'Traceability of WhatsApp messages could be violation of fundamental right to privacy'

Of late, the government's demand to trace the origin of WhatsApp messages is getting louder, amid security and privacy concerns raised due to Pegasus spyware controversy in the country. Recently, the IT Minister Ravi Shankar Prasad reiterated the government's stand on traceability during discussions in Rajya Sabha. The minister said that talks are on with the Facebook-owned messaging app to trace the origin of a message without breaking encryption.

"We have been telling WhatsApp to trace the origin of a message that is causing law & order problem without breaking encryption. I am happy that other democracies have also echoed similar concerns as India," Prasad said.

READ | Spyware incident may fuel tension between WhatsApp and government

What's the problem?

India plans to revise existing policies to regulate social media apps and online services on the grounds of 'unimaginable disruption to the democratic polity.' In its affidavit filed in the Supreme Court, the Ministry of Electronics and Information Technology (MeitY) is in favour of holding online platforms like TikTok, Facebook, YouTube, among others accountable for activities done by their users. These new rules will also impose additional obligations on companies to enable tracing out the originator of the content in question, within 72 hours of such requests made by any government agency.

Facebook has already filed a case in India, in a bid to prevent government agencies from forcing WhatsApp to break its end-to-end encryption. However, the entire Pegasus spyware fiasco may weaken Facebook's case over national security concerns.

Previously, a senior government official who did not wish to be named questioned whether WhatsApp's silence on the hacking incident had anything to do with its plans to prevent the authorities from enforcing measures on traceability and accountability. The government is also questioning the timing of WhatsApp's disclosure of the hacking incident, particularly against the backdrop of the Centre seeking three months from the Supreme Court to come up with rules to curb misuse of social media in the country.

The big question remains: Is it possible to trace the origin of a WhatsApp message without breaking encryption and what could be its implications? We spoke to Kazim Rizvi, founder of The Dialogue, an emerging policy think-tank.

"Before delving into the implications of the demand, it is pertinent to appreciate that traceability and end-to-end encryption are diametrically opposite to each other and cannot exist simultaneously," Rizvi told Republic World.

READ | WhatsApp spyware controversy far from over: Facebook sued by NSO Group employees

How to enable traceability without breaking encryption

IIT Professor Dr V Kamakoti suggests appending a piece of originator information with every message. But is Dr Kamakoti's method feasible?

"WhatsApp encryption architecture is such that adding originator information, would not be a proof that the message was indeed sent by the originator. The protocol has a deception built-in into its architecture which cannot be worked around. Therefore, it is not possible to incorporate the suggestion of Dr V Kamakoti without breaking the encryption," Rizvi said.

'Violation of the fundamental right to privacy'

Rizvi believes breaking encryption is a direct violation of the fundamental right to privacy. "Privacy and traceability do not go hand-in-hand. If the government is focusing on enabling traceability, it will amount to infringement of privacy."

"If the platforms (like WhatsApp) create a backdoor for the law enforcement agencies, how will it be made sure that it is not being used for purposes other than what it was intended for?" Rizvi added.

Security audit of WhatsApp

India plans to launch a security assessment of WhatsApp, which is currently dealing with serious security and privacy concerns raised due to NSO Group - Pegasus spyware controversy that came to light last month. In light of these concerns, authorities are looking to conduct a security audit of WhatsApp.

 READ | IT Minister Ravi Shankar Prasad says will launch security audit of WhatsApp

Prasad said that the government is committed to ensuring the safety and security of online platforms such as WhatsApp. He also said that the government is also working to strengthen the Information Technology (Intermediaries Guidelines) Rules 2011. The minister asserted India would never compromise its data security.