By Kanishk Gaur
While the Indian government is busy tackling issues of misinformation, protests against its recent farm Bills, the new guidelines affixing liability on digital media publications and intermediaries for the content they carry allow the government to snoop into the communication of citizens on messaging platforms, tracking the location of every sent message. The new guidelines will de facto mean messaging platforms have to break their end-to-end encryption (E2EE). Messaging platforms offering end-to-end encryption for communication use the Diffie-Hellman algorithm as it asserts encryption, decryption to take place at end-user devices, which allows the sender, receiver of the message to share their public keys for every message sent out. This technique allows texts to be transmitted via the internet, which is considered an insecure public channel, without letting the integrity of the message getting compromised.
However, the irony is that intermediary platforms will require to break this end-to-end encryption in order to comply with the government’s guidelines for digital intermediaries to find out the identity of the first originator of the message, tracing the first originator of information will need actually breaking the principle of securing communication. Hence, the intermediary, to comply with these guidelines, will have to look beyond using Diffie-Hellman for key-exchange in E2EE, which is a difficult technical problem for the intermediary to solve so that it can continue claiming provision of E2EE communication. The timeline to comply with these guidelines, i.e., three months from the date of notification, will require new techniques to remain end-to-end encrypted while maintaining compliance with the new norms.
These guidelines call for a Data Protection Authority. However, without the Data Protection Bill enacted, it will be a difficult option to exercise. India could take a cue from the European Union — the EU’s General Data Protection Regulation (GDPR) made it simpler and easier for digital media publishers and intermediary to follow the guidelines. The EU Information Commissioner Office’s (ICO’s) role as independent regulator today ensures businesses protect the personal data and privacy of EU citizens for any transactions that occur within the member-states. When WhatsApp changed its privacy policy, the EU’s GDPR and authority of the ICO ensured the privacy of businesses and citizens of the EU remain unimpinged.
Another learning the government can take from the EU is to set up agencies to monitor online harm and misinformation, and give these tools and authority to continuously monitor misinformation trends and content that are hateful or violent against specific communities, especially vulnerable groups such as women and children. The government could partner global bodies working in this space to share data on misinformation as well as sources of these, and collaborate to identify perpetrators of online crimes rather than relying on intermediaries to buildup the entire tool tactics and control procedures (TTCP). The current strategy of the government to force intermediaries to capture meta-data and use machine learning, natural language processing, etc, to fish out perpetrators opens up a Pandora’s box of third-party breaches and hacking to capture this information and use it for alternative purposes. The government faced a similar issue when Aadhaar data got captured by telcos and banks.
(The author is the Founder of India Future Foundation. Views expressed are personal.)
Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.
Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.