WhatsApp is fighting for the privacy of the citizens of the largest democracy in the world. This week, the Facebook-owned messaging platform accused the Indian government of a request to challenge new IT rules requiring messaging apps to check the “first creator” of a message. Doing so may require WhatsApp to minimize it end-to-end encryption, reveals the identities of the sender and has potentially affected the security not only of its more than 400 million users in India, but possibly billions more around the world.
While it is difficult to assess the possible consequences of filing a lawsuit, it could dictate the kind of communication technology and secure internet spaces available to Indians in the future, and could set the standard for what the demand of other governments is not just WhatsApp but others. secure messaging apps Following these rules endangered a person’s basic right to privacy, experts say, because weakening encryption for one means doing it for everyone. Follow and end-to-end encryption can’t be a partner.
India’s internet regulations for social media platforms, messaging apps, online media, and streaming video services are passed using a executive order in February. The platforms were given three months to follow, the deadline of which ended earlier this week. One of the new directives requires messaging platforms with more than five million users in the country-which includes not only WhatsApp but Signal as well-to be the first to release information when requested by a court. or government order. For an internship that starts overseas, those services are needed to identify its first instance in an internship in India.
Now, providers of end-to-end encrypted platforms like WhatsApp and Signal can’t see what the content of messages is, which means they can’t track specific content. Keeping track of messages not only means treating each individual as potential criminal subjects, but it can also be a daunting task for the company to keep a lot of data.
“Compliance will force end-to-end encrypted platforms to change their architecture in a way that negatively affects online privacy and security. They need to improve the ability to track who is sending who is who is sending who. message to whom, and hide this information forever, ”said Namrata Maheshwari, technology policy advocate.“ It’s a heavy obligation that severely undermines end-to-end encryption, and put at risk the privacy, security, and freedom of expression of users. “
The government of India states that its purpose is not to infringe on anyone’s privacy, and that surveillance will be used only “for the prevention, investigation or punishment of very serious violations relating to the sovereignty and integrity of India, the security of the state, friendly relations with foreign states, or public order, or inciting an offense that is high-profile or related to rape, sexually explicit material, or child sexual abuse material. “
Yet those definitions leave a lot of room for interpretation. The government can track anyone who puts risky information, but that power can easily be used to track how the political situation flows among different individuals, or to track activists and political opponents.
“Once you build a system that can go back in time and decrypt some people who send an internal content, you’ve created a system that can decrypt anyone who sends any content, “said Matthew Green, a cryptographer at Johns Hopkins University. “There’s no such thing as just collecting information from bad people. It’s very dangerous to start exposing this information, because you don’t know where it will end.”
This is not the first time such a request has been made on WhatsApp. The platform is facing a similar call from Brazil, the second-largest market after India. Others countries, including the US, Canada, and the UK presses WhatsApp to break its encryption. But this is the first time the tracking requirement has been officially imposed, and in the platform’s largest market.