With the government notifying new, stricter guidelines for social media companies, which includes messaging apps, once again a debate has started whether this means breaking of end-to-end encryption by WhatsApp, which would have to break the secrecy of private conversations amongst individuals.
The government has asked companies to disclose the first originator of what is deemed as mischievous messages by the government.
Some legal experts maintain that by asking messaging apps like WhatsApp to trace the origin of messages, the government is in a way trying to snoop on private conversations and for this encryption needs to be broken. However, technology experts differ. They maintain that origin of messages can be traced without breaking any encryption and the bogey of breaking the encryption has been raised by WhatsApp as a red herring.
Under the new guidelines notified on Thursday, the government has made it mandatory for messaging apps to disclose the originator of messages if the matter relates to law and order problems or threatens the country’s sovereignty, integrity, or friendly relations with neighbouring countries, etc. In such cases, WhatsApp would need to trace the origin of message within 72 hours of being asked.
Technology experts maintain that though messages on WhatsApp are end-to-end encrypted and cannot be read by WhatsApp, the company can trace the origin of the messages through source code. Source codes are used in mobile phones and e-mail networks to trace messages. While in phone networks it is called call data record, in e-mails it is called internet protocol data record (IPDR).
For instance, when law enforcing agencies track mobile call data record to investigate crime, they do not tap phone conversations. Similarly, when the source of e-mail is tracked to investigate criminal activity then e-mail accounts are not hacked. By asking WhatsApp to trace the origin of a mischievous message, the government is not asking it to read the message, but just to inform the government from where it originated within the country. “Traceability is required in cases where messages create law and order problem, communal hatred, etc. In such cases the law enforcement agencies need to find out from where a notorious message originated to take appropriate legal steps,” said a technical expert.
However, for such traceability there needs to be a domestic law in place which mandates for how long the data needs to be stored by WhatsApp. Currently, there’s no policy on local data storage and for what time period data needs to be stored when it comes to over-the-top (OTT) players. In the case of mobile operators, SMSes need to be stored for a period of three months as per law.
If an instant inquiry into an alleged crime takes place, the government can ask WhatsApp to trace the origin of message, but if some time elapses, the messaging app can rightly say that the message is not stored on its server as there’s no law regarding it.
On the matter of tracing the origin of messages, the government has been engaging with WhatsApp for now over two years but the messaging platform has all along expressed its inability to do so, stating that under its privacy rules the messages are encrypted and it cannot read them. It needs to be seen how far the government is successful in enforcing such rules with the company.