The Indian Government Wants to Break Messaging Encryption, WhatsApp’s Suing

The Indian Government Wants to Break Messaging Encryption, WhatsApp’s Suing
Photo: Yasuyoshi Chiba, Getty Images

WhatsApp is taking India’s government to court over a new mandate that it claims will lead to mass surveillance of users in the company’s biggest market.

Reuters was first to report on the suit filed in Dehli’s high court, which WhatsApp confirmed to Gizmodo on Wednesday. The suit is WhatsApp’s attempt to push back against the “Guidelines for Intermediaries and Digital Media Ethics Code” (or “intermediary guidelines,” for short); a spate of sweeping tech regulations that go into effect across the country today. Since India’s authorities first rolled the rules out back in February, they’ve drawn scepticism from legal experts and tech policy advocates across the region that have criticised the law for being overly broad in its attempts to wrangle major platforms. As Reuters points out, there’s already at least one other case against the new rules brewing in Dehli’s high court for that same reason.

Specifically, WhatsApp’s suit focuses on a provision stating that all major messaging apps — including encrypted platforms like WhatsApp, Signal, and Telegram — need to give Indian authorities the power to “trace” private messages. Until now, when WhatsApp is approached by authorities with requests for information, those authorities need to ask about a specific account that they can prove is using the platform for something criminal. In a nutshell, the new mandate would mean that these same authorities can approach WhatsApp with a specific piece of criminal content, and order the platform to cough up details about the account that was first caught sharing it.

As always, please don’t take Facebook’s word for this. It’s a stupid approach for a slew of reasons. Experts have already pointed out, there’s really no way for platforms to parse apart whether an account is actually creating this content themselves, or if they’re simply re-sharing something they’ve found elsewhere. Under the new mandate, a WhatsApp user could have their account scrutinised by authorities if they’re trying to fact-check or raise alarms about a piece of problematic content.

WhatsApp pointed Gizmodo towards a company blog post calling out this clause directly. “Traceability forces private companies to turn over the names of people who shared something even if they did not create it, shared it out of concern, or sent it to check its accuracy,” the company wrote.

“Through such an approach, innocent people could get caught up in investigations, or even go to jail, for sharing content that later becomes problematic in the eyes of a government, even if they did not mean any harm by sharing it in the first place.”

There’s also the fact — as technologists have detailed in the past — that it’s impossible to make an encrypted platform traceable without breaking that encryption, a move that will compromise the security of WhatsApp users to potential hacks.

WhatsApp’s encryption has been a persistent thorn in the side of authorities in India, where the platform’s been linked to the spread of persistent — and harmful — misinformation. Towards the end of 2017, rumours that circulated on the platform led to seven men being violently lynched, provoking WhatsApp to ultimately put strict limits on the way people could use the platform to forward messages. Evidently, though, this hasn’t been enough for India’s law enforcement agencies, which have repeatedly tried to get the company to enable traceability over the years.