Explained: WhatsApp encryption and its legality in India
Here’s everything you need to know about WhatsApp’s new encryption policy, what it means for users and whether it’s still legal in India.
What did WhatsApp change?
On April 5, WhatsApp announced the implementation of end-to-end encryption for its messaging platform. Following the announcement, users with the latest version of WhatsApp were greeted with a notice that informed them about the new encryption policy.
What is end-to-end encryption?
End-to-end encryption implies that messages sent using the WhatsApp platform cannot be read or accessed by anyone other than the sender and receiver.
Simply put, each message is secured with a ‘lock’ and only the sender/receiver have the special keys required to unlock the message. The lock and key combination is unique for every message and is generated automatically. So, no third party including WhatsApp themselves, can access information sent via WhatsApp.
What are the pros and cons of end-to-end encryption?
End users benefit the most from end-to-end encryption. Because no one can read their messages, many who were sceptical of sharing personal or confidential information earlier, would willingly adopt the platform.
On the flipside, there is a possibility that criminals or terrorists may resort to using WhatsApp for communicating knowing that their messages can’t be intercepted. In the past, they had to work harder to find or build platforms that would allow them to communicate discreetly.
The encryption hits law enforcement agencies the worst because even if they manage to track the number of a known criminal, they have zero chance of intercepting their WhatsApp messages.
Does that mean WhatsApp is encrypting everything?
Not exactly. WhatsApp will not encrypt the timestamp of delivered messages, phone numbers and any other information it is legally compelled to collect. But, no message or media will be stored without encryption.
How does implementing encryption make the app illegal in India?
Short Answer: It doesn’t.
Long Answer: Department of Telecommunications (DoT) requires Telecom companies (e.g. Vodafone, Airtel) and ISPs (e.g. MTNL, Hathway) to abide by certain rules in order to provide internet service to their clients. As per the rules for telcos and ISPs, no one is allowed to use encryption of over 40 bits. Since WhatsApp is using a 256 encryption, many believe that it’s violating the DoT’s rules.
However, DoT does not regulate Over-The-Top (OTT) services like WhatsApp, Skype, Viber which allow users to make calls via the internet. So, apps like WhatsApp don’t have to follow the same rules that apply to telcos and ISPs. As a result, WhatsApp’s use of end-to-end encryption is perfectly legal in India.
Many also believe that since WhatsApp can’t decrypt any data, it is violating Section 69 of the Information Technology Act, 2000 which requires companies to assist the Government with intercepting and decrypting information sent using its platform. But since WhatsApp isn’t based in India, it could always refuse to comply.
Can it become illegal in future though?
It depends. While users continue to enjoy end-to-end encryption, authorities will continue to monitor cases where criminals have used WhatsApp for communication. If the number of cases increase drastically, law enforcement agencies can ask the Government to force WhatsApp into changing its policy or vet every user that uses their messaging platform.
As for the regulating OTT services, authorities will have to take into consideration the 100 million Indian users who are already using WhatsApp. So, there is a likelihood that the Government will find a common ground that will allow WhatsApp keep it’s encryption while continuing to co-operate with authorities when need be.
But we’ll only know for sure once the policy comes into effect.
Conclusion
End-to-end encryption is a welcome change for users, but it’s not without drawbacks – the biggest of which is providing criminals and terrorists with an easy and secure mode of communication. So while it may seem like a perfectly reasonable idea now, time will tell if we’ve paid a high price for securing our privacy.