Methods for tracing WhatsApp messages - IT Rules 2021

-

Methods for traceability of WhatsApp messages - IT Rules 2021

WhatsApp traceability can be achieved in two methods — 

1. Use of digital signatures 

2. The metadata approach. 

However, it is still open to question whether either can discharge its legal objective of establishing criminal liability.

The digital signature approach may not be foolproof because it is susceptible to impersonation. Further, the approach would require the intermediary to keep the private key of the encrypted digital signature and decrypt when ordered by the court or the government. But the key will then become vulnerable to hacking by bad actors and once successful will create havoc, targeting innocent users. This approach with other precautions can be used successfully.

The metadata contains data pertaining to source, time, date, location and other attributes minus the content. But for traceability, a humongous amount of data would be commandeered for which the security agencies neither have the time, energy or capacity to disaggregate for any meaningful result. Second, in some case it may violates the data minimisation principle, envisaged in GDPR, PDPA and other privacy laws of the world. It figures prominently in Justice Puttaswamy judgment on privacy and the PDP Bill, 2019. But in big cases large charge sheets and huge data is the norm which LEA is used to it, its just the security of the meta data and the SOP for the same needs to be evolved.

If the above two techniques are fraught with risks, is it possible to comply with IT rules with a straight-forward method of intermediary keeping the decryption key of the messages? No. Because any modification of the system to give backdoors, weakens the security architecture, rendering it vulnerable to all bad actors.

The other alternative is the client sight scanning, where hashes used in communications are matched against a database of content before sending the message to the intended recipient. But the threat again is real, once the platform gets totally exposed by hackers getting hold of the database.

What is practicability ? 

It is for the intermediaries like WhatsApp to implement and comply with the traceability rule of The IT Rules,2021 and figure out whether it is possible without breaking the encryption.

The government has said time and again that it does not seek content and that originator tracing can be done without breaking encryption. Some national and international experts who maintain that traceability is not possible without breaking encryption but these experts could be wrong as the technology develops day by day.

Government needs to release illustrative guidelines for intermediaries to implement traceability. The end-to-end encryption is the bedrock of securing private messaging and online infrastructure, for ensuring safety and security of its users. Tinkering around with it will lead to a severe crisis of confidence and credibility. Innocent users of various social-media platforms have a cherished right to their privacy. Their personal information and chats cannot be used either commercially or surveilled by the state. A democratic state owes it to its free citizens.

IIT professor V Kamakoti’s in response to the Madras High Court suggested two methods to trace one was adding an originator information with every message and the other where a permission-based system which allows users to classify a message as forward-able or not forward-able.

This reputation of confidentiality that the WhatsApp enjoyed had already come under a cloud in India. Serious concerns were being raised about WhatsApp’s ability to protect a person’s privacy apart from preventing content from being transmitted and stored on its service from unauthorised access and misuse. These IT rules 2021 though not impeaching on privacy legally leaves room to do so, i think checks and audits by MEITY on WhatsApp and other social media websites and messenger service is the need of the hour.


x

Comments

Post a Comment

Popular posts from this blog

What to do when police does not take your FIR?

-
Image
What to do when FIR is not taken by the Police ? A First Information Report is the first legal document that initiates criminal proceedings. The first information received about the commission of a cognizable offense has to be noted down by a Police Officer. It is called as  First Information Report under Section 154 of CRPC. Cognizable and Non-Cognizable Offences: Cognizable offences  are offences where the police can arrest the accused without any warrant. In such offences, the police can Suo-moto take cognizance of the offence and it does not require any sanction from the court in order to begin the investigation. On the other hand,  Non-Cognizable  offences are those in which police cannot make an arrest without taking prior assent from the court. Schedule I of the Criminal Procedure Code clearly distinguishes which offenses are cognizable and which are not. According to section 154(1) of the Criminal Procedural Code,  an FIR can be filed only in cognizable offenses.  Schedule 1 of
Read more

Consumer Dispute resolution under the Telecom Act 2023

-
Image
The Telecommunications Act of 2023 has strengthened the dispute resolution framework by introducing an online grievance redressal system. The aim is to expedite the resolution of conflicts between telecommunications companies and consumers while ensuring transparency in the redressal process. Following an inquiry, a telecom company found violating license or service terms may incur severe penalties, spectrum holdings cancellation, service restrictions, or even be prohibited from providing telecom services, depending on the seriousness of the breach.  How does the online grievance redressal system operate, and who plays key roles?   An Adjudicating Officer (AO), appointed by the Centre and not below the rank of joint secretary, will conduct inquiries to resolve disputes between telecom service providers and consumers. Additionally, a separate Designated Appeals Committee (DAC) will be formed, consisting of officers at the rank of additional secretaries. Individuals dissatisfied with an
Read more

When can Police Arrest you in Cyber crime: Explanation with Case Laws

-
Image
Arrest by Police in cyber crime cases By Adv (Dr.) Prashant Mali Cyber crime is a reality but personal liberty is a fundamental human right and a cornerstone of the social structure.  Arrest brings humiliation, curtails freedom and cast scars forever. Its deprivation is a matter of grave concern.  The law of arrest is one of balancing individual rights, liberties and privileges,on the one hand, and individual duties, obligations and responsibilities on the other. The police officer can , without an order/warrant from a Magistrate, arrest a person in respect of a cognizable offence punishable with imprisonment exceeding 7 years without mentioning any ' special reasons '. The problem arises when it comes to arrest of a person who is accused of an offence which is punishable up to 7 years. The Hon’ble Apex Court in Arnesh Kumar v. State of Bihar, (2014) 8 SCC 273 held; Our endeavour in this judgment is to ensure that the police officers do not arrest the accused unnecessarily and
Read more