In a landmark ruling with significant implications for digital privacy and content regulation in India, the Karnataka High Court on April 30, 2025, directed the Union Government to initiate proceedings for blocking access to the encrypted email service, Proton Mail. The decision was based on a petition filed by Bengaluru-based design consultancy M Moser Design, whose employees and clients had allegedly received emails via Proton Mail IDs containing sexually explicit content, AI-generated deepfakes, and morphed photographs.
Justice M. Nagaprasanna, presiding over the matter, invoked Section 69A of the Information Technology Act, 2008 and Rule 10 of the Information Technology (Procedure and Safeguards for Blocking Access of Information by Public) Rules, 2009, asserting the gravity of the digital threat and the need for urgent state intervention. The court described the content as “akin to pornography” and emphasized the risk to public order posed by services operating outside Indian jurisdiction but accessible to Indian users.
Deepfake Harassment and Legal Void: Petitioner’s Alarming Claims
The petitioner, represented by counsel Jatin Sehgal, argued that the encrypted and anonymous nature of Proton Mail had enabled malicious actors to bypass Indian surveillance frameworks. The firm’s employees were targeted with morphed images, AI-generated nudes, and objectionable messages — allegedly causing mental distress and reputational harm.
Notably, Proton Mail, headquartered in Switzerland, does not have physical servers in India and had previously withdrawn its VPN services from the country after refusing to comply with Indian data localization norms. Sehgal also claimed that the platform’s website openly provided tips on how users could evade government monitoring — a direct violation of Indian cybersecurity standards.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
The petition further highlighted past instances where Proton Mail was used to send bomb threats to Indian schools, and the platform’s non-cooperation with Indian law enforcement raised serious national security concerns.
Sovereignty, Jurisdiction, and the Challenge of Encrypted Platforms
Appearing on behalf of the Centre, Additional Solicitor General Aravind Kamath informed the court that while a Mutual Legal Assistance Treaty (MLAT) exists between India and Switzerland, access to user data requires a magistrate-issued Letter Rogatory under the new Bhartiya Nagrik Suraksha Sanhita. He added that the Centre would comply if the court issued specific blocking directions — a position that ultimately led to the High Court invoking its powers under Article 482 of the CrPC to pass interim orders.
In a broader observation, the court questioned why the Indian government has not yet formulated mechanisms to block similar encrypted platforms and VPN services that do not maintain any infrastructure within the country but significantly impact its digital ecosystem.
This ruling adds to the growing global conversation on balancing user privacy with national security, especially when encryption becomes a double-edged sword — protecting both human rights activists and cybercriminals alike.