Instant messaging platform WhatsApp has moved the Delhi High Court on the grounds that the new IT rules would cause the platform to ‘break privacy protections.’
WhatsApp is worried that the social media intermediary IT rules will go against its 'end-to-end encryption' stance that pledges to never read or store messages on their servers, resulting in a stalemate between the company and government.
Indian government had proposed to assign alphanumeric hashes to WhatsApp messages so that originator of every message can be traced back.
However, WhatsApp has asked the HC to declare one of the new IT rules as a violation of privacy rights as per India's Constitution, since it requires social media companies to “identify the first originator of information” whenever authorities demand it.
What Is Hashing?
Hashing is a process of solving a problem efficiently by listing them in order. It is a process where a piece of data is masked with a fixed value so that it can be easily traced when needed.
This methodology is used for several purposes including password verification, breaking compression, and data structures as well.
How Will This Methodology Help the Govt?
Indian government has suggested assigning ‘alphanumeric hashes’ to every message sent using WhatsApp.
According to a report by The Economic Times, the government wants WhatsApp to maintain a catalogue of each and every message sent on its platform.
Each message sent on WhatsApp will produce a unique hash key containing letters from A-Z and numbers 0-9. For example if you send a ‘Hi’ on WhatsApp this might be stored as ‘97oagh’.
All these hash keys will be maintained by WhatsApp, and when a law enforcement agency wants to investigate a problematic message all it has to do is to request WhatsApp for the hash of the original sender.
Sharing his thoughts on hashing, cyber security expert Rajshekhar Rajaharia told The Quint,“It will add a unique ID to each message. In simple words it will serialise each message and with the serial number the government may identify the original sender and well as all the forwarders. There might be a chain system which may create a route of forwarded messages”.
“So if an enforcement agency asks any details about a forward or a WhatsApp text message. The company will be able to identify phone numbers and complete chain of forwarded messages using hash methodology. In this case messages will still remain encrypted but the original sender might be identified”Rajshekhar Rajaharia , Cyber Security Expert
Why is WhatsApp Opposing Traceability?
WhatsApp, in a statement to The Quint, said that “Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people’s right to privacy.”
A WhatsApp spokesperson explained why the platform is opposing traceability of messages:
- End-to-end encryption was designed to help ensure that nobody other than the person you are talking to can know that you sent a particular message. This is the exact opposite of traceability, which would reveal who sent what to whom.
- Traceability would force private companies to collect and store who-said-what and who-shared-what for billions of messages sent each day. This will require platforms to collect more data than they need, solely for the purpose of turning it over to law enforcement agencies.
- Traceability would not be effective in finding the originator of a particular message because people commonly see content on websites or social media platforms and then copy and paste them into chats. It would also be impossible to understand the context of how it was originally shared.
- We also do not believe traceability can be imposed in a way that cannot be spoofed or modified, leading to new ways for people to be framed for things they did not say or do. Such massive data collection also makes messaging platforms inherently less secure by opening up more avenues for hacking.