Monday, September 21, 2015

Using WhatsApp? A New Draft Proposal Raises Concerns

Using WhatsApp? A New Draft Proposal Raises Concerns 

by  , 

How you use WhatsApp and other communication services on your phone could change dramatically based on a proposal that the government has invited feedback on. Government sources say the end user - individuals - will not be affected, and that the draft proposal should not be considered as endorsed by the government.

Here is your 10-point cheat-sheet to this big story:

  1. When you send a WhatsApp message, it's automatically encrypted or turned into scrambled text, which is then unscrambled for the person you're messaging.
  2. In the case of WhatsApp and other services like Apple's iMessage, this encryption happens automatically using keys at both ends of the conversation - as a user, you don't need to do anything.
  3. The government has shared the details of a draft proposal on a National Encryption Policy which has alarmed experts. The policy is posted on this website.
  4. The draft from a department of the IT Ministry states this: "Service Providers located within and outside India, using encryption technology for providing any type of services in India must enter into an agreement with the Government for providing such services in India."
  5. This language is loose enough to apply to apps and services like WhatsApp, which has over 70 million users in India, and iMessage - if they don't register how they encrypt messages in India, they could be declared illegal (if the proposal goes through). You can share feedback by emailing
  6. The policy adds that citizens and businesses must save all encrypted messages (including personal or unofficial ones) and their unencrypted (plaintext) copies for 90 days. Read this quote: "All citizens (C), including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store the plaintext of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country."
  7. So the simple action of deleting a WhatsApp message would theoretically be illegal.
  8. Businesses are also expected to maintain encrypted and plaintext (unscrambled) copies of all their communication, and share their encryption keys with the government authorities when asked.
  9. The draft proposal also talks about the government deciding what kind of encryption products business and citizens are allowed to use, which could make your favourite application illegal if it's using some other form of encryption.
  10. In 2010, the UPA government said it would ban BBM (Blackberry Messenger Service) in India unless BlackBerry (then Research in Motion) gave security agencies access to [snoop on emails]( The two would eventually reach an arrangement that allows the government to intercept messages sent on Blackberry's platform.


Pl see my blogs;

Feel free -- and I request you -- to forward this newsletter to your lists and friends!

No comments: