Why the govt and WhatsApp are at loggerheads over end-to-end encryption

The Centre feels that WhatsApp hasn't done enough to contain the spread of fake news, and wants the social media firm to trace 'malicious' messages to their senders for potential legal action

A piece of tech code that many see as the centerpiece in digital privacy, has become the bone of contention between the Indian government and Facebook's chat platform WhatsApp. The Centre feels that WhatsApp hasn’t done enough to contain the spread of fake news, and wants the social media company to trace ‘malicious’ messages to their senders for potential legal action.

Though the subject is a technical one – WhatsApp has to move some software codes around – it has far-reaching consequences for privacy. Let’s look at the tech part first.

In November 2014, barely months after Facebooj acquired it, WhatsApp introduced ‘end-to-end encryption’. It encrypted messages so that no one other than the sender and receiver, not even WhatsApp, can see the content. The feeling of security that nobody is snooping on their private communications resonated hugely with users and became an instrumental piece in WhatsApp’s shot to popularity around the world.

End-to-end encryption is a software based on pre-set protocols and standards. WhatsApp uses Signal Protocol developed by Open Whisper Systems, a California-based tech company. In 2017, it was expanded to all types of chats on WhatsApp.

Think of it as a lock with two keys -- when a person starts a conversation on WhatsApp, two different keys (public and private) are generated. The private key remains with the sender, while the public key is transferred to the receiver through WhatsApp servers. The public key encrypts the sender’s message on the phone even before it reaches the centralised server. The server is only used to transmit the encrypted message. The message can only be unlocked by the private key of the receiver.

WhatsApp also give users a way to check for encryption: tap on the contact's name on WhatsApp to open the info screen. Tap 'encryption' to view the QR code and 60-digit number. Scan the contact’s QR code or visually compare the 60-digit number. If you scan the QR code, and if they match, then your chats are encrypted and no one is intercepting your messages or calls.

Essentially what this means is that WhatsApp has a record who is sending messages to whom but it cannot view the content of the conversations.

Now, with features like chat groups and broadcast messages, it is really easy to forward messages to a long list of senders, who in turn forward it to others, making it impossible even for receivers to determine the origin. This has placed authorities in a fix as fake messages, propaganda, hate texts, etc., have spread misinformation, targeted racial groups and incited violence and crime.

The Indian government has been looking at the issue for many years, but efforts intensified in 2018, ahead of general elections. The whole situation has led to at least four public interest litigations (PILs) against WhatsApp; two in Madras High Court, one each in Bombay and Jabalpur High Courts, that have together come to be known as ‘WhatsApp tractability Case’. In the Madras High Court, the debate is around whether linking Aadhaar, or any other government ID, with the WhatsApp accounts would help in resolving the issue. However, the court said it was not possible as it went against the Supreme Court judgment on Aadhaar delivered in September last year. Facebook is currently petitioning to transfer the cases to the Supreme Court, a request that will be heard in Madras HC on September 24.

Meanwhile, Ministry of Electronics and Information Technology (MeiTY) has written to UIDAI, which manages Aadhaar, for an opinion on whether Aadhaar-social media account linkage is even possible. In June, Indian Institute of Technology, Madras professor V Kamakoti published a paper that presented two ways in which the identity of the sender can be determined. Kamakoti, who is also a member of National Security Advisory Board in the Prime Minister's Office, suggested that a forwarded message on WhatsApp could come tagged with the originator’s information and be visible to all its recipients. Alternatively, the originator’s information can be codded in the message and be visible only to WhatsApp, which can share it with the probing authorities in the event of a case. The Madras HC is currently reviewing the suggestions of the IIT professor.

Now, not only has the scope of tractability debate has expanded to embrace other social media platforms like Twitter, Facebook, ShareChat and TikTok, WhatsApp is also getting cold treatment from regulators for its yet-to-be launched payments services.

WhatsApp Pay, which is operating in beta mode with just one per cent of WhatsApp users in India, needs an approval from the Reserve Bank of India for formal launch. This is taking longer -– the roll-out was anticipated early this year -- as the government wants the firm to offer a solution for combating fake news before its payments piece is given a go-ahead. WhatsApp is also in simultaneous discussion with the government over RBI’s proposed data localization norms that propose storing of sensitive personal data of Indians, especially payments data, only on servers located in the country.  

Two Facebook-WhatsApp senior executives -- Facebook’s vice-president for global affairs and communications Nick Clegg in September and former WhatsApp CEO Chris Daniels last year -- have already come down to personally to resolve issues on tractability and fake news. However, WhatsApp has been resolute that it does not plan to forgo end-to-end encryption.

For now, there is no clear solution in sight.