Dr V. Kamakoti’s proposals to enable traceability in WhatsApp will instead erode users’ privacy, says Dr Manoj Prabhakaran, a computer science professor at IIT Bombay, who submitted his expert analysis on behalf of Internet Freedom Foundation (IFF) to the Madras High Court. He has said that traceability will not be an effective means of fighting fake news. Even with modifications to Kamakoti’s proposals, they are not very effective. Fact-checking, filtering spam, and media literacy are far more effective alternatives, as per Prabhakaran.
Submission by Dr Manoj Prabhakaran, IIT Bombay for IFF
MediaNama readers might recall that Dr V. Kamakoti, in his technical submission made on July 31, had made two proposals:
- Make the originator’s number visible to all recipients; or
- Encrypt the sender’s phone number in the metadata of the message that can be decrypted only by WhatsApp, using a key held in escrow, after relevant court orders are produced by the law enforcement agencies
In his submission for IFF, Prabhakaran has argued that these proposals, even with modifications that he himself suggests (given below), are not very effective because:
- Phone number has little identification value: The only originator information used is a phone number which can be easily acquired anonymously, or via services such as Google Voice, Skype, and Viber.
- Finding originator of the message may not be very valuable: When one hires thousands of workers to serve as originators, the employers remain untraceable.
- It will spur commercial services for untraceable messaging
- Traceability is not really a deterrent: Given the prevalence of fake news spread through “Twitter, Facebook, websites and even mass media”, it is not clear if traceability is much of a deterrent.
- Limited utility: Traceability is useful only to nab users with limited resources, and that too until commercial services for untraceable messaging become widely available.
These are the modifications that Prabhakaran suggested to Kamakoti’s proposals to mitigate some of the problems, while acknowledging that Kamakoti’s suggestions have limited utility:
- Mitigating concerns about spoofing originator information: Digital signatures can be used to prevent originator spoofing. However, if the user’s signing keys are stolen through malware, compromised OTP, etc., these aren’t very useful. “As such, the originator information should not have any evidentiary value, but may be of value to investigative agencies”.
- Mitigating privacy concerns: Digital signatures will have a “chilling effect on the right to free speech”, especially on personal messages, and thus:
- Identify messages as ‘shareable’, ‘not-shareable’, or ‘for limited sharing’: Once messages are designated as such, the WhatsApp client will then not include the originator information, and also will not allow the recipients to forward/share those messages. However, he acknowledges that these will not stop messages from going viral. [NB: Dr Kamakoti’s suggestion to designate messages as “forwardable” or “non-forwardable”, as mentioned in his interview with MediaNama was similar, but not identical.]
- Encrypt originator information, decrypt only if a watchdog agency allows it: Prabhakaran’s submission acknowledges similarity to Kamakoti’s, but in the latter’s case, the watchdog was WhatsApp itself. “A more robust version would allow a panel of watchdog agencies all (or some) of whom must cooperate to recover this information.”
Prabhakaran has instead suggested that viral messages, not the users, could be “outed” and made available publicly so that fact checkers could add comments to them, and the WhatsApp client can display these comments alongside these messages. This can be done by:
- Make viral messages public: Feature to identify messages received after several forwards, and anonymously send those messages to a server to make them available publicly
- Design spam filters to detect and mark messages as potentially unreliable, to discourage users from sharing them
- Education and media literacy are a must: Education and information literacy are the “lasting defence against the spread of fake news”. These “should complement technological and legal attempts to regulate the online world”.
The expert from IIT Bombay specialises in cryptography and is also a part of a group of computer scientists in the Department of Computer Science and Engineering at IIT Bombay that has attempted to come up with a set of technical and policy guidelines for a national identity scheme such as the Aadhaar.
‘Policy changes are the domain of the government’: IFF’s affidavit
Prabhakaran’s analysis was submitted by Internet Freedom Foundation (IFF), the intervener in the ongoing Madras High Court WhatsApp traceability case, in its response to Kamakoti’s submission on August 20. Arguing that traceability would have limited effectiveness, IFF cited harm to vulnerable groups and chilling effect on speech as demerits of Kamakoti’s proposals. IFF has been represented by Suhrith Parthasarthy in this case.
IFF also included the UN Special Rapporteur on Freedom of Expression David Kaye’s Report on Encryption, Anonymity and the Human Rights Framework that argues that “the security of the key escrow system depends on the integrity of the entity entrusted with safeguarding the key”.
IFF’s submissions, on the basis of Prabhakaran’s inputs and those of the technical experts on its Board of Trustees (unnamed in the affidavit), are:
- Policy changes should remain within the purview of the government, not the court: The government can carry out a formal, policy formation process.
- Originator information can be modified: An innocent person can be framed by bad actors by modifying orignator information.
- Alternatives to traceability more useful: Fact checking and awareness programmes, which are “less restrictive alternatives” may be more effective.
Problems with Dr Kamakoti’s proposal, as highlighted in IFF’s submission dated July 19 and reinstated in the August 20 affidavit:
- Harm to dissenters: Individuals with unpopular or dissenting opinions are put at risk of violence or harassment by the majority because their identity will be known to every recipient of the message.
- Disproportionate impact on vulnerable groups: “It will have a disproportionate impact on whistleblowers, activists, journalists, abuse survivors and marginalized groups because these categories of individuals are at greater risk of harm if their identity was publicly disclosed.”
(NB: Please note that IFF was made an intervener in this case on June 27, and Kamakoti submitted his recommendations to the court on July 31. Being the intervener, IFF was provided all documents related to the case, including the minutes of the May 22 meeting between law enforcement agencies and social media companies, convened at the behest of the Madras HC, where Kamakoti had made his suggestions for the first time. IFF was not present at that meeting, but presumably responded to Kamakoti’s oral suggestions post facto as the intervener on July 19. MediaNama has reached to IFF for further clarification.)
Follow our extensive coverage of this case here.