In yet another example of how the Government of India’s attempt to find a work-around to encrypted data, it has become a signatory to an International Statement which seeks to bypass ‘End-to-End Encryption’ under the guise of maintaining public safety.
The statement calls on tech companies to weaken end to end encrypted secure messaging by invoking concerns about public safety. India is one of the 7 known signatory countries. Other signatories include UK, Australia, Canada, Japan, New Zealand and the United States. The statement:
sets out the severe impact on public safety where end-to-end encryption is implemented in a way that precludes all access to content, even to investigate the most serious crimes, including terrorism, and child sexual exploitation and abuse
calls on tech companies to work with governments to find solutions to ensure the safety of our citizens, without eroding user privacy or cyber security
The statement says, “We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security. It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the UN Human Rights Council.” It adds, “Encryption is an existential anchor of trust in the digital world and we do not support counterproductive and dangerous approaches that would materially weaken or limit security systems.”
It further says, “Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children.” The statement then adds, “In light of these threats, there is increasing consensus across governments and international institutions that action must be taken: while encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online.”
The entire statement may be viewed here:
This move has wide-ranging ramifications for privacy and such access in the hands of a vindictive regime can ruin free speech and dissent, not to mention hamper human rights work where oppression is being inflicted by people holding political power. Though the statement pays lip service to these issues, and claims the move is only for extenuating circumstances like when children need protection from online sexual predators, one cannot deny that such unbriddled access to data has a huge potential for misuse.
Now, the Internet Freedom Foundation (IFF), a digital rights advocacy group, has filed an application under the Right to Information (RTI) Act that asks three ministries; Ministry of External Affairs, Ministry of Home Affairs and the Department of Electronics and Information Technology, two key questions:
1. Whether any legal opinion was sought before becoming a signatory?
2. Whether the Govt plans to introduce any legislation pursuant to the becoming a signatory?
The three RTI applications may be viewed here:
Related:
Covid-19: Does the Aarogya Setu app violate privacy?
Open Letter to the Government of India from Pegasus Targeted Persons