The Indian Government Wants to Break Messaging Encryption, WhatsApp's Suing

Illustration for article titled The Indian Government Wants to Break Messaging Encryption, WhatsApp's Suing
Photo: Yasuyoshi Chiba (Getty Images)

WhatsApp is taking India’s government to court over a new mandate that it claims will lead to mass surveillance of users in the company’s biggest market

Advertisement

Reuters was first to report on the suit filed in Dehli’s high court, which WhatsApp confirmed to Gizmodo on Wednesday. The suit is WhatsApp’s attempt to push back against the “Guidelines for Intermediaries and Digital Media Ethics Code” (or “intermediary guidelines,” for short); a spate of sweeping tech regulations that go into effect across the country today. Since India’s authorities first rolled the rules out back in February, they’ve drawn skepticism from legal experts and tech policy advocates across the region that have criticized the law for being overly broad in its attempts to wrangle major platforms. As Reuters points out, there’s already at least one other case against the new rules brewing in Dehli’s high court for that same reason.

Specifically, WhatsApp’s suit focuses on a provision stating that all major messaging apps—including encrypted platforms like WhatsApp, Signal, and Telegram—need to give Indian authorities the power to “trace” private messages. Until now, when WhatsApp is approached by authorities with requests for information, those authorities need to ask about a specific account that they can prove is using the platform for something criminal. In a nutshell, the new mandate would mean that these same authorities can approach WhatsApp with a specific piece of criminal content, and order the platform to cough up details about the account that was first caught sharing it.

As always, please don’t take Facebook’s word for this. It’s a stupid approach for a slew of reasons. Experts have already pointed out, there’s really no way for platforms to parse apart whether an account is actually creating this content themselves, or if they’re simply re-sharing something they’ve found elsewhere. Under the new mandate, a WhatsApp user could have their account scrutinized by authorities if they’re trying to fact-check or raise alarms about a piece of problematic content.

WhatsApp pointed Gizmodo towards a company blog post calling out this clause directly. “Traceability forces private companies to turn over the names of people who shared something even if they did not create it, shared it out of concern, or sent it to check its accuracy,” the company wrote.

“Through such an approach, innocent people could get caught up in investigations, or even go to jail, for sharing content that later becomes problematic in the eyes of a government, even if they did not mean any harm by sharing it in the first place.”

There’s also the fact—as technologists have detailed in the past—that it’s impossible to make an encrypted platform traceable without breaking that encryption, a move that will compromise the security of WhatsApp users to potential hacks.

Advertisement

WhatsApp’s encryption has been a persistent thorn in the side of authorities in India, where the platform’s been linked to the spread of persistent—and harmful—misinformation. Towards the end of 2017, rumors that circulated on the platform led to seven men being violently lynched, provoking WhatsApp to ultimately put strict limits on the way people could use the platform to forward messages. Evidently, though, this hasn’t been enough for India’s law enforcement agencies, which have repeatedly tried to get the company to enable traceability over the years.

I cover the business of data for Gizmodo. Send your worst tips to swodinsky@gizmodo.com.

DISCUSSION

ManchuCandidate
ManchuCandidate

All in the name of national security to protect the precious feelings of PM Modi from angry citizens criticizing him and his government’s colossal fuck ups in India’s disastrous 2nd wave of CoVID as well as the still ongoing farmers protests over changes to farming legislation.