With the advent of end-to-end encryption, popular messaging service WhatsApp could find itself in trouble with authorities in India.
The app now features end-to-end encryption for everyone. However welcome that may be for users, it falls foul of Indian telecom rules and WhatsApp could face a ban in the future.
WhatsApp encryption could cause problems in India
Privacy and security in the tech world came to the fore during the Apple versus FBI legal battle. Tech firms like Google supported Apple’s decision not to help the FBI unlock the iPhone in question. The thinking was that the company should protect user data and security norms.
ValueWalk's Raul Panganiban interviews Dan Pipitone, co-founder of TradeZero America, and discusses his recent study on retail investing trends. Q1 2021 hedge fund letters, conferences and more The following is a computer generated transcript and may contain some errors. Interview with TradeZero America's Dan Pipitone ValueWalk's ValueTalks ·
Only specific kinds of encryption are permitted in India. Now that end-to-end encryption is being introduced neither the company nor anyone else will be able to crack the contents of messages sent on the service. Only the sender and the recipient can see the messages.
“No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us,” WhatsApp founders Jan Koum and Brian Acton wrote on their blog.
Will authorities decide to regulate OTTs?
In India online services are only allowed to use up to 40-bit encryption. If they want to use higher standards of encryption they have to obtain special permission from the government. The problem for WhatsApp is that the company itself doesn’t have the encryption keys, which they would have to submit to the government in order to gain approval.
According to reports this means that WhatsApp users in India are currently breaking the law by using the service. The Independent claims that the Indian government has not decided whether or not to take action on the issue.
However over-the-top (OTT) services like WhatsApp apparently do not require encryption standards as telecoms companies do. While telecom service providers and internet service providers must apply for a license to provide encrypted services, OTT services like WhatsApp, Skype, Viber and others are not yet regulated.
What next for users of popular messaging service?
Authorities have looked into the issue but have yet to issue any regulations. OTT operators can conduct business in the country due to this lack of regulation, but things could change given the high level encryption recently introduced.
There is a danger that the lack of decryption keys could enable criminal and terrorist organizations to use WhatsApp with impunity. In similar cases, Skype was made to register as a telecoms company in France. China, Germany and several other nations have also regulated OTT services.
“WhatsApp, being an intermediary, is expected to comply with directions to intercept, monitor and decrypt information issued under Section 69 of the Information Technology Act, 2000. Complying with such a direction will now be impossible for WhatsApp in view of its end-to-end encryption,” said Asheeta Regidi, an Indian cyber law specialist, in an interview with Firstpost.
“Even before the introduction of this, since WhatsApp is not a company based in India, it may have been able to refuse to comply with such directions. In fact, compliance by such companies in regard to data requests from the Indian government has been reported to be very low,” she continued.
According to The Independent countries like India are looking into regulating the new encryption standards used among OTT services. It is not clear whether these policies will affect WhatsApp.
The new encryption is a boon for users concerned about privacy, but new rules could leave WhatsApp in trouble in India. Of course the government could decide not to take any action on the matter, but that would appear unlikely.