Whatsapp Proposal

Using WhatsApp? Why a New Government Proposal Is Worrying: 10 Facts

How you use WhatsApp and other communication services on your phone could change dramatically - the government is considering a policy that requires businesses and users like you to save messages, and hand them over, if asked. Here is your 10-point cheat-sheet to this big story:
  1. When you send a WhatsApp message, it's automatically encrypted or turned into scrambled text, which is then unscrambled for the person you're messaging.
  2. In the case of WhatsApp and other services like Apple's iMessage, this encryption happens automatically using keys at both ends of the conversation - as a user, you don't need to do anything.
  3. The government is working on a new National Encryption Policy which has alarmed experts. The policy is posted on this website.
  4. The proposal from a department of the IT Ministry states this: "Service Providers located within and outside India, using encryption technology for providing any type of services in India must enter into an agreement with the Government for providing such services in India."
  5. This language is loose enough to apply to apps and services like WhatsApp, which has over 70 million users in India, and iMessage - if they don't register how they encrypt messages in India, they could be declared illegal (if the proposal goes through). You can share feedback by emailing akrishnan@deity.gov.in.
  6. The policy adds that citizens and businesses must save all encrypted messages (including personal or unofficial ones) and their unencrypted (plaintext) copies for 90 days. This is a potential source of confusion since most users don't even know when they are using encrypted forms of communication.
  7. Note that the onus of storing messages for 90 days is on all citizens, which means the simple action of deleting a WhatsApp message would theoretically be illegal. "All citizens [... ] are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country"
  8. Businesses are also expected to maintain encrypted and plaintext (unscrambled) copies of all their communication, and share their encryption keys with the government authorities when asked.
  9. The policy also talks about the government deciding what kind of encryption products business and citizens are allowed to use, which could make your favourite application illegal if it's using some other form of encryption.
  10. In 2010, the government said it would ban BBM (Blackberry Messenger Service) in India unless BlackBerry (then Research in Motion) gave security agencies access to snoop on emails. The two would eventually reach an arrangement that allows the government to intercept messages sent on Blackberry's platform.

Post a Comment

0 Comments