Do we really want to weaken digital encryption?

Indian technology policy is set to enter a decisive era. The new government needs to come up with policies that take enabling stances on artificial intelligence, big data, automation, 5G, digital taxation and so on. Draft policies for emerging technologies have already been put in place. If our action points are to put India first, the question we face is, how to do that. One of the best places to start from is encryption and whether or not we should weaken it to strengthen national security.

End-to-end encryption ensures only you and the person you’re communicating with can read what’s sent, and nobody in between, not even the platform. The problem is that law enforcement agencies often need to access information transmitted through platforms such as WhatsApp and Messenger. Tracing the origin of a message and where it goes can be vital in identifying who or where a terrorist/criminal is.

On first glance, it seems straightforward that law enforcement agencies should have such access. Weakening encryption or breaking it should make law enforcement’s job easier on paper. However, technology companies and privacy and rights activists around the world have resisted the principle. This debate is of great importance to India as the Ministry of Electronics and Information Technology (MEITY) invited comments on the issue in 2018. The ministry wants intermediaries (platforms such as WhatsApp and Facebook) to weaken encryption and allow tracing of information.

The question here is whether weakening encryption is a good idea and what it means for Indians. Let us first consider how effective weakening encryption might be. Modern technology brings with itself thousands of platforms that enable long-distance messaging.

Apart from WhatsApp and Snapchat, Google Docs has chat functionality, as do a multitude of video games. How do we make a list of all these means of communication and ask them to break encryption? Apps and games do not apply to the government to be on the market. Instead, they appear on the app store/play store, ready to use.

Even if WhatsApp and Facebook enable tracing the origin of messages, terrorists could just as easily get access to platforms such as Telegram, Threema, and Signal. Encryption technology is not unique, and encrypted alternatives will be available minutes after Facebook and Snapchat weaken their encryption. Keeping this in mind, the only thing asking platforms to weaken encryption might accomplish is getting access to citizen’s conversations, which is a real cause for concern for people in any country.

Surveillance state

None of this is to say that the objectives of law enforcement are not important. National security is of utmost priority. However, weakening encryption may not guarantee interception of terrorist communications. But because so many Indians use WhatsApp as a means of communication, it makes it that much easier for the government to become a surveillance state if it has access to the platform. It was reported recently that Indians together spend 50 million minutes a day on WhatsApp video calls alone. Keep in mind this does not include texts and audio calls, both of which should also be assumed to be substantial in volume.

With prices of data well within the consumer budget, there is no indication of this trend slowing down. The point is that an increasing number of our communications are being conducted over digital platforms. Eavesdropping at scale then becomes easier than ever before, all a State will have to do to achieve that is to break encryption or make it weaker.

The dangers of states indulging in mass surveillance are well documented. Edward Snowden’s leak on the NSA exposed the extent to which the US government went to monitor communications. Mass surveillance is not a new concept by any means. The Ministry for State Security or State Security Service of East Germany, commonly known as Stasi, existed from 1950 to 1990. Around 1989, before the fall of the Berlin Wall, Stasi employed some 91,000 and had a network of 189,000 unofficial collaborators. That combined was about 1.75% of the population of East Germany at the time.

For better or for worse, modern technology allows us to achieve scale without volume. So, we do not need hundreds of thousands of people to make mass surveillance possible. The sensors on your smartphone and network connectivity know where you are, who you talk to, what you talk about, what you spend your money on. So, mass surveillance today would be equal, if not more comprehensive, than during the times of the Stasi.

All we need today is to weaken or break encryption on platforms/phones to enable governments or foreign adversaries to access your data. This can have negative consequences for any people subject to surveillance. It does not take long for groups of people to be subject to political hate, as best evidenced by the treatment of Muslims in the US post-9/11.

In expressing our views about encryption and intermediary liability, we have the chance to save our privacy as India heads into a new era of technology. Breaking encryption may not serve as a barrier to terrorists. However, even weakening it a little bit may have serious consequences for our people, and that may not be how we put India first.

(The writer is Project Manager at The Takshashila Institution, Bengaluru)