According to reports, the Indian government has asked the popular instant messaging platform WhatsApp to assign an alpha-numeric hash system to trace origin of messages. WhatsApp is the epicenter of spam messages, and the government is concerned about the spread of false information through WhatsApp.
Top-level government officials and WhatsApp officials have previously discussed how to track the origins of spam messages. However, because of end-to-end encryption, the Facebook-owned company refused to budge. WhatsApp encrypts every message, and tracing the origin of a message would necessitate breaking end-to-end encryption technology, according to the company.
Intermediary Rules and Encryption
The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, was notified by the Centre in February, requiring traceability of the first originator of a message flagged by a court of law or an authorized government agency. (You can read about the Six Key Takeaways of the New Rules here.)
WhatsApp, owned by Facebook and with over 400 million users in India, has so far rejected requests to trace the origin of flagged messages, citing the inviolability of its privacy policies while also stating that it is unable to provide traceability due to a lack of suitable technology. The government, on the other hand, has remained adamant in its demand for compliance with what it refers to as a “law and order” requirement.
The Alpha Numeric Hashing System
To settle the dilemma to break or not to break encryption the government has suggested assigning alphanumeric codes to every message sent using the platform. If WhatsApp adopts the proposed system, each message sent on the platform will produce a unique hash key containing letters A through Z and numbers 0 through 9. If you send a message on WhatsApp, for example, the alpha-numeric hash key will be ‘9a3t4f’.
Because these hash keys will be unique for each message, the company will be able to track down its origin. By using this process, WhatsApp would not be obliged to break the encryption technology with this system. WhatsApp has yet to inform the government of its position on using alpha-numeric hash keys to encrypt messages.
The Raging Debate of Traceability vs. Encryption
IIT-Madras Professor Veezhinathan Kamakoti had earlier suggested two ways to identify the originator of messages, including a system similar to the Alpha Numeric Hashing System. The Madras High Court had sought a report from Prof. Kamakoti who is also a member of the National Security Advisory Board.
However, the Internet Freedom Foundation had also filed an independent expert submission by IIT-Bombay Professor Manoj Prabhakaran, highlighting the risks and long term ineffectiveness of Prof. Kamakoti’s proposal. It submitted that the suggestions were vulnerable to falsification and tweaking encryption through backdoor will undermine user privacy and security. It also said that enabling traceability will have a grave impact on whistleblowers, journalists, activists, and others who can face violence if their identity is exposed.
Further, Anand Venkatanarayanan, disinformation, cyber weapons and data security researched had earlier elaborated as to how the suggestion to enable traceability without breaking encryption is erroneous and not feasible.
He said to the Hindustan Times, “At the heart of E2E [end-to-end encryption] is the Diffie–Hellman algorithm, which allows shared encryption keys to be generated by two parties by exchanging their public keys,” Venkatanarayanan said. “…these keys are not static but change for every new message sent out. This scheme allows anyone to forge an entire transcript with anyone, thus rendering any attempt to add originator information into the E2E protocol dead on arrival. Hence, the only way to comply with the guidelines is to break E2E.”