Do we really want to weaken digital encryption?

Indian technology policy is entering into a decisive age with the coming of the new government. Regardless of who comes into power, BJP, Congress, or a coalition, their policies need to take enabling stances on artificial intelligence, big data, automation, 5G, digital taxation and so on. Draft policies for emerging technologies have already been put in place by the incumbent administration. Our action points are to put India first, the question we now face is how to do that. One of the best places to start from is encryption and whether or not we should weaken it to strengthen national security.

End-to-end encryption ensures only you and the person you’re communicating with can read what’s sent, and nobody in between, not even the platform. The problem here is that law enforcement agencies often need to access information transmitted through platforms such as WhatsApp and Messenger. Tracing the origin of a message and where it goes to can be vital in identifying who or where a terrorist/criminal is. On first glance, it seems straightforward that law enforcement agencies should have. Weakening encryption or breaking it should make law enforcement’s job easier on paper. However, tech companies around the world have resisted the principle. This debate is of great importance to India as the Ministry of Electronics and Information Technology (MEITY) invited comments on the issue in 2018. The Ministry wants intermediaries (platforms such as WhatsApp and Facebook) to weaken encryption and allow tracing of information.

The question here is whether weakening encryption is a good idea and what it means for Indians. Let us first consider how effective weakening encryption might be. Modern technology brings with itself thousands of platforms that enable long-distance messaging. Apart from WhatsApp and Snapchat, Google Docs has chat functionality, as do a multitude of video games. How do we make a list of all these means of communication and ask them to break encryption? Apps and games do not apply to the government to be on the market. Instead, they appear on the app store/play store, ready to use.

Even if WhatsApp and Facebook enable tracing the origin of messages, terrorists could just as easily get access to platforms such as Telegram, Threema, and Signal. Encryption technology is not unique, and encrypted alternatives will be available minutes after Facebook and Snapchat weaken their encryption. Keeping this in mind, the only thing asking platforms to weaken encryption might accomplish is getting access to citizen’s conversations, which is a real cause for concern for people in any country.

None of this is to say that the objectives of law enforcement are not important. National security is of utmost priority. However, weakening encryption may not guarantee interception of terrorist communications. But because so many Indian’s use WhatsApp as a means of communication, it makes it that much easier for the government to become a surveillance state if it has access to the platform. Hindustan Times recently claimed that Indian’s spend 50 million minutes a day on WhatsApp video calls alone. Keep in mind this does not include texts and audio calls, both of which should also be assumed to be substantial in volume. With prices of data well within the consumer budget, there is no indication of this trend slowing down. The point is that an increasing number of our communications are being conducted over digital platforms. Eavesdropping at scale then becomes easier than ever before, all a state will have to do to achieve that is to break encryption or make it weaker.

The dangers of states indulging in mass surveillance are well documented. Edward Snowden’s leak on the NSA exposed the extent to which the US government went to monitor communications. Mass surveillance is not a new concept by any means. The Ministry for State Security or State Security Service of East Germany, or commonly known as Stasi, existed from 1950 to 1990. Around 1989 before the fall of the Berlin Wall, Stasi employed ~91,000 had a network of ~189,000 unofficial collaborators. That combined is ~1.75% of the population of East Germany at the time. For better or for worse, modern technology allows us to achieve scale without volume. So, we do not need hundreds of thousands of people to make mass surveillance possible. This The sensors on your smartphone and network connectivity know where you are, who you talk to, what you talk about, what you spend your money on. So to achieve mass surveillance today would be equally if not more comprehensive than during the times of the Stasi.

All we might need today is to weaken or break encryption on platforms/phones to enable governments or foreign adversaries to access your data. This can have negative consequences for any people subject to surveillance. It does not take long for groups of people to be subject to political hate. As best evidenced by the treatment of Muslims in the US post-911.

In expressing our views about encryption and intermediary liability we have the chance to save our privacy as India heads into a new era of technology. Any new government that may come in has this decision to make. Breaking encryption may not serve as a barrier to terrorists. However, even weakening it a little bit may have serious consequences for our people, and that may not be how we put India first.

The article was first published on the Deccan Herald: https://www.deccanherald.com/opinion/panorama/do-we-really-want-to-weaken-digital-encryption-736764.html