India can learn from the EU on how to go about this
By Kanishk Gaur
While the Indian government is busy tackling issues of misinformation, protests against its recent farm Bills, the new guidelines affixing liability on digital media publications and intermediaries for the content they carry allow the government to snoop into the communication of citizens on messaging platforms, tracking the location of every sent message. The new guidelines will de facto mean messaging platforms have to break their end-to-end encryption (E2EE). Messaging platforms offering end-to-end encryption for communication use the Diffie-Hellman algorithm as it asserts encryption, decryption to take place at end-user devices, which allows the sender, receiver of the message to share their public keys for every message sent out. This technique allows texts to be transmitted via the internet, which is considered an insecure public channel, without letting the integrity of the message getting compromised.
However, the irony is that intermediary platforms will require to break this end-to-end encryption in order to comply with the government’s guidelines for digital intermediaries to find out the identity of the first originator of the message, tracing the first originator of information will need actually breaking the principle of securing communication. Hence, the intermediary, to comply with these guidelines, will have to look beyond using Diffie-Hellman for key-exchange in E2EE, which is a difficult technical problem for the intermediary to solve so that it can continue claiming provision of E2EE communication. The timeline to comply with these guidelines, i.e., three months from the date of notification, will require new techniques to remain end-to-end encrypted while maintaining compliance with the new norms.
Another learning the government can take from the EU is to set up agencies to monitor online harm and misinformation, and give these tools and authority to continuously monitor misinformation trends and content that are hateful or violent against specific communities, especially vulnerable groups such as women and children. The government could partner global bodies working in this space to share data on misinformation as well as sources of these, and collaborate to identify perpetrators of online crimes rather than relying on intermediaries to buildup the entire tool tactics and control procedures (TTCP). The current strategy of the government to force intermediaries to capture meta-data and use machine learning, natural language processing, etc, to fish out perpetrators opens up a Pandora’s box of third-party breaches and hacking to capture this information and use it for alternative purposes. The government faced a similar issue when Aadhaar data got captured by telcos and banks.
(The author is the Founder of India Future Foundation. Views expressed are personal.)