Encryption 1 March 2021

Internet Society Statement regarding the Indian Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021

The new requirements in the the Indian Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 (or “the Guidelines”) must not be used to force intermediaries to break end-to-end encryption or stop their plans to offer it. Over 500 million citizens use end-to-end encrypted messaging apps in India. Each of them relies on strong encryption more than ever to keep their communications safe and private.

Any attempts to weaken encryption would undermine the digital security of people in India, as well as those with whom they communicate outside the country.

The Guidelines state that intermediaries would not “be required to disclose the contents of any electronic message,” in the identification of the first originator of information. However the Internet Society reiterates its concern, shared by cybersecurity experts, that in order to comply with these traceability requirements, platforms may be forced to undermine end-to-end encryption. 

In an open letter to the Ministry of Electronics and Information Technology, cryptographic and security experts warned that pursuing message traceability would undermine digital security. And in a report last year, more experts warned, “to comply with traceability requirements, platforms may be forced to enable access to the contents of their users’ communications, breaking end-to-end encryption and considerably weakening the security and privacy of their product.” 

Yet, the government has pushed forward with a traceability requirement that “significant social media intermediaries” (including popular end-to-end messaging apps) must have the ability to identify the first originator of information shared on their platforms. 

Any requirements that force businesses to make themselves and their products less secure by breaking end-to-end encryption gives a green light to criminals and hostile actors to exploit confidential and sensitive information. 

The Indian Government must protect the security and privacy of millions of people across India and preserve uncompromised end-to-end encryption.

Related resources

Strengthening the Internet 4 February 2022

Internet Society Statement on EARN IT Act 2022

The Internet Society calls on senators to protect strong encryption by opposing the re-introduced EARN IT Act.

Encryption 12 May 2021

Internet Society: UK Online Public Safety Bill is trying to legislate the impossible – a safe Internet without strong encryption

In the Queen’s Speech on 11 May 2021, the UK Government said it wants to “harness the benefits of...

Internet Way of Networking 23 September 2020

Internet Society: Russia’s Proposal Would Weaken the Internet, Make It Less Secure

Media reports that proposed Russian legislation would ban certain kinds of encrypted Internet connections are part of a worrying...