End to end encryption (E3), a security protocol that keeps internet communications completely private, opaque even to the service provider, has irked security agencies since 2016, when WhatsApp rolled it out. Russia, China and Turkey ban them altogether. In 2017, the UK passed the Investigatory Powers Act and in the first week of December, Australia passed similar laws that require providers to develop technical solutions to offer plain text communications on request. Like India, these countries already had laws giving agencies access to data. Now, India plans to follow the trend and require E3 services like WhatsApp and Signal to provide access to encrypted “unlawful” communications on request, in plain text, with users identified.
A discussion over these moves on E3 has raged for a year now, and has ranged from plain speculation to reasonable arguments. Headlines claiming that E3 services can be “hacked” are highly speculative. But they can be backdoored or spoofed by the provider by what’s known as a “man in the middle attack”, possibly executed by putting malware on phones. And that, the reasonable argue, would endanger the security and privacy of all users. The Draft Rules for Section 79 of the IT Act, which makes it incumbent upon providers to offer technology solutions that reveal “unlawful” content to the government, and which were discussed with stakeholders at the Ministry of Electronics and Information Technology on Thursday, would probably have depended on some stratagem to weaken the security of all users. While the need for eavesdropping on the conversations of “persons of interest” is understandable, compromising security wholesale cannot be a reasonable trade-off.
Such steps lay open all users to scrutiny, effectively treating all as guilty until proven innocent. This would have a chilling effect on speech online, especially since “unlawful” content depends, greatly, on location and current perceptions. The detention of a journalist in Manipur last week under the National Security Act, for posting material derogatory to the government, is a case in point. The outrage last week over extending the provisions of existing law from phones to computers suggested a trust deficit between the public and the government. The state’s curiosity about encrypted communications can only intensify it, especially since the technology solution could be applied to all users, not to suspects alone.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines