Top Story


Home >> Digital >> Article

Will WhatsApp's new encryption policy make its use illegal in India?

Font Size   16
Will WhatsApp's new encryption policy make its use illegal in India?

The encryption battle continues as WhatsApp joined the encryption wagon and showed that they support the cause of user privacy. With end-to-end encryption, messages are scrambled as they leave the sender's device and can only be decrypted by the recipient's device. It renders messages unreadable if they are intercepted by any third party. WhatsApp, which has a billion users worldwide, said file transfers and voice calls would be encrypted too. Users with the latest version of the app were notified about the change when sending messages. The setting is enabled by default.

The new revolution has cast doubts over security concerns. With encrypted messages being sent and received between the billion users, some may use it for disruptive activities.

Information Technology (Amendment) Act, 2008 provides for encryption under Section 84A. The Central Government may, for secure use of the electronic medium and for promotion of e-governance and e-commerce, prescribe the modes or methods for encryption. According to the law, the government can prescribe and permit encryption policies for e-commerce sites that use online payments and other important payments details in order to prevent any kind of misuse. Currently encryption is restricted to 40-bits under the telecom licensing policy regime which is quite weak by its own standards. The government, however, has legitimate need to access encrypted data for monitoring of suspected criminals and terrorists in what is considered as lawful interception. With a weak encryption, the rise of cyber crimes cannot be curbed. Phishing attacks of online banking accounts or cloning of ATM/Debit cards are common occurrences.

When it comes to telecom service providers and internet service providers a license needs to be obtained to render such services. The license brings with it a lot of restrictions which also include encryption requirements. Apps like WhatsApp, Skype and Viber are, however, neither telecom service providers nor internet service providers and for such OTT’s there are no encryption requirements, nor are there any other requirements in the name of security which these have to comply with. In the absence of any regulations at present, it’s clear that WhatsApp’s new end-to-end encryption policy is perfectly legal, even though it presents a new dilemma for the government.

TRAI’s OTT Consultation Paper notes that OTT is the service model not only for future communications and media services, but also for emerging services, such as e-commerce, m-commerce, e-health, e-education, smart grids and the digital economy in general. In 2013, the worldwide annual SMS traffic was around 8.16 trillion messages, compared to 18.3 trillion messages by OTT players. As per the report the impact of messaging in India is also in line with international trends. In India, as on December 2014, WhatsApp topped the messaging application market with 52% of all the users using OTT messaging services, followed by Facebook Messenger with 42%, Skype with 37% and WeChat with 26% share.

It further adds, “Communication services that use internet for transmission like VoIP and instant messaging have security implications primarily because they bypass the regulatory regime enforced on conventional voice and messaging services provided by TSPs. The differences between regulations for VoIP and conventional voice service have implications for telephone number management, public safety, emergency number access and national security. Without secure connections through TSPs, they present various cyber security threats.”

WhatsApp, being an intermediary, is expected to comply with directions to intercept, monitor and decrypt information issued under Section 69 of the Information Technology Act, 2000. Complying with such a direction will now be impossible for WhatsApp in view of its end-to-end encryption. Even before the introduction of this, since WhatsApp is not a company based in India, it may have been able to refuse to comply with such directions. In fact, compliance by such companies in regard to data requests from the Indian government has been reported to be very low.

India has now withdrawn draft encryption policy required service providers, from both India and abroad, which are using encryption technology, to enter into agreements with India in order to be able to provide such services. One of the suggestions in the draft was that people using encrypted services will be asked to keep the decrypted data for at least 90 days. This will include any interception, monitoring and decryption requests made under Section 69 of the IT Act. If WhatsApp refuses to comply with such a regime if ever applied that would make WhatsApp illegal in India.

Kranti Gada joined the family business at Shemaroo in 2006 after a successful stint of over two years in marketing at Pepsi Co. She has been associated with the company for 12 years.

Exchange4media interacted with Jaspreet Chandok, Vice President and Head (Fashion) , IMG Reliance Pvt. Ltd on seamless brands integrations planned for Lakme Fashion Week, walking tall despite blazing trails like GST, demonetization and being a part of the larger cultural space

Their strategy to educate the consumers to make well informed decisions at all stages has worked out well.

Bobby Pawar, MD, CCO - South Asia, Publicis India, talks about his idea of chilling out

WhatClicks promises to be an unbiased, objective, third-party audit firm that will work with advertisers and agencies alike to help build an effective and integrated digital strategy.

V-Guard Industries, a household name for consumer electrical appliances in India, has revamped its logo in order to reflect the strength gained by the brand over the years. The company has also unveil...

The report reveals that there has been nearly 5 times more growth in video consumption in the last 12 months, with 96 percent of all usage being focused on long form video