WhatsApp is suing
the Indian government over new internet laws it says will “severely undermine” user privacy.
WhatsApp’s current messaging architecture is propped up by end-to-end encryption: the company doesn’t know what’s in the messages you send, and it doesn’t know who sends which messages.
India’s new laws are designed to tear down that E2E architecture, requiring apps to trace the “first originator” of a message to create a central database that can be used to monitor online activity. WhatsApp’s concerns here are two-fold.
Concern #1: security. As the country’s most popular app, weakening end-to-end encryption will erode the security of the 400-million-plus people who use WhatsApp in India. In the words of WhatsApp’s lawyer: “a government that chooses to mandate traceability is effectively mandating a new form of mass surveillance.”
Concern #2: effort. Huge privacy infringements aside, creating and maintaining a traceable database of millions of messages is a bulky undertaking that vacuums copious amounts of time and money.
The other side:
the Indian government says
its intention isn’t to poke holes in privacy - but to curb fake news, violence and other ills.
All good and well (if true) but super unrealistic.
Matthew Green, a cryptographer at Johns Hopkins University, explains
it better than I ever could:
- “There is no such thing as just collecting information from the bad guys. The minute you build a system that can go back in time and unmask a few people sending a piece of content, you’ve built a system that can unmask anyone sending any content.”
Traceability and end-to-end encryption can’t coexist.
Also: India’s new IT laws are eerily reminiscent of China circa ‘06, when Beijing slowly laid the groundwork for The Great Firewall – a project that stopped external info from flowing into the country and allowed authorities to control what was shared internally.
The result was the exit of Facebook, Google and Twitter from China, and the rise of domestic behemoths WeChat, Baidu and Weibo.
The outcome of WhatsApp’s case will reveal which model – Chinese-style firewall or Western-style free internet – India’s government is floating towards.