December 2005. Similar provisions exist for Cellular Mobile Telephone Service (CMTS) and Basic Service Licences. However, the scope of the Internet Services Licence was restricted to Internet Telephony Services without connectivity to Public Switch Telephone Network (PSTN)/Public Land Mobile Network (PLMN) in India.”) [emphasis added] (Publicly available at https://trai.gov.in/sites/default/files/OTT-CP-27032015.pdf).   

It is denied that Respondent No. 4 can freely provide telecommunication services and ignore the Unified License Agreement because it relies on networks built by other companies. It is submitted that Respondent No. 4 at one point was building out its physical presence in India for regulatory reasons.  By way of background, on 6 April 2018, the Reserve Bank of India issued its Directive, Storage of Payment System Data, requiring that: “All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India.”  Directive on Storage of Payment System Data, 6 April 2018, (Publicly available at https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11244&Mode=0).    

Soon thereafter Respondent No. 4 announced the appointment of Abhijit Bose as head of “WhatsApp India”– WhatsApp’s first full country team outside of California . . . based in Gurgaon.” Respondent No. 4’s company statement is no longer available on its website but press accounts of this statement can still be found online.  “WhatsApp appoints Abhijit Bose as head of WhatsApp India”, The Economic Times of India (21 Nov 2018) (Publicly available at https://economictimes.indiatimes.com/tech/internet/whatsapp-appoints-abhijit-bose-as-head-of-whatsapp-india/articleshow/66735848.cms). According to Mr. Bose’s November 2018 statement recounted by the India Times:  “WhatsApp can positively impact the lives of hundreds of millions of Indians, allowing them to actively engage and benefit from the new digital economy.” Id. The India Times also reported in that article: “Apart from the traceability request, the government had had asked WhatsApp to set up a local corporate presence. . . .” Id. After finding a way to maneuver around the Reserve Bank of India’s 2018 Directive, on 6 November 2020, Respondent No. 4 announced the launch of its payment platform without having any “local corporate presence” that would store “data related to payments”See “Send Payments in India with WhatsApp”, WhatsApp Blog (6 November 2020) (Publicly available at https://blog.whatsapp.com/send-payments-in-india-with-whatsapp). As with Respondent No. 3’s massive build out of its physical presence in India, Respondent No. 4’s “company statement” regarding the building of “WhatsApp India’s” physical presence in India is no longer found on Respondent No. 4’s website.  

More importantly, as also with Respondent No. 3, Respondent No. 4 now no longer has any physical presence in India – despite the country being Respondent No. 4’s largest country market.  And, without Respondent No. 4 having any physical presence in the country, Mr. Bose – still apparently head of “WhatsApp India”, announced in July 2020:  “Our collective aim over the next two to three years should be to help low-wage workers and the unorganised, informal economy easily accesses three products – insurance, micro-credit and pensions.” See “Facebook’s WhatsApp to partner with more Indian banks in financial inclusion push”, Reuters Article, (22 July 2020) (Publicly available at https://www.reuters.com/article/us-whatsapp-india-idUSKCN24N24E.  It is further submitted that Respondent No. 4 – who already dominants in Internet Telephony, messaging, and mobile payments plans on dominating  in providing access to “insurance, micro-credit and pensions”. It is submitted that this blatant form of digital colonialism should respectfully be rejected  by way of this present writ Petition

Respondent No. 4 submits it need not comply with the Unified License Agreement despite providing “telecommunication services” simply because it uses for free the networks built by others.  The relevant regulatory authorities have been made aware of the matters set forth in the Petition for over five years without enforcing public laws and their own regulations and is why DoT is named as Respondent No. 2 in this matter.  Last year alone, Respondent No. 3 generated revenues of more than US$85 billion and profits of more than US$29 billion.  These numbers will grow exponentially as the “free” unlicensed products currently offered to Indians become further monetized by Respondents No. 3 and No. 4. 

Other than the present writ Petition, there is no available “statutory remedy” that would otherwise cause the enforcement of applicable law.  It is respectfully submitted that the Hon’ble Court should intercede to ensure equal protection under the law. It is further humbly submitted that if the Hon’ble Court does not intercede to stop the digital colonialism of Respondents No. 3 and No. 4, the same will go forward unabated. Considering the foregoing facts and circumstances, it is therefore respectfully prayed to this Hon’ble Court to kindly allow the prayer of relief sought by the Petitioner, in the interest of justice, including enjoining Respondent No. 4 from providing Internet Telephony/VoIP services until such time as Respondent No. 4 is in full compliance with the applicable requirements for providing such services in the Union of India.

Legal and Business Advocacy