Home > Finance > IT Rules 2021: Govt should not weaken fundamental right to privacy in the name of security

IT Rules 2021: Govt should not weaken fundamental right to privacy in the name of security


The latest battle between GoI and several technology companies throws open a number of legal, political and technology issues fundamental to how the world navigates citizens’ right to privacy. An intractable issue of the face-off is the traceability requirement notified by Information Technology Rules 2021, which enjoins upon the social media intermediary to trace the originator of offensive messages, as directed by GoI.

WhatsApp maintains that this is not possible without breaking encryption, which will render the entire messaging platform vulnerable to hacking. Some experts, however, claim that this is possible. Also, since WhatsApp can already identify a message being forwarded or not, it is argued that it can also trace the origin of the message.

Both arguments misinterpret the technology WhatsApp uses to provide end-to-end-encryption. IIT Madras’ V Kamakoti’s proposal is based on the assumption that WhatsApp uses an encryption protocol using public keys that came out in 1974. This is not true. Ever since WhatsApp embraced the encryption protocol used by the makers of the Signal messaging application, it is technically impossible to add the originator.

This is because WhatsApp encryption also uses constantly rotating encryption keys per message, which remains only between sender and receiver. If this scheme is changed to find the origin of the message, it will be break end-to-end encryption, making over 2 billion users vulnerable.

Second, the architecture of encryption is to ensure deniability. So, if the law wants to use the ‘first originator’ feature to track someone and prosecute them, it will fail. This is because it is easy to spoof the origin, and it will be impossible for the law to establish its veracity. The WhatsApp encryption protocols founders called it ‘Open Whisper’ because that is exactly how they wanted it to be — an open whisper that cannot be read or traced.

Messaging platforms like WhatsApp are providing global service. Will other countries allow their citizens to be tracked as originators of a message?

Governments argue that messaging platforms can be used for terrorism, crime and child abuse. But this is like arguing that since a car can be used to run over people, they need to have weak wheels and soft fenders.

For decades, terrorists and paedophiles have tried to use technology to further their criminal activities. They were apprehended, not by good technology alone, but because of good police investigation and generation of excellent human intelligence. Sadly, while the focus has been on trying to bring technology companies to heel, little has been done to reform India’s police and intelligence.

Unless the key tools of policing and intelligence are fixed, any attempt to bend technology will not serve any purpose. Most of those arrested in India for joining the Islamic State (IS) were introduced to messaging platforms like ChatSecure, Threema, Viber and Telegram, which have very little public visibility in India. The 26/11 terrorist attacks in 2008 were carried out using Voice over Internet Protocol (VoIP) to direct the attacks.

There is also the issue of technology platforms working across borders. WhatsApp has 2 billion users globally. Any weakening of the end-to-end encryption violates privacy of all users across the world. In August 2017, the Supreme Court ruled that privacy is a fundamental right. While it is absolutely essential for the State to prevent terror attacks, it cannot undermine the fundamental right to privacy. Both must be pursued and can be done without weakening one or the other.

This problem is not unique to India. Other democracies, such as the US, Britain and Australia, are also grappling with it. The US and Britain have strong privacy laws as well as multilayered oversight mechanisms for its intelligence and police agencies. These are not available in India. In Australia, the Telecommunications and Other Legislation Amendment (TOLA) Act 2018 enabled its government to seek information from technology companies and decrypt communications. The Act is up for review by a parliamentary joint committee that also oversees all intelligence and related security functions.

Sadly, in India, no such parliamentary committee or oversight mechanisms exist. Even the Personal Data Protection (PDP) Bill is still being debated. Justice B N Srikrishna, who headed the privacy Bill committee set up by GoI, has also criticised the new IT rules. It may be time to examine all these issues in totality, while upholding the Indian citizens’ constitutionally mandated right to privacy and life.

Source link

TAGS , , , , , , , ,
Hi guys, this is Kimmy, I started LicensetoBlog to help you with the latest updated news about the world with daily updates from all leading news sources. Beside, I love to write about several niches like health, business, finance, travel, automation, parenting and about other useful topics to keep you find the the original information on any particular topic. Hope you will find LicensetoBlog helpful in various ways. Keep blogging and help us grow as a community for internet lovers.