Facebook’s WhatsApp messenger this week sued the Indian government to challenge new rules for processing user data. The authorities want to oblige the social network to provide data on the first sender upon request. To do this, WhatsApp will need to weaken the end-to-end encryption that protects messages, as a result of which information will be revealed not only about the sender, but also about the recipient. This could compromise the security of over 400 million users in India and possibly even other countries.
In February, the Indian government passed new rules to regulate social media, instant messengers, online media and streaming services. The platforms were given three months to complete and the deadline expired this week.
According to one of the innovations, messengers with more than 5 million users in the country (in India, these are WhatsApp and Signal) must identify the first sender of information at the request of a court or government. If the content was originally launched outside of India, then platforms must identify the first instance within the country.
WhatsApp and Signal use end-to-end message encryption. They cannot see their content, nor can they track the path of specific content. Technology policy advocate Namrath Maheshwari said platforms will need to redesign their architecture to ensure traceability. This will compromise online privacy and security. Each person will be seen as a potential criminal, and the company will have to store huge amounts of data indefinitely.
The Indian government says it does not intend to violate anyone’s privacy. According to him, the tracking will only be used “to investigate or suppress very serious crimes that violate the sovereignty and integrity of India, national security, friendly relations with foreign states or public order, as well as in the case of incitement to the above crimes.” In addition, data may be requested in cases of violent crimes and distribution of sexual materials, including those involving children.
However, these definitions can be interpreted in different ways. On the one hand, the government will be able to find those who are spreading dangerous disinformation. On the other hand, to track activists and political opponents.
According to Matthew Green, ransomware at Johns Hopkins University, information disclosure has serious consequences: “If you create a system that can go back in time and reveal multiple people who sent any content, then it can also expose anyone who sends any content “.
Implications for WhatsApp
This is not the first time WhatsApp has found itself in a similar situation. Brazil, the second largest messenger market after India, has similar requirements. Other countries, including the US, Canada, and the UK, also wanted the platform to weaken the encryption. However, India – the largest market for WhatsApp – has officially introduced traceability requirements for the first time.
WhatsApp is the main means of communication in the country – many Indian smartphone owners download this app first. In 2020, WhatsApp was the leader in terms of the number of active users per month. However, over the years, the messenger has not only become a way of communication, but also filled with misinformation, causing consequences in real life.
Digital rights activist Srinis Kodali claims the Modi government “came to power through social media – Twitter and WhatsApp – and is now trying to control them.” Kodali does not use WhatsApp to discuss controversial political issues.
The big tech companies and the Indian government have been on tense relations for a long time. For example, in April, Indian authorities asked Facebook, Twitter and Instagram to remove posts criticizing its measures to combat the second wave of the pandemic.
However, weakening encryption will clearly make a difference. According to activist Kodali, while he continues to use WhatsApp for work. But if the encryption policy changes, he and many others will certainly leave the platform.