The Indian Supreme Court has dismissed a public interest litigation petition (PIL) by Sudhir Yadav, a Right-To-Information activist and web developer who called for a ban on messaging apps that offer end-to-end encryption, such as WhatsApp, Viber, and Telegram. The petition also called for technology companies to make private keys available to the government.
Yadav filed the petition after WhatsApp announced in April that all messages exchanged on their platform would be protected by a 256-bit encryption. He asserted that end-to-end encrypted systems damage national security because of the risk that terrorists utilize the technology to coordinate attacks. This is a particularly sensitive claim in India. In November 2008, the country suffered its worst terrorist attack after 10 operatives of the Pakistani-based Islamic militant group Lashkar-e-Taiba killed 164 people and wounded at least 308 others. The operatives used satellite and cell phones to communicate with one another and their handlers in Pakistan as the assault unfolded. Yadav argues India needs a higher standard of access than the United States because its law enforcement and intelligence agencies lack the resources their U.S. counterparts enjoy in accessing encrypted information.
Although a division bench of the Supreme Court—represented by Chief Justice T.S. Thakur and Justice A.M. Khanwilkar—rejected the PIL, the Court urged Yadav to file a complaint with the Telecom Disputes Settlement and Appellate Tribunal (TDSAT), a regulatory body that oversees the telecommunications industry.
If Yadav takes his case to the TDSAT, there is no certainty that the ruling will come back favorably for WhatsApp. India’s encryption laws remain underdeveloped but the country permits encryption systems up to 40 bits in complexity provided that the service is registered with the government. More sophisticated applications such as WhatsApp exist in a legal gray area.
In his petition, Yadav claims WhatsApp violates four laws related to the Indian Constitution:
“Section 5(2) of the Indian Telegraph Act, 1885, which grants the Government the power to order the interceptions of the message;”
“Rule 419A of the Indian Telegraph Rules, 1951, which lays down the procedural requirements which must be followed for telephone tapping to be legal;”
“Section 69 of the Information Technology Act, 2000, which deals with the power to issue directions for interception or monitoring or decryption of any information through any computer resource;”
“Information Technology (Directions for Interception or Monitoring or Decryption of Information) Rules, 2009.”
The Indian government has demonstrated some willingness to create backchannels into foreign-made technological products. In September 2015, a proposed national encryption policy made waves for demanding backdoors into all Internet applications based overseas. While that proposal was quickly scuppered, New Delhi has also played hardball with the manufacturers of BlackBerry on data access issues.
Following a four-year standoff, Blackberry’s Canadian manufacturer complied with the Indian government’s request in 2012 to empower India’s intelligence and law enforcement agencies with the automatic ability to monitor all communication on Blackberry smartphones on a real-time basis. The acquiescence only came after India threatened to shut down Blackberry services in the country, in a period in which the growing Indian market was a bright spot for the company amidst diminishing global market share.
WhatsApp has enjoyed similar market success in India. Roughly 70 million Indians use WhatsApp, and this number is set to surge as more Indians connect online every day. In May, WhatsApp lost 100 million users in Brazil when authorities temporarily banned the application over encryption frustrations. WhatsApp’s parent company, Facebook, filed an appeal and a Brazilian judge overturned the decision. But the Indian Supreme Court’s encouragement that Yadav look to alternative authorities may not bode well for WhatsApp’s finding similar judicial backing in India.