End-to-end encryption: Boon or bane?
When Facebook-owned mobile messaging service WhatsApp announced to turn on end-to-end encryption for its over one billion monthly active users last month, CEO Mark Zuckerberg hailed this as an “important milestone for the WhatsApp community.” It means that for WhatsApp users, every call they make and every message, photo, video, file, and voice message they send, will be end-to-end encrypted by default, allowing users to protect their conversations from being hacked.
“So when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see that message. Not cyber criminals. Not hackers. Not oppressive regimes. Not even us,” said Jan Koum, CEO and co-founder of WhatsApp, in a blog post.
The move -- coming after the FBI-Apple tussle over unlocking an iPhone used by a terrorist -- has not gone well with cyber security experts in India. According to them, this may be a boon for terror groups operating in India and across the border as this ensures that their communications cannot be intercepted as they connect.
“WhatsApp’s end-to-end encryption provides more encouragement to terror groups to be bolder in their communications in coded languages which can then be transmitted without the fear of being cracked on the way,” warns Pavan Duggal, one of the nation’s top cyber law experts.
In a country where WhatsApp has become somewhat of a de-facto religion for the Indian smartphone users, end-to-end encryption will hamper the Indian government’s plan to counter terrorism. “Given the fact that WhatsApp does not have an office in India, it further complicates the scenario. The Indian approach to encryption is also not clear. The draft of the National Encryption Policy received massive protests and was withdrawn by the government in 2015,” Duggal said.
Experts feel that end-to-end encryption will boost cyber radicalisation to a great extent. Recently, Islamic State (IS) released a technology guide ranking the security of more than 30 chat apps -- including WhatsApp, Telegram, and Signal.
Reports indicate that heavily encrypted Telegram app -- built by a Russian developer -- is currently hot among IS supporters, but with WhatsApp starting end-to-end encryption, experts fear that the IS militants -- who plotted Paris attacks using WhatsApp and other encrypted apps -- may shift base back on to the popular platform.
In the ensuing debate over user privacy vs country’s security, experts give security a priority.
According to Rakshit Tandon, a consultant at the Internet and Mobile Association of India (IAMAI) and a cyber-security expert, “if a smartphone or any other device or messaging app has been used against the country, law enforcement agencies have all the right to get the information out,” he said.
“I will not call it hacking as is being said in the FBI-Apple case but getting the essential information out to nab the criminal and save the country from any possible terror attack,” said Tandon, who is also an advisor to the Cyber Complaint Redressal Cell (UP Police, Agra). “We need better technology but not something that helps terror organisations in the long run,” added Tandon.
Lucknow-based social media analyst Anoop Mishra fears that if we can use it as a major tool for day-to-day communications, the tool can also be used by skilled terrorists or sleeper cells to plan their activities in a more secure and encrypted way.
“This is going to pose more challenges for the national security agencies, especially in countries like India, where terrorism is active in the form of sleeper cells and where cyber security policies are less effective and poorly implemented,” Mishra said.
Krishna Mukherjee, analyst (telecoms) at market research firm CyberMedia Research (CMR), also feels that end-to-end encryption is a blessing in disguise for terrorists.
“Encryption means maintaining privacy for users but on the other hand, the law enforcement agencies will have a hard time in accessing critical information when dealing with terrorists. Therefore, the need of the hour is to bring some regulations with respect to this,” Mukherjee said.
According to the experts, technology companies and the Indian government should join hands in zeroing in on the criminal outfits to help safeguard the national interest.
“The collaboration between the two parties will help in maintaining the privacy of users and in securing them too. Although encryption is welcome, it should come with some riders,” she adds.
There are no golden principles or formulae and everything will depend upon the peculiar, specific approach to be adopted by state actors as they move ahead.
“End-to-end encryption is now a ground reality. The fact remains how sovereign states try to come up with legal mechanisms and processes to deal with this,” asserts Duggal, also a Supreme Court advocate.
“As such, India will need to come up with its own customised approach on how to deal with this,” Duggal said.
(The views expressed are strictly personal.)