WhatsApp is suing the Indian government over the country’s new social media rules which could potentially force the company to break its end-to-end encryption security, making personal messaging on the platform less safe for users across the world.
The Facebook-owned company has moved the Delhi High Court challenging a key requirement laid down in India’s latest social media rules for messaging platforms: identification of the first originator of the information, colloquially called ‘traceability’. The lawsuit was filed on May 25, the company confirmed.
While several legal challenges have been filed across Indian courts against the latest social media rules by the likes of digital publishers and open software practitioners, WhatsApp is the first big tech company to mount a legal challenge against them, in what could potentially be the biggest privacy case in India after the right to privacy judgement of 2017.
To be sure, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, commonly called as social media rules require a “significant social media intermediary” providing messaging services to “enable the identification of the first originator of the information”. A significant social media intermediary, in this case, is a messaging platform that has more than 5 million registered users in India.
This provision impacts the end-to-end encrypted security present in not just WhatsApp but also other messaging platforms like Signal.
“Existing end-to-end encrypted communications protocols, particularly the Signal protocol (which WhatsApp also uses), do not have any mechanism for tracing originators while maintaining encryption (according to Signal),” Divij Joshi, an independent lawyer, researcher and tech policy fellow at Mozilla told Entrackr.
“The WhatsApp case is significant because it will establish whether the right to encrypted communications and the right to anonymous communication are facets of the right to privacy, specifically to informational privacy,” Joshi added.
In its lawsuit, WhatsApp is invoking the 2017 right to privacy judgment pronounced by the Supreme Court of India, saying that the traceability requirement laid down in the social media rules could undermine people’s privacy.
“Requiring messaging apps to ‘trace’ chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people’s right to privacy,” a WhatsApp spokesperson said in a statement following the lawsuit.
We have reached out to the information technology ministry for comment and will update the story when they respond. We’ve also reached out to WhatsApp for more details about their petition.
And in a blog post that went live after the company’s legal challenge, WhatsApp said, “a government that chooses to mandate traceability is effectively mandating a new form of mass surveillance.”
WhatsApp’s contention is that end-to-end encryption was designed to help keep personal messages safe, and the traceability provision is the exact opposite of it as it would reveal the identity of both the sender and receiver of a message, including the contents of the message.
The company believes that the traceability provision would force private companies to collect and store data on billions of messages sent each day, forcing these companies to collect more data than they need for the purpose of turning it over to law enforcement agencies. It also said that such massive data collection makes messaging platforms inherently less secure by opening up more avenues for hacking.
It also said that traceability would not be effective in finding the originator of a particular message because messages usually originate on social media platforms or elsewhere on the internet before people copying and pasting them into chats, thereby making it impossible to understand the context in which a particular message was shared.