wordpress blog stats
Connect with us

Hi, what are you looking for?

India’s Crypto War 2.0 is not about Encryption

By Anand Venkatanarayanan                        

There has been enough commentary about the Indian IT Rules notified in February 2021. Almost all of them focus on the how and what, but not the why. A simple framework to understand these rules is via the lens of My country, My rules. This framework has the following axioms driving the rule making:

  1. Social Media is a tool that can bring about regime change and hence must be regulated.
  2. Private Communication at scale is also Social Media.

Social Media and Regime Change

Private clubs and trading organisations have been in existence for long and except for regulation around financial affairs, governments have stayed away from interfering in their day-to-day affairs. A notable exception is the British East India Company, which was so successful in running its private enterprise and ended up owning most of the erstwhile princely kingdoms in the Indian sub-continent, that it had to be taken over by the British government. An important lesson that can be learnt from this historical episode is – A private entity that owns a lot of territory becomes a sovereign state by itself.

A similar construct can be applied in the domain of cyber, where instead of owning a lot of territory, a private entity ends up owning mind space and conversations which ends up driving narratives. When a significant portion of a country’s population uses a digital tool, developed by a private entity, it becomes a critical digital infrastructure. The free distribution and network effects offered by these mediums then become a contested space for diverse opinions which compete with each other to gain the mind space of the population.

This becomes problematic for both democratic and authoritarian governments in different ways, as noted by Bruce Schneier and Henry Farrell in their paper, “Common-Knowledge Attacks on Democracies”. They note that while in democracies, who is in charge is contested (via regular elections), in autocracies, who is in charge and what the social goals are must be stable and uncontested. They further note that autocracies benefit from “pluralistic ignorance” or “preference falsification,” under which people only have private knowledge of their own political beliefs and wants, without any good sense of the beliefs and wants of others.

Social media platforms hence are problematic for autocracies because they can become a means for the population to understand how the existing regime has become unpopular. For instance, protest movements can use these platforms to broadcast their disagreements and may end up picking followers and gain more traction from other sections of the population, which are unhappy with the regime for some other reason. Democracies are also vulnerable to these information attacks, but in a different manner, as the sanctity of the US Presidential election was questioned by the incumbent President, who lost the election, which then led to the invasion of the Capitol, as many believed that his claims were true.

Advertisement. Scroll to continue reading.

Hence, both the content and virality of the content becomes a key area of concern, and it is only natural that governments of all hues would want to regulate that aspect via take down notices. While it is easier to send take-down notices, it is another thing entirely to ensure that they are complied upon because by virtue of gaining a significant user base, social media platforms have amassed “People Power” on their own and can mount formidable opposition to an elected government, and may simply choose to ignore the take-down notices.

Hence, governments need leverage over these platforms to make them bend to their will, and the business interests of these platforms offer that leverage. They may also choose other outwardly reasonable looking methods such as mandating compliance officers within these platforms to ensure take-down notices are honoured, by pointing out how platforms don’t respond on time and take down harmful content such as abuse, pornography, etc. In this push and pull game, however, both parties (Platforms and Governments) have dilemmas that they need to grapple with.

For instance, governments cannot go too hard on the platforms because it may antagonise a large section of citizens, in the platform, which may then backfire, as they would take the side of the platform, and the reverse is also true. Platform users also face the same dilemma and their segmentation matters on the final outcome. For instance, a section of the platform users may want platforms to be more neutral and respectful of rights, while other segments may want it to take the side of the government because they are dis-trustful about them (The East India company provides a historical context on why).

While the local leadership of the Platforms might also make a difference, the impact would be marginal at best because as they are local citizens under government jurisdiction, they may be subject to punitive measures and be only protected to the extent of independence of the judiciary in the country. The final outcome of this contest is thus predicated on the complex interplay of power between various parties (Government, Platforms, Citizens) and also geopolitical realities, but one factor decides the outcome more than most – People Power, and the party that wins it, might succeed, more than others.

Private Communication at Scale is Social Media

What converts a private conversation between two or more individuals into a public square is – the capability to share. If we can imagine an end-to-end encrypted channel, where messages instantly vaporise themselves as soon as they are read, then no matter, how many people use that messenger application, it will not be deemed as a public square. However, all popular messenger applications, provide the capability to share content via the “Forward Feature” for a simple reason – humans are social animals who love to share.

Hence, virality becomes a concern even within private communications between two or more individuals and currently Platforms don’t offer any means to restrict virality because whatever they do, there are technical workarounds to disable them. For instance, when WhatsApp enabled “Forwarded” labels, to counter criticism that mindless forwarding of child kidnapping rumours resulted in scores of innocent people getting lynched, it created a market for custom clients that are funded by political parties and other actors, which worked around these labels, by employing copy-paste techniques via WhatsApp Web client.

Advertisement. Scroll to continue reading.

While some argue that Forwarded labels are just gimmicks that are done on top of the Signal protocol on the client side, to counter criticism about fake news, it has also become an area of relentless misinformation that the feature proves that WhatsApp is indeed tracking virality, which then formed the basis for mandating traceability of the first originator, as part of the IT rules. The rules envisage that just like how two hidden fields (Forwarded: True, Forward Counter), were added by the client side without the knowledge of users, one hidden extra field (Originator Phone number) must be added without the knowledge of users.

The leverage that the government did think it had over WhatsApp was not surprisingly user angst about the rollout of the privacy policy which adopted a take-it-or-leave-it approach and also the holding out of WhatsApp Pay, until it complies. WhatsApp going to court was an outcome, it did not expect. However, it does not mean that courts will take the side of WhatsApp as it really depends on whose side the power of people reside, and so far Platforms have not made any concerted attempt towards reaching out to people, for fear of antagonising the government and suffering punitive reprisals, that may be carried out on their business interests or their local employees.

Signal – Joker in the Pack

Given this background, the recent news that the government considers Signal to be non-compliant with the IT rules because it has not implemented the traceability mandate and has not appointed grievance officers is puzzling for two reasons:

  1. The government has no leverage on Signal as it has no business interests in India, being a non-profit foundation.
  2. User trust is much higher on Signal because it is highly recommended by security researchers in India for collecting very little meta-data, and there is distrust in WhatsApp because of its recently rolled out privacy policy changes.

So why would the government pull Signal into this? The simple answer is – floating a trial balloon to gauge reactions and also, signalling that it may get banned to the current user base and potential users.

Signal foundation can respond to this trial balloon in the following ways:

  1. They can simply ignore the news and choose not to respond.
  2. They can make a public statement that they would never comply with these demands and leave it be.
  3. They can do #2 above and also intervene or join cause with petitioners who have challenged these rules in various high courts across India.

Each of these responses has its own set of Pros and Cons. For instance, #1 (Ignore) is the weakest response and that might convince the government that WhatsApp is all alone in this, and continue to press on about how a company that sells user data can’t be trusted to guard user privacy, turn public opinion against it, win the court cases, and then undermine the entire construct of end-to-end encryption, by banning Signal later, like China.

A public response from Signal (#2) will strengthen user trust and will also allow Signal to grow its user base, but it will startle the government enough to raise the historical context of the British East India Company and paint Signal as an aggressor against Indian sovereignty, and raise the spectre of fake news, pornography, and other harms spreading through the platform and come out in the public (unlike anonymous officials giving quotes). This will create a Streisand effect and will drive more users towards Signal.

Joining other petitioners in the litigation against the IT rules (#3) is the strongest response with non-profits such as Internet Freedom Foundation (IFF), will focus public attention not just on Signal, but also towards the technology of end-to-end encryption and the various aspects of free speech it enables. This option also has the added advantage of blunting criticism that Signal behaves like the erstwhile East India Company, raising the discourse level on encryption and technology in the public domain and increasing the chance that these rules might be struck down by the courts.

Advertisement. Scroll to continue reading.


Anand Venkatanarayanan is a cybersecurity expert. Views expressed here are personal and do not reflect the views of his employer or of MediaNama


This article — originally posted here — has been cross-posted with permission. 

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ