WhatsApp could have accidentally entered into troubled waters here in India by enabling its end-to-end encryption for all. The new security feature by WhatsApp is not what is required by the Indian telecom rules and WhatsApp could face a ban, if the rules are not adhered to. But not yet.
According to the reports of leading web portal, the Indian rules state online services are only permitted to use up to 40-bit encryption and If they need to use higher encryption standards, they need to seek permission from the government. WhatsApp on the other hand offers 256-bit key for encryption of all chat messages.
After Apple’s problems with the FBI over unlocking an iPhone for retrieving encrypted data splat all over the internet, tech giants such as Apple and Google backed Apple’s decision on refraining to help the FBI to unlock the device. The major reason for Apple not helping the FBI was user’s data privacy and security norms. But the FBI managed to crack open the phone without any help from Apple, which is not a big question if the user’s data is even secure and private anymore.
In India, companies need to follow the country’s rules and adhere to specific types of encryption, which WhatsApp does not currently use. WhatsApp’s end-to-end encryption on its chat service means that WhatsApp or anyone else won’t be able to crack open its contents. Only the sender and the recipient are able to read the encrypted data.
Why is it not possible for WhatsApp to help decrypt users’ messages? “No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us,” WhatsApp founders Jan Koum and Brian Acton wrote on their blog.On Tuesday April 05, WhatsApp, which has more than a billion users, said it has introduced encryption to all its services.”Encryption is one of the most important tools, governments, companies and individuals have to promote safety and security in the new digital age. Recently there has been a lot of discussion about encrypted services and the work of law enforcement,” WhatsApp said in the blog post.
However, as for the Indian rules, online services are only permitted to use up to 40-bit encryption. If they need to use higher encryption standards, they need to seek permission from the government, and the way WhatsApp is setup, it seems a bit too difficult to obtain the same. In order to get the required permissions and green flags from the Indian Government, WhatsApp needs to submit the encrypted message keys, which sadly, they too actually don’t have.Hence, indirectly, all those who are currently using the updated WhatsApp app in India are actually using it illegally, says the report.
WhatsApp’s use of encryption has already caused friction in Brazil, where authorities recently arrested and then released a Facebook Inc. executive after the company said it was unable to unscramble a user’s encrypted messages. That’s because end-to-end encryption automatically encodes each message with an algorithm that can only be unlocked by the sender and recipient.
Countries like India are currently looking to pass new policies on the new encryption standards. But it is presently unclear whether these new policies will bring new requirements on WhatsApp.The big question now is that, will India allow WhatsApp to continue in India or will it enforce a new OTT regulation which will put encrypted services like WhatsApp, Skype, Viber and others into the grey zone?