WhatsApp just showed its 3 billion users how seriously it takes their security – and that might mean lots of of tens of millions of individuals losing access to the app…
Is WhatsApp really leaving its biggest market?
If you ever needed a signal of how seriously WhatsApp takes its security, look no further than its largest market. Meta-owned messenger – the most important on the earth – just threatened to depart India relatively than compromise encryption.
WhatsApp has built its entire popularity on the strength of its security and privacy – ignoring the meta-irony, and this has encouraged nearly 3 billion users to trust the platform with their messages, voice and video calls, and media.
While WhatsApp has not yet quite secured its usual market presence within the US market, it has develop into a quasi-mobile network in Europe and Asia. And nowhere is that this more the case than in India, the platform’s largest market with approx 500 million User.
But India can also be considered one of the markets combating the shortcoming to access end-to-end encrypted content for security and law enforcement reasons. And the introduction of the Information Technology Rules (Intermediary Guidelines and Code of Ethics for Digital Media) in 2021 should address this.
This laws requires law enforcement authorities to make use of the courts to force a social media company to reveal the sender of an original message in order that dangerous or illegal content may be traced back to the source. This clearly implies that not only is the identity of those sending messages being shared, but the safety across the content itself can also be being broken with a view to link it back to the relevant user.
For its part, the Indian government says it has set the bar high for such intervention – in serious crimes resembling rape or CSAM proliferation or in national security issues. But WhatsApp is not budging – as you’d expect given the stance it has at all times taken elsewhere. According to the messaging platform, following these rules would break end-to-end encryption and jeopardize the privacy of the complete user base.
And this argument has now reached the court. This week WhatsApp lawyer Tejas Karia told The Supreme Court in New Delhi said: “As a platform, we say that if we are told to break encryption, WhatsApp will disappear.”
The lawyer went on to clarify that if it complied – which it didn’t – it might need to store “millions and millions of messages over several years” because “we don’t know which messages will do that.” to be deciphered.”
Somewhat contradicting the court’s idea of never asking a matter to which you do not know the reply, the judge asked WhatsApp’s lawyer: “Have these matters been raised anywhere in the world?” They have never been asked to supply the data anywhere on the earth to pass on to the world? Even in South America?”
The answer was quite simple: “There is no such rule anywhere else in the world, not even in Brazil.”
The problem for WhatsApp specifically, and for Meta more broadly, is that if it gives way in a single place, other countries will quickly follow suit. Security agencies world wide are desperately searching for easy solutions to lawfully intercept or retrieve content that’s currently unavailable to them – actually not without sophisticated cyber techniques that put endpoint devices in danger.
Also this week we saw why that is such a hot topic. European law enforcement authorities called for technology platforms to enable access under a lawful mandate. “We call on the technology industry to construct in security by design to make sure it continues to have the ability to detect and report harmful and illegal activities resembling child sexual exploitation, and to act lawfully and exceptionally on behalf of a lawful authority. “
“Some governments are trying to force technology companies to find out who sent a particular message via private messaging services,” WhatsApp said says in an evidence of why such “traceability” breaks their security model. “A government that chooses to mandate traceability is effectively mandating a new form of mass surveillance – messaging services would have to maintain huge databases of every message you send, or private messages with friends and family with a permanent identity stamp – like one Fingerprint – provided, colleagues, doctors and companies.”
The hearing in India is scheduled to proceed on August 14.
