A growing group of international and local cybersecurity and policy experts are weighing in on proposed changes to Indian regulations that could jeopardize the safety of billions worldwide. By seeking to restrict WhatsApp and other popular messaging apps’ use of end-to-end encryption, the proposed policies pose a major threat to cybersecurity in India.
In Traceability and Cybersecurity, over 50 cybersecurity experts in Europe, North and Latin America, Africa, and the Asia-Pacific region agreed that amendments to the Information Technology (Intermediaries Guidelines) Rules under the Indian Information Technology Act proposed by the Indian Ministry of Electronics and Information Technology (MeiTY) will create many more problems than it seeks to solve.
Produced as a result of a global technical experts meeting series organized by the Internet Society in partnership with Medianama, the report notes that MeiTY’s proposal ignores sound advice: requiring intermediaries such as WhatsApp to enable the traceability of the content and data they handle is a major threat not only to the safety of users, but to India’s national security.
The report stresses that traceability would mean enabling third-party access to private communications, a move that undermines the end-to-end encryption that users everywhere, including government entities, rely on to keep private information secure and safe from bad actors.
A separate session on “Breaking Encryption: Is it the Panacea for addressing security issues online?” at the Asia Pacific Internet Governance Forum this year brought important considerations to the forefront of the debate. Speakers Rajnesh Singh, the Internet Society’s Regional VP for Asia-Pacific; Nikhil Pahwa, Medianama’s Founder and Editor; Raman Jeet Singh Chima, Asia Policy Director at Access Now; and Jaewon Son, Youth 4IG coordinator expressed serious concerns about the proposed amendments to India’s intermediary guidelines.
Salient issues in need of urgent consideration by the MeiTY emerged from the session, including a lack of transparency, accountability, and oversight of law enforcement agencies participating in exceptional access to data; growing legal or illegal hacking by state entities; and rising public mistrust in governments and companies.
Creating ways for government to access communications that have been secured by encryption – a key pillar of online security – would not solve the threat of terrorism or eliminate child exploitation and misinformation online. Instead, they would have the opposite effect, exposing more Internet users to criminals by weakening the security of online services used by hundreds of millions of Indian citizens.
The threat of bad behavior – which makes up a comparatively small fraction of online activity – should not be seen as grounds to make the Internet less secure for everyone. In light of a global uptick in cyberattacks and increased reliance on digital communication amid the COVID-19 pandemic, policies that reinforce, not weaken, encryption are needed to ensure that everyone benefits from a safe and secure online environment.
Solving deep social and political challenges that increasingly manifest online, as they have offline, requires collaboration and dialogue between key sectors and stakeholders, and any resulting measure applied to the Internet should be informed by the needs of all Internet users and the expertise of the broad technical community. Initiatives like the Global Encryption Coalition (GEC) are now encouraging productive discourse on the issue, while the Global Partners Digital’s World map of encryption laws and policies provides a useful reference for how this debate is shaping up in different parts of the world.
To get involved in the conversation and learn how you can take meaningful steps towards a safe, secure, and trustworthy Internet for all, visit our encryption webpage or join our global community of advocates at the Global Encryption Coalition. Together, we can ensure that the Internet remains a strong, reliable force for good.
Image by Praveen Gupta via Unsplash