WhatsApps new end-to-end encryption feature could land the company into deep trouble here in India. The new security feature by WhatsApp encodes/decodes all calls and text messages in the app itself, which means now no one (not even WhatsApp) can read/trace your text messages/calls sent through WhatsApp. This is against the rules of TRAI (Telecom Regulatory Authority of India) as this would not let Government Investigating Agencies to peep into WhatsApp account data during an investigation. Thus, WhatsApp might get banned in India if WhatsApp fails to provide a legitimate solution soon.
In India, companies need to follow the country’s rules and adhere to specific types of encryption, which WhatsApp does not currently use. WhatsApp’s end-to-end encryption on its chat service means that WhatsApp or anyone else won’t be able to crack open its contents. Only the sender and the recipient are able to read the encrypted data. WhatsApp uses a 256-bit key for encryption which is only known to the sender and recipient, which is why the security is described as “end-to-end”, of all chat messages, which is only known to the sender and the recipient.
On the other hand, WhatsApp’s motive behind its end-to-end data encryption is to ensure user privacy as this would not only prevent Government Agencies but also cybercriminals and hackers or anyone else from peeping into your WhatsApp’s data.
However, as for the Indian Telecom rules, online services are only permitted to use up to 40-bit encryption. If they need to use higher encryption standards, they need to seek permission from the government, and the way WhatsApp is setup, it seems a bit too difficult to obtain the same. In order to get the required permissions and green flags from the Indian Government, WhatsApp needs to submit the keys, which sadly, they too actually don’t have.
So, why haven’t the Indian Government banned WhatsApp till now? Well, its because not all WhatsApp users in India are currently using the updated version of WhatsApp which provides 256-bit encryption key. Hence, indirectly, all those who are currently using the updated WhatsApp app in India are actually using it illegally.
A report by The DECCAN Chronicle says that the Indian government has not yet decided whether they will take any action on the issue and deal with WhatsApp to come to a conclusion.
However, according to the Indian encryption rules, OTT (Over-The-Top) services, such as WhatsApp, do not require encryption standards like telecom operators do. Telecom service providers and internet service providers in India require a license from the DoT to provide encrypted services in India. These include internet telephony and chat services and a usage of up to 40-bit encryptions, only after depositing the decryption keys to the Telecom Authority. Since WhatsApp, Skype, Viber and such services are OTT-based and not telecom operations, they are not yet regulated in the country as they do not come under the encryption requirement laws.
The TRAI had released an OTT consultation paper back in 2015, but are yet to issue any such regulations in the matter. In the absence of such regulations, OTT services with such encryptions are presently free to operate legally in the country. However, things could change, citing lack of decryption keys and possibility of illegal activity with terrorist groups and alike on such OTT services.
In other countries, such as France, Skype was made to register with a telecom service provider in order to operate with the encryption standards it holds in place. Similarly, many other countries, including China, Germany and a few others, have also put regulatory systems in place. OTT services are well regulated in countries overseas.
But according to Asheeta Regidi, an Indian cyber law specialist, ‘WhatsApp, being an intermediary, is expected to comply with directions to intercept, monitor and decrypt information issued under Section 69 of the Information Technology Act, 2000. Complying with such a direction will now be impossible for WhatsApp in view of its end-to-end encryption. Even before the introduction of this, since WhatsApp is not a company based in India, it may have been able to refuse to comply with such directions. In fact, compliance by such companies in regard to data requests from the Indian government has been reported to be very low.’
But the new Indian Government is currently looking to pass new policies on the new encryption standards. But it is presently unclear whether these new policies will bring new requirements on WhatsApp. So, the big question now is that, will India allow WhatsApp to continue in India or will it enforce a new OTT regulation which will put encrypted services like WhatsApp, Skype, Viber and others into the grey zone?
Stay tuned for more updates!
(Visited 6 times, 1 visits today)