Cloud Hosting

Bengaluru | New Delhi: WhatsApp is evaluating all options following the governments mandate to trace the origin of contentious messages, people aware of the matter told The Economic Times, adding that the Facebook-owned app remains committed to offering users end-to-end encryption on its platform.

WhatsApp will not bend on the issue of user privacy as providing traceability would require it to digitally fingerprint billions of messages exchanged every day in India, store them on company servers and alter the technology architecture of the app, industry sources said.

WhatsApp did not respond to emails seeking comment.

Information Technology Minister Ravi Shankar Prasad has said that the government will seek traceability of originator only in the case of crimes where the punishment is more than five years of jail term.

The law has enough "safeguards" in place to avoid its misuse, Prasad said.

The new regulations, notified Thursday, require messaging apps to trace the originator of flagged messages that contribute to crimes of a severe nature. This includes issues related to the countrys security and sovereignty, public order as well as sexual crimes against women and children.

Some legal and technology experts are also contesting WhatsApps stance on end-to-end encryption by pointing out that the newly notified intermediary rules do not require encrypted apps to disclose the contents of a message.

"The intermediary regulations are not asking for encryption breaking for identification but merely the ability to tag the very first message, which should be possible without actually disclosing the content," said Nikhil Narendran, partner at Trilegal.

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, under Section 79 of the Information Technology Act, which came into force on Thursday, states that the government will first try to use "other less intrusive means" to identify the originator of the flagged messages, before seeking the intervention of the platform. If the message originated overseas, the first person to have shared the content in India will be considered the "first originator", the new rules state.

WhatsApp, which has over 400 million users in India, has been opposing government calls for traceability for three years now on the grounds that it is a breach of user privacy and runs counter to India's fundamental right to privacy.

On its website, WhatsApp states that end-to-end encryption ensures that messages are secured from falling into the "wrong hands".

Arguing that traceability is still an option without breaking end-to-end encryption or compromising user privacy, V Kamakoti, a professor at IIT Madras who is a member of the National Security Advisory Board , told ET that WhatsApp could employ options such as tagging the originators phone number with the message and displaying it every time it is forwarded.

This, he said, would not require WhatsApp to read the messages at any stage, thus keeping its encryption in place and avoiding violation of privacy rights. Alternately, "the originator information can remain encrypted and upon receiving a court order, they can decrypt and provide the information", he said.

The two options were part of his submission to the Madras High Court in 2019 when the court was hearing two writ petitions filed the previous year.

Pointing out that fake news and rumours on social media are a serious concern, Kamakoti said, "I can't understand why they (WhatsApp) are opposed to the solutions, they should explain how privacy is being compromised in the solutions proposed," he said.

Meanwhile, industry executives who termed the governments ask as akin to "mass surveillance" , told ET that in order to meet these stipulations, "WhatsApp would have to re-engineer its complete platform which would go against its "basic tenet of privacy".

End-to-end encryption means only the user and the person they are communicating with can read or listen to what is sent. Interestingly, in its privacy policy, the Facebook-owned app states that while most messages are deleted from its servers once delivered, undelivered messages or forwarded media are saved on its servers in encrypted form temporarily.

Mishi Choudhary, legal director at Software Freedom Law Centre in New York, believes that the traceability requirement coupled with the mandatory requirement for appointing a chief compliance officer, a nodal contact person and a resident grievance officer might make it difficult for smaller messaging platforms such as Signal and Telegram to provide services in India.

"This limits user choice at a time when users have come to expect encrypted, safe messaging services as an essential part of modern communications," she said. The government has argued that lack of control over fake news and misinformation through platforms such as WhatsApp were leading to people dying as mobs inflamed by such messages were lynching people in the country. According to the government, misinformation has also given rise to challenges amid the Covid-19 pandemic and the farmers agitation, among others.

"The call for responsible freedom and ensuring that no information or data is misleading is key for a diverse democracy like India to curb the widespread issue of fake news," industry body Nasscom said on Friday.

It added that the government must ensure that new rules for regulating content on technology platforms must not hurt creativity and freedom of speech and expression of the citizens.

WhatsApp and smaller rival Signal follow the same encryption protocol that secures messages before they leave the users device.

Messages are secured with a lock, and only the sender and recipient have the special key needed to unlock and read them.

Originally posted here:
India Messaging App Rules | WhatsApp sticks to its stance on end-to-end encryption - Economic Times