wordpress blog stats
Connect with us

Hi, what are you looking for?

We need a better approach to Whatsapp and traceability

It’s disingenuous when the Indian government says that they want traceability but “not at the cost of encryption or privacy.”

Traceability is bound to be at the cost of privacy, even if it means getting meta-data. And, when it comes to Whatsapp, traceability is likely to be at the cost of end-to-end encryption, and invariably, the removal of end-to-end encryption means that it is at the cost of privacy. It’s almost as if this is a tactical PR move from the government: no one can deny that there are times when traceability is necessary, and the two clear cut cases here are terrorism and child pornography. At the same time, even though removal or dilution of encryption puts users at risk, saying that it’s the platforms problem to figure out how they provide traceability without breaking encryption means that the government doesn’t look as if it’s trying to risk harming privacy, even if that’s what its demand will end up doing.

What is traceability?

It’s worth noting that in its Intermediary Liability consultation, the government hasn’t defined what traceability is. The specific clause in the still draft amendment to the IT Rules is:

(5) When required by lawful order, the intermediary shall, within 72 hours of communication, provide such information or assistance as asked for by any government agency or assistance concerning security of the State or cyber security; or investigation or detection or prosecution or prevention of offence(s); protective or cyber security and matters connected with or incidental thereto. Any such request can be made in writing or through electronic means stating clearly the purpose of seeking such information or any such assistance. The intermediary shall enable tracing out of such originator of information on its platform as may be required by government agencies who are legally authorised.

So what is traceability? “Such information or assistance” is vague enough for it to mean whatever security agencies want, which means that the vague phrasing lends itself to actions which are not proportionate. But is it:

  1. The mobile number linked to a message?
  2. The name of the person who sent/received a message?
  3. Every person who received a particular message?
  4. Every person who sent a particular message?
  5. Content of every message sent by an individual
  6. Content of every message received by an individual
  7. Their GPS location?

Remember that disproportionate traceability already exists in case of the Centralised Monitoring System (a great read on it here), and our calls and messages can be monitored en masse. Surveillance of everyone is neither necessary nor proportionate.

If you remove end-to-end encryption, it puts everyone at risk. If you give the decryption keys to the government – i.e. give them a “backdoor”, it opens the door for someone else to exploit it as well. Encryption ensures privacy and privacy ensures trust. If our communications are constantly under the threat of being monitored, it has a chilling effect on private communications and forces us to self-censor. Lack of privacy makes us vulnerable. Why is there a need to be able to see every message, from every user, all the time?

Advertisement. Scroll to continue reading.

We need a better approach: start with surveillance reform

What the government of India is doing here is trying to address and immediate need of getting access to information, without bringing in accountability. India’s draft data privacy law exempts the government from data protection requirements. India’s amendment to intermediary liability protections wants proactive monitoring of content, and traceability of users without a structured and meaningful conversation on what this disproportionate act of enabling surveillance means for citizens and rights, without bringing in necessary surveillance reform. The TRAI’s OTT consultation also goes into regulation of the Internet on the basis of security concerns, without looking at protection for citizens.

What we need here is for legitimate requests from the government to be processed on an urgent basis, and for metadata, as Tim Berners-Lee pointed out to me, to be made available for governments when needed, but we also need a more structured definition of what a legitimate request is. Who monitors our security agencies and ensures that their requests and their access to data is lawful (in case of the Telangana allegations, the access seems to have been political)? They’re not answerable to Parliament, so who holds them to account?

Current processes are focused on enabling, and increasing the reach and scope of surveillance, without bringing in accountability. It’s about time that the government of India started a process for surveillance reform.

Written By

Founder @ MediaNama. TED Fellow. Asia21 Fellow @ Asia Society. Co-founder SaveTheInternet.in and Internet Freedom Foundation. Advisory board @ CyberBRICS

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ