The GOI introducing new and stricter guidelines for social media platforms has once again sparked the long-standing debate about the traceability of messages.
The Indian government has asked companies to help identify the first originator of what it deems as ‘disputable content’. Now, while some legal experts are of the view that by asking messaging apps such as WhatsApp to trace the origin user of a message, the GOI is indirectly ordering them to break their platform’s encryption.Â
Technology experts hold a different opinion.
They believe that the origin of a message can be successfully traced without breaking the encryption and WhatsApp objection about the same is simply the company crying wolf!
According to the new proposed guidelines released on Thursday, the GOI has made it mandatory for messaging apps and social media networks to disclose the originator of messages if it is related to legal problems or presents itself as a threat to the country’s sovereignty, integrity, or amicable relationship with other neighbouring countries, etc.
Under such circumstances, WhatsApp will need to trace the origin of a message within the time period of 72 hours of being requested to do so.
Technology experts maintain the view that even though WhatsApp chats are end-to-end encrypted and cannot be read by the company itself, the origin of a message can be traced via source code.
Source codes are usually used in mobile phones and email networks alike for tracing messages. It is called call data record aka CDR in phone records and internet protocol data record aka IPDR in emails.
“Every message, be it via SMS, e-mail, or WhatsApp, has a source code and a destination code, and can be traced via it. This can happen without breaking either the encryption or privacy policy,” a technology expert told.
Thus, the Indian government is not asking WhatsApp to help them snoop into someone’s private conversations by breaking their platform’s encryption. Instead, it wants to be informed about where a message originated from within the country.
That being said, for enabling such traceability, technology experts believe a domestic law needs to be introduced which regulates the time period for which the data needs to be stored by WhatsApp.
As of now, there exists no such laws or policies regarding local data storage for OTT players and messaging apps. However, in the case of mobile operators, as per the law, they must mandatory store SMS data for a period of three months.
In the current scenario, if the GOI asks WhatsApp to trace the origin of a message linked to an alleged crime but a considerable amount of time has already elapsed, the messaging giant can rightly rebuke by saying the message is no longer stored on their server as there exists no law for the same.
Note here that the GOI has been engaging with Facebook-owned WhatsApp for over two years now when it comes to tracing the origin of messages. However, WhatsApp has always expressed its inability to do so without breaking its end-to-end encryption – a rule which is against WhatsApp’s privacy policy.
With the introduction of the newly released guidelines, it now remains to be seen if the GOI can finally tighten the noose around WhatsApp and call it out for bluffing! We will keep you updated on all future developments. Until then, stay tuned.
