India’s new Intermediary Rules must not be used to force intermediaries to break end-to-end encryption or to stop their plans to offer it, said theinternational internet advocacy body, Internet Society (ISOC). The Rules, while mandating traceability, clarify that significant social media intermediaries would not be required to disclose the contents of any electronic message. However, ISOC was unconvinced: “[T]he Internet Society reiterates its concern, shared by cybersecurity experts, that in order to comply with these traceability requirements, platforms may be forced to undermine end-to-end encryption.”
In a statement issued on Monday, ISOC was reacting to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 that were notified last week, which mandate social media companies with more than 5 million registered users in India to enable traceability of message originators on their platforms. This mandate is considered to be a threat to end-to-end encryption, which makes it technologically impossible for platforms (such as WhatsApp and Signal) to read and trace user messages.
“Over 500 million citizens citizens use end-to-end encrypted messaging apps in India. Each of them relies on strong encryption more than ever to keep their communications safe and private. Any attempts to weaken encryption would undermine the digital security of people in India, as well as those with whom they communicate outside the country” — ISOC statement (emphasis added)
The statement recalled a letter sent to IT Minister Ravi Shankar Prasad in January 2020, wherein security experts had warned against pursuing traceability. “Yet, the government has pushed forward with a traceability requirement that ‘significant social media intermediaries’ (including popular end-to-end messaging apps) must have the ability to identify the first originator of information shared on their platforms.”
ISOC said that any requirements that force businesses to make themselves and their products less secure by breaking end-to-end encryption allows criminals and hostile actors to exploit confidential and sensitive information. “The Indian Government must protect the security and privacy of millions of people across India and preserve uncompromised end-t0-end encryption,” it said.
- Govt Brings Intermediary Guidelines 2021 To Regulate Social Media, Digital News And OTT Platforms
- Breaking: Threshold For Significant Social Media Intermediaries Set At 5 Million Registered Indian Users
- Summary: Information Technology Rules 2021, And Intermediaries And Social Media Platforms