Petitioner says that Whatsapp has adopted end-to-end encryption which compromises national security
On June 29, the Supreme Court will hear a writ petition to ban messaging app Whatsapp on the grounds that the end-to-end encryption adopted by it in April this year could be a threat to national security.
“India sits in a turbulent geographical neighbourhood. Applications like whatsapp would allow terrorists to easily exchange information and the government will never get to know,” Sudhir Yadav, an Right To Information (RTI) activist from Haryana, who filed the PIL in May this year, said.
Whatsapp introduced 256-bit end-to-end encryption on April 5 this year. What this means is that chats, images, videos, calls, voice messages and files exchanged between two or more whatsapp users cannot be read by third parties or whatsapp itself, until they have the private key or the computational power to try out 2^(256) combinations.
Whatsapp’s Encryption Overview states that whatsapp servers do not have the private keys of users to decrypt their chats, so they will not be able to help the government in extracting information about a suspected individual, if need be. “And the government will need to spend great time and money in trying out 2^(256) combinations,” Yadav said.
Whatsapp is an over-the-top (OTT) service and thus, its encryption standards aren’t as stringent as those for telecom service providers (TSPs). According to the Department of Telecommunication’s guidelines for grant of licenses to TSPs, 2007, “individuals/groups/organisations are permitted to use encryption upto 40-bit key length without having to obtain permission from the licensor”, but “if encryption equipments higher than this limit are to be deployed, individuals/groups/organizations shall do so with the prior written permission of the licensor and deposit the decryption key with the licensor.” No such permissions are required for OTTs. Yadav said that the government can at least issue such guidelines for OTTs if they don’t want to ban them completely.
“I think Whatsapp’s decision to bring in end-to-end encryption is a revolutionary step towards ensuring that citizens have a right to privacy. E2E encryption should stay but when the government requires information on suspects, Whatsapp should be able to deliver. That is all,” Yadav said.
He added that the process to determine if governments should get access to privacy keys should be a judicial one – governments must prove in court that the matter is one that compromises national security and warrants surveillance. Then, surveillance should be allowed for a limited time frame, say 7-10 days, after which, access should be denied for further surveillance if the government does not have conclusive proof against individuals being spied upon.
Encryption protocols have always ignited debates on the appropriate balance between privacy and national security. In Brazil for instance, Judge Marcel Montalvao in the north-eastern town of Lagarto, in Sergipe state called for a 72-hour nationwide ban on WhatsApp on May 2 because it failed to hand over information about drug traffickers discussing their business on the app.
We are a voice to you; you have been a support to us. Together we build journalism that is independent, credible and fearless. You can further help us by making a donation. This will mean a lot for our ability to bring you news, perspectives and analysis from the ground so that we can make change together.
Comments are moderated and will be published only after the site moderator’s approval. Please use a genuine email ID and provide your name. Selected comments may also be used in the ‘Letters’ section of the Down To Earth print edition.