India Proposes Method To Ensure Traceability Of WhatsApp Messages Without Breaking End-To-End Encryption

The Indian government appears to have found a way to resolve what seemed to have been developing into an impasse over its concerns around women’s safety and national security, and WhatsApp’s insistence on users’ privacy.

The government has proposed that WhatsApp assign an alpha-numeric hash to every message sent through its platform, senior government officials told ET. The hash can travel with the message and in case of any unlawful activity, the originator of the message can be traced without breaking the app’s encryption, the sources said. “The government is willing to work with WhatsApp to come up with a solution to enable traceability of message originators without breaking encryption,” officials said. The addition of the hash will allow the messages to continue to remain end-to-end encrypted.

Last month, the government had notified the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, which mandated the traceability, or the detection of origin, of a message flagged by either a court of law or an authorised government agency. WhatsApp, for its part, had indicated that this would be hard to implement, given how all messages on its platform are end-to-end encrypted.

But with the Indian government now suggesting what seems to be a workaround, it appears that WhatsApp will likely meet the government’s requirements before the 3-month deadline to implement the law draws to a close. Interestingly, India’s IT act already has a provision which can require companies to decrypt messages as and when ordered by the government, but this option has reportedly never been used by the government thus far.

The issue presents an interesting tussle between governance and newly-developed forms of technology. Through most of history, there has never been a mainstream mechanism that can allow individuals to communicate over long distances without the government keeping a watchful eye — letters, for instance, could be intercepted, radio frequencies could be accessed, and phones could be tapped. But messaging apps, which have now become ubiquitous, can allow anyone in the world to communicate between themselves, and end-to-end encryption ensure that no one, including the platforms themselves, are privy to these messages. While privacy is, for the most part, a good thing, it also allows criminals of all kinds to carry out illegal activities. The new suggestion by the Indian government appears to be a good attempt to find a middle-ground — messages can remain encrypted for most users, but if a message breaks a law, there will now be a mechanism for the governments to know where it came from.