WhatsApp End-To-End Encryption Might Be Made Illegal In India
WhatsApp announced end-to-end encryption for all its services. Which means that all user calls, video, texts, images and other files sent can only be seen by the intended receiver, and no one, not even WhatsApp itself, can access this information. This assurance of user privacy generates new concerns for the government.
WhatsApp's choice to encode all chats and calls for its one billion customers over the world by default earlier this week may have made the well-known messaging application illegal in India.
WhatsApp encrypts it's messaging using a 256-bit key. Though, as per a 2007 law issued by India's Department of Telecommunications, private companies cannot use encryption higher than 40-bits without approval from the Indian government.
As WhatsApp founders Brian Acton and Jan Koum said in the statement,
As WhatsApp founders Brian Acton and Jan Koum said in the statement,
No one can see that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation.
WhatsApp encryption uses a 256-bit key, which is only known to the sender and receiver that is why the security is pronounced as "end-to-end". But according to the Indian law rule, companies to use no more than 40-bit encryption unless they get explicit permission from the government.
The Indian government has not made a statement on the declaration yet, but it can follow the matter if it wishes to. In the past, several technology companies, most famously BlackBerry, have run into trouble with the Indian government over the security threat posed by encrypting.
The government had threatened to ban BlackBerry over retrieving its encrypted messenger and email service in 2010. It asked the smartphone maker to establish local data servers to decrease security issues, forcing the Canadian company to set them up in Mumbai in 2012.
But, WhatsApp could use a loophole, which states that the rule only relates to Internet service providers. India is still in the process of enrolling a national encryption policy but has been criticized for breaching privacy.