In February of 2018, the CBI said they busted an “international child abuse pornography racket” that was operating on a Whatsapp Group. With 119 members, the group named ‘KidsXXX’ had members ranging from Kannauj, Uttar Pradesh to Delhi and Mumbai to the United States, China, Mexico and more.
The CBI pulled off the entire operation without relying on surveillance of WhatsApp communications themselves. The reason was that they simply could not.
WhatsApp introduced End-to-End Encryption (E2EE) in April, 2016. E2EE is a technological measure that keeps communications between two devices secure. Under WhatsApp’s encryption, nobody — not even WhatsApp — can read the messages you send out unless they physically gain access to either your phone or the recipient’s phone.
Encryption is something that no government or surveillance agency likes to see. Calls to ‘break’ WhatsApp’s encryption have been made by governmental agencies worldwide (the FBI’s General Counsel James Baker was among the first to criticize WhatsApp’s announcement of E2EE by default) for its users communications, saying that the move would hurt law enforcement
In India, WhatsApp’s largest market, the company faces what could be its biggest hurdle in terms of a legal challenge to its encryption technology.
In December of 2018, the Supreme Court of India issued a statement condemning the dissemination of child pornography online, days after getting both the Centre and internet stakeholder companies like Facebook and WhatsApp to issue their own condemnations of the same.
“Everybody has agreed that the child pornography, rape and gang rape videos and objectionable material need to be stamped out. The proposed/draft standard operating procedure will be drafted on this premise,” the statement read.
WhatsApp’s own official view was that they do everything in their power to stop the spread of such content, except looking at the messages themselves, which they cannot do.
Around that time, the government met with senior WhatsApp executives to find a way to ‘trace’ the spread of fake news and misinformation. In 2018, WhatsApp received two notices from the government asking it not to be a ‘mute spectator’ to the spread of fake news, warning that if would be treated as an ‘abettor’ if the company took no action.
A couple of months later, WhatsApp’s head of communication decried the government’s growing insistence that messages be traceable, speaking to IANS. “The proposed changes are going overboard and are not consistent with strong privacy protections that people around the world are seeking,” said Carl Woog.
Woog worried that WhatsApp would not be able to continue existing in its current form under the proposed new regulations, but expressed hope that the matter could be discussed with the government.
This is where two petitions by animal rights activists comes into the picture. In July of 2018, Janani Krishnamurthy and Antony Clement Rubin have both filed writ petitions calling for Aadhaar accounts to be linked to social media handles. The reason was the same for both of them — they had each suffered from prolonged trolling online and wanted a solution to identify the culprit.
Their writ petitions sought to have the government “declare the linking of Aadhaar or any one of the Government authorized identity proof as mandatory for the purpose of authentication while obtaining any email or user account”.
The Public Interest Litigations (PILs) were linked together, with a division bench of the Madras High Court expanding the scope to include ‘curbing cybercrime’ and ‘intermediary liability’ (AKA mediums like WhatsApp).
The implications were huge — if traceability of messages was implemented, it would break many of the fundamental privacies guaranteed by E2EE. This fact is what brought the Internet Freedom Foundation to file interventions into both cases.
On the IFF website, the group argues that linking Aadhaar to social media would increase the power of social media companies over users, undermining the right to privacy, that it would enable the private use of Aadhaar which is legally problematic, and that it would increase the risk to minors and women who would no longer be able to adopt pseudonyms to protect themselves online.
WhatsApp’s argument that traceability would not be possible without breaking encryption has also been challenged, with a professor from IIT Delhi, V. Kamakoti, claiming that it would be possible, and that he could demonstrate it. His suggestions included adding an originator tag to each message, and classifying messages as ‘forwardable’ and ‘not-forwardable’. His claim has, in turn, been challenged on the grounds that WhatsApp’s Signal Protocol would not allow for his additions.
Simply put, Prof. Kamakoti did not understand the Signal protocol at all. His proposal "assumes" that WhatsApp uses Public Key Cryptography "only", but in reality it uses the Double Ratchet. https://t.co/Dyj6stgh8G
— V. Anand | வெ. ஆனந்த் (@iam_anandv) August 13, 2019
The case now has a chance of being escalated. The Supreme Court has agreed to hear Facebook’s petition to move the case from the Madras High Court to the Supreme Court, scheduling a hearing for the plea to move the case on August 19.
