The Indian government in its response to WhatsApp’s lawsuit claiming tracing of encrypted messages violates the right to privacy of citizens highlighted the “international precedence” of such requirements. The government defended itself by saying that the ‘Five Countries’– United Kingdom, United States, Australia, New Zealand and Canada — are also in support of similar IT rules that give power to governments to intercept encrypted communications to protect citizens.
The criticism of such laws is obvious as any mode to intercept encrypted communications gives authorities more control over the online privacy of citizens. And there’s no denying that there’s always a risk that governments may use the same to suppress dissent.
At the same time, we also cannot ignore the fact that it takes less than $10 to buy a virtual phone number of a different country which can be used to activate an account on WhatsApp, Signal or Telegram. And armed with AES-256 encryption, it would make it seemingly difficult for any local law enforcement agency to crack down on the source of offensive content related to child pornography, hate messages, fake news or any content that incites mob to be violent.
India has already witnessed on several occasions as to how hate messages spread over WhatsApp can at times lead to riots or mob lynching. For the record, it is said that AES-256 encryption is unbreakable with 1.1 x 10^77 possible key combinations.
For online privacy of chats, AES-256 encryption is something god sent. But countries like the US, Canada, UK, Australia and New Zealand have already realised the need to balance between online privacy for citizens and not allowing law enforcement agencies to be helpless and clueless while dealing with serious crimes.
India is not the first nor the only country that wants rules for encrypted chat platforms like WhatsApp.
Here’s what countries like Australia, US, UK, New Zealand and others want from tech companies with respect to encrypted platforms.
Australia has passed its ‘encryption law’ in 2018 called TOLA
Australia has already passed its ‘encryption law’ called ‘TOLA’ or simply The Assistance and Access Act 2018. It is enforced to “improve the ability of agencies to operate around encryption without undermining it. The purpose of these warrants is to ensure agencies can lawfully access intelligible communications content.”
The Australian government claims that “over 95 per cent of the Australian Security Intelligence Organisation’s (ASIO) most dangerous counter-terrorism targets use encrypted communications. Encryption impacts intelligence coverage in nine out of ASIO’s 10 priority cases.”
It also mandates certain safeguards and guarantees and states that the Australian government cannot “build or implement so-called ‘backdoors’ or do anything that would make the communications of innocent persons less secure; build a decryption, interception or data retention capability; access communications without an existing warrant or authorisation; compel an employee to undertake activities without the knowledge of their employer.”
Within the first year of the enactment of ‘The Assistance and Access Act 2018’, the Australian law enforcement agencies used ‘encryption busting’ technologies 11 times mostly to investigate drug and robbery cases.
US introduced a bill in June 2020 called ‘The Lawful Access to Encrypted Data Act’
The Senate Judiciary Committee Chairman Lindsey Graham and U.S. Senators Tom Cotton and Marsha Blackburn introduced a bill called the Lawful Access to Encrypted Data Act, in June 2020. For those unaware, this bill hasn’t been passed as a law yet in the US.
In a statement to the press, the bill was presented as a measure to “bolster national security interests and better protect communities across the country by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior.”
“Tech companies’ increasing reliance on encryption has turned their platforms into a new, lawless playground of criminal activity. Criminals from child predators to terrorists are taking full advantage. This bill will ensure law enforcement can access encrypted material with a warrant based on probable cause and help put an end to the Wild West of crime on the Internet,” said U.S. Senator Tom Cotton while introducing the bill.
“User privacy and public safety can and should work in tandem. What we have learned is that in the absence of a lawful warrant application process, terrorists, drug traffickers and child predators will exploit encrypted communications to run their operations,” added U.S. Senator Marsha Blackburn.
The Five Countries communiqué on encryption in July 2019
A joint meeting of Five Country Ministerial on July 30, 2019 where Home Affairs Ministers and Attorneys General met together to discuss ways to countering child sexual exploitation and abuse, countering violent extremism and terrorism both online and offline, foreign terrorist fighters, and encryption.
The key takeaways from the communique by United Kingdom, United States, Australia, New Zealand and Canada regarding encryption include:
“We are concerned where companies deliberately design their systems in a way that precludes any form of access to content, even in cases of the most serious crimes. This approach puts citizens and society at risk by severely eroding a company’s ability to identify and respond to the most harmful illegal content, such as child sexual exploitation and abuse, terrorist and extremist material and foreign adversaries’ attempts to undermine democratic values and institutions, as well as law enforcement agencies’ ability to investigate serious crime.”
“Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format. Those companies should also embed the safety of their users in their system designs, enabling them to take action against illegal content. As part of this, companies and Governments must work together to ensure that the implications of changes to their services are well understood and that those changes do not compromise public safety.”
Five country ministerial 2020 communiqué
The Home Affairs, Interior, and Security Ministers of Australia, Canada, New Zealand, the United Kingdom and the United States of America met via video conference on 17-18 June 2020 to discussed the challenges and implications of the Covid-19 pandemic for our security and reconfirmed our determination to protect our nations from these threats.
The key takeaway from this communiqué regarding encryption:
“We discussed the vital importance of collaboration between Governments and the digital industry to address concerns with end-to-end encryption where it impacts public safety and the lawful access to information necessary to prevent or investigate serious crimes. We continue to urge technology companies to make real progress on this issue and work with Governments in a meaningful way to resolve this challenge in ways that protect our citizens. We will continue to work with like minded international partners and institutions to ensure complementary approaches to this issue.”
WhatsApp vs Brazil over E2E encryption
Facebook-owned WhatsApp has been fighting legal battles in Brazil for quite some time now and WhatsApp has faced temporary suspensions in the country. The Indian government claimed that “Brazilian law enforcement is looking for WhatsApp to provide suspects’ IP addresses, customer information, geo-location data and physical messages.”
Having said that in Brazil, the “secrecy of communications” can be violated by a court order. While there is no direct reference or law which mandates decryption of encrypted communication, the Civil Law of the Internet in Brazil clearly mentions that “The content of private communications may only be made available by court order, in the cases and in the manner established by law, and in compliance with items II and III of art. 7o.”
The law also “does not prevent administrative authorities to have access to recorded data that informs personal qualification, affiliation and address, as provided by law.”
The Five Countries along with India and Japan signed a joint statement on End-To-End Encryption and Public Safety in October 2020
The government of the five countries– UK, USA, Australia, Canada and New Zealand– along with India and Japan signed a joint statement in October 2020 said, “There is increasing consensus across governments and international institutions that action must be taken: while encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online.”