We’re all well aware that the Govt of India has recently notified the new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, also being dubbed as India’s new Social Media Code. Now that it’s finally out in the public, there have been many debates and discussions surrounding the guidelines issued. A very peculiar concern being hyped by a certain section of people is about ‘Privacy’. So, after protesting against the CAA & Farm Laws, the Aandolanjeevis are now ready to oppose the new IT Act guidelines over ‘Privacy concerns’!
Every time the Modi government tries to formulate a framework to tighten the noose around digital mischief like fake-news, misinformation, etc, the same cabal of ‘activists’, ‘journalists’ and ‘dissenters’ chime in to misguide and mislead the masses into believing that the framework somehow infringes on the rights of free speech and the right to dissent.
The same cabal had done this a while ago as well when the Modi government sought to check the fake-news forwards in 2017-18. The government had only stepped in after many cases, wherein rumours through WhatsApp forwards had led to grave crimes like mob-lynching and mob-attacks, claiming several innocent lives. At the time, WhatsApp was being used to spread rumours about child-lifting, and the fear is created led to several lives being lost.
While the Left and the usual suspects shamed the entire nation after one unfortunate lynching, several other lynchings that were a direct result of fake news being forwarded on WhatsApp, somehow, became a part of ‘freedom of expression’ simply because the Modi government wanted WhatsApp to ensure checks.
This time too, the Aandolanjeevis are back, with their same old narrative – “Modi’s India is turning into a surveillance state”; “The Modi government’s new guidelines will finish your privacy”, “Whatsapp would have to break E2E Encryption” screamed the headlines.
It’s the same old tactic of bluffing around again and again by the same set of people, especially the left-leaning media-portals and their ‘journalists’; probably because they fear getting caught and prosecuted since most of the times they’re the ones found peddling fake-news and misinformation.
Surprisingly, even WhatsApp had tried to hide behind the same narrative, citing baseless technical limitations previously, but had later yielded, by incorporating the ‘Forwarded labels’ and ‘Forward limits’ feature, in an attempt to fight fake news, as was sought by the Govt.
The ‘privacy’ narrative is more of a vile attempt to dilute the mandate of the new guidelines. It’s not impossible to find the originator of a message despite encryption. It’s for sure a challenge, but not unachievable.
So, do these claims have any sound basis? Is it true that your privacy would get stripped off and India would then become a surveillance state?
Short answer – no.
So, what’s the reality? Let’s examine it with an example. How is that WhatsApp is able to distinctly identify messages as ‘forwarded-many-times’ (Double arrows) and ‘forwarded’ (Single Arrow) for its users? How is it that the ‘forwarded-many-times’ messages can’t be forwarded to more than 1 person at a time; while the others can be forwarded to up to 5 members at once? How does WhatsApp distinguish between such messages and operate upon them differently, for a user? Do they read your messages? Are they breaking the End-to-End (E2E) encryption?
Nope. Broadly speaking, the trick here is Metadata. Metadata, in simple terms, is data about the data. Explaining in laymen terms, metadata doesn’t contain the actual message transmitted, but has the technical info about the message being transmitted; like – headers, tokens, identifiers, timestamps, etc. Every message a user sends, has a unique identifier attached to it, which doesn’t read the content of the message but can be used to identify the message.
It’s based on such metadata that the ‘forwards’ and ‘forwarded-many-times’ messages are identified and are operated upon. And it’s on the same lines even the originator of the message can be traced to.
In fact, WhatsApp’s white paper on it’s encryption and security also explains the above mechanism in detail with all of the technical jargon.
WhatsApp already has access to data like your Device details, mobile number, contacts’ numbers, last active status, profile pic, online status, IP Addresses, Network/Connection Information, etc. More details on the same is provided in their Privacy Policy.
In fact, in the past, WhatsApp has also assisted the law enforcement agencies, with the metadata they have access to. One such case in an article quotes –
“..For instance, an immediate crackdown was ordered when policemen from a northern state recently approached WhatsApp about a group circulating child porn.
Without access to any user data, Whatsapp used the profile picture, group name and the fact that most members had virtually no interaction outside the group to identify and block the users”
Quote from an article stating as to how WhatsApp helped agencies nab the culprits
With the above capabilities, metadata & related information, WhatsApp like messaging apps can potentially narrow down to the origin of a message & thereby identify the originator of that message, without doing away with the E2E encryption. The integration of such a system will surely need technical brainstorming & some related changes in the app, and therefore it can be labelled as ‘challenging’ but not ‘impossible’.
There have been many studies and reports that discredit the theory that WhatsApp’s E2E encryption will need to be tampered with, in order to comply with the measures required by the Govt.
Mr. Himanshu Gupta, who was associated with Tencent’s WeChat app, published a detailed analysis in the Columbia Journalism Review (CJR) debunking the much-hyped claims of diluting the E2E encryption, for tracing the message origin & its originator.
Mr. NA Vijayashankar, a cyber-law & techno-legal info-security consultant, categorically discredits the claims of WhatsApp in an article of his, in a prominent Legal-News Portal.
In 2019, Prof. V. Kamakoti from IIT Madras member had argued on the same lines, while giving a lecture on “5G Technology from Indian Perspective“ at the Indian Council of World Affairs (ICWR).
It is pertinent to note that the technical approach cited in these studies & reports might differ at an individual level, but on the whole they revolve around a common conclusion, viz. – “Tracing the origin of messages is possible without diluting E2E encryption”.
In the light of the above, it would be grossly inappropriate and utterly ridiculous to believe that WhatsApp and other such messaging apps would need to dilute their security protocols in order to comply with the new guidelines and with the government’s requirements, in tackling fake-news cum misinformation.
