News Explainers What is end-to-end encryption and why is WhatsApp against breaking it? | Explained

What is end-to-end encryption and why is WhatsApp against breaking it? | Explained

WhatsApp messages are end-to-end encrypted, which means only senders and receivers can read the messages. It prevents others from prying on the messages and tempering them. Here’s all you need to know about end-to-end encryption and why WhatsApp is opposing new IT rules.

WhatsApp end-to-end encryption Image Source : WHATSAPPWhatsApp end-to-end encryption

WhatsApp on Thursday told the Delhi High Court that the instant messaging platform will exit India if it is forced to break end-to-end encryption of messages on its platform. This came after the High Court received petitions from WhatsApp and its parent company Meta. The petitions challenged the 2021 Information Technology (IT) rules that apply to social media intermediaries. According to the new rules, WhatsApp is required to trace chats and establish means to identify the first originator of information.

The Indian government announced the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 on February 25, 2021. These rules require large social media platforms like Twitter, Facebook, Instagram, and WhatsApp to comply with the latest norms.

What is the matter all about?

WhatsApp filed a petition in 2021, stating that the requirement of intermediaries enabling the identification of the first originator of information in India puts end-to-end encryption and its benefits "at risk." The traceability provision forces the company to break end-to-end encryption on its messaging service, as well as the privacy principles underlying it. Facebook and WhatsApp have challenged the new rules on the grounds that they violate the right to privacy and are unconstitutional.

What is the government’s argument? 

The Ministry of Electronics and Information Technology (MeitY) has argued that if the IT Rules, 2021, are not implemented, law enforcement agencies will find it difficult to trace the origins of fake and misleading information that will percolate in other platforms, disturbing peace and harmony in society and leading to public order problems.

What is end-to-end encryption? 

End-to-end encryption is a secure method of protecting data by encrypting it at the sender's device and decrypting it at the receiver's device. This method ensures that the data remains secure from the moment it is sent until it reaches its intended recipient. Unlike traditional encryption methods, end-to-end encryption does not allow any third-party to access the data, including the service provider.

For instance, email services like Gmail, Google, or Microsoft have copies of the decryption keys, which allow them to access users' content on their servers. This access enables service providers to read users' emails and files. Google has used this possession of decryption keys to target advertisements to the Google account holder in the past.

End-to-end encryption protects the message from prying eyes because only the sender and receiver have access to the decryption keys. Even if an intermediary server relays the message, it cannot be understood. End-to-end encryption also safeguards against fraud by preventing message tampering. Cybercriminals often attempt to alter information either out of malice or for fraudulent purposes. E2EE encrypted messages cannot be predictably changed, making it easier to detect tampering and alert users that the data is compromised.

Why end-to-end encryption is a challenge for the government?

Governments worldwide want tech companies to implement measures that allow them to bypass end-to-end encryption (E2EE) as and when needed, on national security grounds. This has become a major point of contention between governments, tech companies, and privacy advocates. The E2EE inhibits law enforcement's ability to gather data that could lead to the protection of vulnerable individuals. Protecting children from harmful online content is a commonly cited example of when E2EE can threaten the safety of individuals. Another example is the difficulty in preventing access to, and distribution of, extremist material.

ALSO READ: What are EU AI regulations and how do they impact generative AI models? Explained