wordpress blog stats
Connect with us

Hi, what are you looking for?

WhatsApp announces encryption for chat backups: Here’s what changes for users in India

The company’s decision to bring chat backups under encryption could hurt law enforcement agencies and governments.

WhatsApp will now let users add an additional layer of encryption to their chat backups on iCloud and Google Drive by letting users add an encryption key to the backup, the parent company Facebook announced on September 10. This essentially means that without being able to produce a key or having access to a user’s unlocked phone, users’ messages will be out of reach for law enforcement or government officials — and even WhatsApp itself. “Our primary focus is on protecting people’s messages. That’s why we’ve used end-to-end encryption for messages in-transit, why we’re adding easy ways for private messages to disappear, and now strong backup encryption to protect the messages you want to keep,” WhatsApp CEO Will Cathcart said on Twitter (hyperlink supplied).

“Some governments continue to suggest using their powers to require companies to offer weaker security. We think that’s backwards: we should demand more security from companies for people’s sensitive information, not less.” The feature will be available on iOS and Android in “coming weeks,” Cathcart added.

Cathcart’s reference to governments using their power to require weak security squarely describes India. WhatsApp has sued the government over Rule 4(2) of the Information Technology (Intermediary Liability and Digital Media Ethics Code) Rules, 2021 that requires messaging platforms like WhatsApp to enable “traceability,” a requirement that the company argues would force it to break the encryption to which its messages are subjected.

Source: Will Cathcart, via Twitter

How backup encryption works

WhatsApp will generate a 64 digit key for encrypting cloud backups. As Facebook explains it:

People can choose to secure the key manually or with a user password. When someone opts for a password, the key is stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM) — specialized, secure hardware that can be used to securely store encryption keys. When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup. — Facebook Engineering Blog

This essentially means that the 64 digit key can either be protected with a password on the device itself or by the user themselves, say, in a password manager. But this also means that if a user loses their phone, and they don’t have a copy of the 64 digit key, they won’t be able to access their chat backup even with the password — as the password is merely a key to a key.

Can India access WhatsApp chat backups?

As of now, since WhatsApp chat backups are not yet end-to-end encrypted when they’re stored on the cloud, Indian law enforcement could theoretically request Apple or Google to turn over Indian users’ WhatsApp messages. WhatsApp itself wouldn’t be of much help as far as specific messages are concerned; metadata that the company shares with law enforcement was outlined in a September 7 ProPublica investigation, and while that information is hefty enough for many investigatory purposes, the contents of messages are harder for law enforcement to obtain. In July–December 2020, Google turned over user data for 57% of the Indian government’s 13,624 requests, with the latter covering 39,430 accounts. It is unclear how much of this information included Google Drive data, and more specifically, WhatsApp backups.

Advertisement. Scroll to continue reading.

What the IT Rules require of WhatsApp

The IT Rules require messaging services to enable government agencies to “trace” the initial originator of a forwarded message, or at least the initial originator of such a message in India. This applies to “significant social media intermediaries,” who are defined by the Ministry of Electronics and Information Technology as any platform that has over 5 million users.

In addition to the argument that this would break end-to-end encryption, WhatsApp’s lawsuit against this requirement says that:

  • The requirement doesn’t fulfil standards of proportionality set out in the KS Puttaswamy v. Union Of India case that established the constitutional right to privacy in India;
  • Innocent people may get caught in the crossfire of such requests, violating human rights; and that
  • The requirement is “manifestly arbitrary” and unconstitutional.

The Delhi High Court has not heard the case in detail as of yet; notice was issued earlier this month to the central government.

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ