encryption

Sudhir Yadav, an RTI activist and a web developer, has filed a case in the Supreme Court of India, asking for a ban on Whatsapp, Telegram, and other messenger services which have end to end encryption, and provide the Indian government with no means of accessing these messages, citing this as a National Security concern.

As per the information given to MediaNama by Yadav, the case is presently before the registrar, after which it will be listed for hearing before the Supreme Court. Yadav’s plea for allowing government access to messenger apps is balanced with a demand for privacy provisions, and he says that the Supreme Court should pass rules it deems appropriate, keeping in mind national security and privacy.

Yadav says that after he heard about Whatsapp being encrypted end-to-end, he realized that it becomes impossible for governments to access messages in the interest of National Security, and “even a hundred thousand super computers” trying “million billion keys every second” will take “trillions of trillions of trillions of years” to decrypt the content. An easy solution, he says, is to have access of the private key of the recipient to read the message. But in the WhatsApp Encryption Overview Technical white paper (probably this), it is mentioned that WhatsApp servers do not have access to the private keys of WhatsApp users; this means that even in case of a Court order in India, even WhatsApp won’t be able to decrypt the messages.

MediaNama spoke with Yadav at length about his views on encryption and privacy. Excerpts, translated from Hindi:
pp
MediaNama: Are you against encryption? Or do you want lowering of encryption?
Sudhir Yadav: No, no. I’m saying make encryption even more secure than this (256 bit). It’s just that if the government demands that they want to decrypt a message, they should have a key. Whatsapp is owned by Facebook, and Facebook has another messaging app called Facebook Messenger. That has 256 bit encryption as well. However, they have the private key, so that they have the ability to provide information to the government if it is demanded. But they can’t do that with Whatsapp because they don’t have the private key.

MediaNama: So what is your view on Apple, which didn’t create a backdoor for the FBI?
Sudhir Yadav: The private key should be there. America is a developed country, they have the resources, so they were able to decode the phone without Apple’s help, and that cost around Rs 6 crores. Compared to America, India is a poorer country with not as many resources and technology, and we’re in a troubled neighborhood with Pakistan, ISIS, and there are also Naxals (internally). We need keys so that we can protect the unity and integrity of India.

MediaNama: How did you get interested in this?
Sudhir Yadav: I’m an Right To Information Activist, and I’ve done two Public Interest Litigations in court. One on the digital locker (on its linking with Aadhaar), and one on the Allahabad High Court judgment on children of government officials going to government schools. The date for that is for 4th July. I’m basically an App developer, so I understand technology. I’m an MCA graduate, and I work on security issues in a private company.

MediaNama: What are your views on Surveillance? Should it be on a case by case basis? Under which circumstances should the government be allowed access to user data?
Sudhir Yadav: My view is that the laws in India are excellent, and if they are implemented correctly, then privacy will be protected. The common person today leaves a vast digital footprint, on which basis, it is easy to create a persons digital identity. I want everything to be secure, but the government should have some amount of limited access. If the government believes that there is a threat to India’s unity and integrity, it should have full access to do whatever it can to protect this.

MediaNama: What kind of a process should we have to determine this (whether the government should get access)? A judicial process?
Sudhir Yadav: Absolutely. The judiciary in India is completely independent, and the issues should go to court. The court should monitor whether the surveillance we’re doing is good or not. If it doesn’t feel that what is being done is right, it should have the right to revoke access.

MediaNama: What is your view of the Draft Encryption policy which was released and revoked last year?
Sudhir Yadav: I thought it was useless. No one is going to store their messages. I format my phone once a month, due to new softwares and new operating system. That policy was useless. It should be completely revised.

MediaNama: The government of India also said in the Supreme Court that there is no fundamental right to privacy. Do you agree?
Sudhir Yadav: I know that, in the Aadhaar case. I believe the right to Privacy is a fundamental right, given to us in the Constitution of India. That is going to a Constitutional bench, and I hope that the Constitutional bench grants us that right to privacy.

Image credit: Flickr Brett Nielsen under CCBY license.