WhatsApp
could have accidentally entered into troubled waters here in India by enabling
its end-to-end encryption for all. The new security feature by WhatsApp is not
what is required by the Indian telecom rules and WhatsApp could face a ban, if
the rules are not adhered to. But not yet.
According
to the reports of leading web portal, the Indian rules state online services
are only permitted to use up to 40-bit encryption and If they need to use
higher encryption standards, they need to seek permission from the government.
WhatsApp on the other hand offers 256-bit key for encryption of all chat
messages.
After
Apple’s problems with the FBI over unlocking an iPhone for retrieving encrypted
data splat all over the internet, tech giants such as Apple and Google backed
Apple’s decision on refraining to help the FBI to unlock the device. The major
reason for Apple not helping the FBI was user’s data privacy and security
norms. But the FBI managed to crack open the phone without any help from Apple,
which is not a big question if the user’s data is even secure and private
anymore.
In
India, companies need to follow the country’s rules and adhere to specific
types of encryption, which WhatsApp does not currently use. WhatsApp’s
end-to-end encryption on its chat service means that WhatsApp or anyone else
won’t be able to crack open its contents. Only the sender and the recipient are
able to read the encrypted data.
Why
is it not possible for WhatsApp to help decrypt users’ messages? “No one can
see inside that message. Not cybercriminals. Not hackers. Not oppressive
regimes. Not even us,” WhatsApp founders Jan Koum and Brian Acton wrote on
their blog.On
Tuesday April 05, WhatsApp, which has more than a billion users, said it has
introduced encryption to all its services.”Encryption is one of the most
important tools, governments, companies and individuals have to promote safety
and security in the new digital age. Recently there has been a lot of
discussion about encrypted services and the work of law enforcement,” WhatsApp
said in the blog post.
However,
as for the Indian rules, online services are only permitted to use up to 40-bit
encryption. If they need to use higher encryption standards, they need to seek
permission from the government, and the way WhatsApp is setup, it seems a bit
too difficult to obtain the same. In order to get the required permissions and
green flags from the Indian Government, WhatsApp needs to submit the encrypted
message keys, which sadly, they too actually don’t have.Hence,
indirectly, all those who are currently using the updated WhatsApp app in India
are actually using it illegally, says the report.
WhatsApp’s
use of encryption has already caused friction in Brazil, where authorities
recently arrested and then released a Facebook Inc. executive after the company
said it was unable to unscramble a user’s encrypted messages. That’s because
end-to-end encryption automatically encodes each message with an algorithm that
can only be unlocked by the sender and recipient.
Countries
like India are currently looking to pass new policies on the new encryption
standards. But it is presently unclear whether these new policies will bring
new requirements on WhatsApp.The
big question now is that, will India allow WhatsApp to continue in India or
will it enforce a new OTT regulation which will put encrypted services like
WhatsApp, Skype, Viber and others into the grey zone?
