Couple of days ago hundreds of WhatsApp user may have come
across a small message with each of the messages that they may have received
from their Whatsapp friends : the message indicated that from now onwards
except the sender and the receiver, no one (not even WhatsApp) would be able to
decrypt any message that is encrypted from end to end. A simple meaning of this
is, when I send a message to one of my friends in WhatsApp, the algorithm key
that I am using to encrypt my message can not be
‘opened’/translated/seen/understood /accessed by anyone other than that
particular friend to whom the message is intended for and sent to. The sender
may understand whether her message has been delivered to the intended recipient
by seeing the double ‘tick’ sign and once they are blue in colour, the sender
may assume that the message has been actually seen and read by the recipient. WhatsApp
in its own version says “WhatsApp's end-to-end encryption is available when you
and the people you message use the latest versions of our app. Many messaging
apps only encrypt messages between you and them, but WhatsApp's end-to-end
encryption ensures only you and the person you're communicating with can read
what is sent, and nobody in between, not even WhatsApp. This is because your
messages are secured with a lock, and only the recipient and you have the
special key needed to unlock and read them. For added protection, every message
you send has its own unique lock and key. All of this happens automatically: no
need to turn on settings or set up special secret chats to secure your
messages.” (https://www.whatsapp.com/security/).
And how would we know whether the message is encrypted or not? Whatsapp says :
“To verify that a chat is end-to-end encrypted
Open the chat.
Tap on the name of the contact or group to open the contact
info/group info screen.
Tap Encryption to view the QR code and 60-digit number.
If you and your contact are physically next to each other,
one of you can scan the other's QR code or visually compare the 60-digit
number. If you scan the QR code, and the code is indeed the same, a green
checkmark will appear. Since they match, you can be sure no one is intercepting
your messages or calls.If the codes do not match, it's likely you're scanning
the code of a different contact, or a different phone number. If your contact
has recently reinstalled WhatsApp, or switched devices, we recommend you
refresh the code by sending them a new message and then scanning the code.” (https://www.whatsapp.com/faq/en/general/28030015)
So what does it mean? A secured conversation? Respite from
hackers? No disturbance from unknown persons? By now, internet has been flooded
with write-ups, analysis and discussions on whether the encryption policy of
WhatsApp is good or bad for its subscribers. Some says it was indeed needed
because it would save subscribers from unwanted government surveillances, hackers
and unethical profit makers who see internet as a place for easily available
images which may be ‘sold’ to the porn market. Some opine that this encryption
policy would make it impossible for the police to help the victims of cyber
crimes including women and children. Before
beginning any discussion on this, we must understand about encryption and
decryption policies that is the centre of issues here. Encryption ( which means
converting a data into codes which can not be simply intercepted ) is a
necessary part of every internet/digital communication system and
encryption policies may be framed based on the laws of the hosting
nation (of the web company) and the
company policies which is enabling such services. India does not have any
specific Rules regarding encryption policies under the Information Technology
Act, 2000(amended in 2008), even though S.84A of the Act authorises the
government to implement Rules regarding this. Encryption is not complete
without decryption which is a process of opening such encrypted data. Every
data which is encrypted, must necessarily have the right ‘keys’ to be
decrypted, otherwise the intention behind encrypting a data would have no
meaning. Decryption however is defined by Information Technology (Procedure and
safeguards for interception, monitoring and decryption of information) Rules,
2009 created under S.69 of the
Information Technology Act, 2000(amended in 2008). It needs to be noted that
decryption policies are also generally guided by the laws of the hosting
country. But at the same time, each web company must necessarily abide by the
laws of the place of ‘business’ as well. This means that even if a web company
has its own policies regarding encryption to provide extra security to its
subscribers, it must abide by the laws of the land of the subscribers to enable
the government for legitimate surveillance and also for tackling online crimes. We now know that
WhatsApp is now the most chosen medium to generate messages or spread messages
/text/images (including those which are ‘illegal’). Often in cases of
civil/political unrest, one may note that the police administration may suggest
for complete blockage of messaging services like WhatsApp. This again falls
under S.69A of the information Technology Act,2000(amended in 2008) which
authorises the government to issue direction for blocking for public access of
any information through any computer resource.
But when it comes to crimes against women and children, I
see no positive development even after creating such extra layer of security. There are instances of approaching women in
their private whatsapp numbers for harassing them, accessing private
photographs (already available in other social media and circulating them
either ‘as it is’ or the morphed version of the same, threatening and
blackmailing women with such images etc. What is more disturbing is, even after
the encryption policies are rolled out by WhatsApp, no attempt has been taken
to initiate a proper reporting mechanism. In the recently held UNICEF India
meeting on expert consultation of online child safety, I had expressed my
concern in this regard as well. At the most what an offended subscriber can do,
is to block the harassing ‘number’ and leave a group if he/she is added to it
without his/her consent. The harassing WhatsApp profile may still stay at large
with the private images and information of the victim to upload them in other
social media including YouTube or adult sites. Similarly, if not blocked, the
harassing profile may continue to send bullying, derogatory, demeaning,
insulting messages to the victim ‘uninterruptedly’. So what is the use of
encryption policy then? It actually provides a half baked solution, i.e,
protection against hacking. It may probably encourage more sexting because such
images and messages may stay comfortably and permanently with the sender and
the recipient only. But again, if there is a case of jilted love affair, no
one, not even WhatsApp encryption policies may prevent possible creation of
revenge porn materials on the same platform and also on the web. But here one
must not be misguided by the fact that in such cases, the police would not be
able to help nab the criminal due to encryption policies of WhatsApp. In such
situations again, the law takes the same course of action as is the case for
any other social media crimes against women, with off course limitations when
the harasser is situated outside the jurisdiction of India, even though
Information technology Act has extra jurisdictional scopes as well.
It is however
unfortunate to note that unlike several EU countries and Canada, our courts and
government are unable to take strong actions against the web companies who are
not complying with the local laws in matters of assisting the governments and
criminal justice machineries to nab the criminal or in the investigation. There
are lots of techno-legal issues which
needs to be settled to achieve this in India, which includes proper training to
the police, the lawyers and the judges. We have highest number of subscribers
for WhatsApp, but awareness regarding safety issues is almost nil. Unless
subscribers are made aware of the positive and negative sides of the technology
that they are using, no policy, including this encryption policy may help
reducing crimes online.
Let us spread awareness rather than defamatory ‘viral news’. Lets join hands to stop cyber crimes against
women.
Please Note:
Do not violate copyright of this blog. If you would like to use informations
provided in this blog for your own assignment/writeup/project/blog/article,
please cite it as “Halder D. (2016),
“WhatsApp encryptions: does
it really protect women and children from cyber crimes?”24th
April, 2016, published in http://debaraticyberspace.blogspot.com/