#NAMA: The traceability mandate and what it means for end-to-end encryption – MediaNama.com

admin on May 1, 2021 Leave a Comment

Key Takeaways

The new Information Technology (IT) Rules, 2021 mandate significant social media intermediaries (intermediaries with over 5 million users) that provide services primarily in the nature of messaging to enable the identification of the first originator of a message if issued an order by a court or relevant government authority. Although the rules state that less intrusive methods will be used available, experts argue that this provision will require the breaking of end-to-end encryption offered by platforms like WhatsApp and Signal.

In a panel discussion held by MediaNama on Impact of IT Rules 2021 on Intermediaries, experts shared their views on the traceability mandate and what it means in the context of end-to-end encryption.Debayan Gupta, Assistant Professor of Computer Science,Ashoka University; Priyadarshi Banerjee, Lawyer at Banerjee & Grewall; Yash Kadakia, Founder and CTO of Security Brigade;Rakesh Maheshwari, Ministry of Electronics & Information Technology (MeitY), participated in this discussion. This discussion was supported by Google. All quotes have been edited for clarity and brevity.

The provision stumbles upon its first hurdle in defining who an originator of a message is and what information about the originator it expects.

Is it someone with a +91 number:Debayan Gupta argued that if the law is targeting only originators within India, does it mean it wants the originator with a +91 number, and in that case, what if someone with a +91 number moves to a different country? Will the laws of the country where the person has moved to allow sharing the details of said person? There is also the opposite case where a person with a non-Indian WhatsApp number might be residing in India, will they fall under this search for originator?

How does this work for a non-forwarded message:While tracking a forwarded message might be possible by breaking encryption, how will a platform trace a message that has been copied and pasted, Gupta asked. Wont the metadata of the message originator be lost in this case and wouldnt it be an easy way for bad actors to get away by doing this?Adding on to this point, Yash Kakadia asks what if a person saves a photo or video and reuploads it from his phone. This breaks the forward chain but it is still the same content. Will this person be considered the originator, although someone else was the actual originator? The image could also very easily be from a different messaging platform and there will be no way to go back to the actual originator in this case.

What about slightly modified messages: Gupta asks if forwarded messages that are slightly modified and then forwarded again be considered the same as the original message or as a different message? The same question applies to images and videos that are given a caption.

The broad consensus among the panellists was that enabling traceability without breaking end-to-end encryption is not possible, but they still offered scenarios where it is possible and what problems can this lead to.

Maybe for photos and videos:Yash Kakadia argues that in limited scenarios such as images and videos, tracking the originator without breaking encryption might be possible. If you take an image and I send it to you, you send it to 400 different people and it goes on from there, right? If you go into WhatsApp Web or something of that sort, the URL for the image is exactly the same. And its a cached image that theyre just sending forward. So fundamentally, WhatsApp will be able to say, the first person to upload this image was x and that I can see reasonably possible without breaking into encryption, he added. But this cannot be done for texts, which is the more universal case, Kakadia conceded.

Yes, but anyone can be made to look like the originator: One of the ways platforms can enable traceability is by hashing the sender information and including it as metadata when a message is sent. This could potentially work when everyone is using the official version of WhatsApp, for example, instead of a doctored version. But there is no guarantee that this is the case, especially when considering bad actors, and an unofficial version of the app gives users the ability to make anyone like the originator.

Lets say Im sending a message to Yash. And Im supposed to be attaching something at the bottom of that message that looks like garbage to you, but somehow encapsulates my ID in some fashion or the other. Whats preventing me from lying? Well, I can put Nikhils number in there, for example. And whats preventing Yash from changing that to something else when he forwards it the next time. How do you make sure that nobody lies during the process? Gupta argued.

You can take Narendra Modis phone numbers should you know it, attach that number on top of the message call him the originator and attach Narendra Modis hash at the bottom of it because you can compute it too. And thats that. So look, when I send you a message, either that hash is computable and verifiable by you in which case you can replace my number and my hash with Narendra Modis number and Narendra Modis hash or it isnt, in which case, I could have given you garbage and you wouldnt know, Gupta added.

Technology behind forwarded many times cannot be used for traceability:In response to a question on why the same technology used to label messages as forwarded many times cannot be used to keep track of originator, Gupta explained that WhatsApp, in fact, cannot see the number of times a message is forwarded and the entire system behind this is not really secure. If I ran a fake version of WhatsApps app, I could mess around with that and change that counter to whatever I wanted.The reason that this forwarded many times thing ends up working is because of WhatsApps assumption that if a message spreads like a wildfire, then presumably most of the users doing it are legitimate users using legitimate versions of the app Gupta said.

Less intrusive means for identification is a legal artifice:The government has added a clause that if there are less intrusive means for identification of the originator those can be used instead, but Priyadarshi Banerjee said that this is just a legal artifice that will help the government in court. I mean without breaking the end-to-end encryption traceability is just not possible. Then in that circumstance, its a meaningless proviso that has been put in, just to garnish the legislation for the benefit of the judiciary at a future date, he said.

FISA-like warrants for tapping:One solution Gupta proposed, but conceded wont be very effective, is for the government to implement a provision where a court allows law enforcement agencies to tap a persons chat for a legitimate reason similar to the FISA warrant system in the US. Platforms like WhatsApp can maintain end-to-end encryption for most users and disable it only for users who have a warrant issued against them. The two pitfalls to this are that everyone who the targeted person converses with will also be compromised and bad actors will not use the platform once they know law enforcement agencies can pursue them through this method.

Law should not mandate technology to do a particular thing:When a law instructs a company to do a particular thing, then the law is, in fact,dictating how technological innovation happens and at the pace there off, which is not in the realm of law at all, argues Priyadarshi Banerjee. Its impossible for either lawyers or judges or policymakers to determine what is actually in the domain of engineers, he added.

Government giving solutions rather than the problems to solve:Giving an apt metaphor, Debayan Gupta said Think about aeroplanes, the government is asking to have roll-down windows on aeroplanes. And all the aeronautical engineers are like, are you mad, you cant have roll-down windows on aeroplanes, people will die. This doesnt work. Until the government tells us, hold on, theres this thing called COVID. And we need some way to get fresh air on aeroplanes. Now, the aeronautical engineers say, oh, okay, now that makes sense. Your reasoning has been you have a real reason why youre asking us for this, we can put in these special filters weve created for this occasion. The problem is the government is telling us all this stuff about originator information, hashing and we cant expect the government to have expertise on everything. The problem is theyre giving us implementations or solutions. What they need to do is they need to show us the data, they need to tell us here are the problems.

Is there a right to anonymously exist or communicate online:While the law cannot give a positive mandate and tell companies what they should do, they can tell them not to deploy a particular kind of technology because anegative injunction is something that can be legally enforced according to Banerjee. But such injunctions must also satisfy certain other conditions of legality, he added.

In the present circumstance with regard to end-to-end encryption, I believe this dovetails into the primordial query that whether there is a right to anonymously exist or communicate online. If it can be determined that there is no such right then the law can surely injunct, said Banerjee.

Only affects law-abiding citizens:Debayan Gupta argued that whenever the government wants to pass new rules they use child porn and terrorism as a pretext but the rules dont actually solve those problems. If Im running a child porn ring, and I know if I use WhatsApp I can get tracked, I wouldnt use WhatsApp, Im going to use something else that I can find elsewhere on the internet, he said. He further adds that only the security of law-abiding citizens will be affected.

Bad guys move to harder to reach platforms: Every time you break one level of encryption, or one level of security, youre essentially going to have the bad guys move to a different, harder to reach, platform and then again its going to keep cycling on from there, Kadakia added. Technology evolution is always going to take place, and the bad guys are always going to find safe-havens. If we talk about child pornography right now, whether its moving to the dark web where it becomes even harder now for the government to sort of track that right. And the next request is going to be lets decentralize and lets monitor the dark web, he added.

Tiny corner case of badness:While conceding that the government might have a legitimate reason for the traceability mandate, Gupta said that there should be evidence that shows that enabling traceability will indeed help the government because otherwise, it applies broadly. All too often we are told that there is a legitimate reason for doing X. So were talking over Zoom right, were getting all of these benefits and youre suddenly saying, I dont want this tiny corner case of badness to happen, it doesnt work that way, Gupta said.

What youre doing is, youre taking a good system that works across the world, and youre creating a separate point of failure for it. And that point of failure is going to become a prime target for hackers, Debayan Gupta said.

Government has a number of security issues:Stating that government agencies face a number of security issues, Priydarshi Banerjee and Debayan Gupta argue that creating a backdoor for the government to identify the originator of a message will inevitably allow criminals in as well. So the question is also that is the price of potentially putting all our communications, every single one at risk worth the value that theyre sort of asking for in this context, Banerjee asked.

People in the middle of a message chain will be compromised:Even if the government is only trying to track down the originator of a message, all the others in the message chain will also be compromised because there is no way to only identify the originator without maintaining records throughout the chain. Giving an analogy to the postal system, Gupta said This idea of shortcutting everything is like would you do that to the postal system? How would you require the postal system to look inside every envelope, and keep track of every message that was sent? So that if a threatening message was received by the president of India, you could immediately track it back to the first person who wrote that message, rather than the 15 intermediaries that went through. Is that what were saying, that we now require the postal system to do that because that is the exact equivalent of what has been proposed.

Representing the government, Rakesh Maheshwari, Senior Director and Group Co-ordinator, Cyber Law & Security, MeitY, conveyed the governments intent regarding various subrules. He also fielded questions from MediaNama on traceability, compliance, timelines, clarifications of definitions, and more. Here are his views on traceability and encryption:

Not looking at the encryption aspect: We are not at all looking at the way the encryption has been done, the way decryption is being done. We are not at all looking at it, we are only looking that at the end-user device, the message does remain unencrypted. And if it is being simply being forwarded, then before it is being forwarded, it is the same message, and hence the hash should remain the same. Now, how exactly it is to be done, which technical architecture to be deployed, is best for the platform [to decide], Rakesh Maheswari noted.

Platforms cannot take shelter using end-to-end encryption:There are certain expectations that users shall not be engaged in certain activities. Platforms cannot just put that in the terms of conditions and use end-to-end as a shelter when users do engage in them, Maheswari noted. Our intent is that if there is trouble being created in the system, the system cannot just take the shelter of it being end-to-end encrypted and therefore be completely unaware and hence completely escape out of the problem. We want platforms to be accountable, we want people to also be accountable, he added.

More than three months given:In response to MediaNamas question on whether the government thinks it has given sufficient time for implementation of this mandate and Debayan Guptas argument that there is no way to know if three months is enough,Maheswari responded that the government has in fact given more than three months because this mandate has been in the public draft for the last two years and platforms knew it was coming. He also added that if three months is not enough to implement a certain rule or subrule, the government will be practical and accommodate extension requests.

Lots of checks and balances in place:Maheswari argued that the government has put lots of checks and balances in place to prevent the misuse of the traceability provision but does not give examples of any such measures. The rules also do not provide any details regarding the safeguards in place.

No cost-benefit analysis done:In response to an audience question on whether the government has done a cost-benefit analysis of the traceability mandate, Maheshwari responded that it isnot for government to do the cost-benefit analysis and that the government has the right to know the root cause of a problem.

There is always a bypass:Maheswari did concede that despite all the measures the government takes, criminals will find a way to bypass the law. But he argues that the rules are meant to suffice for the general case and not these extreme situations. The rule should by and large be able to meet the expectations of the government, as well as, I hope the users, he added.

Also Read

See original here:
#NAMA: The traceability mandate and what it means for end-to-end encryption - MediaNama.com

Related Posts
Posted in Encryption

Comments are closed.