{"id":209663,"date":"2021-03-24T14:59:24","date_gmt":"2021-03-24T11:59:24","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/indias-new-idea-for-tracing-whatsapp-messages-is-deeply-flawed\/"},"modified":"2021-03-24T14:59:24","modified_gmt":"2021-03-24T11:59:24","slug":"indias-new-idea-for-tracing-whatsapp-messages-is-deeply-flawed","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/indias-new-idea-for-tracing-whatsapp-messages-is-deeply-flawed\/","title":{"rendered":"#India\u2019s new idea for tracing WhatsApp messages is deeply flawed"},"content":{"rendered":"

#India\u2019s new idea for tracing WhatsApp<\/a> messages is deeply flawed<\/strong>”<\/p>\n

\n It\u2019s no secret by now that India wants to trace the origin of messages on apps such as WhatsApp and Signal. In its new social media policing rule, the government said that while it doesn\u2019t want to categorically break the\u00a0encryption, it wants to know who generated a particular message first.<\/p>\n

A report by the Economic Times<\/a> yesterday suggested that some officials are proposing that WhatsApp should assign and store an alphanumeric hash to each message so as it could be traced back to the originator if it causes unlawful activity.<\/p>\n

An official who is involved in the\u00a0traceability discussion said that the government is \u201cwilling to work with WhatsApp to come up with a solution to enable traceability of messages without breaking encryption\u201c.<\/p>\n

However, there are a few problems with this approach. In an end-to-end encrypted system, every message is different for the system as it can\u2019t read your messages. So if you send \u201cHi\u201d two times, it doesn\u2019t recognize it as the same message.<\/p>\n

Prasanth Sugathan, Legal Director, Software Freedom Law Centre ( SFLC.in), a New Delhi based organization that concentrates on digital law, said that perpetrators could change the message slightly or simply copy it to cause the change of the hash:<\/span><\/p>\n

The government is presuming that every forwarded message is forwarded as it is. Hashing is message-specific. Change a letter in a message and its hash will change. This means that if a malicious party wants to send a viral message, they would do it just by changing the hash of a message every time or after a few times it has been forwarded. Thereby, changing the first originator every time such a\u00a0message has been forwarded. There is a high likelihood that this would lead to a very messy implementation.<\/span><\/p>\n<\/blockquote>\n

In 2018, WhatsApp faced a lot of backlash from India after forwarded messages containing false information caused over 30 lynchings in the nation. However, the company has taken multiple steps to limit forwards, so it would be naive to assume every message moves in a chain.<\/p>\n

\"\"
<\/a>Whatsapp frequently forwarded label<\/figcaption><\/figure>\n

Now if a government identifies a problematic message, and if it requires to find who first sent it, it\u2019s hard to do without reading the content of the chat and breaking encryption in effect.<\/p>\n

Matthew Hodgson, CEO of Element, a secure messaging app based on the Matrix protocol<\/a>, said that hashing messages could <\/span>reduce the privacy of users and undermine the encryption of messaging apps:<\/p>\n

This could be used by a malicious party to blackmail an innocent party by proving that they sent a given message (e.g. to persecute a whistleblower who sends a tip to a journalist, or to quote a private message out of context to embarrass the sender). Worse, it could be used by Facebook or other data brokers to gather much richer metadata about which users forward which messages to each other \u2013 further profiling users and violating their privacy.<\/p>\n<\/blockquote>\n

There\u2019s a possibility that the government might suggest key escrow, a method to give authorized third-party entities access to content without breaking encryption. But as the Clipper Chip case of the US in the 90s suggests<\/a>, key escrows have many gaping holes in terms of unauthorized usage and security.<\/p>\n

\n

In the 90s, Clinton & his vice president Al-gore were promoting NSA’s Clipper Chip as a standard. This encryption chip was going to provide encryption but will have escrow keys stored by govt to de-crypt any encrypted info. India’s new rules are similarhttps:\/\/t.co\/jzFUBC1yAR<\/a><\/p>\n

\u2014 Srinivas Kodali (@digitaldutta) March 21, 2021<\/a>\n<\/p><\/blockquote>\n

\u00a0<\/p>\n

Then there is the legal issue of determining if the originator of a message is the culprit.<\/p>\n

In an interview with Medianama<\/a> last year,\u00a0Anyesh Roy, the head of Delhi Police\u2019s Cyber Crime Cell unit, said that WhatsApp provides metadata for law enforcement to catch criminals \u2014 but not the originator. In a recent article by Forbes<\/a>, lawyers noted that India\u2019s rules to determine if the originator is the perpetrator are murky and courts will have to look at them case by case.\u00a0\u00a0<\/span><\/p>\n

In another scenario, if a person is sharing illegal content, police would only have information about the person under arrest and who sent them the content. But because hashes are different for different messages, it might be difficult to catch all the people\u00a0distributing the file.<\/p>\n

India\u2019s suggestion of hashing messages looks like a half-hearted attempt to solve the distribution of false information at the moment. It has more questions \u2014 technically and legally \u2014 than answers at the moment. It\u2019s probably time to go back to the drawing board.<\/p>\n<\/p><\/div>\n